Commit graph

7011 commits

Author SHA1 Message Date
Lunny Xiao eabbddcd98
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
2018-11-28 19:26:14 +08:00
Michael Kuhn 0222623be9 Explicitly disable Git credential helper (#5367)
* Explicitly disable Git credential helper

If the user running Gitea has configured a credential helper, Git
credentials might leak out of Gitea.

There are two problems with credential helpers when combined with Gitea:

1. Credentials entered by a user when doing a migration or setting up a
   mirror will end up in the credential store. In the worst case, this
   is the plain text file ~/.git-credentials.
2. Credentials in the credential store will be used for migrations and
   mirrors by all users. For example, if user A sets up a mirror, their
   credentials will be stored. If user B later sets up a mirror from the
   same host and does not enter any credentials, user A's credentials
   will be used.

This PR prepends -c credential.helper= to all Git commands to clear the
list of helpers. This requires at least Git version 2.9, as previous
versions will try to load an empty helper instead. For more details, see
24321375cd

* Update git module
2018-11-28 09:00:25 +02:00
Lauris BH 08bf443016 Implement git refs API for listing references (branches, tags and other) (#5354)
* Inital routes to git refs api

* Git refs API implementation

* Update swagger

* Fix copyright

* Make swagger happy add basic test

* Fix test

* Fix test again :)
2018-11-27 16:52:20 -05:00
SohnyBohny 294904321c Create Progressive Web App (#4730)
* Create manifest and serviceworker

* Create templates and add AppSubUrl

* Add JSRenderer

* fix ctx type

* Add JSRenderer to static.go

* Complete adding {{AppSubUrl}}

* Add more fonts to urlsToCache

* Add 512px and 192px icons

* Hardcode font MD5

* Default theme doesn't have a specific CSS file
2018-11-27 10:18:26 -05:00
Lauris BH e09fe48773 Refactor heatmap to vue component (#5401) 2018-11-27 10:36:54 +01:00
GiteaBot c03a9b3e42 [skip ci] Updated translations via Crowdin 2018-11-26 19:24:15 +00:00
Lanre Adelowo 3a1ed82529 Explicitly decide whether to use TLS in mailer's configuration (#5024)
* explicitly decide on using TLS for mail connections

* explicitly decide on using TLS for mail connections

* keep compatibility
2018-11-26 14:21:41 -05:00
Lanre Adelowo ce9a5173fe fix password variable shadowing (#5405) 2018-11-26 17:00:38 +02:00
Lanre Adelowo 5e022a98e6 show only opened milestones on issues page milestone filter (#5051)
* show only opened milestones on issues page milestone filter

* update Godoc

* update Godoc everywhere

* update swagger

* use false instead of 0

* Add seccond ordering by ID for milestones where no deadline is set
2018-11-26 16:45:42 +08:00
Ryan Halliday d9b0b7f56e Notes on upgrading docker installation (#5395)
* Notes on upgrading docker installation

Basis from [gogs/gogs](https://github.com/gogs/gogs/blob/master/docker/README.md)

* Feedback from @sapk to use docker-compose only
2018-11-25 20:51:02 -05:00
Lauris BH 499d132124 Fix dependent issue searching when gitea is run in subpath (#5392) 2018-11-25 12:25:55 -05:00
Patrick Lühne 7e587e097c Fix typos in configuration (#5398) 2018-11-25 11:29:44 -05:00
Lanre Adelowo fd37fb01fd Don't force a password change for the admin user when creating an account via cli (#5391)
* don't force a password change for the admin user

* don't totally dicard -must-change-password flag if creating the first (admin) user via the cli. Use flag if present but make sure to default to not forcing a password update
2018-11-25 09:42:24 +02:00
Daniel Balko 3379141d81 API: '/orgs/:org/repos': return private repos with read access (#5310) (#3829) (#5383)
Signed-off-by: Daniel Balko <inxonic+github@gmail.com>
2018-11-23 16:23:27 -05:00
Juan Pablo Santos Rodríguez 49d9900b1f [website] file rendering through external binaries (#5387)
* #3758: [doc] file rendering through external binaries

* fix subsections markup

* include proposed changes from PR review
2018-11-23 10:07:08 -05:00
GiteaBot 6467934d29 [skip ci] Updated translations via Crowdin 2018-11-23 07:16:27 +00:00
techknowlogick 5af7f8bd72 Backport 1.6.0 changelog to master (#5384) 2018-11-23 15:14:34 +08:00
kolaente 0dcf31ae49 Show review summary in pull requests (#5132) 2018-11-22 15:17:36 +02:00
Lunny Xiao cef0f12c51 support envs on external render commands (#5278) 2018-11-20 17:11:21 -05:00
Lunny Xiao 8ef177f8c5 add api for user to create org (#5268)
* add api for user to create org

* remove unused blank line on the swagger file end

* fix create and add test

* fix tests

* fix routes of create org API

* fix bug

* add copyright heads
2018-11-20 12:31:30 -05:00
Lunny Xiao 499bff43d9 dont' send assign webhooks when creating issue (#5365) 2018-11-20 12:10:18 -05:00
Antoine GIRARD 3a95e2d0ea app.ini.sample: add ENABLE_USER_HEATMAP default config (#5362)
Doc: b97af15de6/docs/content/doc/advanced/config-cheat-sheet.en-us.md (service-service)
2018-11-20 17:54:09 +08:00
Peter Hoffmann e08c7e521b Add raw blob endpoint to get objects by SHA ID (#5334)
* Add raw blob endpoint

This should make it possible to download raw blobs directly from
/:repo/:username/raw/blob/:sha1 URLs.

* fix: Make it work

* As an SHA-ID is no path getRefNameFromPath can't be used to verify
file specifying parameter
* added relevant change in go-gitea/git #132

Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>

* Update Gopkg.lock

Can't update all vendors due to errors

Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>

* style: Add Gitea copyright header

* feat: Added integration test for /repo/u/r/raw/blob

* fix: correct year in copyright header
2018-11-18 13:45:40 -05:00
GiteaBot 4651ba06c1 [skip ci] Updated translations via Crowdin 2018-11-18 18:27:47 +00:00
Florian Eitel d9b51a781c Migration fixes for gogs (0.11.66) to gitea (1.6.0) #5318 (#5341)
* Remove field from migration to support upgrades from older version

That will ensure the field does not get queried in the Select if it does
not exist yet:

```
[I] [SQL] SELECT "id", "repo_id", "index", "poster_id", "name", "content", "milestone_id", "priority", "assignee_id", "is_closed", "is_pull", "num_comments", "ref", "deadline_unix", "created_unix", "updated_unix
[...itea/routers/init.go:60 GlobalInit()] [E] Failed to initialize ORM engine: migrate: do migrate: pq: column "ref" does not exist
```

see #5318

* Skip remove stale watcher migration if not required

Otherwise the migration will fail if executed from a older database
version without multiple IssueWatch feature.

```
2018/11/11 23:51:14 [I] [SQL] SELECT DISTINCT "issue_watch"."user_id", "issue"."repo_id" FROM "issue_watch" INNER JOIN issue ON issue_watch.issue_id = issue.id WHERE (issue_watch.is_watching = $1) LIMIT 50 []int
[...itea/routers/init.go:60 GlobalInit()] [E] Failed to initialize ORM engine: migrate: do migrate: pq: relation "issue_watch" does not exist
```

see #5318
2018-11-18 20:25:32 +02:00
techknowlogick 241ee793b7
Set ACL on uploads (#5344)
To support https://github.com/go-gitea/infrastructure/pull/39
2018-11-16 11:44:13 -05:00
GiteaBot e033d217e9 [skip ci] Updated translations via Crowdin 2018-11-16 11:14:34 +00:00
Lucien Kerl 89eea64e10 added the ability to set labels on the "edit pull request" api (#5347)
Signed-off-by: Lucien Kerl <lucien.kerl@wuerth-it.com>
2018-11-16 12:12:44 +01:00
Lauris BH 7278372388 Implement pasting image from clipboard for browsers that supports that (#5317) 2018-11-14 20:20:13 -05:00
GiteaBot e110943562 [skip ci] Updated translations via Crowdin 2018-11-15 01:01:52 +00:00
Lanre Adelowo b97af15de6 Block registration based on email domain (#5157)
* implement email domain whitelist
2018-11-14 20:00:04 -05:00
Antoine GIRARD 4c1f1f9646 Remove x/net/context vendor by using std package (#5202)
* Update dep github.com/markbates/goth

* Update dep github.com/blevesearch/bleve

* Update dep golang.org/x/oauth2

* Fix github.com/blevesearch/bleve to c74e08f039e56cef576e4336382b2a2d12d9e026

* Update dep golang.org/x/oauth2
2018-11-10 18:55:36 -05:00
Lunny Xiao b3000ae623 Fix create team, update team missing units (#5188) 2018-11-10 14:45:32 -05:00
GiteaBot d487a76ee2 [skip ci] Updated translations via Crowdin 2018-11-09 12:07:58 +00:00
Lauris BH 7dd31eb8fb
Fix file edit change preview functionality (#5300) 2018-11-09 14:05:43 +02:00
GiteaBot 2852c3576a [skip ci] Updated translations via Crowdin 2018-11-09 06:18:32 +00:00
Lunny Xiao c5d098c32e fix bug when users have serval teams with different units on different repositories (#5307) 2018-11-09 08:16:52 +02:00
Jonas Bröms 599adde1bc Add option to disable automatic mirror syncing. (#5242)
Setting the interval to 0 will disable to automatic syncing.
2018-11-08 18:58:02 -05:00
Lauris BH de8f98192b Fix U2F if gitea is configured in subpath (#5302) 2018-11-08 17:46:44 -05:00
Patrick Lühne c2f72b1346 Fix typo in configuration (#5295)
Signed-off-by: Patrick Lühne <patrick@luehne.de>
2018-11-08 10:16:07 -05:00
GiteaBot e8b197d6f6 [skip ci] Updated translations via Crowdin 2018-11-07 04:50:40 +00:00
Lauris BH 8f8ff5a295
Remove maxlines option for file logger (#5282) 2018-11-07 06:48:53 +02:00
Stanislav 078c404c3b Prometheus endpoint (#5256)
* Add prometheus collector and route

* dep ensure -add github.com/prometheus/client_golang/prometheus

* dep ensure -update github.com/golang/protobuf

* add metrics to reserved usernames

* add comment head in metrics package

* fix style imports

* add metrics settings

* add bearer token check

* mapping metrics configs

* fix lint

* update config cheat sheet

* update conf sample, typo fix
2018-11-04 22:20:00 -05:00
techknowlogick 92fb89f6e1
Clean up docs (#5274)
* make docs more clear

* make docs more clear

* Add analytics

* Update customizing-gitea.en-us.md

* Update app.ini.sample
2018-11-04 21:21:56 -05:00
techknowlogick 0fd56a71e4
1.6.0-rc2 changelog (#5276) 2018-11-04 20:01:15 -05:00
zeripath 18391c1410 Add zeripath to maintainers (#5273) 2018-11-04 16:41:23 +01:00
zeripath 7096085f2b Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation

Fixes #5226, #5249

* /api/v1/admin/users routes should have reqToken middleware
2018-11-03 21:15:55 -04:00
Antoine GIRARD 57a8440db3 Update gitignore list (#5258)
* update gitignore

* Handle symlink in tar

* Add some logs
2018-11-03 18:06:09 -04:00
kolaente 54259e2f88 Fixed wrong api request url for instances running in subfolders (#5247) 2018-11-03 14:20:02 +02:00
kolaente 225c48982b Fixed heatmap not working in mssql (#5248) 2018-11-01 14:12:17 -04:00