Commit Graph

325 Commits (a8717e5e3ace4dd226547faae9c3a44616bbf6f0)

Author SHA1 Message Date
Lunny Xiao a8717e5e3a Use AfterLoad instead of AfterSet on Structs (#2628)
* use AfterLoad instead of AfterSet on Structs

* fix the comments on AfterLoad

* fix the comments on action AfterLoad
2017-10-01 19:52:35 +03:00
Lunny Xiao dd55534b82 Reduce usage of allcols on update (#2596)
* reduce usage of allcols on update

* fix bug and tests
2017-09-25 12:59:27 +08:00
David Schneiderbauer d766d0c4e0 Prevent sending emails and notifications to inactive users (#2384)
* Filter inactive users before sending emails or creating browser notifications

Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>

* fix formatting issues

Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>

* included requested changes

Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>

* optimized database queries

* rebasing new master and add tablenames for clarification in xorm queries

* remove escaped quotationmarks using backticks

Signed-off-by: David Schneiderbauer <dschneiderbauer@gmail.com>
2017-09-16 08:18:25 +08:00
Lunny Xiao 005900baea Use created & updated instead BeforeInsert & BeforeUpdate (#2482)
* use created & updated instead BeforeInsert & BeforeUpdate

* fix vendor checksum

* only show generated SQL when development mode

* remove extra update column updated_unix

* remove trace config
2017-09-13 08:18:22 +03:00
techknowlogick 9bdbfbf6f3 Disable custom Git Hooks globally via configuration file (#2450)
* Create option to disable githooks globally via configuration file

* Update comment in app.ini to align with @ethantkoenig's suggestion

Signed-off-by: Matti Ranta <matti@mdranta.net>
2017-09-12 12:25:42 +03:00
Lunny Xiao 5de94a67cf some refactors for issue and comments (#2419) 2017-08-30 07:31:33 +03:00
Lunny Xiao f960e19c59 Only update needed columns when update user (#2296)
* only update needed columns when update user

* fix missing update_unix column
2017-08-12 22:18:44 +08:00
Ethan Koenig 858324c21a Fix username rendering bug (#2122)
* Fix username rendering bug

* XSS integration test

* Migration to unescape user full names
2017-07-12 17:58:52 +03:00
Ethan Koenig 05e3726415 Use default avatar on error 2017-06-29 12:10:33 -04:00
Lauris BH 6db387a21e Refactor session close as xorm already does everything needed internally (#2020) 2017-06-21 08:57:05 +08:00
Ethan Koenig bfb44f8854 Fix status table race condition (#1835) 2017-05-31 16:57:17 +08:00
Jonas Östanbäck 7b907ed348 Rename RepoCreationNum -> MaxCreationLimit (#1766) 2017-05-24 08:27:08 +08:00
Ethan Koenig cf02cd7ba0 Fix and test for delete user (#1713)
* Fix and test for delete user

* Run updates in batches

* Unit test
2017-05-20 16:48:22 +08:00
Jonas Östanbäck 80cea8747f Admin should always be allowed to create repos even if hit limit (#1765) 2017-05-20 11:51:19 +08:00
Lauris BH 524885dd65 LDAP user synchronization (#1478) 2017-05-10 15:10:18 +02:00
Lauris BH 51d0becb42 Add configuration option for default permission to create Organizations (#1686) 2017-05-08 21:51:53 +02:00
Kim "BKC" Carlbäcker d409d3ab57 Sanitation fix from Gogs (#1461)
* Santiation fix from Gogs

* Linting

* Fix build-errors

* still not working

* Fix all the things!

* gofmt

* Add code-injection checks
2017-04-13 10:52:24 +08:00
Lunny Xiao 888dee3b5f fix delete user failed on sqlite (#1321) 2017-03-20 22:13:52 +08:00
Sandro Santilli 71d16f69ff Login via OpenID-2.0 (#618) 2017-03-17 15:16:08 +01:00
Ethan Koenig 021904e4e6 Fix typos in models/ and modules/ (#1248) 2017-03-15 08:52:01 +08:00
Ethan Koenig ec0ae5d50c Refactor and fix incorrect comment (#1247) 2017-03-15 08:51:46 +08:00
Sandro Santilli 0475e7351f Reserve the "explore" user/org name (#1222) 2017-03-12 09:39:38 +08:00
Ethan Koenig 3803f257fb Move user_follow to separate file (#1210)
Also add unit tests
2017-03-11 16:46:53 +08:00
Lunny Xiao 5d40db629c fix random avatars (#1147) 2017-03-08 23:05:15 +08:00
Lunny Xiao 2215840363 fix avatar bug #1114 (#1122)
This PR fix the avatar bug described in #1114. This will fix random avatar is blank problem and potential delete avatars dir problem.
2017-03-06 16:15:40 +08:00
Lunny Xiao 522f194983 Bug fixed for org avatar caused by #1049 (#1070)
* bug fixed for org avatar caused by #1049

* use isfile only
2017-02-27 08:42:22 +08:00
Lunny Xiao 80f900ebae Fix avatar enumable (#1049)
* fix avatar enumable

* fix import style
2017-02-25 22:58:57 +08:00
Lunny Xiao e8e56da9ac fix #13 (#1042) 2017-02-25 22:53:57 +08:00
Lunny Xiao fc4f7e82f9 refactor for searching user (#1038)
* refactor for searching user

* fix like bug

* better format for builder cond
2017-02-25 21:42:20 +08:00
Willem van Dreumel 01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00
Lunny Xiao 847527fd6d Fix all the bugs in issues and pulls on dashboard (#943)
* fix all the bugs in issues and pulls on dashboard

* small fix and refactor

* add method getRepoIDs for IssueList
2017-02-17 08:58:19 +08:00
Bo-Yi Wu d67b278a0d feat: Able to disable non-admin to create new organization (#927) 2017-02-14 20:16:00 +08:00
Andrew 3f67676059 Implement basic Open Graph support. (#901) 2017-02-11 20:57:33 +08:00
Bo-Yi Wu a90a215662 feat: Add search bar on user profile page. (#787) 2017-02-04 20:20:20 +08:00
Gabriel Jackson bf6f61cc69 Cleanup log messaging
This change corrects a few logging issues:

 * Standardized formatting errors with '%v'.
 * Standardized failure warning word usage.
 * Corrected an instance of using the standard log library when
   the gitea log library should be used instead.
2017-02-02 15:24:18 +01:00
Bo-Yi Wu d7d094bd8a fix: ignore email notifications if user is not active. (#820) 2017-02-02 20:33:36 +08:00
Bwko 74ed6dc3ad Add option to app.ini to enable local import paths (#724) 2017-01-23 09:19:50 +08:00
Ethan Koenig 74bbec3bf9 Fix permission bugs in team API (#647) 2017-01-20 13:16:10 +08:00
Ethan Koenig fcf02e4961 API Endpoints for organization members (#645) 2017-01-20 10:31:46 +08:00
derSuessmann 51d578ff33 Add Keep email private (see issue #571). (#571)
- Add site-wide option DEFAULT_KEEP_EMAIL_PRIVATE.
- Add the new option to the install and admin/config pages.
- Add the new option to app.ini in the service section.
- Add the new option to the settings struct.
- Add English text strings to i18n.
- Add field KeepEmailPrivate to user struct.
- Add field KeepEmailPrivate to user form.
- Add option to UI.
- Add using noreply email address if user has "Keep Email Private".
An email address <LowerName>@<NO_REPLY_ADDRESS> is now used in commit
messages (and hopefully all other git log relevant places). The
change relies on the fact that git commands should use
user.NetGitSig().
- Add hiding of email address in UI, if user has set "Keep Email Private".
- Add condition to show email address only on explore/users and user
pages, if user has not set "Keep Email Private".
- Add noreply email in API if set "Keep Email Private".
- Add a new service setting NO_REPLY_ADDRESS. The value of this
setting is used as the domain part for the user's email address in
git log, iff he decides to keep his email address private.
If the user decides to keep his email address private and this
option is not set 'noreply.example.org' is used, which no MTA
should send email to.

Add NO_REPLY_ADDRESS to conf/app.ini.
2017-01-08 11:12:03 +08:00
Andrey Nering 84b7d29d34 Create missing database indexes (#596) 2017-01-06 23:14:33 +08:00
Berk Demirkır bdad3b259a Check primary email address fields on CreateUser (#556)
* Check primary email address fields on CreateUser

As this check wasn't available, uid=1 (and possibly guests too, if registration is open) is able to register new users with existing email addresses. This leads to numerous 500 errors.

* Update user.go

* Lower the email first. Then check
2017-01-05 08:52:20 +08:00
Ethan Koenig 1207bda94b Fix typos in models/ (#576) 2017-01-05 08:50:34 +08:00
Schwobaland c0904f1942 Restrict creating organisations by user (#193)
* restrict creating organizations based on right on user

* revert bindata.go

* reverse vendor lib

* revert goimports change

* set AllowCreateOrganization default value to true

* revert locale

* added default value for AllowCreateOrganization

* fix typo in migration-comment

* fix comment

* add coments in migration
2016-12-31 10:33:30 +08:00
Lunny Xiao ba134bd27a fix 500 when delete orgnization and resolved #486 2016-12-27 12:00:12 +01:00
Bwko fa3abc22c0 Added sorting to organizations, repos & users page (#222) 2016-12-24 22:42:26 +08:00
Ethan Koenig 8a4161c723 API Endpoint for watching (#191) 2016-12-24 09:53:11 +08:00
Denis Denisov 380e32e129 Fix random string generator (#384)
* Remove unused custom-alphabet feature of random string generator

Fix random string generator

Random string generator should return error if it fails to read random data via crypto/rand

* Fixes variable (un)initialization mixed assign
Update test GetRandomString
2016-12-20 13:32:02 +01:00
Lunny Xiao d771e978a1 Don't use custom PBKDF2 function (#382) 2016-12-15 09:24:27 +08:00
Denis Denisov c8f300b2cd Safe compare password (timing attack) (#338) 2016-12-03 13:49:17 +08:00