Commit graph

831 commits

Author SHA1 Message Date
Lunny Xiao bd820aa9c5
Add context cache as a request level cache (#22294)
To avoid duplicated load of the same data in an HTTP request, we can set
a context cache to do that. i.e. Some pages may load a user from a
database with the same id in different areas on the same page. But the
code is hidden in two different deep logic. How should we share the
user? As a result of this PR, now if both entry functions accept
`context.Context` as the first parameter and we just need to refactor
`GetUserByID` to reuse the user from the context cache. Then it will not
be loaded twice on an HTTP request.

But of course, sometimes we would like to reload an object from the
database, that's why `RemoveContextData` is also exposed.

The core context cache is here. It defines a new context
```go
type cacheContext struct {
	ctx  context.Context
	data map[any]map[any]any
        lock sync.RWMutex
}

var cacheContextKey = struct{}{}

func WithCacheContext(ctx context.Context) context.Context {
	return context.WithValue(ctx, cacheContextKey, &cacheContext{
		ctx:  ctx,
		data: make(map[any]map[any]any),
	})
}
```

Then you can use the below 4 methods to read/write/del the data within
the same context.

```go
func GetContextData(ctx context.Context, tp, key any) any
func SetContextData(ctx context.Context, tp, key, value any)
func RemoveContextData(ctx context.Context, tp, key any)
func GetWithContextCache[T any](ctx context.Context, cacheGroupKey string, cacheTargetID any, f func() (T, error)) (T, error)
```

Then let's take a look at how `system.GetString` implement it.

```go
func GetSetting(ctx context.Context, key string) (string, error) {
	return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) {
		return cache.GetString(genSettingCacheKey(key), func() (string, error) {
			res, err := GetSettingNoCache(ctx, key)
			if err != nil {
				return "", err
			}
			return res.SettingValue, nil
		})
	})
}
```

First, it will check if context data include the setting object with the
key. If not, it will query from the global cache which may be memory or
a Redis cache. If not, it will get the object from the database. In the
end, if the object gets from the global cache or database, it will be
set into the context cache.

An object stored in the context cache will only be destroyed after the
context disappeared.
2023-02-15 21:37:34 +08:00
zeripath 51383ec084
Move helpers to be prefixed with gt- (#22879)
As discussed in #22847 the helpers in helpers.less need to have a
separate prefix as they are causing conflicts with fomantic styles

This will allow us to have the `.gt-hidden { display:none !important; }`
style that is needed to for the reverted PR.

Of note in doing this I have noticed that there was already a conflict
with at least one chroma style which this PR now avoids.

I've also added in the `gt-hidden` style that matches the tailwind one
and switched the code that needed it to use that.

Signed-off-by: Andrew Thornton <art27@cantab.net>

---------

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-02-13 17:59:59 +00:00
wxiaoguang b0f18726a3
Fix milestone title font problem (#22863)
Replace #22853 since it's closed, and actually there are 2 places need
to be fixed.

~~Follow @fsologureng 's suggestion to keep the `<hX>` tags.~~ 

Update: from fsologureng: this doesn't change anything from a11y's point
of view. So I think this PR could be fine to fix the UI looking problems
as a quick patch, then defer the a11y problems to new PRs together.

Before: the font-size is too large.

After: it seems better.

![image](https://user-images.githubusercontent.com/2114189/218266257-fc2d5872-9e96-4c6a-87ea-f27531ac15c0.png)

![image](https://user-images.githubusercontent.com/2114189/218266247-efc09d83-405f-4495-967a-30d9744134ce.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-12 11:19:09 +08:00
Nathaniel Sabanski fb1a2a13f0
Preview images for Issue cards in Project Board view (#22112)
Original Issue: https://github.com/go-gitea/gitea/issues/22102

This addition would be a big benefit for design and art teams using the
issue tracking.

The preview will be the latest "image type" attachments on an issue-
simple, and allows for automatic updates of the cover image as issue
progress is made!

This would make Gitea competitive with Trello... wouldn't it be amazing
to say goodbye to Atlassian products? Ha.

First image is the most recent, the SQL will fetch up to 5 latest images
(URL string).

All images supported by browsers plus upcoming formats: *.avif *.bmp
*.gif *.jpg *.jpeg *.jxl *.png *.svg *.webp

The CSS will try to center-align images until it cannot, then it will
left align with overflow hidden. Single images get to be slightly
larger!

Tested so far on: Chrome, Firefox, Android Chrome, Android Firefox.

Current revision with light and dark themes:

![image](https://user-images.githubusercontent.com/24665/207066878-58e6bf73-0c93-4caa-8d40-38f4432b3578.png)


![image](https://user-images.githubusercontent.com/24665/207066555-293f65c3-e706-4888-8516-de8ec632d638.png)

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
2023-02-11 16:12:41 +08:00
Lunny Xiao 769be877f2
Use link in UI which returned a relative url but not html_url which contains an absolute url (#21986)
partially fix #19345

This PR add some `Link` methods for different objects. The `Link`
methods are not different from `HTMLURL`, they are lack of the absolute
URL. And most of UI `HTMLURL` have been replaced to `Link` so that users
can visit them from a different domain or IP.

This PR also introduces a new javascript configuration
`window.config.reqAppUrl` which is different from `appUrl` which is
still an absolute url but the domain has been replaced to the current
requested domain.
2023-02-06 12:09:18 -06:00
KN4CK3R d987ac6bf1
Add Chef package registry (#22554)
This PR implements a [Chef registry](https://chef.io/) to manage
cookbooks. This package type was a bit complicated because Chef uses RSA
signed requests as authentication with the registry.


![grafik](https://user-images.githubusercontent.com/1666336/213747995-46819fd8-c3d6-45a2-afd4-a4c3c8505a4a.png)


![grafik](https://user-images.githubusercontent.com/1666336/213748145-d01c9e81-d4dd-41e3-a3cc-8241862c3166.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-06 09:49:21 +08:00
KN4CK3R df789d962b
Add Cargo package registry (#21888)
This PR implements a [Cargo registry](https://doc.rust-lang.org/cargo/)
to manage Rust packages. This package type was a little bit more
complicated because Cargo needs an additional Git repository to store
its package index.

Screenshots:

![grafik](https://user-images.githubusercontent.com/1666336/203102004-08d812ac-c066-4969-9bda-2fed818554eb.png)

![grafik](https://user-images.githubusercontent.com/1666336/203102141-d9970f14-dca6-4174-b17a-50ba1bd79087.png)

![grafik](https://user-images.githubusercontent.com/1666336/203102244-dc05743b-78b6-4d97-998e-ef76341a978f.png)

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-05 18:12:31 +08:00
ByLCY 7baeb9c52a
Add new captcha: cloudflare turnstile (#22369)
Added a new captcha(cloudflare turnstile) and its corresponding
document. Cloudflare turnstile official instructions are here:
https://developers.cloudflare.com/turnstile

Signed-off-by: ByLCY <bylcy@bylcy.dev>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
2023-02-05 15:29:03 +08:00
yp05327 9ef8bfb69b
set user dashboard org visibility to basic (#22706)
Same to https://github.com/go-gitea/gitea/pull/22674 and
https://github.com/go-gitea/gitea/pull/22605

Sorry to create 3 PR to fix this.
I checked all span with class `org-visibility`, i think this is the last
one :)

And I found that private/limited user has no private/limited tag in
dashboard. but org does.
If it is ok i will add this feature in another pr.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-02 14:53:14 +08:00
Felipe Leopoldo Sologuren Gutiérrez 15c035775a
Add main landmark to templates and adjust titles (#22670)
* Add main aria landmark to templates
 * Adjust some titles to improve understanding of location in navigation

Contributed by @Forgejo
2023-02-01 22:56:10 +00:00
KN4CK3R 5882e179a9
Add user secrets (#22191)
Fixes #22183
Replaces #22187

This PR adds secrets for users. I refactored the files for organizations
and repos to use the same logic and templates. I splitted the secrets
from deploy keys again and reverted the fix from #22187.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-02-01 20:53:04 +08:00
Francesco Siddi c14d3e80e8
Remove label color from global issue filters (#22660)
The use of ui colors (red, green, etc) should be limited to actionable
or dismissable entries. Before this commit, a green/red label was used
to display issues count on each repository. This did not add any
meaningful information to the list.

Removing the label reduces ambiguity and makes the list easier to scan
visually.


![label_compare](https://user-images.githubusercontent.com/451841/215360696-a881b765-207d-4ffa-8bec-398f8e5dab1e.jpg)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-01-31 20:58:34 +08:00
yp05327 f47ea60c07
set user visibility class to basic (#22674)
Same to https://github.com/go-gitea/gitea/pull/22605

![user
package](https://user-images.githubusercontent.com/18380374/215669905-71fe01c3-c011-4867-97a6-3df5f940a6bf.PNG)
![user
projects](https://user-images.githubusercontent.com/18380374/215669909-1a4f74f1-bbde-4913-9ba5-51c44cc63862.PNG)

These two page are both used at user and org, so if i fixed the org
page, the user page will be also be fixed.
2023-01-31 07:05:25 +00:00
Otto Richter (fnetX) 95d9fbdcf3
Fix error on account activation with wrong passwd (#22609)
On activating local accounts, the error message didn't differentiate
between using a wrong or expired token, or a wrong password. The result
could already be obtained from the behaviour (different screens were
presented), but the error message was misleading and lead to confusion
for new users on Codeberg with Forgejo.

Now, entering a wrong password for a valid token prints a different
error message.

The problem was introduced in 0f14f69e60.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-01-28 15:59:46 +08:00
John Olheiser 642db3c8f7
Fix delete_repo in template (#22606)
Currently the value doesn't match the model, so selecting it results in
a 500.

e8ac6a9aea/models/auth/token_scope.go (L42)

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-01-26 14:36:15 -06:00
John Olheiser 46d024428f
fix: read:org scope (#22556)
Hard to see in the diff, but this was duplicated in the wrong section.


![read-org](https://user-images.githubusercontent.com/42128690/213774506-9b47ce23-d2e5-4dfd-af49-6ae4947ac724.png)
2023-01-20 13:42:54 -05:00
Lunny Xiao 6fe3c8b398
Support org/user level projects (#22235)
Fix #13405

<img width="1151" alt="image"
src="https://user-images.githubusercontent.com/81045/209442911-7baa3924-c389-47b6-b63b-a740803e640e.png">

Co-authored-by: 6543 <6543@obermui.de>
2023-01-20 19:42:33 +08:00
Lunny Xiao 0c048e554b
Fix template bug of access scope (#22540)
Fix https://github.com/go-gitea/gitea/pull/20908#discussion_r1082075526

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-01-20 15:43:43 +08:00
Chongyi Zheng de484e86bc
Support scoped access tokens (#20908)
This PR adds the support for scopes of access tokens, mimicking the
design of GitHub OAuth scopes.

The changes of the core logic are in `models/auth` that `AccessToken`
struct will have a `Scope` field. The normalized (no duplication of
scope), comma-separated scope string will be stored in `access_token`
table in the database.
In `services/auth`, the scope will be stored in context, which will be
used by `reqToken` middleware in API calls. Only OAuth2 tokens will have
granular token scopes, while others like BasicAuth will default to scope
`all`.
A large amount of work happens in `routers/api/v1/api.go` and the
corresponding `tests/integration` tests, that is adding necessary scopes
to each of the API calls as they fit.


- [x] Add `Scope` field to `AccessToken`
- [x] Add access control to all API endpoints
- [x] Update frontend & backend for when creating tokens
- [x] Add a database migration for `scope` column (enable 'all' access
to past tokens)

I'm aiming to complete it before Gitea 1.19 release.

Fixes #4300
2023-01-17 15:46:03 -06:00
Gusted b76970f2e4
Fix key signature error page (#22229)
- When the GPG key contains an error, such as an invalid signature or an
email address that does not match the user.A page will be shown that
says you must provide a signature for the token.
- This page had two errors: one had the wrong translation key and the
other tried to use an undefined variable
[`.PaddedKeyID`](e81ccc406b/models/asymkey/gpg_key.go (L65-L72)),
which is a function implemented on the `GPGKey` struct, given that we
don't have that, we use
[`KeyID`](e81ccc406b/routers/web/user/setting/keys.go (L102))
which is [the fingerprint of the
publickey](https://pkg.go.dev/golang.org/x/crypto/openpgp/packet#PublicKey.KeyIdString)
and is a valid way for opengpg to refer to a key.

Before:

![image](https://user-images.githubusercontent.com/25481501/209404800-0e7c39ce-861a-455b-b234-62498d750aa8.png)

After:

![image](https://user-images.githubusercontent.com/25481501/209404821-c70f81c6-fd10-4197-ab58-61cb9fc873d8.png)

Co-authored-by: zeripath <art27@cantab.net>
2022-12-30 12:53:05 +08:00
silverwind c4c4151f7d
Fix margin and alignment in dashboard repolist (#22120)
Seems this has recently regressed, previously, there was a significant
whitespace between icon and text, but it seems to be gone, so I added
the margin and also vertically aligned the icon because it was slightly
misaligned.

Before:
<img width="419" alt="Screenshot 2022-12-13 at 20 03 51"
src="https://user-images.githubusercontent.com/115237/207422938-7c45110c-f73e-4344-afc8-c072266d1f95.png">

After:
<img width="419" alt="image"
src="https://user-images.githubusercontent.com/115237/207447579-95525405-574d-4ca8-84ba-d8a9af50015a.png">

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-12-17 09:58:57 +08:00
Jason Song 2779d47ad3
Optimize html templates (#22080)
Replace `active{{end}} item` with `active{{end}} item`.
2022-12-09 21:34:51 +08:00
Yarden Shoham 77f50356f4
Remove useless "Cancel" buttons (#21872)
* Continues #21381

These buttons have no real use. To cancel, one would simply navigate
away.

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2022-12-05 20:38:34 +08:00
花墨 7020c4afb7
Fix leaving organization bug on user settings -> orgs (#21983)
Fix #21772

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-11-30 17:00:00 +08:00
Xinyu Zhou 68e934ab5d
Add option to enable CAPTCHA validation for login (#21638)
Enable this to require captcha validation for user login. You also must
enable `ENABLE_CAPTCHA`.

Summary:
- Consolidate CAPTCHA template
- add CAPTCHA handle and context
- add `REQUIRE_CAPTCHA_FOR_LOGIN` config and docs
- Consolidate CAPTCHA set-up and verification code 

Partially resolved #6049 

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-11-22 21:13:18 +00:00
Xinyu Zhou b4802b9b2e
Allow disable RSS/Atom feed (#21622)
This patch provide a mechanism to disable RSS/Atom feed.

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-11-21 13:14:58 +08:00
KN4CK3R 32db62515f
Add package registry cleanup rules (#21658)
Fixes #20514
Fixes #20766
Fixes #20631

This PR adds Cleanup Rules for the package registry. This allows to
delete unneeded packages automatically. Cleanup rules can be set up from
the user or org settings.
Please have a look at the documentation because I'm not a native english
speaker.

Rule Form

![grafik](https://user-images.githubusercontent.com/1666336/199330792-c13918a6-e196-4e71-9f53-18554515edca.png)

Rule List

![grafik](https://user-images.githubusercontent.com/1666336/199331261-5f6878e8-a80c-4985-800d-ebb3524b1a8d.png)

Rule Preview

![grafik](https://user-images.githubusercontent.com/1666336/199330917-c95e4017-cf64-4142-a3e4-af18c4f127c3.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-20 16:08:38 +02:00
KN4CK3R 044c754ea5
Add context.Context to more methods (#21546)
This PR adds a context parameter to a bunch of methods. Some helper
`xxxCtx()` methods got replaced with the normal name now.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 16:12:33 +08:00
Vladimir Yakovlev 0218fa7cf1
Added missing headers on user packages page (#21172)
User packages page had missing tabs.


![packages-2](https://user-images.githubusercontent.com/183965/190411160-c8138a8c-dbc4-4cf1-af2c-52497a10cee8.png)

![packages-1](https://user-images.githubusercontent.com/183965/190411155-af2cb398-c9a0-4fcc-adcd-1711aaa28345.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-10-24 20:01:05 +08:00
M Hickford 191a74d622
Record OAuth client type at registration (#21316)
The OAuth spec [defines two types of
client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1),
confidential and public. Previously Gitea assumed all clients to be
confidential.

> OAuth defines two client types, based on their ability to authenticate
securely with the authorization server (i.e., ability to
>   maintain the confidentiality of their client credentials):
>
>   confidential
> Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
> restricted access to the client credentials), or capable of secure
client authentication using other means.
>
>   **public
> Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the resource
owner, such as an installed native application or a web browser-based
application), and incapable of secure client authentication via any
other means.**
>
> The client type designation is based on the authorization server's
definition of secure authentication and its acceptable exposure levels
of client credentials. The authorization server SHOULD NOT make
assumptions about the client type.

 https://datatracker.ietf.org/doc/html/rfc8252#section-8.4

> Authorization servers MUST record the client type in the client
registration details in order to identify and process requests
accordingly.

Require PKCE for public clients:
https://datatracker.ietf.org/doc/html/rfc8252#section-8.1

> Authorization servers SHOULD reject authorization requests from native
apps that don't use PKCE by returning an error message

Fixes #21299

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 15:59:24 +08:00
Yarden Shoham acdb92ad42
Localize all timestamps (#21440)
Following
* #21410 

We are now able to localize all timestamps. Some examples:

`short-date` format, French, user profile page:

![image](https://user-images.githubusercontent.com/20454870/195622461-aa0d5b93-f8df-42ad-881c-9c16606bf387.png)

`date-time` format, Portuguese, mirror repository settings page:

![image](https://user-images.githubusercontent.com/20454870/195623191-7a37d77c-4a02-4140-846d-f290a65ea21d.png)

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-17 12:08:21 +08:00
Yarden Shoham b9cd6fb703
Add code highlighting in issue titles (#21432)
This changes the rendering logic of issue titles. If a substring in an
issue title is enclosed with a pair of backticks, it'll be rendered with
a monospace font (HTML `code` tag).

* Closes #20887

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-16 02:24:41 +08:00
Yarden Shoham c4f7c96903
Run make fmt (#21437)
The only change is what `make fmt` did, I am merely a vessel for its
glorious function

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2022-10-13 21:33:54 -04:00
qwerty287 a902af75f4
Support instance-wide OAuth2 applications (#21335)
Support OAuth2 applications created by admins on the admin panel, they
aren't owned by anybody.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-10-12 22:08:29 +08:00
Lauris BH b59b0cad0a
Add user/organization code search (#19977)
Fixes #19925 

Screenshots:

![attels](https://user-images.githubusercontent.com/165205/173864718-fe789429-55bc-4cad-808c-9f02f335cddf.png)
2022-10-11 00:12:03 +01:00
qwerty287 a813c9d8f3
Allow creation of OAuth2 applications for orgs (#18084)
Adds the settings pages to create OAuth2 apps also to the org settings
and allows to create apps for orgs.

Refactoring: the oauth2 related templates are shared for
instance-wide/org/user, and the backend code uses `OAuth2CommonHandlers`
to share code for instance-wide/org/user.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-09 20:07:41 +08:00
John Olheiser 2d2cf589f7
Fix linked account translation (#21331)
fix key used for translation
2022-10-04 07:51:07 -05:00
André Jaenisch 04e97b8311
Refactor from Vue2 to Vue3 (#20044)
Close #19902
2022-10-01 22:26:38 +08:00
qwerty287 08609d439d
Add pages to view watched repos and subscribed issues/PRs (#17156)
Adds GitHub-like pages to view watched repos and subscribed issues/PRs
This is my second try to fix this, but it is better than the first since
it doesn't uses a filter option which could be slow when accessing
`/issues` or `/pulls` and it shows both pulls and issues (the first try
is #17053).

Closes #16111 
Replaces and closes #17053


![Screenshot](https://user-images.githubusercontent.com/80460567/134782937-3112f7da-425a-45b6-9511-5c9695aee896.png)

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 22:09:14 +03:00
neon 0bd59381ad
Center-aligning content of WebAuthN page (#21127)
<!--

Please check the following:

1. Make sure you are targeting the `main` branch, pull requests on
release branches are only allowed for bug fixes.
2. Read contributing guidelines:
https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
3. Describe what your pull request does and which issue you're targeting
(if any)

-->

This attempts to correct #21126 , where the content of the page is not
center-aligned.

(Note: I think this contains the right commits - but, those other
commits seem superfluous. I'm not sure I've made the pull request
correctly. I don't often use the pull request pattern when working,
opting to use the merge-request pattern instead for my workplace. If
there are any issues, please let me know and I will try to correct
them.)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-09 16:18:54 -04:00
silverwind 647b2649b1
Make sure fmt catches all templates (#20979)
* Make sure fmt catches all templates

Make's `wildcard` is not recursive so it missed many template files, fix
that by using `find`.

* Update Makefile
2022-08-31 23:58:54 +08:00
silverwind c80ca94ab1
Remove black labels and CSS cleanup (#21003)
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-08-31 17:04:41 +08:00
silverwind 6c4688e1b1
Add whitespace removal inside template curly brackes (#20853) 2022-08-25 17:55:52 -04:00
CodeDoctor aedfc923ad
Improve single repo action for issue and pull requests (#20730)
Related to #20650.

This will fix the behavior of the single repo action for pull requests and disables the button for other screens that don't have a single repo action currently.
2022-08-22 13:51:48 +01:00
zeripath 11bae50484
Pad GPG Key ID with preceding zeroes (#20878) 2022-08-21 02:50:15 -04:00
Gusted fad0e7a497
Fix create repository page's help text (#20810) 2022-08-18 22:13:08 -04:00
techknowlogick d8e6c99125
Add badge capabilities to users (#20607)
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-08-18 02:25:25 +03:00
silverwind 802c5313e1
Replace some icons with SVG (#20741)
- Replace some icons with SVG
- Create teams help page
- Application and SSH keys icons
- Add new icon for app token
- Use fontawesom-send
2022-08-10 18:30:40 +02:00
Gusted 58de07e5fd
Add support mCaptcha as captcha provider (#20458)
https://mcaptcha.org/

Co-authored-by: Felipe Leopoldo Sologuren Gutiérrez <fsologureng@users.noreply.github.com>
2022-08-10 15:20:10 +02:00
silverwind 1b2cd4c4e1
Replace fomantic popup module with tippy.js (#20428)
- replace fomantic popup module with tippy.js
- fix chaining and add comment
- add 100ms delay to tooltips
- stopwatch improvments, raise default maxWidth
- update web_src/js/features/common-global.js
- use type=submit instead of js
2022-08-09 14:37:34 +02:00
CodeDoctor 36f9ee5813
Add an option to create new issues from "/issues" page (#20650) 2022-08-09 19:30:09 +08:00
6543 0b12abcfb5
Add missing Tabs on organisation/package view (Frontport #20539) (#20540)
hotfix #20106
2022-07-31 14:32:51 +02:00
wxiaoguang 2c108d20ba
Fix i18n for email notifications (#20518) 2022-07-28 17:28:46 +02:00
Tyrone Yeh 3bd8f50af8
Added email notification option to receive all own messages (#20179)
Sometimes users want to receive email notifications of messages they create or reply to,
Added an option to personal preferences to allow users to choose

Closes #20149
2022-07-28 16:30:12 +08:00
Baoshuo Ren 175705356c
Fix icon margin in user/settings/repos (#20281) 2022-07-14 11:03:31 +08:00
Gusted d55a0b7238
Refactor i18n to locale (#20153)
* Refactor `i18n` to `locale`

- Currently we're using the `i18n` variable naming for the `locale`
struct. This contains locale's specific information and cannot be used
for general i18n purpose, therefore refactoring it to `locale` makes
more sense.
- Ref: https://github.com/go-gitea/gitea/pull/20096#discussion_r906699200

* Update routers/install/install.go
2022-06-27 15:58:46 -05:00
Lunny Xiao 85d960d2a1
Hide notify mail setting ui if not enabled (#20138) 2022-06-28 00:59:47 +08:00
Gusted 5d3f99c7c6
Make better use of i18n (#20096)
* Prototyping

* Start work on creating offsets

* Modify tests

* Start prototyping with actual MPH

* Twiddle around

* Twiddle around comments

* Convert templates

* Fix external languages

* Fix latest translation

* Fix some test

* Tidy up code

* Use simple map

* go mod tidy

* Move back to data structure

- Uses less memory by creating for each language a map.

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Add some comments

* Fix tests

* Try to fix tests

* Use en-US as defacto fallback

* Use correct slices

* refactor (#4)

* Remove TryTr, add log for missing translation key

* Refactor i18n

- Separate dev and production locale stores.
- Allow for live-reloading in dev mode.

Co-authored-by: zeripath <art27@cantab.net>

* Fix live-reloading & check for errors

* Make linter happy

* live-reload with periodic check (#5)

* Fix tests

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-06-26 22:19:22 +08:00
Robert Lützner afea63f4e5
Replace pubkey with privkey in keys_ssh.tmpl (#20112)
If a user wants to verify an SSH public key from their account they have
to sign the randomly generated token with their private key.

Prior to this change the example command prompted to sign the token with
their public key instead.

Signed-off-by: Robert Lützner <robert.luetzner@pm.me>
2022-06-24 12:11:13 +02:00
Lunny Xiao fd97c4e0ae
Use correct variable for issue count (#20085) 2022-06-22 11:26:32 -05:00
Gusted 796c4eca0b
Prettify number of issues (#17760)
* Prettify number of issues

- Use the PrettyNumber function to add commas in large amount of issues.

* Use client-side formatting

* prettify on both server and client

* remove unused i18n entries

* handle more cases, support other int types in PrettyNumber

* specify locale to avoid issues with node default locale

* remove superfluos argument

* introduce template helper, octicon tweaks, js refactor

* Update modules/templates/helper.go

* Apply some suggestions.

* Add comment

* Update templates/user/dashboard/issues.tmpl

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-06-12 20:08:23 +08:00
Eekle 4f1fb0f697
Make user profile image show full image on mobile (#19840)
* Make user profile image show full image on mobile
2022-06-10 19:06:34 +08:00
wxiaoguang cdb81f32ac
Remove out-dated comments (#19921) 2022-06-08 18:17:44 +01:00
André Jaenisch c1c07e533c
Improve wording on delete access token modal (#19909)
This PR highlights the nature of the destructive action.
It also rewords the action buttons to remove ambiguity.

Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de>

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-06-07 20:28:10 -04:00
André Jaenisch 81cf006863
Improve UX on modal for deleting an access token (#19894)
* Improve UX on modal for deleting an access token

Before, both action buttons where coloured on hover. Otherwise they
appeared as ghost buttons. UX tells us, that call to action must not
be displayed as ghost button.

Using red is perceived as warning colour in Western cultures. It was
used for the non-destructive action before. This PR swaps the colour
and turns the cancel button into a filled one, so it is saver to do
nothing then to accidentally delete an access button. We want the
person to do this consciously.

In another iteration the wording here could be improved. See the
associated issue for further details.

Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de>

* Use tabs instead of spaces.

Linter does not complain anymore. I was expecting the formatter to pick
this up but it didn't.

Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-06-07 12:25:40 -04:00
Paweł Bogusławski 14d96ff7ac
Disable unnecessary mirroring elements (#18527)
* Disable unnecessary mirroring elements

This mod fixes disabling unnecessary mirroring elements.

Related: https://github.com/go-gitea/gitea/pull/16957
Related: https://github.com/go-gitea/gitea/pull/13084
Author-Change-Id: IB#1105104

* Checkbox rendering disabled instead of hiding it

Fixes: 02b4505150
Related: https://github.com/go-gitea/gitea/pull/18527#pullrequestreview-878061913
Author-Change-Id: IB#1105104

* Update custom/conf/app.example.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-authored-by: silverwind <me@silverwind.io>

* Mirror filter removed only when whole mirroring feature is disabled

Fixes: 02b4505150
Related: https://github.com/go-gitea/gitea/pull/18527#discussion_r883268890
Author-Change-Id: IB#1105104

Co-authored-by: silverwind <me@silverwind.io>
2022-06-04 19:42:17 +08:00
wxiaoguang e0273bad72
Fix i18n for Link Account button, re-format tmpl (#19835) 2022-05-29 16:19:56 +08:00
Mai-Lapyst 4698a1ec47
Adding button to link accounts from user settings (#19792)
* Adding button to link accounts from user settings

* Only display button to link user accounts when at least one OAuth2 provider is active
2022-05-29 02:03:17 +02:00
silverwind 9574626a23
Fix follower display on user page (#19805) 2022-05-26 00:29:40 +08:00
istiak101 35d0358c2a
Github style following followers (#19482)
Removed tabbed following and followers from user page and added Github style following followers.
2022-05-25 19:45:45 +08:00
silverwind ac8bee6aeb
Remove fomantic progress module (#19760)
Replace it with HTML `<progress>` element. The bar won't go green at
100% anymore but I think it's not something that fits stylistically anyways.
2022-05-20 05:04:45 +02:00
wxiaoguang cc7236e852
Make Ctrl+Enter (quick submit) work for issue comment and wiki editor (#19729)
* Make Ctrl+Enter (quick submit) work for issue comment and wiki editor

* Remove the required `SubmitReviewForm.Type`, empty type (triggered by quick submit) means "comment"

* Merge duplicate code
2022-05-20 04:26:04 +02:00
silverwind 9da3d78e74
Replace blue button and label classes with primary (#19763)
* make blue really blue

* replace blue button and label classes with primary

* add --color-blue-dark

* add light color variants, tweak a few colors

* fix colors

* add comment

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-05-20 00:08:08 +02:00
Jimmy Praet 38d72d40f1
Only show accessible teams in dashboard dropdown list (#19642)
Fixes #19637
2022-05-07 17:49:43 +02:00
ktprograms ef164d33c2
Add RSS Feed buttons to Repo, User and Org pages (#19370) 2022-04-24 22:03:39 +02:00
原俊杰 184302665f
Show ssh command directly in template instead of i18n translation (#19335)
* add missing space for generate ssh token command

Signed-off-by: Junjie Yuan <yuan@junjie.pro>

* Do not use i18n for ssh command

* Remove unnecessary settings.ssh_token_code

* Revert locale_zh-CN.ini

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-04-06 19:35:04 +08:00
silverwind 1eb0da58c3
Update JS dependencies (#19281)
- Upgrade all JS dependencies minus vue and vue-loader
- Adapt to breaking change of octicons
- Update eslint rules
- Tested Swagger UI, sortablejs and prod build
2022-04-01 02:15:46 +02:00
Lunny Xiao 420851ca1f
Fix global packages enabled avaiable (#19276)
Fix #19275
2022-03-31 19:31:53 +02:00
KN4CK3R 1d332342db
Add Package Registry (#16510)
* Added package store settings.

* Added models.

* Added generic package registry.

* Added tests.

* Added NuGet package registry.

* Moved service index to api file.

* Added NPM package registry.

* Added Maven package registry.

* Added PyPI package registry.

* Summary is deprecated.

* Changed npm name.

* Sanitize project url.

* Allow only scoped packages.

* Added user interface.

* Changed method name.

* Added missing migration file.

* Set page info.

* Added documentation.

* Added documentation links.

* Fixed wrong error message.

* Lint template files.

* Fixed merge errors.

* Fixed unit test storage path.

* Switch to json module.

* Added suggestions.

* Added package webhook.

* Add package api.

* Fixed swagger file.

* Fixed enum and comments.

* Fixed NuGet pagination.

* Print test names.

* Added api tests.

* Fixed access level.

* Fix User unmarshal.

* Added RubyGems package registry.

* Fix lint.

* Implemented io.Writer.

* Added support for sha256/sha512 checksum files.

* Improved maven-metadata.xml support.

* Added support for symbol package uploads.

* Added tests.

* Added overview docs.

* Added npm dependencies and keywords.

* Added no-packages information.

* Display file size.

* Display asset count.

* Fixed filter alignment.

* Added package icons.

* Formatted instructions.

* Allow anonymous package downloads.

* Fixed comments.

* Fixed postgres test.

* Moved file.

* Moved models to models/packages.

* Use correct error response format per client.

* Use simpler search form.

* Fixed IsProd.

* Restructured data model.

* Prevent empty filename.

* Fix swagger.

* Implemented user/org registry.

* Implemented UI.

* Use GetUserByIDCtx.

* Use table for dependencies.

* make svg

* Added support for unscoped npm packages.

* Add support for npm dist tags.

* Added tests for npm tags.

* Unlink packages if repository gets deleted.

* Prevent user/org delete if a packages exist.

* Use package unlink in repository service.

* Added support for composer packages.

* Restructured package docs.

* Added missing tests.

* Fixed generic content page.

* Fixed docs.

* Fixed swagger.

* Added missing type.

* Fixed ambiguous column.

* Organize content store by sha256 hash.

* Added admin package management.

* Added support for sorting.

* Add support for multiple identical versions/files.

* Added missing repository unlink.

* Added file properties.

* make fmt

* lint

* Added Conan package registry.

* Updated docs.

* Unify package names.

* Added swagger enum.

* Use longer TEXT column type.

* Removed version composite key.

* Merged package and container registry.

* Removed index.

* Use dedicated package router.

* Moved files to new location.

* Updated docs.

* Fixed JOIN order.

* Fixed GROUP BY statement.

* Fixed GROUP BY #2.

* Added symbol server support.

* Added more tests.

* Set NOT NULL.

* Added setting to disable package registries.

* Moved auth into service.

* refactor

* Use ctx everywhere.

* Added package cleanup task.

* Changed packages path.

* Added container registry.

* Refactoring

* Updated comparison.

* Fix swagger.

* Fixed table order.

* Use token auth for npm routes.

* Enabled ReverseProxy auth.

* Added packages link for orgs.

* Fixed anonymous org access.

* Enable copy button for setup instructions.

* Merge error

* Added suggestions.

* Fixed merge.

* Handle "generic".

* Added link for TODO.

* Added suggestions.

* Changed temporary buffer filename.

* Added suggestions.

* Apply suggestions from code review

Co-authored-by: Thomas Boerger <thomas@webhippie.de>

* Update docs/content/doc/packages/nuget.en-us.md

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Thomas Boerger <thomas@webhippie.de>
2022-03-30 16:42:47 +08:00
zeripath 7fc5fd6415
Do not send activation email if manual confirm is set (#19119)
If the mailer is configured then even if Manual confirm is set an activation email
is still being sent because `handleUserCreated` is not checking for this case.

Fix #17263

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-18 17:57:07 +08:00
Lunny Xiao 12d2d5aedc
Fix release typo (#18728) 2022-02-11 14:08:17 -05:00
wxiaoguang a60e8be8d1
Refactor i18n, use Locale to provide i18n/translation related functions (#18648)
* remove unnecessary web context data fields, and unify the i18n/translation related functions to `Locale`
* in development, show an error if a translation key is missing
* remove the unnecessary loops `for _, lang := range translation.AllLangs()` for every request, which improves the performance slightly
* use `ctx.Locale.Language()` instead of `ctx.Data["Lang"].(string)`
* add more comments about how the Locale/LangType fields are used
2022-02-08 11:02:30 +08:00
qwerty287 1f40933d38
Add config options to hide issue events (#17414)
* Add config option to hide issue events
Adds a config option `HIDE_ISSUE_EVENTS` to hide most issue events (changed labels, milestones, projects...) on the issue detail page.
If this is true, only the following events (comment types) are shown:
* plain comments
* closed/reopned/merged
* reviews

* Make configurable using a list

* Add docs

* Add missing newline

* Fix merge issues

* Allow changes per user settings

* Fix lint

* Rm old docs

* Apply suggestions from code review

* Use bitsets

* Rm comment

* fmt

* Fix lint

* Use variable/constant to provide key

* fmt

* fix lint

* refactor

* Add a prefix for user setting key

* Add license comment

* Add license comment

* Update services/forms/user_form_hidden_comments.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* check len == 0

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-01-21 18:59:26 +01:00
zeripath 5cb0c9aa0d
Propagate context and ensure git commands run in request context (#17868)
This PR continues the work in #17125 by progressively ensuring that git
commands run within the request context.

This now means that the if there is a git repo already open in the context it will be used instead of reopening it.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-01-19 23:26:57 +00:00
wxiaoguang 6fba174606
Fix incorrect OAuth message (#18332)
As the title,

Fix #18327
2022-01-19 19:05:06 +00:00
zeripath d7c2a2951c
Webauthn nits (#18284)
This contains some additional fixes and small nits related to #17957 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-15 17:52:56 +01:00
Lunny Xiao 35c3553870
Support webauthn (#17957)
Migrate from U2F to Webauthn

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-01-14 16:03:31 +01:00
silverwind 80705cf4b4
Fix mermaid rendering in milestone dashboard (#18202)
Fixes: https://github.com/go-gitea/gitea/issues/18200
2022-01-07 11:49:27 +08:00
Lunny Xiao de8e3948a5
Refactor auth package (#17962) 2022-01-02 21:12:35 +08:00
Lunny Xiao 8ce1b539b1
Use conditions but not repo ids as query condition (#16839)
* Use conditions but not repo ids as query condition

* Improve the performance of pulls/issue

* Remove duplicated code

* fix lint

* Fix bug

* Fix stats

* More fixes

* Fix build

* Fix lint

* Fix test

* Fix build

* Adjust the logic

* Merge

* Fix conflicts

* improve the performance

* Add comments for the query conditions functions

* Some improvements
2021-12-29 21:02:12 +08:00
zeripath 0ac845042e
Move POST /{username}/action/{action} to simply POST /{username} (#18045)
The current code unfortunately requires that `action` be a reserved
repository name as it prevents posts to change the settings for
action repositories. However, we can simply change action handler
to work on POST /{username} instead.

Fix #18037

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-12-20 17:18:26 +00:00
Lunny Xiao ce840bb177
Fix delete u2f keys modal (#18040) 2021-12-20 14:49:06 +00:00
Wim 6fe756dc93
Add support for ssh commit signing (#17743)
* Add support for ssh commit signing

* Split out ssh verification to separate file

* Show ssh key fingerprint on commit page

* Update sshsig lib

* Make sure we verify against correct namespace

* Add ssh public key verification via ssh signatures

When adding a public ssh key also validate that this user actually
owns the key by signing a token with the private key.

* Remove some gpg references and make verify key optional

* Fix spaces indentation

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update templates/user/settings/keys_ssh.tmpl

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update options/locale/locale_en-US.ini

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Update models/ssh_key_commit_verification.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>

* Reword ssh/gpg_key_success message

* Change Badsignature to NoKeyFound

* Add sign/verify tests

* Fix upstream api changes to user_model User

* Match exact on SSH signature

* Fix code review remarks

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-12-19 00:37:18 -05:00
zeripath 8354670708
Prevent hang in git cat-file if repository is not a valid repository and other fixes (#17991)
This PR contains multiple fixes. The most important of which is:

* Prevent hang in git cat-file if the repository is not a valid repository 
    
    Unfortunately it appears that if git cat-file is run in an invalid
    repository it will hang until stdin is closed. This will result in
    deadlocked /pulls pages and dangling git cat-file calls if a broken
    repository is tried to be reviewed or pulls exists for a broken
    repository.

    Fix #14734
    Fix #9271
    Fix #16113

Otherwise there are a few small other fixes included which this PR was initially intending to fix:

* Fix panic on partial compares due to missing PullRequestWorkInProgressPrefixes
* Fix links on pulls pages  due to regression from #17551 - by making most /issues routes match /pulls too - Fix #17983
* Fix links on feeds pages due to another regression from #17551 but also fix issue with syncing tags - Fix #17943
* Add missing locale entries for oauth group claims
* Prevent NPEs if ColorFormat is called on nil users, repos or teams.
2021-12-16 19:01:14 +00:00
KN4CK3R 6ceef87671
Removed SizeFmt. (#17890)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-12-03 11:33:34 +08:00
Lunny Xiao baed01f247
Remove unnecessary attributes of User struct (#17745)
* Remove unnecessary functions of User struct

* Move more database methods out of user struct

* Move more database methods out of user struct

* Fix template failure

* Fix bug

* Remove finished FIXME

* remove unnecessary code
2021-11-22 23:21:55 +08:00
Lunny Xiao c2ab19888f
Support pagination of organizations on user settings pages (#16083)
* Add pagination for user setting orgs
* Use FindOrgs instead of GetOrgsByUserID
* Remove unnecessary functions and fix test
* remove unnecessary code
2021-11-22 21:51:45 +08:00
Gusted 9f14fe43c6
Fix correct usage of teams (#17732)
- `.Teams` isn't a field on the User type, thus using the seperate
loaded teams.
- Add a space between `PathEscape` and argument.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-11-20 11:13:24 +08:00
silverwind 6874fe90e5
Cleanup and use global style on popups (#17674)
* Cleanup and use global style on popups

- Fix typo 'poping' to 'popping'
- Remove most inline 'data-variation' attributes
- Initialize all popups with 'inverted tiny' variation

* misc tweaks

* rename to .tooltip, use jQuery

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-11-18 11:26:50 +08:00
zeripath bbffcc3aec
Multiple Escaping Improvements (#17551)
There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this.
    
This is an extensive PR attempting to fix these issues.

1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping.
2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand.
3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 
4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.)
5. The title generation in feeds is now properly escaped.
6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-11-16 18:18:25 +00:00
Kamil Domański 021df29623
Allow U2F 2FA without TOTP (#11573)
This change enables the usage of U2F without being forced to enroll an TOTP authenticator.
The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled.

Fixes #5410
Fixes #17495
2021-11-08 23:47:19 +01:00
qwerty287 f46e67b519
Move key forms before list and add cancel button (#17432)
* Move GPG form before list and add cancel button
* Move SSH form before list and add cancel button

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-28 18:55:48 +08:00
qwerty287 01fc24c78c
Add appearance section in settings (#17433)
* Add appearance section in settings

* Fix lint

* Fix lint

* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2021-10-27 23:40:08 +08:00
Nico Schieder 870f5fbc41
Add groups scope/claim to OIDC/OAuth2 Provider (#17367)
* Add groups scope/claim to OICD/OAuth2

Add support for groups claim as part of the OIDC/OAuth2 flow.
Groups is a list of "org" and "org:team" strings to allow clients to
authorize based on the groups a user is part of.

Signed-off-by: Nico Schieder <code@nico-schieder.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-10-22 17:19:24 +08:00
zeripath e2a59c57fc
Fix dashboard repolist alignment and repolisting (#17355)
Unfortunately #17301 broke the restriction of the dashboard repolist to
the user's repos because it stopped passing in the uid for the current
user. This PR restores this.

There is also a weird alignment problem - not caused by that PR - where
the menu items in the repolist spread over multiple lines. This PR
simply reduces the padding on these items and switches the justification
of the flex elements to space-evenly.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-10-19 12:38:33 +08:00
wxiaoguang 4822eed99d
Disable form autofill (#17291)
]* fix aria-hidden and tabindex

* use {{template "base/disable_form_autofill"}} instead of {{DisableFormAutofill}}

Co-authored-by: zeripath <art27@cantab.net>
2021-10-19 01:08:41 +03:00
wxiaoguang 56362043d3
Frontend refactor: move Vue related code from index.js to components dir, and remove unused codes. (#17301)
* frontend refactor

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Update templates/base/head.tmpl

Co-authored-by: delvh <dev.lh@web.de>

* Update docs/content/doc/developers/guidelines-frontend.md

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

* fix typo

* fix typo

* refactor PageData to pageData

* Apply suggestions from code review

Co-authored-by: delvh <dev.lh@web.de>

* Simply for the visual difference.

Co-authored-by: delvh <dev.lh@web.de>

* Revert "Apply suggestions from code review"

This reverts commit 4d78ad9b0e.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2021-10-15 10:35:26 +08:00
zeripath 268b2d0c91
Prevent leave changes dialogs due to autofill fields (#16912)
Add ignore-dirty to /user/settings/account
Add autocomplete="off" to push_mirror_address form on /:owner/:repo/settings

Fix #16861

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-09-02 13:14:37 +01:00
zeripath e37342db0c
Add modals to Organization and Team remove/leave (#16471)
* Add modals to Organization and Team remove/leave

Add confirmation modals to Organization and Team remove and leave.

Fix #16215

Signed-off-by: Andrew Thornton <art27@cantab.net>

* avoid for-in

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Revert "avoid for-in"

This reverts commit 2af9a6f9d4.

* Apply suggestions from code review

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-26 22:57:40 -04:00
zeripath ba6baff696
Report the correct number of pushes on the feeds (#16811)
* Report the correct number of pushes on the feeds

Since the number of commits in the Action table has been limited to 5
the number of commits reported on the feeds page is now incorrectly also
limited to 5. The correct number is available as the Len and this PR
changes this to report this.

Fix #16804

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update templates/user/dashboard/feeds.tmpl

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-25 19:04:58 -04:00
KN4CK3R 0bd58d61e5
Added introspection endpoint. (#16752)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-08-20 22:16:45 -04:00
KN4CK3R d9ef43a712
Replace list.List with slices (#16311)
* Replaced list with slice.

* Fixed usage of pointer to temporary variable.

* Replaced LIFO list with slice.

* Lint

* Removed type check.

* Removed duplicated code.

* Lint

* Fixed merge.

Co-authored-by: 6543 <6543@obermui.de>
2021-08-09 14:08:51 -04:00
zeripath 5d2e11eedb
Refactor: Move login out of models (#16199)
`models` does far too much. In particular it handles all `UserSignin`.

It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in.

Therefore we should move this code out of `models`.

This code has to depend on `models` - therefore it belongs in `services`.

There is a package in `services` called `auth` and clearly this functionality belongs in there.

Plan:

- [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication.
- [x] Move `models.UserSignIn` into `auth`
- [x] Move `models.ExternalUserLogin`
- [x] Move most of the `LoginVia*` methods to `auth` or subpackages
- [x] Move Resynchronize functionality to `auth`
  - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files.
- [x] Move the rest of the LDAP functionality in to the ldap subpackage
- [x] Re-factor the login sources to express an interfaces `auth.Source`?
  - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future
- [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable
- [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2
  - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models.
  - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 
- [x] More simplifications of login_source.go may need to be done
- Allow wiring in of notify registration -  *this can now easily be done - but I think we should do it in another PR*  - see #16178 
- More refactors...?
  - OpenID should probably become an auth Method but I think that can be left for another PR
  - Methods should also probably be cleaned up  - again another PR I think.
  - SSPI still needs more refactors.* Rename auth.Auth auth.Method
* Restructure ssh_key.go

- move functions from models/user.go that relate to ssh_key to ssh_key
- split ssh_key.go to try create clearer function domains for allow for
future refactors here.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-24 11:16:34 +01:00
Stanley Hu 08ef45b359
Add fluid to ui container class to remove margin (#16396) 2021-07-20 08:22:23 +02:00
Jonathan Herlin fd3f149abd
Improve 2FA autofill (#16473)
This improves the autofill suggestion on mobile devices and some password managers
2021-07-18 02:06:22 +02:00
a1012112796 ec357833bc
show tag name on dashboard items list (#16466)
fix #16458

Signed-off-by: a1012112796 <1012112796@qq.com>
2021-07-17 23:21:04 +02:00
zeripath 93f31e1897
Update notification table with only latest data (#16445)
When marking notifications read the results may be returned out of order
or be delayed.  This PR sends a sequence number to gitea so that the
browser can ensure that only the results of the latest notification
change are shown.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-07-17 17:18:10 +01:00
Meano 423a0fccb6
Fix activation of primary email addresses (#16385)
* fix: primary email cannot be activated

* Primary email should be activated together with user account when
'RegisterEmailConfirm' is enabled.

* To fix the existing error state. When 'RegisterEmailConfirm' is enabled, the
admin should have permission to modify the activations status of user email.
And the user should be allowed to send activation to primary email.

* Only judge whether email is primary from email_address table.

* Improve logging and refactor isEmailActive

Co-authored-by: zeripath <art27@cantab.net>
2021-07-13 22:59:27 +02:00
zeripath b82293270c
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 15:28:07 +02:00
KN4CK3R aac663e0da
Implemented head_commit for webhooks (#16282)
* Removed Len field.

* Added head_commit webhook field.

* Added comment for returns.
2021-06-29 15:34:03 +02:00
6543 0b27b93728
Make allowed Visiblity modes configurable for Users (#16271)
Now that #16069 is merged, some sites may wish to enforce that users are all public, limited or private, and/or disallow users from becoming private.

This PR adds functionality and settings to constrain a user's ability to change their visibility.

Co-authored-by: zeripath <art27@cantab.net>
2021-06-27 19:47:35 +01:00
Sergey Dryabzhinsky 22a0636544
Add Visible modes function from Organisation to Users too (#16069)
You can limit or hide organisations. This pull make it also posible for users

- new strings to translte
- add checkbox to user profile form
- add checkbox to admin user.edit form
- filter explore page user search
- filter api admin and public user searches
- allow admins view "hidden" users
- add app option DEFAULT_USER_VISIBILITY
- rewrite many files to use Visibility field
- check for teams intersection
- fix context output
- right fake 404 if not visible

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2021-06-26 20:53:14 +01:00
John Olheiser 622f1e764c
Add better errors for disabled account recovery (#15117)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-06-25 23:16:36 -05:00
6543 889dea8fc1
Remove User.GetOrganizations() (#14032)
as title
2021-06-18 19:00:53 +02:00
KN4CK3R 29695cd6d5
Add asymmetric JWT signing (#16010)
* Added asymmetric token signing.

* Load signing key from settings.

* Added optional kid parameter.

* Updated documentation.

* Add "kid" to token header.
2021-06-17 23:56:46 +02:00
KN4CK3R 1295e750b4
Add OpenID claims "profile" and "email". (#16141)
* Added OpenID claims "profile" and "email".

* Splitted error.

* Added scopes_supported and claims_supported.

* Added more metadata.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-06-14 13:33:16 +03:00
silverwind 308b562b3c
Remove remaining fontawesome usage in templates (#15952)
Can not remove the dependency yet because easymde depends on it.
2021-05-22 23:29:46 +02:00
silverwind a32bfd867d
Issue sidebar and misc css fixes (#15524)
- Replace remaining font icons with SVG in issue sidebar
- Rework issue due date display
- Realign avatar in timeline
- Fix font size in repo search and code explore
- Consolidate active button styles
- Fix loading form on arc-green
- Align time tracker buttons vertically

Fixes: https://github.com/go-gitea/gitea/issues/15896
2021-05-16 22:18:18 +02:00
zeripath f582ec4e53
Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username (#15304)
* Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username

ReverseProxy users should generate a session on reverse proxy username change.

Also prevent ReverseProxy users from changing their username.

Fix #2407

* add testcase

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-05-15 20:33:13 +02:00
6543 a229e34387
Allow only internal registration (#15795)
* Add ALLOW_ONLY_INTERNAL_REGISTRATION into settings

* OpenID respect setting too
2021-05-09 16:13:35 +02:00
6543 640066840e
Use a generic markup class to display externally rendered files and diffs (#15735)
* creates and implements generic markup less class

* How to give custom CSS to externally rendered html

* Clarifies sources of CSS styling of markup

* further clarification of sources of markup styling

* rename _markdown to _markup

* remove defunct import

* fix orphaned reference

* Update docs/content/doc/advanced/external-renderers.en-us.md

* more renames markdown -> markup

* do not suggest less customization

* add back tokens

* fix class whitespace, remove useless if-clause

* remove unused csv-data rules

* use named exports and rename functions

* sort imports

Co-authored-by: HarvsG <11440490+HarvsG@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: silverwind <me@silverwind.io>
2021-05-07 10:43:41 +02:00
N. L. H 45970ae82e
Feature/oauth userinfo (#15721)
* Implemented userinfo #8534

* Make lint happy

* Add userinfo endpoint to openid-configuration

* Give an error when uid equals 0

* Implemented BearerTokenErrorCode handling

* instead of ctx.error use ctx.json so that clients
parse error and error_description correctly

* Removed unneeded if statement

* Use switch instead of subsequent if statements
Have a default for unknown errorcodes.

Co-authored-by: Nils Hillmann <hillmann@nlh-software.de>
Co-authored-by: nlhsoftware <nlhsoftware@noreply.localhost>
2021-05-06 01:30:15 -04:00
KN4CK3R 7670c1c99e
Fixed several activation bugs (#15473)
* Removed unneeded form tag.

* Fixed typo.

* Fixed NPE.

* Use better error page.

* Splitted GET and POST.
2021-04-30 22:21:33 +02:00
KN4CK3R c80d7f33b6
Unified link creation. (#15619) 2021-04-30 19:25:13 +02:00
techknowlogick 024ef3940f
add well-known config for OIDC (#15355)
* add well-known config for OIDC

* spacing per feedback

* Update oidc_wellknown.tmpl

* add id_token

* Update oidc_wellknown.tmpl

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-04-15 22:32:00 -04:00
Kyle D f44543a1bb
Disable Stars config option (#14653)
* Add config option to disable stars

* Replace "stars" with watched in user profile

* Add documentation
2021-04-15 18:53:57 +02:00
KN4CK3R cf8f66e5dc
Use subdir for URL (#15446)
Fixes #15444
2021-04-14 20:43:17 +01:00
KN4CK3R bf3e584de2
Fix repository search (#15428)
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-04-12 22:09:46 -04:00
silverwind d848098f60
Enforce tab indentation in templates (#15289)
* Enforce tab indendation in templates

This adds editorconfig-checker [1] to lint the template files so they
conform the editorconfig files. I fixed all current identation issues
using the fix mode of eclint [2] and some manual corrections.

We can extend this linting to other files later, for now I'd like this
PR to focus on HTML template files only.

[1] https://github.com/editorconfig-checker/editorconfig-checker
[2] https://github.com/jedmao/eclint

* fix indendation

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-10 23:46:37 -04:00
silverwind 216976247c
Remove usage of JS globals (#15378)
Refactor the exported globals in index.js to JS-initialized event
handlers.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-04-09 19:42:38 -04:00
Roger Luo fa06e98553
Add dashboard milestone search and repo milestone search by name (#14866)
Feature for issue #13845:
 - Add milestones search by name on dashboard milestones page.
 - Add milestones search by name on repo issue/milestones page.
2021-04-08 13:53:59 +02:00
Jimmy Praet 6b836ac5f7
fix org navbar (#15173) 2021-03-26 22:15:13 +01:00
silverwind 1a03fa7a4f
Update JS dependencies (#15033)
* Update JS dependencies

- Update all JS dependencies
- For octicons, rename trashcan to trash
- For svgo, migrate to v2 api, output seems to have slightly changed but icons look the same
- For stylelint, update config, fix custom property duplicates
- For monaco, drop legacy Edge support
- For eslint, enable new rules, fix new issues
- For less-loader, remove deprecated import syntax

* update svgo usage in generate-images and rebuild logo.svg with it
2021-03-22 05:04:19 +01:00
Norwin 598dd21cd4
org dashboard: move teamselector left (#14954)
Co-authored-by: zeripath <art27@cantab.net>
2021-03-17 18:45:16 -04:00
zeripath 20f13bfdfc
Fix a couple of issues with a feeds (#14897)
@CirnoT spotted a couple of issues with feeds on discord.

This PR fixes both of these.
2021-03-06 05:09:49 +01:00
6543 a4148c0f12
Repository transfer has to be confirmed, if user can not create repo for new owner (#14792)
* make repo as "pending transfer" if on transfer start doer has no right to create repo in new destination

* if new pending transfer ocured, create UI & Mail notifications
2021-03-01 01:47:30 +01:00
Mike L 4172b1955f
Fix dashboard UI bugs and more (#14767)
This PR fixes a few UI bugs I spontaneously encountered:

- Fixes emojis in repo titles getting head-cut and tail-cut in dashboard feed due to introduction of 1.25 em emojis at 1 em line-height, by simply using the original 1 3/7 em value of `semantic.css`
- Fixes regression (too long repo names should be capped to 70%) in #13828 due to flex children not respecting properties like `overflow: hidden;`, and removes a block of dead style code
- Follow-up to #14761, removes extraneous code for top navbar and correct right margin for Font Awesome
- Fixes color emphasis inversion in arc-green theme for top right buttons (edit, delete) on commit view boxes
2021-02-25 13:35:43 +01:00
a1012112796 cd8b2f3273
Fix double alert in oauth2 application edit view (#14764)
Signed-off-by: a1012112796 <1012112796@qq.com>
2021-02-22 03:51:45 +01:00
a1012112796 1ecdc55aff
fix link account ui (#14763)
Signed-off-by: a1012112796 <1012112796@qq.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-02-21 20:14:27 -05:00
Kyle D d475d53c41
Fix svg spacing (#14638)
* Add right margin to icons in menu items

* Reduce padding on user profile submenu to fit in one line by default (english)
2021-02-14 17:49:22 +01:00
vnkmpf 51fb0463a3
Fix truncated organization names (#14655)
* Fix truncated organization names

Previous ellipsis implementation hid vertical overflow - image + descent line of letters.
Organization visibility in select on dashboard was not always visible.
This commit extracts classes which don't make collisions with other items on page.
2021-02-12 03:29:07 +02:00
a1012112796 ac701637b4
Add dismiss review feature (#12674)
* Add dismiss review feature

refs:
    https://github.blog/2016-10-12-dismissing-reviews-on-pull-requests/
    https://developer.github.com/v3/pulls/reviews/#dismiss-a-review-for-a-pull-request

* change modal ui and error message

* Add unDismissReview api

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-02-11 18:32:25 +01:00
vnkmpf 3a4801d195
Truncated organisations name #14583 (#14615)
- truncate to max length 40
- add CSS ellipsis
2021-02-09 19:51:01 +00:00
Lunny Xiao 41c0776568
Fix captcha (#14488)
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-27 22:56:54 +08:00
Andrew Bezold bc05ddc0eb
Redirect on changed user and org name (#11649)
* Add redirect for user

* Add redirect for orgs

* Add user redirect test

* Appease linter

* Add comment to DeleteUserRedirect function

* Fix locale changes

* Fix GetUserByParams

* Fix orgAssignment

* Remove debug logging

* Add redirect prompt

* Dont Export DeleteUserRedirect & only use it within a session

* Unexport newUserRedirect

* cleanup

* Fix & Dedub API code

* Format Template

* Add Migration & rm dublicat

* Refactor: unexport newRepoRedirect() & rm dedub del exec

* if this fails we'll need to re-rename the user directory

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-01-24 16:23:05 +01:00
6543 a0e424da85
Enhance Ghost comment mitigation Settings (#14392)
* refactor models.DeleteComment and delete related reactions too

* use deleteComment for UserDeleteWithCommentsMaxDays in DeleteUser

* nits

* Use time.Duration as other time settings have

* docs

* Resolve Fixme & fix potential deadlock

* Disabled by Default

* Update Config Value Description

* switch args

* Update models/issue_comment.go

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-01-21 21:56:19 -05:00
zeripath 20f980dcc2
ensure timeout error is shown on u2f timeout (#14417)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-01-22 01:28:14 +01:00
6543 21da519c0c
Implement ghost comment mitigation (#14349)
* Implement ghost comment mitigation

Adds a config option USER_DELETE_WITH_COMMENTS_MAX_DAYS to the [service] section. See https://codeberg.org/Codeberg/Discussion/issues/24 for the underlying issue.

* cleanup

* use setting module correctly

* add to docs

Co-authored-by: Moritz Marquardt <git@momar.de>
2021-01-17 21:48:38 +01:00
Jimmy Praet acb1ceb1f4
Add review requested filter on pull request overview (#13701)
* Add review requested filter on pull request overview #13682

fix formatting

* add review_requested filter to /repos/issues/search API endpoint

* only Approve and Reject status should supersede Request status

* add support for team reviews

* refactor: remove duplication of issue filtering conditions
2021-01-17 17:34:19 +01:00
Cirno the Strongest 8db0372a45
Handle NotifyCreateRef as create branch in feeds (#14245)
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-01-04 18:51:00 +02:00
Cirno the Strongest 21fbee1503
Various UI fixes (#14239)
* Fix #14238

* Fix #14235

* Fix #14237

* Fix #14234

* Use octicon to show private status of repo in admin dashboard

* Fix #14232

* Fix #14236
2021-01-04 13:18:12 +01:00
Jimmy Praet 9cc5a89b8c
Issue and pull request filters on organization dashboard #14052 (#14072) 2021-01-03 18:29:12 +01:00
Johnny Oskarsson a07e67d9cc
Minimal OpenID Connect implementation (#14139)
This is "minimal" in the sense that only the Authorization Code Flow
from OpenID Connect Core is implemented.  No discovery, no configuration
endpoint, and no user scope management.

OpenID Connect is an extension to the (already implemented) OAuth 2.0
protocol, and essentially an `id_token` JWT is added to the access token
endpoint response when using the Authorization Code Flow.  I also added
support for the "nonce" field since it is required to be used in the
id_token if the client decides to include it in its initial request.

In order to enable this extension an OAuth 2.0 scope containing
"openid" is needed. Other OAuth 2.0 requests should not be impacted by
this change.

This minimal implementation is enough to enable single sign-on (SSO)
for other sites, e.g. by using something like `mod_auth_openidc` to
only allow access to a CI server if a user has logged into Gitea.

Fixes: #1310

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2021-01-02 00:33:27 +08:00
Jimmy Praet 40274b4a93
Team dashboards (#14159) 2020-12-27 21:58:03 +02:00
zeripath ad1164f73b
Disable SSH key deletion of externally managed Keys (#13985)
* Disable SSH key addition and deletion when externally managed

When a user has a login source which has SSH key management
key addition and deletion using the UI should be disabled.

Fix #13983

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make only externally managed keys disabled

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-12-25 23:24:47 -05:00
Lunny Xiao 36bd5d70cd
Fix feed push tag (#14064)
* Fix dashboard feed bug when push tag

* Fix variable name

* Fix delete tag

Co-authored-by: 6543 <6543@obermui.de>
2020-12-20 07:46:28 +08:00
silverwind 3260e15668
Dashboard search tweaks (#14008)
- Fix color of inactive pagination parts caused by overreaching CSS
selector.
- Slightly reduce horizontal padding on list items
- Add spacing around pagination and move it outside of <ul>
2020-12-17 19:58:21 +00:00
Cirno the Strongest 6074e13c8d
Fix missing username on dashboard context switch navbar (#13959) 2020-12-12 14:10:20 +01:00
Lunny Xiao 2d71cdb668
Add pull request manually merge instruction (#13840)
* add pull request command line instructions

* Add pull request manually merge instuction

* Fix styles

* Fix lint

* Move inline style to class file

* add space between merge button and hint text

* Add sentence end charcter

* Change the language file

* adjust secondary bg

* further adjustment

Co-authored-by: silverwind <me@silverwind.io>
2020-12-10 03:59:05 +01:00
silverwind c85bb62635
Replace more icons with SVG, repo search tweaks (#13860)
* Replace more icons with SVG

- Replace remaining icons on admin page with SVG
- Fix vertical menu background on arc-green
- Minor improvments to frontpage repo search
- More icon replacements here and there

* fix integration

* whitespace tweak

* add comment

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-12-09 14:03:19 -05:00
silverwind 97ab820acc
Fix action avatar loading (#13909)
Fixes #13883

Co-authored-by: 6543 <6543@obermui.de>
2020-12-09 07:11:15 +02:00
Jimmy Praet 10b9a6df0d
Don't show dashboard links for globally disabled repo units (#13908)
This applias the same checks from base/head_navbar.tmpl to user/dashboard/navbar.tmpl so no links are shown for globally disabled repo units

Co-authored-by: 6543 <6543@obermui.de>
2020-12-08 20:58:38 -05:00
silverwind c05701dd7d
Fix frontpage avatars (#13853)
The frontpage uses a rather strange method to obtain the commit's avatar
which I've overlooked earlier. I don't exactly understand how it works
but this change fixes the wrong default avatars by using the function
that was in previous use.

Also introduced a few constants for size an size increase factor.

Fixes: https://github.com/go-gitea/gitea/issues/13844
2020-12-09 01:12:15 +01:00
Jimmy Praet 1a372e5b21
Allow 20 characters for "View [organization]" button (#13906)
In the "View [organization]" button on the dashboard, the organization name is currenly shortened to 10 chars.
This is a bit too limited. In all other places in the code the name is also shortened to 20 instead of 10.

Co-authored-by: 6543 <6543@obermui.de>
2020-12-08 16:18:02 -05:00
silverwind bb50ab2861
Style and template tweaks (#13828)
* Style and template tweaks

- Get red and green buttons on arc green closer to base theme
- EasyMDE adjustments, toolbar and focus border
- Fix header on 404 repo page
- Tweaks to frontpage search, add 'Create Repo' button
- Fix misaligned box headers
- Fix pagination on arc-green
- Fix background and footer on explore and repo search

* better fix for header button alignment

* add label hover for reactions
2020-12-04 12:18:37 +01:00
silverwind 9269a038a4
Direct avatar rendering (#13649)
* Direct avatar rendering

This adds new template helpers for avatar rendering which output image
elements with direct links to avatars which makes them cacheable by the
browsers.

This should be a major performance improvment for pages with many avatars.

* fix avatars of other user's profile pages

* fix top border on user avatar name

* uncircle avatars

* remove old incomplete avatar selector

* use title attribute for name and add it back on blame

* minor refactor

* tweak comments

* fix url path join and adjust test to new result

* dedupe functions
2020-12-03 19:46:11 +01:00
silverwind b1cf7f4df1
Add class to page content to unify top margin (#13766)
* Add class to page content to unify top margin

Previously pages would individually set this margin but some didn't so
content would stick to the header without any space. Resolve this by
adding a new class that is added on all pages. The only place where we
remove this margin again is on the pages with menu or wrapper in the
header.

* fix admin notices

* fix team pages

* fix loading segment on gitgraph for arc-green

* fix last missing case

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-30 23:00:14 -05:00
silverwind 295fc99607
Markdown and Repo header tweaks (#13744)
* Markdown and Repo header tweaks

- Use CSS vars for all markdown colors
- Tweak repo header, removing double borders and adjust sizes
- Use menu instead of buttons for issue open/close switcher
- Add emoji inversion for select emoji glyphs in arc-green
- Use border over box-shadow for all buttons
- Add spacing element to login form without openid

* repo settings navbar fix

* use shared template in more places and adjust dashboard

* fix remaining open/close combos
2020-11-29 17:52:11 +02:00
6543 0f14f69e60
Verify password for local-account activation (#13631)
* Verify passwords for activation

This is to prevent 3rd party activation

* Fix function comment

* only veify password on local-account aktivation

* fix lint

* Update templates/user/auth/activate.tmpl

Co-authored-by: silverwind <me@silverwind.io>

Co-authored-by: Andreas Shimokawa <shimokawa@fsfe.org>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-28 17:41:06 -05:00
silverwind b2de034278
CSS navbar and color tweaks (#13609)
* CSS and color tweaks

- Unify navbar-style menus
- Fix admin bar overlapping menu bar
- Fixes file edit comment box
- Fix double border on review box
- Fix review timeline icons

* Many fixes to new-menu and navbar layout enhancements

* misc settings fixes

* navbar tweak

* fix pr tabs

* branch tag and arc color tweaks
2020-11-26 19:33:28 +00:00
silverwind 6d93a3ab18
Issue and Pulls lists rework (#13594)
* Issue and Pulls lists rework

Reorganized and restyled the issue and pull request lists.

* color and layout tweaks

* use new issue list on dashboard as well

* move pagination into template

* misc tweaks

* fix label hover

* fix milestone list

* fix discrepancies between issue and milestone list, add new 'merge' helper

* fmt

* simplify merge helper

* remove whitespace

* fix startIndex

* further simplify dict merging

* rename helper to 'mergeinto' for clarity

* allow bottom-row to wrap

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-25 13:20:40 +02:00
silverwind 12c2efb45c
Remove fetch request from heatmap (#13623)
* Remove fetch request from heatmap

Render heatmap data directly to HTML, eliminating one HTTP request on
frontpage and user profile. Also added min-height to the container so
the page content will no longer move after loading.

* rename and error display

* also log the js error

* add error handler

* remove useless inline style and hide divider on small screens

* Update routers/user/home.go

* Update routers/user/profile.go
2020-11-18 16:00:16 -06:00
Norwin e16b0e5a90
unify layout between auth pages (#13547)
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-11-13 21:46:40 -05:00
silverwind c2e05d9f9a
Form styling adjustments (#13501)
* Form styling adjustments

- Move all form-related styling to _forms.less
- Defined new form-related variables
- Fix spinner on frontpage repo search
- Add new rounded-* helpers and fix repo search radius

* misc arc green tweaks

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-11-12 23:59:33 +08:00
silverwind 8bae34c4b2
Change search and filter icons to SVG (#13473)
Unfortunately, the Fomantic CSS relies on i.icon instead of .icon so a
wrapper is necessary for these with an accompanying class to center the
icon.
2020-11-09 18:21:47 +00:00
silverwind 62719cdd2d
Fix whitespace rendering in diff (#13415)
- Introduce new .code-inner class that sets the CSS attributes on
rendered code lines like view,blame and diff.
- Rename .wrap class to .word-break to reflect what it actually does
- Remove .raw which was only used on webhook page
- Set white-space: pre-wrap except on blame where it can break the
layout

Fixes: https://github.com/go-gitea/gitea/issues/13406
2020-11-04 09:14:07 +02:00
silverwind 2ac112d84e
Comment box tweaks and SVG dropdown triangles (#13376)
* Comment box tweaks and SVG dropdown triangles

- Change all dropdown triangles to SVG
- Bring inline review comment box closer to regular comment boxes
- Enhance arc-green checkbox contrast
- Minor reaction tweaks
- Flexbox the diff file header

* remove a border

* fix type marker in arc-green

* add small code padding

* fix position regression and remove useless rules

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-31 18:15:11 -04:00
zeripath 68bdb9fd4b
Fix links to repositories in /user/setting/repos (#13360)
* Fix links to repositories in /user/setting/repos

somehow the links gained a spurious $ in the links.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* And fix #13359

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-30 16:27:01 +00:00
zeripath beb6bf4261
Remove obsolete change of email on profile page (#13341)
* Remove obsolete change of email on profile page

The change email on the account profile page is out-of-date
and unnecessary.

Changing email should be done using the account page.

Fix #13336

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-10-28 22:33:14 +00:00
silverwind 83106c166d
Replace footer and modal icons with SVG (#13245)
- Replace two font icons with SVG in the footer
- Replace icons in delete modals with SVG
- Horizontally center message text in modals
2020-10-21 22:07:33 +01:00
Wim 9066d09c57
Add ssh certificate support (#12281)
* Add ssh certificate support

* Add ssh certificate support to builtin ssh

* Write trusted-user-ca-keys.pem based on configuration

* Update app.example.ini

* Update templates/user/settings/keys_principal.tmpl

Co-authored-by: silverwind <me@silverwind.io>

* Remove unused locale string

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update options/locale/locale_en-US.ini

Co-authored-by: silverwind <me@silverwind.io>

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* Add missing creation of SSH.Rootpath

* Update cheatsheet, example and locale strings

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

Co-authored-by: zeripath <art27@cantab.net>

* Update models/ssh_key.go

* Optimizations based on feedback

* Validate CA keys for external sshd

* Add filename option and change default filename

Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem

Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.

Add some more documentation.

* Remove unneeded principalkey functions

* Add blank line

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option

This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.

To allow anything the admin need to set the option anything.

This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).

This commit also has some small other fixes from the last code review.

* Rewrite principal keys file on user deletion

* Use correct rewrite method

* Set correct AuthorizedPrincipalsBackup default setting

* Rewrite principalsfile when adding principals

* Add update authorized_principals option to admin dashboard

* Handle non-primary emails

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add the command actually to the dashboard template

* Update models/ssh_key.go

Co-authored-by: silverwind <me@silverwind.io>

* By default do not show principal options unless there are CA keys set or they are explicitly set

Signed-off-by: Andrew Thornton <art27@cantab.net>

* allow settings when enabled

* Fix typos in TrustedUserCAKeys path

* Allow every CASignatureAlgorithms algorithm

As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA

* Update models/ssh_key.go

Co-authored-by: Lauris BH <lauris@nix.lv>

* Fix linting issue

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-10 20:38:09 -04:00
silverwind 1c523e2129
Set appropriate autocomplete attributes on password fields (#13078)
`new-password` prevents annoying autocompletion in some cases, thought
it's not semantically correct to use that for example on all three
fields on the user account page, so some annoyances remain.

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-10-09 10:32:30 +03:00
Spencer Taylor 6eea301829
Adding visual cue for "Limited" & "Private" organizations. (#13040)
* Adding visual cue for "Limited" & "Private" organizations.

* Moving org visibility CSS styles to .less files.

Co-authored-by: Gitea <gitea@fake.local>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-10-06 02:25:43 -04:00
silverwind 922d698842
CSS tweaks to warning/error segments and misc fixes (#13024)
* CSS tweaks to warning/error segments and misc fixes

- Adjust styling for warning/error in arc-green
- Change danger boxes from orange to red
- Fix code highlight text color in arc-green
- Fix warning message in arc-green
- Fix border in org member list in arc-green
- Fix disabled checkbox text in arc-green

* use same selector in gitea theme

* fix blame highlight

Co-authored-by: zeripath <art27@cantab.net>
2020-10-04 16:54:22 -04:00
John Olheiser 72636fd664
hCaptcha Support (#12594)
* Initial work on hCaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Use module

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Format

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* At least return and debug log a captcha error

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Pass context to hCaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Add context to recaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* fix lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Finish hcaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Update example config

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Apply error fix for recaptcha

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Change recaptcha ChallengeTS to string

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: Andrew Thornton <art27@cantab.net>
2020-10-02 23:37:53 -04:00
Bagas Sanjaya fb467c7e74
Update GitHub docs links for SSH & GPG (#12947)
The links now redirected to docs.github.com. `common SSH problems` link
is misredirected to `Authenticating to GitHub` page, so it has been
corrected to the proper `troubleshooting SSH` page.

Signed-off-by: Bagas Sanjaya <bagasdotme@gmail.com>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-26 22:10:41 -04:00
zeripath 7a7f56044a
Adopt repositories (#12920)
* Don't automatically delete repository files if they are present

Prior to this PR Gitea would delete any repository files if they are
present during creation or migration. This can in certain circumstances
lead to data-loss and is slightly unpleasant.

This PR provides a mechanism for Gitea to adopt repositories on creation
and otherwise requires an explicit flag for deletion.

PushCreate is slightly different - the create will cause adoption if
that is allowed otherwise it will delete the data if that is allowed.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix tests and migrate overwrite

Signed-off-by: Andrew Thornton <art27@cantab.net>

* as per @lunny

Only offer to adopt or overwrite if the user can do that.

Allow the site administrator to adopt or overwrite in all
circumstances

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Use setting.Repository.DefaultBranch for the default branch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Always set setting.Repository.DefaultBranch

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update templates

Signed-off-by: Andrew Thornton <art27@cantab.net>

* ensure repo closed

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Rewrite of adoption as per @6543 and @lunny

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

* update swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* missing not

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add modals and flash reporting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Make the unadopted page searchable

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add API

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix swagger

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Handle empty and non-master branched repositories

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* remove commented out code

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-25 07:09:23 +03:00
赵智超 a9decf0dac
Use a simple format for the big number on ui (#12822)
* Use a simple format for the big number on ui

Signed-off-by: a1012112796 <1012112796@qq.com>

* make fmt

* Apply review suggestion @silverwind

* Change name 2

* make fmt

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-09-16 00:07:18 -04:00
silverwind ffddf3f8a6
Make SVG size argument optional (#12814)
Now defaults to 16 on both frontend and backend.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-09-11 16:19:00 -04:00
Bagas Sanjaya 4c42fce401
Add placeholder text for bio profile text form (#12792)
* Add placeholder text
  * Localize
2020-09-10 15:29:26 +01:00