This PR fixes#7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.
## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
- [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
- Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
- [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
- app.ini configuration done
- [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation
I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
* Prevent deadlock in indexer initialisation during graceful restart
* Move from gracehttp to our own service to add graceful ssh
* Add timeout for start of indexers and make hammer time configurable
* Fix issue with re-initialization in indexer during tests
* move the code to detect use of closed to graceful
* Handle logs gracefully - add a pid suffix just before restart
* Move to using a cond and a holder for indexers
* use time.Since
* Add some comments and attribution
* update modules.txt
* Use zero to disable timeout
* Move RestartProcess to its own file
* Add cleanup routine
* Recalculate repository access only for specific user
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Handle user repositories as well, and only add access if minimum mode
* Need to get repo owner to check if organization
* Ensure .ssh dir exists before rewriting public keys
* Ensure .ssh dir exists before appending to authorized_keys
* Log the error because it would be useful to know where it is trying to MkdirAll
* Only try to create RootPath if it's not empty
* Change tests to make it possible to run TestGit with 1.7.2
* Make merge run on 1.7.2
* Fix tracking and staging branch name problem
* Ensure that git 1.7.2 works on tests
* ensure that there is no chance for conflicts
* Fix-up missing merge issues
* Final rm
* Ensure LFS filters run on the tests
* Do not sign commits from temp repo
* Restore tracking fetch change
* Apply suggestions from code review
* Update modules/repofiles/temp_repo.go
* Draft for ResolveMentionsByVisibility()
* Correct typo
* Resolve teams instead of orgs for mentions
* Create test for ResolveMentionsByVisibility
* Fix check for individual users and doer
* Test and fix team mentions
* Run all mentions through visibility filter
* Fix error check
* Simplify code, fix doer included in teams
* Simplify team id list build
* fix issues/pr list broken when there are many repositories
* remove unused codes
* fix counting error on issues/prs
* keep the old logic
* fix panic
* fix tests
* fix milestone num_issues
* update missing completeness
* only update milestone closed number when closed issue is assigned a new milestone or clear milestone
* fix tests
* fix update milestone num
* fix completeness calculate
* make completeness calucation more clear
* Add API for Repo Advanced Settings of wiki and issue tracker
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add some integration tests for tracker and wiki settings through API
* Should return StatusUnprocessableEntity in case of invalid API values.
* Add tests for invalid URLs for external tracker and wiki.
* Do not set inital values if they are default of type
* Make issue tracker and wiki units separate structures in Repository API structure.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix comment of structures
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Rewrite API to use struct for setting tracker and wiki settings.
* LetOnlyContributorsTrackTime -> AllowOnlyContributorsToTrackTime
* Api endpoint for searching teams.
Signed-off-by: dasv <david.svantesson@qrtech.se>
* Move API to /orgs/:org/teams/search
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Regenerate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix search is Get
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test for search team API.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update routers/api/v1/org/team.go
grammar
Co-Authored-By: Richard Mahn <richmahn@users.noreply.github.com>
* Fix review comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix some issues in repo collaboration team search, after changes in this PR.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Remove teamUser which is not used and replace with actual user id.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Remove unused search variable UserIsAdmin.
* Add paging to team search.
* Re-genereate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix review comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* fix
* Regenerate swagger
* Use correct index when fetching commit status
Signed-off-by: Elias Norberg <elias@aisle.se>
* Compare against base repo to avoid mismatch when merging from fork
Signed-off-by: Elias Norberg <elias@aisle.se>
* extract actions on new pull request from models to pulls service
* improve code
* move code.gitea.io/gitea/modules/pull to code.gitea.io/gitea/services/pull
* fix fmt
* Rename pulls.go to pull.go
* Always return local url for users avatar
Avoids having to wait for DNS lookups when libravatar is activated
fixing #6046
* Avoid double slash in avatar link
* Move avatar route to the correct place
* Test more reserved usernames
* Add more reserved usernames, sort them
* Reserve "attachments" username (is a used route)
* It's "avatars" being reserved, not "avatar"
* move all mail related codes from models to modules/mailer
* fix lint
* use DBContext instead Engine
* use WithContext not WithEngine
* Use DBContext instead of Engine
* don't use defer when sess.Close()
* move DBContext to context.go and add some methods
* move mailer from modules/ to services
* fix lint
* fix tests
* fix fmt
* add gitea copyright
* fix tests
* don't expose db functions
* make code clear
* add DefaultDBContext
* fix build
* fix bug
* Add teams to repo on collaboration page.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add option for repository admins to change teams access to repo.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add comment for functions
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make RepoAdminChangeTeamAccess default false in xorm and make it default checked in template instead.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make proper language strings and fix error redirection.
* Add unit tests for adding and deleting team from repository.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add database migration
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix redirect
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix locale string mismatch.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Move team access mode text logic to template.
* Move collaborator access mode text logic to template.
* delete attachments from the database and file system
* add migration
* fix import statements
* fix package name
* remove conditional should in case the confi has been changed and the server restarted
* simplify deletion of attachments in DB
* fix CI build
* fix review
* add copyright in the proper place
* fix review
* Update ref comment
* Generate comment on simple ref
* Make fmt + remove unneeded repo load
* Add TODO comments
* Add ref-check in issue creation; re-arrange template
* Make unit tests pass; rearrange code
* Make fmt
* Filter out xref comment if user can't see the referencing issue
* Add TODOs
* Add cross reference
* Rearrange code; add cross-repository references
* Striketrhough obsolete references
* Remove unnecesary TODO
* Add "not supported" note
* Support for edits and deletes, and issue title
* Revert changes to go.mod
* Fix fmt
* Add support for xref from API
* Add first integration test
* Add integration tests
* Correct formatting
* Fix add comment test
* Add migration
* Remove outdated comments; fix typo
* Some code refactoring and rearranging
* Rename findCrossReferences to createCrossReferences
* Delete xrefs when repository is deleted
* Corrections as suggested by @lafriks
* Prepare for merge
* Fix log for errors
* refuse merge until ci successfully
* deny merge request when required status checkes not succeed on merge Post and API
* add database migration for added columns on protected_branch
* fix migration
* fix protected branch check bug
* fix protected branch settings
* remove duplicated code on check pull request's required commit statuses pass
* remove unused codes
* fix migration
* add newline for template file
* fix go mod
* rename function name and some other fixes
* fix template
* fix bug pull view
* remove go1.12 wrong dependencies
* add administrator bypass when protected branch status check enabled
* fix bug
* improve the codes
The current webhook just shows the amount of commits, but misses the actual commit description. While the code is actually there to include the description, it is just not included.
Signed-off-by: Bjoern Petri <bjoern.petri@sundevil.de>
* move create release from models to a standalone package
* fix lint
* fix comment year
* fix lint
* fix lint
* fix package import name
* fix vendor
* fix go mod
* some refactors
* fix vendor
* use go1.12 make vendor
* fix vendor
* migrate gplus to google oauth2 provider. this still provides support for old gplus connections.
* Update models/oauth2.go
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* make vendor
* Restrict repository indexing by file extension
* Use REPO_EXTENSIONS_LIST_INCLUDE instead of REPO_EXTENSIONS_LIST_EXCLUDE and have a more flexible extension pattern
* Corrected to pass lint gosimple
* Add wildcard support to REPO_INDEXER_EXTENSIONS
* This reverts commit 72a650c8e42f4abf59d5df7cd5dc27b451494cc6.
* Add wildcard support to REPO_INDEXER_EXTENSIONS (no make vendor)
* Simplify isIndexable() for better clarity
* Add gobwas/glob to vendors
* manually set appengine new release
* Implement better REPO_INDEXER_INCLUDE and REPO_INDEXER_EXCLUDE
* Add unit and integration tests
* Update app.ini.sample and reword config-cheat-sheet
* Add doc page and correct app.ini.sample
* Some polish on the doc
* Simplify code as suggested by @lafriks
* Add optional label sets on repo creation
* Fix CRLF
* Instead of hardcoding default, make it the helper
* Move label set init out of repo init
Add a new error for the router
Combine router label init with repo creation label init
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Add issue labels to Swagger for repo creation
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Update models/issue_label.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Update models/issue_label.go
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
* feat: highlight issue references with :
e.g. #1287: my commit msg
e.g. ABC-1234: my commit msg
* ref: update model regex to consistent with issueNumericPattern
* test: check highlight issue with : in commits messages
* Create API endpoints for repo topics.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Generate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add documentation to functions
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Grammar fix
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix function comment
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Can't use FindTopics when looking for a single repo topic, as it doesnt use exact match
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add PUT /repos/{owner}/{repo}/topics and remove GET /repos/{owner}/{repo}/topics
* Ignore if topic is sent twice in same request, refactoring.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix topic dropdown with api changes.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Style fix
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update API documentation
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Better way to handle duplicate topics in slice
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make response element TopicName an array of strings, instead of using an array of TopicName
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test cases for API Repo Topics.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix format of tests
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix unit tests after adding some more topics to the test fixture.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update models/topic.go
Limit multiple if else if ...
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Engine as first parameter in function
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Replace magic numbers with http status code constants.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix variable scope
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Test one read with login and one with token
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add some more tests
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Apply suggestions from code review
Use empty struct for efficiency
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add test case to check access for user with write access
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix access, repo admin required to change topics
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Correct first test to be without token
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Any repo reader should be able to access topics.
* No need for string pointer
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add Backend Logic for Toggling Email Notification
This commit adds the backend logic for
allowing users to enable or disable email
notifications. The implementation ensures
that only issue notification emails get disabled
and important emails are still sent regardless
of the setting.
The UI to toggle this setting has not yet been
implemented.
* Add UI and complete user email notification enable
This commit completes the functionality to allow
users to disable their own email notifications.
Signed-off-by: Gary Kim <gary@garykim.dev>
* Add Third Option for Only Email on Mention
Signed-off-by: Gary Kim <gary@garykim.dev>
* Readd NOT NULL to new preference string
Signed-off-by: Gary Kim <gary@garykim.dev>
* Add Tests and Rewrite Comment
Signed-off-by: Gary Kim <gary@garykim.dev>
* Allow admin to set default email frequency
Signed-off-by: Gary Kim <gary@garykim.dev>
* Add new config option to docs
Signed-off-by: Gary Kim <gary@garykim.dev>
* Fix a few mistakes
Signed-off-by: Gary Kim <gary@garykim.dev>
* Only update required columns
Signed-off-by: Gary Kim <gary@garykim.dev>
* Simplify an error check
Signed-off-by: Gary Kim <gary@garykim.dev>
* Make email_notification_preference column in DB be VARCHAR(20)
Signed-off-by: Gary Kim <gary@garykim.dev>
* Handle errors
Signed-off-by: Gary Kim <gary@garykim.dev>
* Update models/migrations/v93.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add description in repository search.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Refactor SearchRepositoryByName with a general function SearchRepository
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Allow to specify if description shall be included in API repo search.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add new app.ini setting for whether to search within repo description.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Search keyword in description (if setting enabled) on:
- Explore page
- Organization profile page
- User profile page
- Admin repo page
Do not search keyword in description on:
- Any non-keyword search (not relevant)
- Incremental search (uses API)
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Put parameters related to keyword directly after it
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test cases for including (and not including) repository description in search.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Rename test function from TestSearchRepositoryByName to TestSearchRepository.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make setting SEARCH_REPO_DESCRIPTION default to true
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add support for DEFAULT_ORG_MEMBER_VISIBLE
* Correct formatting
* Improved description in cheat sheet.
* Add test for DefaultOrgMemberVisible
* Remove dead code
* display ui time with customize time location
* fix lint
* rename UILocation to DefaultUILocation
* move time related functions to modules/timeutil
* fix tests
* fix tests
* fix build
* fix swagger
* Convert files to utf-8 for indexing
* Move utf8 functions to modules/base
* Bump repoIndexerLatestVersion to 3
* Add tests for base/encoding.go
* Changes to pass gosimple
* Move UTF8 funcs into new modules/charset package
* Check commit message hashes before making links
Previously, when formatting commit messages, anything
that looked like SHA1 hashes was turned into a link
using regex. This meant that certain phrases or numbers
such as `777777` or `deadbeef` could be recognized as a commit
even if the repository has no commit with those hashes.
This change will make it so that anything that looks
like a SHA1 hash using regex will then also be checked
to ensure that there is a commit in the repository
with that hash before making a link.
Signed-off-by: Gary Kim <gary@garykim.dev>
* Use gogit to check if commit exists
This commit modifies the commit hash check
in the render for commit messages to use
gogit for better performance.
Signed-off-by: Gary Kim <gary@garykim.dev>
* Make code cleaner
Signed-off-by: Gary Kim <gary@garykim.dev>
* Use rev-parse to check if commit exists
Signed-off-by: Gary Kim <gary@garykim.dev>
* Add and modify tests for checking hashes in html link rendering
Signed-off-by: Gary Kim <gary@garykim.dev>
* Return error in sha1CurrentPatternProcessor
Co-Authored-By: mrsdizzie <info@mrsdizzie.com>
* Import Gitea log module
Signed-off-by: Gary Kim <gary@garykim.dev>
* Revert "Return error in sha1CurrentPatternProcessor"
This reverts commit 28f561cac46ef7e51aa26aefcbe9aca4671366a6.
Signed-off-by: Gary Kim <gary@garykim.dev>
* Add debug logging to sha1CurrentPatternProcessor
This will log errors by the git command run in
sha1CurrentPatternProcessor if the error is one
that was unexpected.
Signed-off-by: Gary Kim <gary@garykim.dev>
* Add migration step to remove old repo_indexer_status orphaned records
* Include RepoIndexerStatus struct definition in the migrate function
* Change .Delete(o) into ID(o.ID).Delete(new(RepoIndexerStatus))
* Simplification of the delete procedure
* Rename v91.go to v92.go
* Fix dropTableColumns sqlite implementation
* use droptables and its index dropping support in v78 and v85
* golang-ci fixes
* Add migration from gitea 1.3.3 for sqlite which reveals the droptables bug - thus showing this works
* org/members: display 2FA state
* fix comment typo
* lay down UserList bases
* add basic test for previous methods
* add comment for UserList type
* add valid two-fa account
* test new UserList methods
* optimize MembersIsPublic by side loading info on GetMembers + fix integrations tests
* respect fmt rules
* use map for data
* Optimize GetTwoFaStatus
* rewrite by using existing sub func
* Optimize IsUserOrgOwner
* remove un-used code
* tests: cover empty org + fix import order
* tests: add ErrTeamNotExist path
* tests: fix wrong expected result
when you use gitea as OAuth2 provider, the /api/v1/user should return
user primary email as identifier, which is unique in OAuth2 clients.
this patch use convert.ToUser replace all u.APIFormat in api requests,
return primary email when caller is yourself or admin.
* Strip newlines from SSH keys before adding them
Fixes: https://github.com/go-gitea/gitea/issues/7500
* add test for CheckPublicKeyString
* add one more test
* simplify test
* further simplify
* make fmt
* Include thread related headers in issue/coment mail
Make it so mail programs will group comments from an issue into the same
thread by setting Message-ID on initial issue and then using In-Reply-To
and References headers to reference that later on.
* Add tests
* more tests
* fix typo
The update call on the user call races if there is more than one
repository creation concurrently, leading to incorrect count of
repos. Split things in two, so that we call the update for last
visibility (which isn't problematic if it races, since it can only
ever be best-effort anyway). This way we can atomically increment
the count of repos.
* only return head: null if source branch was deleted
* add URL into GetPullRequest
* TestPullRequest_APIFormat
* log error if it is not Err(Branch)NotExist
* Store original author info for migrated issues and comments
Keep original author name for displaying in Gitea interface and also
store original author user ID for potential future use in linking
accounts from old location.
* Add original_url for repo
Store the original URL for a migrated repo
Clean up migrations/tests
* fix migration
* fix golangci-lint
* make 'make revive' happy also
* Modify templates to use OriginalAuthor if set
Use the original author name in templates if it is set rather than the
user who migrated/currently owns the issues
* formatting fixes
* make generate-swagger
* Use default avatar for imported comments
* Remove no longer used IgnoreIssueAuthor option
* Add OriginalAuthorID to swagger also
* Fix#6946 by checking PullRequest ID on pushing
* Ensure we have the owner name, the pr attributes and the the issue
* Fix TestSearchRepo by waiting till indexing is done
* Update integrations/repo_search_test.go
* changes as per @mrsdizzie
* missing comma
* Spelling mistake
* Fix full pushing environment
* Show Pull Request button or status of latest PR in branch list
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Do not show pull request button on deleted branches
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Do not show commit divergence on deleted branches
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Use XORMs Get instead of limit
* Links pull request ID and use smaller labels for displaying the pull request status
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Handle error when getting latest pull request
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Indent template
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Check error when loading issue
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* fix extra newlines when copying from diff
See https://bugzilla.mozilla.org/show_bug.cgi?id=1273836
Basically, the <pre><code> seems to add a forced newline that is not
possible to get rid of via CSS, so I replaced it with just a <code>.
Secondly, .lines-type-marker also forced a newline in the copied text,
but that was possible to get rid of via user-select.
Safari still has a extraneous newline in the copied text of unknown
origin, but this should not block stop this PR.
* simplify .line-type-marker
* fix selector
* remove erronous ^^^
* Fix empty split diff
* Fix arc-theme-green
* fix add comment
* ensure line-num is copied too
* Update templates/repo/diff/box.tmpl
Co-Authored-By: zeripath <art27@cantab.net>
* attempt to fix safari via removing <code>
* remove useless whitespace at the end of 'class'
* remove inter-tag whitespace for code <td>s
* more inter-tag removal
* final inter-tag removal
* attempt to fix empty line copy
* move and comment getLineContent
* fix golint
* make background grey for missing added code
* Make diff line-marker non-selectable
* Move to use data-* as per @mrsdizzie
* fix missing line nums
* Add a minimum-width to force right-align of the line num
* Move line-type-marker into separate column
On merge we walk the merge history and ensure that all lfs objects pointed to in
the history are added to the base repository. This switches from relying on having git-lfs installed on the server, (and in fact .gitattributes being correctly installed.)
* Use go method to calculate key fingerprint
* add gitea copyright
* use native go method only for built-in server
* refactor and add tests
* add gitea copyright
* Fixes#2738 - /git/tags API
* proper URLs
* Adds function comments
* Updates swagger
* Removes newline from tag message
* Removes trailing newline from commit message
* Adds integration test
* Removed debugging
* Adds tests
* Fixes bug where multiple tags of same commit show wrong tag name
* Fix formatting
* Removes unused varaible
* Fix to annotated tag function names and response
* Update modules/git/repo_tag.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Uses TagPrefix
* Changes per review, better error handling for getting tag and commit IDs
* Fix to getting commit ID
* Fix to getting commit ID
* Fix to getting commit ID
* Fix to getting commit ID
* Supports tags when comparing commits or branches
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Hide headline when only comparing and don't load unused data
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Merges compare logics to allow comparing branches, commits and tags with eachother
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Display branch or tag instead of commit when used for comparing
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Show pull request form after click on button
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Transfers relevant pull.go changes from master to compare.go
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Fixes error when comparing forks against a commit or tag
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Removes console.log from JavaScript file
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Show icon next to commit reference when comparing branch or tag
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Updates css file
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Fixes import order
* Renames template variable
* Update routers/repo/compare.go
Co-Authored-By: zeripath <art27@cantab.net>
* Update from master
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Allow short-shas in compare
* Renames prInfo to compareInfo
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Check PR permissions only if compare is pull request
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Adjusts comment
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Use compareInfo instead of prInfo
* Only show repository avatar in list when one was selected
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Adds fallback configuration option for repository avatar
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Implements repository avatar fallback
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Adds admin task for deleting generated repository avatars
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Solve linting issues
Signed-off-by: Mario Lubenka <mario.lubenka@googlemail.com>
* Save avatar before updating database
* Linting
* Update models/repo.go
Co-Authored-By: zeripath <art27@cantab.net>
* Move hook functionality internally
* Internalise serv logic
* Remove old internal paths
* finally remove the gitlogger
* Disallow push on archived repositories
* fix lint error
* Update modules/private/key.go
* Update routers/private/hook.go
* Update routers/private/hook.go
* Update routers/private/hook.go
* Updated routers/private/serv.go
* Fix LFS Locks over SSH
* rev-list needs to be run by the hook process
* fixup
* Improve git test
* Ensure that the lfs files are created with a different prefix
* Reduce the replication in git_test.go
* slight refactor
* Remove unnecessary "/"
* Restore ensureAnonymousClone
* Restore ensureAnonymousClone
* Run rev-list on server side
* Try passing in the alternative directories instead
* Mark test as skipped
* Improve git test
* Ensure that the lfs files are created with a different prefix
* Reduce the replication in git_test.go
* Remove unnecessary "/"
* Feature - #5960 - API Endpoint for Repo Editing
* Revert from merge
* Adds integration testing
* Updates to integration tests
* Revert changes
* Update year in file header
* Misspell fix
* XORM = test
* XORM = test
* revert XORM = file
* Makes RepoUnit.ID be pk and autoincr
* Fix to units
* revert header
* Remove print statement
* Adds other responses
* Improves swagger for creating repo
* Fixes import order
* Better Unit Type does not exist error
* Adds editable repo properties to the response repo structure
* Fix to api_repo_edit_test.go
* Fixes repo test
* Changes per review
* Fixes typo and standardizes comments in the EditRepoOption struct for swagger
* Fixes typo and standardizes comments in the EditRepoOption struct for swagger
* Actually can unarchive through the API
* Unlike delete, user doesn't have to be the owner of the org, just admin to the repo
* Fix to swagger comments for field name change
* Update to swagger docs
* Update swagger
* Changes allow_pull_requests to has_pull_requests
* Repository avatars
- first variant of code from old work for gogs
- add migration 87
- add new option in app.ini
- add en-US locale string
- add new class in repository.less
* Add changed index.css, remove unused template name
* Update en-us doc about configuration options
* Add comments to new functions, add new option to docker app.ini
* Add comment for lint
* Remove variable, not needed
* Fix formatting
* Update swagger api template
* Check if avatar exists
* Fix avatar link/path checks
* Typo
* TEXT column can't have a default value
* Fixes:
- remove old avatar file on upload
- use ID in name of avatar file - users may upload same files
- add simple tests
* Fix fmt check
* Generate PNG instead of "static" GIF
* More informative comment
* Fix error message
* Update avatar upload checks:
- add file size check
- add new option
- update config docs
- add new string to en-us locale
* Fixes:
- use FileHEader field for check file size
- add new test - upload big image
* Fix formatting
* Update comments
* Update log message
* Removed wrong style - not needed
* Use Sync2 to migrate
* Update repos list view
- bigger avatar
- fix html blocks alignment
* A little adjust avatar size
* Use small icons for explore/repo list
* Use new cool avatar preparation func by @lafriks
* Missing changes for new function
* Remove unused import, move imports
* Missed new option definition in app.ini
Add file size check in user/profile avatar upload
* Use smaller field length for Avatar
* Use session to update repo DB data, update DeleteAvatar - use session too
* Fix err variable definition
* As suggested @lafriks - return as soon as possible, code readability
Handle case where an orginization is private but a user who is not a
member of the orgninization has been added as a collaborator of a repo
within that org
Fixes#6962
* Add options to git.Clone to make it more capable
* Begin the process of removing the local copy and tidy up
* Remove Wiki LocalCopy Checkouts
* Remove the last LocalRepo helpers
* Remove WithTemporaryFile
* Enable push-hooks for these routes
* Ensure tests cope with hooks
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove Repository.LocalCopyPath()
* Move temporary repo to use the standard temporary path
* Fix the tests
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove LocalWikiPath
* Fix missing remove
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use AppURL for Oauth user link (#6894)
* Use AppURL for Oauth user link
Fix#6843
* Update oauth.go
* Update oauth.go
* internal/ssh: ignore env command totally (#6825)
* ssh: ignore env command totally
* Remove commented code
Needed fix described in issue #6889
* Escape the commit message on issues update and title in telegram hook (#6901)
* update sdk to latest (#6903)
* improve description of branch protection (fix#6886) (#6906)
The branch protection description text were not quite accurate.
* Fix logging documentation (#6904)
* ENABLE_MACARON_REDIRECT should be REDIRECT_MACARON_LOG
* Allow DISABLE_ROUTER_LOG to be set in the [log] section
* [skip ci] Updated translations via Crowdin
* Move sdk structs to modules/structs (#6905)
* move sdk structs to moduels/structs
* fix tests
* fix fmt
* fix swagger
* fix vendor
Adds a new key DEFAULT_SHOW_FULL_NAME (default false) to the [ui] section.
If enabled the full name will be shown (unless it's empty, then
the default username will be used)
* Add GET requests to webhook
* make fmt
* Handle invalid http method on webhook
* Uppercase http method in webhook
* Rename v85.go to v86.go
* make fmt
* Improve issue reference on commit
Allow commits to properly reference issues in other repositories and also to
close/reopen those issues if user has code permission. Should match
Github behavior described here: https://help.github.com/en/articles/closing-issues-using-keywords
Fixes 6664
* Fix missing return
* Match user/repo directly in regex
* fix org visibility bug
* fix permission check
* add integration tests
* fix tests
* change test user name for easier maintainance and fix test
* fix test git repo name
* Add log.ColorFormat and log.ColorFormatted
Structs can now implement log.ColorFormatted to provide their own
colored format when logged with `%-v` or additional flags.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add basic ColorFormat to repository and user
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add basic ColorFormat to access and unit
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add ColorFormat to permission and on trace log it
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add log.NewColoredIDValue to make ID value coloring consistent
Signed-off-by: Andrew Thornton <art27@cantab.net>
* formatting changes
* Add some better tracing to permission denied for read issues/pulls
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Trace logging on permission denied
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove isTrace() check from deferred func
* Adjust repo and allow logging of team
* use FormatInt instead of Itoa
* Add blank line
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update access.go
* Use go-git for tree reading and commit info lookup.
Signed-off-by: Filip Navara <navara@emclient.com>
* Use TreeEntry.IsRegular() instead of ObjectType that was removed.
Signed-off-by: Filip Navara <navara@emclient.com>
* Use the treePath to optimize commit info search.
Signed-off-by: Filip Navara <navara@emclient.com>
* Extract the latest commit at treePath along with the other commits.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix listing commit info for a directory that was created in one commit and never modified after.
Signed-off-by: Filip Navara <navara@emclient.com>
* Avoid nearly all external 'git' invocations when doing directory listing (.editorconfig code path is still hit).
Signed-off-by: Filip Navara <navara@emclient.com>
* Use go-git for reading blobs.
Signed-off-by: Filip Navara <navara@emclient.com>
* Make SHA1 type alias for plumbing.Hash in go-git.
Signed-off-by: Filip Navara <navara@emclient.com>
* Make Signature type alias for object.Signature in go-git.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix GetCommitsInfo for repository with only one commit.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix PGP signature verification.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix issues with walking commit graph across merges.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix typo in condition.
Signed-off-by: Filip Navara <navara@emclient.com>
* Speed up loading branch list by keeping the repository reference (and thus all the loaded packfile indexes).
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix lising submodules.
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix build
Signed-off-by: Filip Navara <navara@emclient.com>
* Add back commit cache because of name-rev
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix tests
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix code style
* Fix spelling
* Address PR feedback
Signed-off-by: Filip Navara <navara@emclient.com>
* Update vendor module list
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix getting trees by commit id
Signed-off-by: Filip Navara <navara@emclient.com>
* Fix remaining unit test failures
* Fix GetTreeBySHA
* Avoid running `git name-rev` if not necessary
Signed-off-by: Filip Navara <navara@emclient.com>
* Move Branch code to git module
* Clean up GPG signature verification and fix it for tagged commits
* Address PR feedback (import formatting, copyright headers)
* Make blob lookup by SHA working
* Update tests to use public API
* Allow getting content from any type of object through the blob interface
* Change test to actually expect the object content that is in the GIT repository
* Change one more test to actually expect the object content that is in the GIT repository
* Add comments
* Add oauth2 grants ui
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add delete functionality
Add translations
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix unit tests
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix unit tests
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Refactor DeleteOAuth2Grant
Use results.Close()
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Refactor DeleteOAuth2Grant (again)
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Check if user ID is zero
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Check if grant ID is zero
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add API for manipulating Git hooks
Signed-off-by: Segev Finer <segev@codeocean.com>
* Replace code.gitea.io/sdk with PR branch temporarily for CI
* Switch back to code.gitea.io/sdk@master
* Return 403 instead of 404 on no permission to edit hooks in API
* Add tests for Git hooks API
* Update models/repo_list_test.go
Co-Authored-By: segevfiner <segev208@gmail.com>
* Update models/repo_list_test.go
Co-Authored-By: segevfiner <segev208@gmail.com>
* empty line
* Improve issue autolinks
Update autolinks to match what github does here:
Issue in same repo: #1
Issue in different repo: org/repo#1Fixes#6264
* Use setting.AppURL when parsing URL
Using setting.AppURL here is a more reliable way of parsing the current
URL and what other functions in this file seem to use.
* Make ComposeMetas always return a valid context
* Add per repository markdown renderers for better context
* Update for use of context metas
Now that we include the user and repo name inside context metas, update
various code and tests for this new logic
* Support searching commits with prefix syntax
For now, support auther: committer:
When more than one prefix is supplied is presented, the result is the union.
When different prefixes are supplied, the result is the intersection.
For example,
"author:alice author:bob"
=> the result is all commits authored by Alice OR Bob
"hello committer:alice"
=> the result is all commits committed by Alice AND has the keyword
'hello' in the message.
Note that there should NOT have any space after the colon(:) of the prefix.
For example,
"author:bill" => correct
"author: bill" => wrong
* Remove unneeded logging
* Add missing files of test repository
* Add missing repo_unit entries to test fixtures
* Update test cases
* Add tooltip for commits search button
* Update tooltip text
I have no idea about how to format it with line breaks.
* Make the usage example more real
* Add a test case
* Add new options struct for SearchCommits
* Prefer len(s) > 0 over s != ""
* Add NewSearchCommitsOptions
* Make distinction between DisplayName and Username in email templates
Store the actual username in the variable named Username and store the
separate DisplayName in another variable. This allows us to access the
actual username when we need, which currently fails if a user has set a
full name.
Fixes#6161
* Use u.Name directly
No need for extra function, also change use in all mail sending
functions here
* Don't include Username when not used
* Panic don't fatal on create new logger
Fixes#5854
Signed-off-by: Andrew Thornton <art27@cantab.net>
* partial broken
* Update the logging infrastrcture
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Reset the skip levels for Fatal and Error
Signed-off-by: Andrew Thornton <art27@cantab.net>
* broken ncsa
* More log.Error fixes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove nal
* set log-levels to lowercase
* Make console_test test all levels
* switch to lowercased levels
* OK now working
* Fix vetting issues
* Fix lint
* Fix tests
* change default logging to match current gitea
* Improve log testing
Signed-off-by: Andrew Thornton <art27@cantab.net>
* reset error skip levels to 0
* Update documentation and access logger configuration
* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE
* Fix broken level caching
* Refactor the router log
* Add Router logger
* Add colorizing options
* Adjust router colors
* Only create logger if they will be used
* update app.ini.sample
* rename Attribute ColorAttribute
* Change from white to green for function
* Set fatal/error levels
* Restore initial trace logger
* Fix Trace arguments in modules/auth/auth.go
* Properly handle XORMLogger
* Improve admin/config page
* fix fmt
* Add auto-compression of old logs
* Update error log levels
* Remove the unnecessary skip argument from Error, Fatal and Critical
* Add stacktrace support
* Fix tests
* Remove x/sync from vendors?
* Add stderr option to console logger
* Use filepath.ToSlash to protect against Windows in tests
* Remove prefixed underscores from names in colors.go
* Remove not implemented database logger
This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.
* Ensure that log paths are relative to ROOT_PATH
* use path.Join
* rename jsonConfig to logConfig
* Rename "config" to "jsonConfig" to make it clearer
* Requested changes
* Requested changes: XormLogger
* Try to color the windows terminal
If successful default to colorizing the console logs
* fixup
* Colorize initially too
* update vendor
* Colorize logs on default and remove if this is not a colorizing logger
* Fix documentation
* fix test
* Use go-isatty to detect if on windows we are on msys or cygwin
* Fix spelling mistake
* Add missing vendors
* More changes
* Rationalise the ANSI writer protection
* Adjust colors on advice from @0x5c
* Make Flags a comma separated list
* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING
* Ensure matching is done on the non-colored message - to simpify EXPRESSION
* Make Ghost not link to 404 page
* Make correct localization label show
* Create and use GetLastEventLabelFake for when a Ghost user has made the action, thus not linking to a user profile
* Add corresponding _fake entries to locale_en-US
* Make Ghost avatar not link to 404 page
* Make Ghost on milestone_issues not link to 404 page
Partially implement #770.
Add "Default Webhooks" page in site admin UI.
Persist to the existing webhooks table, but store with RepoID=0 and OrgID=0.
Upon repo creation, copy the set of default webhooks into the new repo.
* Use PathUnescape instead of QueryUnescape when working with branch names
Currently branch names with a '+' fail in certain situations because
QueryUnescape replaces the + character with a blank space.
Using PathUnescape should be better since it is defined as:
// PathUnescape is identical to QueryUnescape except that it does not
// unescape '+' to ' ' (space).
Fixes#6333
* Change error to match new function name
* Add new util function PathEscapeSegments
This function simply runs PathEscape on each segment of a path without
touching the forward slash itself. We want to use this instead of
PathEscape/QueryEscape in most cases because a forward slash is a valid name for a
branch etc... and we don't want that escaped in a URL.
Putting this in new file url.go and also moving a couple similar
functions into that file as well.
* Use EscapePathSegments where appropriate
Replace various uses of EscapePath/EscapeQuery with new
EscapePathSegments. Also remove uncessary uses of various
escape/unescape functions when the text had already been escaped or was
not escaped.
* Reformat comment to make drone build happy
* Remove no longer used url library
* Requested code changes
* Fix ParsePatch to work properly with quoted diff --git string
Currently ParsePatch fails when a diff contains a quoted diff line like:
diff --git "a/file" "b/file"
This patch makes it properly parse the line when that happens.
Fixes#6309
* Add test for regular case while here
* Simplify string modification
In #6211, we started creating repo_redirects for ownership transfers,
however that opens an edge case where a user might perform the
following sequence:
rename org1/repo1 -> org1/repo2 (creates org1/repo1 redirect)
transfer org2/repo1 -> org1/repo1 (org1/repo1 redirect continues to exist)
rename org1/repo1 -> org1/repo3 (fails due to existing org1/repo1 redirect)
This change ensures that each time we rename or transfer a repo,
we delete any existing redirects at the target location. This
already happens when a new repo is created. By doing this we ensure
that we'll never have both a repo and a redirect at the same location.
Signed-off-by: James E. Blair <jeblair@redhat.com>
* Show email if the authenticated user owns the profile page being
requested for.
Also removed `setting.UI.ShowUserEmail` as it's documentation says it
only controls the email setting on the explore page
* fix current user check... This prevents a panic as a user must be signed in before ctx.User is called
* fix panic in tests
* try to fix tests
* Update year
* Test CI fail
* Revert change
* User 3 is not allowed to authorize
* Set user2 email to be private
* Change to user4 in explore page as user2 now has private email option set
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFile
* Use git plumbing for upload: #5621 repo_editor.go: GetDiffPreview
* Use git plumbing for upload: #5621 repo_editor.go: DeleteRepoFile
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFiles
* Move branch checkout functions out of repo_editor.go as they are no longer used there
* BUGFIX: The default permissions should be 100644
This is a change from the previous code but is more in keeping
with the default behaviour of git.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Standardise cleanUploadFilename to more closely match git
See verify_path in: 7f4e641693/read-cache.c (L951)
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Redirect on bad paths
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor to move the uploading functions out to a module
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add LFS support
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update upload.go attribution header
Upload.go is essentially the remnants of repo_editor.go. The remaining code is essentially unchanged from the Gogs code, hence the Gogs attribution.
* Delete upload files after session committed
* Ensure that GIT_AUTHOR_NAME etc. are valid for git
see #5774
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add in test cases per @lafriks comment
* Add space between gitea and github imports
Signed-off-by: Andrew Thornton <art27@cantab.net>
* more examples in TestCleanUploadName
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix formatting
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Set the SSH_ORIGINAL_COMMAND to ensure hooks are run
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Switch off SSH_ORIGINAL_COMMAND
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixes#5957
* add tests to make sure config option is respected
* use already defined struct
* - use migration to make the flag repo wide not for the entire gitea instance
Also note that the config value can still be set so as to be able to control the value for new repositories that are to be created
- fix copy/paste error in copyright header year and rearrange import
- use repo config instead of server config value to determine if a commit should close an issue
- update testsuite
* use global config only when creating a new repository
* allow repo admin toggle feature via UI
* fix typo and improve testcase
* fix fixtures
* add DEFAULT prefix to config value
* fix test
* Fix serving of raw wiki files other than .md
Closes#4690.
Closes#4395.
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Simplify code at routers/repo/wiki.go
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add more files to user2/repo1.wiki for testing
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Update macaron to v1.3.2
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add tests for WikiRaw
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Fix NewResponseWriter usage due to macaron update
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Add raw to reserved wiki names
Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
* Don't display buttons if there are no notices
* clear stopwatch on merging a PR
* remove redundant gt check
* use ctx.Flash as per @bkcsoft comment
* stop timer on closing issues/PRs too
* updated translation as per review
* redirect to login page after successfully activating account
* remove unrelated changes
* stop timer for issues that are closed via commits too..Not just the 'close' UI button
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.
We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:
- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.
Fix#1357
Previous code could potentially dereference nil - this PR ensures
that the poster is loaded before dereferencing it.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Add a new config option to enable / disable the automatic watching of
repos for new repositories and if a user is added to a team.
Fixes#653
Signed-off-by: Sebastian Sauer <sauer.sebastian@gmail.com>
* Ensure valid git author names passed in signatures
Fix#5772 - Git author names are not allowed to include `\n` `<` or `>` and
must not be empty. Ensure that the name passed in a signature is valid.
* Account for pathologically named external users
LDAP and the like usernames are not checked in the same way that users who signup are.
Therefore just ensure that user names are also git safe and if totally pathological -
Set them to "user-$UID"
* Add Tests and adjust test users
Make our testcases a little more pathological so that we be sure that integration
tests have a chance to spot these cases.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Optimize pulls merging
By utilizing `git clone -s --no-checkout` rather than cloning the whole
repo.
* Use sparse-checkout to speedup pulls merge
* Use bytes.Buffer instead of strings.Builder for backward compatibility
* Fix empty diff-tree output for repos with only the initial commit
* Fix missing argument for the format string
* Rework diff-tree-list generation
* Remove logging code
* File list for sparse-checkout must be prefix with /
Otherwise, they would match all files with the same name under
subdirectories.
* Update onto the rebased head
* Use referecen repo to avoid fetching objects
* Pooled and buffered gzip implementation
* Add test for gzip
* Add integration test
* Ensure lfs check within transaction
The previous code made it possible for a race condition to occur whereby a LFSMetaObject could be checked into the database twice. We should check if the LFSMetaObject is within the database and insert it if not in one transaction.
* Try to avoid primary key problem in postgres
The integration tests are being affected by
https://github.com/go-testfixtures/testfixtures/issues/39 if we set the
primary key high enough, keep a count of this and remove at the end of
each test we shouldn't be affected by this.
Unfortunately the last fix didn't completely fix the migration to v79 of the db
due to bug with schema locking during Sync2. This should fix this issue.
Fix#5759
Signed-off-by: Andrew Thornton <art27@cantab.net>
* api: Add an endpoint to list a particular member of team.
* models: Rename `GetUserTeams()` to `GetUserOrgTeams()` in `org_team` model.
`GetUserTeams()` sounds a bit misnomer since it actually returns
the teams that user belongs to in a given organization rather than
all the teams across all the organization that the user has joined.
* models: Add `GetUserTeams()`.
Returns all the teams that a user belongs to.
* api: Add an endpoint for GET '/user/teams'.
A GET request to this endpoint lists all the teams that a user
belongs to.
* Fixed deadlock in CreateComment
* Fix possible deadlock in UpdateIssueDeadline from createDeadlineComment
* Ensure that calls to IsTimeTracker enabled are called within session
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure that calls to reactionList are also called within session
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure all calls in NewPullRequest with the session are called within the session
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Deal with potential deadlocks in repo
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure that isStaring is checked within our transaction
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix mistake in isOrganizationMember
Sorry.
* add migration and basic UI for changing a user's theme
* update user themem
* use right text on button
* load theme based on users' selection
* load theme based on users' selection in pwa too
* update sample config
* delete older theme loading
* implement AfterLoad to set users' theme properly
* set up default theme when creating a user. This uses the installation wide theme
* use flash messages for error
* set default theme when creating a user from the cli
* fix @lunny review
* Fix sqlite deadlock when assigning to a PR
Fix 5639
Signed-off-by: Andrew Thornton <art27@cantab.net>
* More possible deadlocks found and fixed
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Added test environment for m$sql
* Added template for test environment for m$sql
* Fix password
* Fix password (again)
* Fix password (again again)
* Fix db
* Ci trigger (Looking at you drone....)
* Ci trigger (Looking at you drone....)
* Ci trigger (Looking at you drone....)
* Ci trigger (Looking at you drone....)
* Create master database for mssql integration tests
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Create database only if master do not exist
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix mssql integration tests by using custom database "gitea"
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Moved defer
* bump xorm
* updated xorm
* Fixed build
* Add branch protection for approvals
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add required approvals
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add missing comments and fmt
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add type = approval and group by reviewer_id to review
* Prevent users from adding negative review limits
* Add migration for approval whitelists
Signed-off-by: Jonas Franz <info@jonasfranz.software>
MSSQL is using the wrong type here which results in a strconv.ParseInt: parsing "2018-12-07T00:00:00Z": invalid syntax error.
The added datediff(SECOND, '19700101', x) results in the unix timestamp to be returned.
Signed-off-by: Christopher Dziomba <christopher.dziomba@gmail.com>
right now the `closed_at` field for json responses is not filled during
the `APIIssue` creation for api responses.
For a closed issue you get a result like:
```json
"state":"open","comments":0,"created_at":"2018-11-29T16:39:24+01:00",
"updated_at":"2018-11-30T10:49:19+01:00","closed_at":null,
"due_date":null,"pull_request":null}
```
which has no information about the closing date. (which exists in the
db and ui)
with this PR the result changes to this:
```json
:null,"assignee":null,"assignees":null,
"state":"closed",
"comments":0,"created_at":"2018-11-29T16:43:05+01:00",
"updated_at":"2018-12-02T19:17:05+01:00",
"closed_at":"2018-12-02T19:17:05+01:00",
"due_date":null,"pull_request":null}
```
fixes: https://github.com/go-gitea/gitea/issues/5446
Signed-off-by: Roman <romaaan.git@gmail.com>
* add milestone issues and pulls page instead of redirecting issues page
* add milestone when creating issue from milestone page
* refactor to merge similiar codes as a new function issues
* remove milestone info on milestone issues list
* fix missing params
* show only opened milestones on issues page milestone filter
* update Godoc
* update Godoc everywhere
* update swagger
* use false instead of 0
* Add seccond ordering by ID for milestones where no deadline is set
* Remove field from migration to support upgrades from older version
That will ensure the field does not get queried in the Select if it does
not exist yet:
```
[I] [SQL] SELECT "id", "repo_id", "index", "poster_id", "name", "content", "milestone_id", "priority", "assignee_id", "is_closed", "is_pull", "num_comments", "ref", "deadline_unix", "created_unix", "updated_unix
[...itea/routers/init.go:60 GlobalInit()] [E] Failed to initialize ORM engine: migrate: do migrate: pq: column "ref" does not exist
```
see #5318
* Skip remove stale watcher migration if not required
Otherwise the migration will fail if executed from a older database
version without multiple IssueWatch feature.
```
2018/11/11 23:51:14 [I] [SQL] SELECT DISTINCT "issue_watch"."user_id", "issue"."repo_id" FROM "issue_watch" INNER JOIN issue ON issue_watch.issue_id = issue.id WHERE (issue_watch.is_watching = $1) LIMIT 50 []int
[...itea/routers/init.go:60 GlobalInit()] [E] Failed to initialize ORM engine: migrate: do migrate: pq: relation "issue_watch" does not exist
```
see #5318
* Add private information to the deploy keys api
This commit adds more information to the deploy keys to allow for back
reference in to the main keys list. It also adds information about the
repository that the key is referring to.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add private information to the user keys API
This adjusts the keys API to give out private information to user keys if
the current user is the owner or an admin.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add ability to search keys by fingerprint
This commit adds the functionality to search ssh-keys by fingerprint of
the ssh-key. Deploy keys per repository can also be searched. There is
no current clear API point to allow search of all deploy keys by
fingerprint or keyID.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add integration test
* Fix issue where ecdsa and other key types are not synced from LDAP authentication provider fixes#5092
* integrations/auth_ldap_test.go: Add Hermes Conrad new ecdsa-sha2-nistp256 publickey fingerprint
* integrations/auth_ldap_test.go: Use ssh-keygen -lf <filename> -E sha256
* Added basic heatmap data
* Added extra case for sqlite
* Built basic heatmap into user profile
* Get contribution data from api & styling
* Fixed lint & added extra group by statements for all database types
* generated swagger spec
* generated swagger spec
* generated swagger spec
* fixed swagger spec
* fmt
* Added tests
* Added setting to enable/disable user heatmap
* Added locale for loading text
* Removed UseTiDB
* Updated librejs & moment.js
* Fixed import order
* Fixed heatmap in postgresql
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-Authored-By: kolaente <konrad@kola-entertainments.de>
* Added copyright header
* Fixed a bug to show the heatmap for the actual user instead of the currently logged in
* Added integration test for heatmaps
* Added a heatmap on the dashboard
* Fixed timestamp parsing
* Hide heatmap on mobile
* optimized postgresql group by query
* Improved sqlite group by statement
`show` is keyword in MySQL and has to be quoted to reference a column name. Use grave accents (ASCII code 96) for quoting to match rest of the source code. It's non-standard SQL, but it's supported by SQLite and MySQL.
Signed-off-by: Filip Navara <navara@emclient.com>
* add notification interface and refactor UI notifications
* add missing methods on notification interface and notifiy only issue status really changed
* implement NotifyPullRequestReview for ui notification
* Hide outdated comments in file view
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add unit test by adding "invalidated" comment to fixtures
Signed-off-by: Jonas Franz <info@jonasfranz.software>
opening issues generates a webhook to discord that contains
a url to the gitea api. the message title in discord is therefore
referencing to the api instead of the issue itself.
* Code review UI improvements
* More fixes to dark theme
* Style fix
* Fix to allow add code review comments only on review files tab
* More readability dark style fixes
* Fix commenting on deleted files. Fixes#4752
* Fix line blame getting for multiple corner cases
* redirect to login page after successfully activating account
* force users to change password if account was created by an admin
* force users to change password if account was created by an admin
* fixed build
* fixed build
* fix pending issues with translation and wrong routes
* make sure path check is safe
* remove unneccessary newline
* make sure users that don't have to view the form get redirected
* move route to use /settings prefix so as to make sure unauthenticated users can't view the page
* update as per @lafriks review
* add necessary comment
* remove unrelated changes
* support redirecting to location the user actually want to go to before being forced to change his/her password
* run make fmt
* added tests
* improve assertions
* add assertion
* fix copyright year
Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
* Add whitespace handling to PR-comparsion
In a PR we have to keep an eye on a lot of different things. But sometimes the
bare code is the key-thing we want to care about and just don't want to care
about fixed indention on some places. Especially if we follow the pathfinder
rule we face a lot of these situations because these changes don't break the
code in many languages but improve the readability a lot.
So this change introduce a fine graned button to adjust the way how the
reviewer want to see whitespace-changes within the code.
The possibilities reflect the possibilities from git itself except of the
`--ignore-blank-lines` flag because that one is also handled by `-b` and is
really rare.
Signed-off-by: Felix Nehrke <felix@nehrke.info>
* prevent pull request to be merged when PR is a WIP
* add tests
* add helper to prepend WIP: in PR title
* move default wip prefixes into settings
* use configurable WIP prefixes in javascript and default to first one in templates
* add documentation
* add unit test on pull model
Signed-off-by: Julien Tant <julien@craftyx.fr>
* Use integer limit value [1] instead of hard-coded magic constant for
NonexistentID.
* Explicitly use int64 in order to avoid the following errors on 32 bit
architectures:
# code.gitea.io/gitea/integrations
./api_admin_test.go:50:34: constant 9223372036854775807 overflows int
./api_token_test.go:47:34: constant 9223372036854775807 overflows int
[...]
# code.gitea.io/gitea/models
./action_test.go:179:15: constant 9223372036854775807 overflows int
[1] https://golang.org/pkg/math/#pkg-constants
Signed-off-by: Dennis Menschel <menschel-d@posteo.de>
* Initial ui components for pull request review
* Add Review
Add IssueComment types
Signed-off-by: Jonas Franz <info@jonasfranz.software>
(cherry picked from commit 2b4daab)
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Replace ReviewComment with Content
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add load functions
Add ReviewID to findComments
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add create review comment implementation
Add migration for review
Other small changes
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Simplified create and find functions for review
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Moved "Pending" to first position
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add GetCurrentReview to simplify fetching current review
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Preview for listing comments
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Move new comment form to its own file
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Implement Review form
Show Review comments on comment stream
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add support for single comments
Showing buttons in context
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add pending tag to pending review comments
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add unit tests for Review
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fetch all review ids at once
Add unit tests
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* gofmt
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Improved comment rendering in "Files" view by adding Comments to DiffLine
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add support for invalidating comments
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Switched back to code.gitea.io/git
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Moved review migration from v64 to v65
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Rebuild css
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* gofmt
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Improve translations
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix unit tests by updating fixtures and updating outdated test
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Comments will be shown at the right place now
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add support for deleting CodeComments
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix problems caused by files in subdirectories
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add support for showing code comments of reviews in conversation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add support for "Show/Hide outdated"
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update code.gitea.io/git
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add support for new webhooks
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update comparison
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Resolve conflicts
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Minor UI improvements
* update code.gitea.io/git
* Fix ui bug reported by @lunny causing wrong position of add button
Add functionality to "Cancel" button
Add scale effects to add button
Hide "Cancel" button for existing comments
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Prepare solving conflicts
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Show add button only if no comments already exist for the line
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add missing vendor files
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Check if reviewer is nil
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Show forms only to users who are logged in
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Revert "Show forms only to users who are logged in"
This reverts commit c083682
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Save patch in comment
Render patch for code comments
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add link to comment in code
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add reply form to comment list
Show forms only to signed in users
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add 'Reply' as translatable
Add CODE_COMMENT_LINES setting
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* gofmt
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix problems introduced by checking for singed in user
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add v70
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update generated stylesheet
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix preview
Beginn with new review comment patch system
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add new algo to generate diff for line range
Remove old algo used for cutting big diffs (it was very buggy)
* Add documentation and example for CutDiffAroundLine
* Fix example of CutDiffAroundLine
* Fix some comment UI rendering bugs
* Add code comment edit mode
* Send notifications / actions to users until review gets published
Fix diff generation bug
Fix wrong hashtag
* Fix vet errors
* Send notifications also for single comments
* Fix some notification bugs, fix link
* Fix: add comment icon is only shown on code lines
* Add lint comment
* Add unit tests for git diff
* Add more error messages
* Regenerated css
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* fmt
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Regenerated CSS with latest less version
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix test by updating comment type to new ID
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Introducing CodeComments as type for map[string]map[int64][]*Comment
Other minor code improvements
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix data-tab issues
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Remove unnecessary change
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* refactored checkForInvalidation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Append comments instead of setting
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Use HeadRepo instead of BaseRepo
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update migration
Signed-off-by: Jonas Franz <info@jonasfranz.de>
* Regenerated CSS
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add copyright
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update index.css
Signed-off-by: Jonas Franz <info@jonasfranz.software>