Commit graph

2102 commits

Author SHA1 Message Date
John Olheiser 994b1be9d1 Admins can now do unlimited page size user search (listAllUsers & listAllOrgs) (#6143)
Non-admins will default to 10 page size
2019-02-21 15:42:54 -05:00
Lunny Xiao 0751153613
refactor issue indexer, add some testing and fix a bug (#6131)
* refactor issue indexer, add some testing and fix a bug

* fix error copyright year on comment header

* issues indexer package import keep consistent
2019-02-21 08:54:05 +08:00
John Olheiser d26d249748 Minor UI tweaks (#5980)
* Remove all CommitStatus when a repo is deleted

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Minor UI tweaks (#5782)
Added 'No License' option
Added link and octicon change for external issue trackers
Reset password now notifies right away if the code is invalid

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* More UI tweaks
More info in PR

* Generate stylesheet for arc-green

* Make gofmt work

* Change PR integration since the button is changed

* Rebase

* Generate stylesheet

* UI updates
Made the PR button a "basic" button
Vertically centered the issue checkboxes
Labels will update only once after modal is closed

* Commit to reference related issues
Resolves #5782
Resolves #5861
Addresses original question in #5993

* Change the comment wording since PR button is no longer little and green.

* Revert changes that made Windows work

* Regenerate stylesheet

* Regenerate stylesheets

* make generate-stylesheets

* Update integration again, changed button style

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Added ID to PR button
Changed integration to use the ID to avoid breaking in the future

* Added missing semi-colons

* Added back distinction between issue actions and filters (overlooked it before)
Moved action button over next to other action dropdowns

* Remove extra tab formatting in list.tmpl

* Remove more formatting from GoLand

* Replace hardcoded "No License" with i18n license helper.
2019-02-19 18:09:47 -05:00
John Olheiser ba0749b7db Load Issue attributes for API call (#6122)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-02-19 19:07:19 +02:00
Lunny Xiao 830ae61456 Refactor issue indexer (#5363) 2019-02-19 09:39:39 -05:00
Lanre Adelowo 094263db4d Show email if the authenticated user owns the profile page being requested for (#4981)
* Show email if the authenticated user owns the profile page being
requested for.

Also removed `setting.UI.ShowUserEmail` as it's documentation says it
only controls the email setting on the explore page

* fix current user check... This prevents a panic as a user must be signed in before ctx.User is called

* fix panic in tests

* try to fix tests

* Update year

* Test CI fail

* Revert change

* User 3 is not allowed to authorize

* Set user2 email to be private

* Change to user4 in explore page as user2 now has private email option set
2019-02-19 09:11:50 -05:00
Lunny Xiao f5fa22a499 Fix prohibit login check on authorization (#6106)
* fix bug prohibit login not applied on dashboard

* fix tests

* fix bug user status leak

* fix typo

* return after render
2019-02-19 09:19:28 +02:00
Zsombor 538a26d56f Show private organization for admin, fix #6111 (#6112) 2019-02-19 09:16:06 +08:00
Lanre Adelowo 44114b38e6 Implement "conversation lock" for issue comments (#5073) 2019-02-18 22:55:04 +02:00
Rémy Boulanouar 64ce159a6e Allow to set organization visibility (public, internal, private) (#1763) 2019-02-18 18:00:27 +02:00
John Olheiser 0b72c00fad Allow labels to contain emoji (#6063)
* Add emoji to labels
Minor cleanup of tribute code in footer.tmpl

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Quick find/replace in other i18n files containing label translations

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Revert "Quick find/replace in other i18n files containing label translations"

This reverts commit ec3e1a3a17.

* Add style to overwrite emoji height in labels

* Revert Makefile change that makes Windows work
2019-02-16 19:33:09 +02:00
Lanre Adelowo f2256d9881 make sure labels are actually returned (#6053) 2019-02-13 10:45:19 -05:00
zeripath 2a03e96bce
Allow markdown files to read from the LFS (#5787)
This PR makes it possible for the markdown renderer to render images and media straight from the LFS.

Fix #5746

Signed-off-by: Andrew Thornton [art27@cantab.net](mailto:art27@cantab.net)
2019-02-12 15:09:43 +00:00
zeripath 296814e887 Refactor editor upload, update and delete to use git plumbing and add LFS support (#5702)
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFile

* Use git plumbing for upload: #5621 repo_editor.go: GetDiffPreview

* Use git plumbing for upload: #5621 repo_editor.go: DeleteRepoFile

* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFiles

* Move branch checkout functions out of repo_editor.go as they are no longer used there

* BUGFIX: The default permissions should be 100644

    This is a change from the previous code but is more in keeping
    with the default behaviour of git.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Standardise cleanUploadFilename to more closely match git

See verify_path in: 7f4e641693/read-cache.c (L951)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Redirect on bad paths

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Refactor to move the uploading functions out to a module

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add LFS support

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update upload.go attribution header

Upload.go is essentially the remnants of repo_editor.go. The remaining code is essentially unchanged from the Gogs code, hence the Gogs attribution.

* Delete upload files after session committed

* Ensure that GIT_AUTHOR_NAME etc. are valid for git

see #5774

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add in test cases per @lafriks comment

* Add space between gitea and github imports

Signed-off-by: Andrew Thornton <art27@cantab.net>

* more examples in TestCleanUploadName

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix formatting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Set the SSH_ORIGINAL_COMMAND to ensure hooks are run

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Switch off SSH_ORIGINAL_COMMAND

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-12 15:07:31 +02:00
manuelluis fc038caa69 In basic auth check for tokens before call UserSignIn (#5725)
* Check first if user/password is a token

* In basic auth check if user/password is a token

* Remove unnecessary else statement

* Changes of fmt
2019-02-12 11:20:08 +02:00
Luo Yifei 7884353a04 Add the Owner Name to differentiate when merging (#3807) 2019-02-12 10:37:32 +02:00
Lanre Adelowo d0cb5aa9f9 fix #3200 (#6033) 2019-02-11 03:27:24 +02:00
Lanre Adelowo 9d8178b3ac Add option to close issues via commit on a non master branch (#5992)
* fixes #5957

* add tests to make sure config option is respected

* use already defined struct

* - use migration to make the flag repo wide not for the entire gitea instance
Also note that the config value can still be set so as to be able to control the value for new repositories that are to be created

- fix copy/paste error in copyright header year and rearrange import

- use repo config instead of server config value to determine if a commit should close an issue

- update testsuite

* use global config only when creating a new repository

* allow repo admin toggle feature via UI

* fix typo and improve testcase

* fix fixtures

* add DEFAULT prefix to config value

* fix test
2019-02-10 21:27:19 +02:00
Paul 8c865f3ce8 Fix metrics auth token detection (#6006)
Signed-off-by: Pauls Barkans <paulsb@gmail.com>
2019-02-09 00:58:31 -05:00
Richard Mahn ba91214633 Feature - #3031 - search for org repos (#5986) 2019-02-08 11:45:43 -05:00
Thomas Loubiou 7fb09f035a Fix #5799 - swagger for mergePullRequest (#5996) 2019-02-08 08:08:38 +00:00
Lunny Xiao 01bbf5ea69 Add API to list tags (#5850)
* Add API to list tags

* update dependency gitea sdk vendor

* fix swagger generation

* fix swagger

* add tests

* update code.gitea.io/git vendor
2019-02-07 12:00:52 +00:00
Lunny Xiao 06a1739553 fix bug when deleting a linked account will removed all (#5989) 2019-02-07 01:51:23 -05:00
Lanre Adelowo 9dfdf80af0 Expose issue stopwatch toggling via API (#5970) 2019-02-06 21:57:25 -05:00
Richard Mahn da1edbfb79 Feature - Pagination for git tree API (#5838)
* Feature - Pagination for git tree API

* Handles case when page is negative

* Does a for loop over the start and end rather than all entries

* Removed redundent logic

* Adds per_page as a query parameter

* Adds DEFAULT_GIT_TREES_PER_PAGE for settings, ran make fmt

* Fix typo in cheat-sheet en

* Makes page start at 1, generated swagger

* Use updates to SDK

* Updates to use latest sdk

* Updates swagger for tree api

* Adds test for GetTreeBySHA

* Updates per PR reviews

* Updates per PR reviews

* Remove file

* Formatting

* Fix to swagger file

* Fix to swagger

* Update v1_json.tmpl

* Fix to swagger file
2019-02-06 18:19:26 +00:00
zeripath f286a5abb4 Allow Macaron to be set to log through to gitea.log (#5667)
* Allow Macaron to be set to log through gitea.log

Fix #4291
2019-02-05 22:06:41 -05:00
Gabriel Silva Simões 3b7f41f9f7 Fix serving of raw wiki files other than .md (#5814)
* Fix serving of raw wiki files other than .md

Closes #4690.
Closes #4395.

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Simplify code at routers/repo/wiki.go

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Add more files to user2/repo1.wiki for testing

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Update macaron to v1.3.2

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Add tests for WikiRaw

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Fix NewResponseWriter usage due to macaron update

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>

* Add raw to reserved wiki names

Signed-off-by: Gabriel Silva Simões <simoes.sgabriel@gmail.com>
2019-02-05 20:58:55 -05:00
Lunny Xiao bf4badad1d Pull request conflict files detection (#5951)
* add conflict detection

* test pull request conflict files

* fix detection files number

* fix comments
2019-02-05 06:54:49 -05:00
Lanre Adelowo 5390791224 Automatically clear stopwatch on merging a PR (#4327)
* Don't display buttons if there are no notices

* clear stopwatch on merging a PR

* remove redundant gt check

* use ctx.Flash as per @bkcsoft comment

* stop timer on closing issues/PRs too

* updated translation as per review

* redirect to login page after successfully activating account

* remove unrelated changes

* stop timer for issues that are closed via commits too..Not just the 'close' UI button
2019-02-05 13:38:11 +02:00
Lanre Adelowo 024871ade6 Add label names as filter in issue search api (#5946) 2019-02-04 10:20:44 -05:00
zeripath 24a36e84cc Issue 5924 fix compare button (#5929)
* Revert #5877

This unfortunately was not the solution.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Change permission check to create pull requests to CanReadIssuesOrPulls

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-03 19:56:18 -05:00
zeripath 01c10a951b
Fix ssh deploy and user key constraints (#1357) (#5939)
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix #1357
2019-02-03 23:56:53 +00:00
Lunny Xiao ecefa9e724 Add single commit API support (#5843)
* add single commit API support
2019-02-02 22:35:17 -05:00
techknowlogick 3a7306945c
Disable redirect for i18n (#5910) 2019-01-31 09:38:20 -05:00
zeripath ca00ca8ee4 Provide better panic handling (#5902)
This PR gitea'ises the macaron.Recovery() handler meaning that in
the event of panic we get proper gitea 500 pages and the stacktrace
is logged with the gitea logger.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-30 17:00:00 -05:00
Lanre Adelowo 57a69ef277 don't allow pull requests to be created on an archived repository (#5883)
* don't allow pull requests to be created on an archived repository
Also disable the "PR" button if the repo is archived

* Refuse creating an issue/PR via API calls too
2019-01-30 12:20:40 -05:00
Lanre Adelowo 7933a950d0 respect value of REQUIRE_SIGNIN_VIEW (#5901) 2019-01-30 11:45:48 -05:00
Lauris BH fada6968a8 Fix new release creation API to allow empty target (#5870)
* Fix new release creation API to allow empty target

* Add more test cases

* Update swagger
2019-01-30 11:33:00 -05:00
Lanre Adelowo 8b5f6ced22 if repo does not exist, show a 404 not a 500 (#5900) 2019-01-30 11:13:39 -05:00
kekero 3568d426fe New Issue ?body= query (#5851)
* New Issue ?body= query

* Override issue template with body query

* Add documentation for issue body query
2019-01-28 10:23:59 -05:00
zeripath bf47f70c3b
API: Fix null pointer in attempt to Sudo if not logged in (#5872)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-28 14:13:59 +00:00
yasuokav 8510ac2687 Fix MinInterval (#5856)
Fixes #5847
2019-01-26 08:26:23 +00:00
Lunny Xiao 6b0c2e9e35 update swagger for release API pagination (#5841) 2019-01-25 09:10:50 +02:00
Lunny Xiao 892bfd0b19 improve the releases api paging (#5831)
* improve the releases api paging

* add max limit on API paging
2019-01-24 20:59:27 +02:00
kolaente 9a137faaaf Added docs for the tree api (#5834)
* Added docs for the tree api

* Added missing response definition

* Fixed swagger docs
2019-01-24 13:13:30 -05:00
Lauris BH cd83c2ca05
Fix topics saving internal error and disable for archived repos (#5821) 2019-01-24 12:22:27 +02:00
Shashvat Kedia 1b90692844 New API routes added (#5594)
* New API routes added

* Comments added

* Build fix

* swagger_v1_json.tmpl without new line character

* Typo fix

* Code review changes

* Code review changes

* Add copyright

* Add copyright

* Add copyright

* Update per @lafriks feedback

* Update org.go

* Update user.go

* Update user.go

* make fmt
2019-01-23 17:30:19 -05:00
kolaente 0b510725c9 Feature: Archive repos (#5009) 2019-01-23 13:58:38 -05:00
zeripath 7d434376f1 Pooled and buffered gzip implementation (#5722)
* Pooled and buffered gzip implementation

* Add test for gzip

* Add integration test

* Ensure lfs check within transaction

The previous code made it possible for a race condition to occur whereby a LFSMetaObject could be checked into the database twice. We should check if the LFSMetaObject is within the database and insert it if not in one transaction.

* Try to avoid primary key problem in postgres

The integration tests are being affected by
https://github.com/go-testfixtures/testfixtures/issues/39 if we set the
primary key high enough, keep a count of this and remove at the end of
each test we shouldn't be affected by this.
2019-01-23 10:56:51 +02:00
Lauris BH 075649572d Add the ability to use multiple labels as filters(#5786) 2019-01-22 23:10:38 -05:00
Lanre Adelowo e1fcd6b742 Disallow empty titles (#5785)
* add util method and tests

* make sure the title of an issue cannot be empty

* wiki title cannot be empty

* pull request title cannot be empty

* update to make use of the new util methof
2019-01-21 13:45:32 +02:00
Paul Brackin f631702299 Ensure error is logged on db reconnection attempts (#5780)
Unfortunately a scoping problem was missed on the previous PR which meant that the only nil error was logged on failure to connect to the db. This pr fixes this.
2019-01-20 09:30:37 +00:00
Paul Brackin 1bb22b2b47 Make db connect more robust (#5738) 2019-01-19 16:17:08 -05:00
zeripath 07802a2bc5 Refactor repo.isBare to repo.isEmpty #5629 (#5714)
* Refactor repo.isBare to repo.isEmpty #5629

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove Sync call
2019-01-17 19:01:04 -05:00
Lunny Xiao 82e08a3364
Refactor notification for indexer (#5111)
* notification for indexer

* use NullNotifier as parent struct
2019-01-17 22:23:22 +08:00
Harshit Bansal 5ac6da3c41 api: Add missing GET teams endpoints (#5382)
* api: Add an endpoint to list a particular member of team.

* models: Rename `GetUserTeams()` to `GetUserOrgTeams()` in `org_team` model.

`GetUserTeams()` sounds a bit misnomer since it actually returns
the teams that user belongs to in a given organization rather than
all the teams across all the organization that the user has joined.

* models: Add `GetUserTeams()`.

Returns all the teams that a user belongs to.

* api: Add an endpoint for GET '/user/teams'.

A GET request to this endpoint lists all the teams that a user
belongs to.
2019-01-16 19:39:50 -05:00
Elijah Oyekunle 734834a676 Add Default Pull Request Title (#5735)
* add default PR title
Set default PR title to commit summary if there's a single commit on the head branch, else set it to the head branch name

* set default PR description
If there's a single commit on the head branch, and it's multiline, then set it as the default PR description
2019-01-16 22:50:11 +01:00
silverwind 44759fd66c Add proper CORS preflight origin validation (#5740) 2019-01-15 23:16:45 -05:00
Lunny Xiao 270fa6d63b Support CORS headers to git smart http protocol (#5719) 2019-01-14 16:05:27 -05:00
Khaled Hamed bd75965296 Prioritize "readme.md" (#5691)
* prioritize readme.md

* Improve IsReadmeFile

* Add more tests
2019-01-14 14:15:06 -05:00
zeripath 2b36bdd490 Do not display the raw OpenID error in the UI (#5705)
* Do not display the raw OpenID error in the UI

If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix #4973

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update auth_openid.go

Place error log within the `err != nil` branch.
2019-01-12 14:24:47 -05:00
Lanre Adelowo 8d2c24f7f9 Allow for user specific themes (#5668)
* add migration and basic UI for changing a user's theme

* update user themem

* use right text on button

* load theme based on users' selection

* load theme based on users' selection in pwa too

* update sample config

* delete older theme loading

* implement AfterLoad to set users' theme properly

* set up default theme when creating a user. This uses the installation wide theme

* use flash messages for error

* set default theme when creating a user from the cli

* fix @lunny review
2019-01-09 12:22:57 -05:00
gdeverlant d3dc07f282 Added URL mapping for Release attachments like on github.com (#1707) 2019-01-06 17:37:30 -05:00
Julian 97dafdc057 fix commit page showing status for current default branch (#5650)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2019-01-06 16:32:00 +02:00
zeripath fd1e8563f8 SECURITY: protect DeleteFilePost et al with cleanUploadFileName (#5631)
This commit wraps more of the TreePaths with cleanUploadFileName

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-04 11:08:26 -05:00
Harshit Bansal 8764f1512d branch: Trigger update when deleting branch via UI. (#5617)
Fixes: #5309.
2019-01-02 20:56:58 +08:00
Rodrigo Villablanca Vásquez 4c52858c39 Issue is not overdue when it is on the same date #5566 (#5568)
* Due date time of issues and milestones is set to 23:59:59

* Add docs

* make gen swagger

* fix swagger gen
2019-01-01 18:56:47 +01:00
Shashvat Kedia 6e20b504b1 Delete organization endpoint added (#5601)
* Delete organization endpoint added

* Parameters added in comment

* Typo fix

* Newline character removed
2018-12-27 16:36:58 +01:00
Julian 4a685f8b87 Add rebase with merge commit merge style (#3844) (#4052)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2018-12-27 12:27:08 +02:00
Shashvat Kedia ba2c02b75d Fix route in swagger (#5598) 2018-12-26 21:13:49 +02:00
Lunny Xiao 4a02a783c4 fix bug on upload file name (#5571) 2018-12-20 21:32:11 -05:00
Lunny Xiao 7fd34c0517
fix lfs version check warning log when using ssh protocol (#5501) 2018-12-19 09:17:43 +08:00
zeripath 2a660a1de1 Support reverse proxy providing email (#5554)
This PR implements #2347
2018-12-18 12:05:48 -05:00
Lunny Xiao b3b7598ec6 Improve performance of dashboard (#4977) 2018-12-13 10:55:43 -05:00
Lunny Xiao b1f3685015 fix approvals limitation (#5521) 2018-12-11 18:49:33 -05:00
Lunny Xiao 58c4559d3b fix permission check on api create org (#5523) 2018-12-11 14:33:24 -05:00
Lunny Xiao ba75319157 fix clone wiki failed via ssh (#5503) 2018-12-11 13:37:32 -05:00
Lunny Xiao ccea91652f fix adding reaction fail for read permission (#5515) 2018-12-11 13:12:06 -05:00
Jonas Franz 9681c83734 Approvals at Branch Protection (#5350)
* Add branch protection for approvals

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add required approvals

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add missing comments and fmt

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add type = approval and group by reviewer_id to review

* Prevent users from adding negative review limits

* Add migration for approval whitelists

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-12-11 19:28:37 +08:00
Lunny Xiao 928417ae39 Fix empty wiki (#5504)
* fix wiki page when wiki path is exist but empty

* improve the error check
2018-12-09 17:45:44 -05:00
Lunny Xiao 7c0c965532 Improve team members and repositories settings UI (#5457)
* improve team members and repositories settings UI

* use tab on team pages

* add default description on team members and repos

* add blank on numbers and texts

* improve translation
2018-12-09 08:42:11 +02:00
Lunny Xiao da5a0b8382
add tests for api user orgs (#5494)
* add tests for api user orgs

* add permission for admin to list user's orgs even he is a private user of org
2018-12-09 10:19:50 +08:00
Lanre Adelowo 9441bfaccc admin should be able to delete repos even if he is not a member of the organization (#5443) 2018-12-02 11:08:33 -05:00
Lucien Kerl 552014a068 Removing Labels via EditPullRequest API (#5348)
* added the ability to provide an empty array at the EditPullRequests API to remove all labels

Signed-off-by: Lucien Kerl <lucien.kerl@wuerth-it.com>

* Update pull.go
2018-12-01 01:05:57 -05:00
Lanre Adelowo 0787056e07 Allow to add organization members as collaborators on organization owned repositories (#4748)
repository... Fixes #4507
2018-11-30 10:49:55 +02:00
Lunny Xiao 2dc805c0c6
Milestone issues and pull requests (#5293)
* add milestone issues and pulls page instead of redirecting issues page

* add milestone when creating issue from milestone page

* refactor to merge similiar codes as a new function issues

* remove milestone info on milestone issues list

* fix missing params
2018-11-29 09:46:30 +08:00
Kasi Reddy d5d847e5c4 Git-Trees API (#5403)
* Git-Trees API

* update vendor'd libs

* added comments to exported function and formatted.

* make fmt

* update per @lafirks feedback
2018-11-28 16:17:09 -05:00
Lunny Xiao eabbddcd98
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
2018-11-28 19:26:14 +08:00
Lauris BH 08bf443016 Implement git refs API for listing references (branches, tags and other) (#5354)
* Inital routes to git refs api

* Git refs API implementation

* Update swagger

* Fix copyright

* Make swagger happy add basic test

* Fix test

* Fix test again :)
2018-11-27 16:52:20 -05:00
SohnyBohny 294904321c Create Progressive Web App (#4730)
* Create manifest and serviceworker

* Create templates and add AppSubUrl

* Add JSRenderer

* fix ctx type

* Add JSRenderer to static.go

* Complete adding {{AppSubUrl}}

* Add more fonts to urlsToCache

* Add 512px and 192px icons

* Hardcode font MD5

* Default theme doesn't have a specific CSS file
2018-11-27 10:18:26 -05:00
Lanre Adelowo 5e022a98e6 show only opened milestones on issues page milestone filter (#5051)
* show only opened milestones on issues page milestone filter

* update Godoc

* update Godoc everywhere

* update swagger

* use false instead of 0

* Add seccond ordering by ID for milestones where no deadline is set
2018-11-26 16:45:42 +08:00
Daniel Balko 3379141d81 API: '/orgs/:org/repos': return private repos with read access (#5310) (#3829) (#5383)
Signed-off-by: Daniel Balko <inxonic+github@gmail.com>
2018-11-23 16:23:27 -05:00
kolaente 0dcf31ae49 Show review summary in pull requests (#5132) 2018-11-22 15:17:36 +02:00
Lunny Xiao 8ef177f8c5 add api for user to create org (#5268)
* add api for user to create org

* remove unused blank line on the swagger file end

* fix create and add test

* fix tests

* fix routes of create org API

* fix bug

* add copyright heads
2018-11-20 12:31:30 -05:00
Peter Hoffmann e08c7e521b Add raw blob endpoint to get objects by SHA ID (#5334)
* Add raw blob endpoint

This should make it possible to download raw blobs directly from
/:repo/:username/raw/blob/:sha1 URLs.

* fix: Make it work

* As an SHA-ID is no path getRefNameFromPath can't be used to verify
file specifying parameter
* added relevant change in go-gitea/git #132

Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>

* Update Gopkg.lock

Can't update all vendors due to errors

Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>

* style: Add Gitea copyright header

* feat: Added integration test for /repo/u/r/raw/blob

* fix: correct year in copyright header
2018-11-18 13:45:40 -05:00
Lucien Kerl 89eea64e10 added the ability to set labels on the "edit pull request" api (#5347)
Signed-off-by: Lucien Kerl <lucien.kerl@wuerth-it.com>
2018-11-16 12:12:44 +01:00
Lanre Adelowo b97af15de6 Block registration based on email domain (#5157)
* implement email domain whitelist
2018-11-14 20:00:04 -05:00
Lunny Xiao b3000ae623 Fix create team, update team missing units (#5188) 2018-11-10 14:45:32 -05:00
Jonas Bröms 599adde1bc Add option to disable automatic mirror syncing. (#5242)
Setting the interval to 0 will disable to automatic syncing.
2018-11-08 18:58:02 -05:00
Stanislav 078c404c3b Prometheus endpoint (#5256)
* Add prometheus collector and route

* dep ensure -add github.com/prometheus/client_golang/prometheus

* dep ensure -update github.com/golang/protobuf

* add metrics to reserved usernames

* add comment head in metrics package

* fix style imports

* add metrics settings

* add bearer token check

* mapping metrics configs

* fix lint

* update config cheat sheet

* update conf sample, typo fix
2018-11-04 22:20:00 -05:00
zeripath 7096085f2b Fix #5226 by adding CSRF checking to api reqToken and add CSRF to the POST header for deadline (#5250)
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation

Fixes #5226, #5249

* /api/v1/admin/users routes should have reqToken middleware
2018-11-03 21:15:55 -04:00
zeripath 00533d3870 Keys API changes (#4960)
* Add private information to the deploy keys api

This commit adds more information to the deploy keys to allow for back
reference in to the main keys list. It also adds information about the
repository that the key is referring to.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add private information to the user keys API

This adjusts the keys API to give out private information to user keys if
the current user is the owner or an admin.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add ability to search keys by fingerprint

This commit adds the functionality to search ssh-keys by fingerprint of
the ssh-key. Deploy keys per repository can also be searched. There is
no current clear API point to allow search of all deploy keys by
fingerprint or keyID.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add integration test
2018-10-31 23:40:49 -04:00
zeripath a3e084716e Add AutoHead functionality. (#5186)
Fixes #5153
2018-10-30 11:08:49 -04:00
Antoine GIRARD 617a2433a3 Make gitea serv use api/internal (#4886)
* Start to move to internal/private

* Add GetPublicKeyByID

* Add HasDeployKey

* Add private.UpdateDeployKeyUpdated

* Add private.GetUserByKeyID

* Add private.AccessLevel

* Add private.CheckUnitUser

* Fix mistakes I made

* Some cleaning + moving code to separate files

* Fix error handling

* Remove useless error handling for setup

* lint: fix comment on exported func

* fix copyright header

* Fix order of args
2018-10-30 14:20:13 +08:00
Jonas Bröms db30d6d791 Serve audio files using HTML5 audio tag (#5221)
* Serve audio files using HTML5 audio tag

* Correct copy paste error
2018-10-30 10:17:26 +08:00
AJ ONeal b8451190d8 UX of link account (Step 1) (#5006)
* Show either sign up OR sign in

* disambiguate fresh start from adding recovery options

* use tabs to switch between account link flows

* add active to tab body as well

* changes as per discussion

* handle specific error; fix missing err typo
2018-10-28 18:46:16 -04:00
Rodrigo Villablanca Vásquez 48badd59e9 Fix to 3819 - Filtering issues by tags on main screen issues (#3824)
* Fix to 3819

* Changes suggested

* Empty line removed

* Fix error: non-name opts.Labels on left side of :=
2018-10-28 07:55:01 +01:00
kolaente 6759237eda User action heatmap (#5131)
* Added basic heatmap data

* Added extra case for sqlite

* Built basic heatmap into user profile

* Get contribution data from api & styling

* Fixed lint & added extra group by statements for all database types

* generated swagger spec

* generated swagger spec

* generated swagger spec

* fixed swagger spec

* fmt

* Added tests

* Added setting to enable/disable user heatmap

* Added locale for loading text

* Removed UseTiDB

* Updated librejs & moment.js

* Fixed import order

* Fixed heatmap in postgresql

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: kolaente <konrad@kola-entertainments.de>

* Added copyright header

* Fixed a bug to show the heatmap for the actual user instead of the currently logged in

* Added integration test for heatmaps

* Added a heatmap on the dashboard

* Fixed timestamp parsing

* Hide heatmap on mobile

* optimized postgresql group by query

* Improved sqlite group by statement
2018-10-23 10:57:42 +08:00
Jonas Franz f38fce916e Add comment replies (#5104)
* Add comment replies

* Replace reviewID with review.ID
2018-10-22 16:13:35 -04:00
zeripath 43f9233914 Fix Swagger JSON autogeneration issues. (#4845)
* Fix Swagger JSON.

Remove unnecessary schema references for the forbidden and empty responses

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Fix swagger API for CreateAccessToken

* Fix admin create org swagger

* Fix swagger for adminCreateRepo

* More swagger fixes

Set int64 format for those which are int64
Some more form fixes

* Fix swagger description of GET /repos/{owner}/{repo}/pulls
2018-10-20 23:40:42 -04:00
Oleg Kovalov 5a4648cdd6 Remove check for negative length (#5120) 2018-10-20 17:25:14 -04:00
Julien Tant dea3d849e1 Give user a link to create PR after push (#4716)
* Give user a link to create PR after push

* Forks now create PR in the base repository + make sure PR creation is allowed

* fix code style
2018-10-20 09:59:06 +03:00
Lunny Xiao ea619b39b2
Add notification interface and refactor UI notifications (#5085)
* add notification interface and refactor UI notifications

* add missing methods on notification interface and notifiy only issue status really changed

* implement NotifyPullRequestReview for ui notification
2018-10-18 19:23:05 +08:00
zeripath dd62ca7ba9 Add support for search by uid (#4876)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2018-10-18 16:44:51 +08:00
Lauris BH ab5b245182 Disable debug routes unless PPROF is enabled in configuration (#4995) 2018-09-29 18:44:06 -04:00
Lauris BH 81702e6ec9 Detect charset and convert non UTF-8 files for display (#4950)
* Detect charset and convert non UTF-8 files for display

* Refactor and move function to correct module

* Revert unrelated changes

* More unrelated changes

* Duplicate content for small text to have better encoding detection

* Check if original content is valid before duplicating it
2018-09-29 16:33:54 +08:00
zeripath 36e7cb9755 Update Swagger API to match the return of /users/search (#4847)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2018-09-21 16:56:26 +08:00
Lauris BH 4befec242a
Code review UI improvements and bugfixes (#4682)
* Code review UI improvements

* More fixes to dark theme

* Style fix

* Fix to allow add code review comments only on review files tab

* More readability dark style fixes

* Fix commenting on deleted files. Fixes #4752

* Fix line blame getting for multiple corner cases
2018-09-17 17:59:49 +03:00
Lanre Adelowo acb6f8a518 make sure to catch the right error so it is displayed as an error on the ui not a 500 (#4945) 2018-09-16 18:27:43 +03:00
Lanre Adelowo 2a6d3ba058 Allow admin toggle forcing a password change for newly created users (#4563) 2018-09-13 12:34:36 -04:00
Lanre Adelowo 126ba796dc Force user to change password (#4489)
* redirect to login page after successfully activating account

* force users to change password if account was created by an admin

* force users to change password if account was created by an admin

* fixed build

* fixed build

* fix pending issues with translation and wrong routes

* make sure path check is safe

* remove unneccessary newline

* make sure users that don't have to view the form get redirected

* move route to use /settings prefix so as to make sure unauthenticated users can't view the page

* update as per @lafriks review

* add necessary comment

* remove unrelated changes

* support redirecting to location the user actually want to go to before being forced to change his/her password

* run make fmt

* added tests

* improve assertions

* add assertion

* fix copyright year

Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
2018-09-13 15:04:25 +03:00
Bo-Yi Wu ea20adaa84
feat(repo): support search repository by topic name (#4505)
* feat(repo): support search repository by topic name
2018-09-13 10:33:48 +08:00
techknowlogick f1ad4bb3d5
Remove traces of embedded TiDB (#4906)
Fix #3357
2018-09-11 10:42:40 -04:00
Lanre Adelowo 8ee9922fe6 Add file name and branch to page title (#4902) 2018-09-10 13:01:49 -04:00
B-OnTheGo e47df0b301 Enforce token on api routes [fixed critical security issue #4357] (#4840) 2018-09-10 12:15:52 -04:00
Bobonium 387a4b09c1 allow api to create tags for releases (#4890) 2018-09-10 10:57:41 -04:00
Lanre Adelowo be48397945 Slack webhook channel name cannot be empty or just contain an hashtag (#4786) 2018-09-10 10:31:08 -04:00
Lewis Cowles c43399cad8 Fixes repo branch endpoint summary (#4893)
in browser saw `/repos/{owner}/{repo}/branches/{branch} List a repository's branches` fixed

Addresses https://github.com/go-gitea/debian-packaging/pull/1

Fixes https://github.com/go-gitea/gitea#4892
2018-09-09 11:36:08 +08:00
zeripath d293a2b9d6 Add sudo functionality to the API (#4809) 2018-09-06 23:31:29 -04:00
Lunny Xiao e48df3ee47 issues api allow pulls and fix #4832 (#4852) 2018-09-03 13:20:54 -04:00
Najib Idrissi b9ae16d15e Make reverse proxy auth optional (#4643)
* Make reverse proxy auth optional

If the option ENABLE_REVERSE_PROXY_AUTHENTICATION is enabled, make
reverse proxy auth optional, instead of failing if the authentication
did not succeed.

Fixes #3973

Signed-off-by: Najib Idrissi <najib.idrissi.kaitouni@gmail.com>

* Update http.go
2018-08-29 10:39:16 -04:00
EnricoFerro 912953e82a API /admin/users/{username} missing parameter (#4775) 2018-08-23 19:59:47 -04:00
Lanre Adelowo 6ca8fbd2f9 Fixed bug where team with admin privelege type doesn't get any unit attached to the team (#4719) 2018-08-21 13:02:32 -04:00
Lanre Adelowo 6c1a31ffaa User shouldn't be able to approve or reject his/her own PR (#4729)
* Make sure author cannot reject/approve their own PR

* Disable buttons in templates too

* Remove unneccessary if check since the switch below catches it

* Fix IsOwner check

* Update template and remove new template variable

* Add alert template and redirect to diff page on review failure

* Redirect to files diff as a little update to #4632
2018-08-20 07:04:01 +02:00
Lanre Adelowo a6cdda115d Display error when adding a user to a team twice (#4746) 2018-08-19 21:49:19 +03:00
Lauris BH 92466129ec
Improve URL validation for external wiki and external issues (#4710)
* Improve URL validation for external wiki  and external issues

* Do not allow also localhost address for external URLs
2018-08-15 09:29:37 +03:00
SagePtr 0449330dbc Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) 2018-08-14 23:16:37 +03:00
nemoinho ca112f0a04 Add whitespace handling to PR-comparsion (#4683)
* Add whitespace handling to PR-comparsion

In a PR we have to keep an eye on a lot of different things. But sometimes the
bare code is the key-thing we want to care about and just don't want to care
about fixed indention on some places. Especially if we follow the pathfinder
rule we face a lot of these situations because these changes don't break the
code in many languages but improve the readability a lot.

So this change introduce a fine graned button to adjust the way how the
reviewer want to see whitespace-changes within the code.

The possibilities reflect the possibilities from git itself except of the
`--ignore-blank-lines` flag because that one is also handled by `-b` and is
really rare.

Signed-off-by: Felix Nehrke <felix@nehrke.info>
2018-08-14 13:49:33 -04:00
Julien Tant 7781e8cef2 Disable merging a WIP Pull request (#4529)
* prevent pull request to be merged when PR is a WIP

* add tests

* add helper to prepend WIP: in PR title

* move default wip prefixes into settings

* use configurable WIP prefixes in javascript and default to first one in templates

* add documentation

* add unit test on pull model

Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-13 22:04:39 +03:00
techknowlogick ce7c64c7e1
Use updated docs link on install page (#4668)
Fix #4665
2018-08-11 21:05:52 -04:00
Lanre Adelowo 3422077a89 make sure to set pr split view (#4617)
Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
2018-08-11 20:20:33 -04:00
Lanre Adelowo 69a855f3d4 log user in after a successful sign up (#4615) 2018-08-11 15:33:19 -04:00
Lanre Adelowo 0df7cab4fb prevent empty review comment (#4632)
* prevent empty review comment

This would only require a comment for rejection and comment

* add tests

* add comment
2018-08-07 20:15:41 +03:00
Lanre Adelowo 59b10e66f7 An inactive user shouldn't be able to be added as a collaborator (#4535)
* an inactive user shouldn't be able to be a collaborator

* use translated error message

* add active user check when adding a new collaborator via the api

* fix translation text

* added collaborator test

* improvee testcases
2018-08-07 13:01:06 +03:00
Lanre Adelowo c7a6ee5c0b Don't fail silently if trying to add a collaborator twice (#4533)
* don't fail silently if trying to add a collaborator twice

* fix translation text

* added collaborator test

* improvee testcases

* Added tests to make sure a collaborator cannot be added twice
2018-08-07 09:59:42 +08:00
Lauris BH 6e64f9db8e Pull request review/approval and comment on code (#3748)
* Initial ui components for pull request review

* Add Review
Add IssueComment types

Signed-off-by: Jonas Franz <info@jonasfranz.software>

(cherry picked from commit 2b4daab)
Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Replace ReviewComment with Content

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add load functions
Add ReviewID to findComments

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add create review comment implementation
Add migration for review
Other small changes

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Simplified create and find functions for review

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Moved "Pending" to first position

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add GetCurrentReview to simplify fetching current review

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Preview for listing comments

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Move new comment form to its own file

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Implement Review form
Show Review comments on comment stream

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add support for single comments
Showing buttons in context

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add pending tag to pending review comments

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add unit tests for Review

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fetch all review ids at once
Add unit tests

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* gofmt

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Improved comment rendering in "Files" view by adding Comments to DiffLine

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add support for invalidating comments

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Switched back to code.gitea.io/git

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Moved review migration from v64 to v65

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Rebuild css

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* gofmt

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Improve translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix unit tests by updating fixtures and updating outdated test

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Comments will be shown at the right place now

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add support for deleting CodeComments

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems caused by files in subdirectories

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add support for showing code comments of reviews in conversation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add support for "Show/Hide outdated"

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Update code.gitea.io/git

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add support for new webhooks

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Update comparison

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Resolve conflicts

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Minor UI improvements

* update code.gitea.io/git

* Fix ui bug reported by @lunny causing wrong position of add button
Add functionality to "Cancel" button
Add scale effects to add button
Hide "Cancel" button for existing comments

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Prepare solving conflicts

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Show add button only if no comments already exist for the line

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add missing vendor files

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Check if reviewer is nil

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Show forms only to users who are logged in

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Revert "Show forms only to users who are logged in"

This reverts commit c083682

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Save patch in comment
Render patch for code comments

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add link to comment in code

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add reply form to comment list
Show forms only to signed in users

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add 'Reply' as translatable
Add CODE_COMMENT_LINES setting

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* gofmt

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems introduced by checking for singed in user

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add v70

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Update generated stylesheet

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix preview
Beginn with new review comment patch system

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add new algo to generate diff for line range
Remove old algo used for cutting big diffs (it was very buggy)

* Add documentation and example for CutDiffAroundLine

* Fix example of CutDiffAroundLine

* Fix some comment UI rendering bugs

* Add code comment edit mode

* Send notifications / actions to users until review gets published
Fix diff generation bug
Fix wrong hashtag

* Fix vet errors

* Send notifications also for single comments

* Fix some notification bugs, fix link

* Fix: add comment icon is only shown on code lines

* Add lint comment

* Add unit tests for git diff

* Add more error messages

* Regenerated css

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* fmt

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Regenerated CSS with latest less version

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix test by updating comment type to new ID

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Introducing CodeComments as type for map[string]map[int64][]*Comment
Other minor code improvements

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix data-tab issues

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove unnecessary change

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* refactored checkForInvalidation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Append comments instead of setting

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Use HeadRepo instead of BaseRepo

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Update migration

Signed-off-by: Jonas Franz <info@jonasfranz.de>

* Regenerated CSS

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add copyright

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Update index.css

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-08-06 06:43:21 +02:00
Allen Wild c40f5d2d4c api: repos/search: add parameters to control the sort order (#3964)
The backend SearchRepositoryByName function supports several sort order
options, hook these up to the /repos/search API.

New parameters for /repos/search:
    'sort':  alpha, created, updated, size, or id
    'order': asc or desc

'sort' defaults to alpha.
'order' defaults to ascending, and is ignored if 'sort' is not specified.
The overall default behavior is unchanged (alphabetically ascending).

This partially implements issue #3963

Signed-off-by: Allen Wild <allenwild93@gmail.com>
2018-08-02 16:10:02 +08:00
Dingjun 819f50ccd5 fix panic issue on update avatar email (#4580) (#4581)
fix #4580
2018-08-01 17:38:56 +08:00
Julien Tant ced08d18a4 fix IsPullReuqestBroken->IsPullRequestBroken (#4578)
Signed-off-by: Julien Tant <julien@craftyx.fr>
2018-08-01 11:00:35 +08:00
Piotr Orzechowski a74426d631 Swagger.v1.json template (#3572)
* Turn swagger.v1.json into template

* Rename ENABLE_SWAGGER_ENDPOINT option to ENABLE_SWAGGER
2018-07-28 03:19:01 +03:00
techknowlogick adf3f004b6
Switch plaintext scratch tokens to use hash instead (#4331) 2018-07-27 08:54:50 -04:00
Lukas Treyer be4ec0cbba env var GITEA_PUSHER_EMAIL (#4516)
* env var GITEA_PUSHER_EMAIL

* set pusher email only if email address is not private
2018-07-26 19:38:55 +03:00
Lanre Adelowo 630f234223 Add flash message after an account has been successfully activated (#4510)
* added new locale text
2018-07-25 20:54:56 +03:00
Lanre Adelowo 4bf0cae1f5 Respect email privacy option in user search via API (#4512)
* respect user's email privacy option

* make email visible to admin irrespective of privacy option
2018-07-25 15:11:22 +03:00
techknowlogick 492ec97a46
Redirect to correct page after using scratch token (#4458) 2018-07-19 13:58:33 -04:00
kolaente 1bff02de55 Added dependencies for issues (#2196) (#2531) 2018-07-17 17:23:58 -04:00
kolaente ef6813abc9 Issue due date api (#3890)
* Implemented basic api endpoint to manage deadlines

* Fixed checking for permissions

* Updating a deadline from the ui is now entirely done via the api

* cleanup

* Cosmetics

* fixed lint + fmt

* Added swagger model definition for deadline response

* Updated gitea-sdk

* Updated gitea-sdk

* More cleanup

* Generate swagger json

* Merge branch 'master' of https://github.com/go-gitea/gitea into issue-due-date-api

# Conflicts:
#	public/swagger.v1.json

* Fixed permission to update a deadline via api

* Re-added form to change a deadline

* Added client-side validation + not ignore error messages from the api

* Added locale for error message

* Merge branch 'master' of https://github.com/go-gitea/gitea

# Conflicts:
#	models/issue_comment.go

* Proper date validation

* Fixed indention

* moved css to css file

* added documentation for error codes

* after merge cleanup

* Added swagger description

* DO NOTHING BUT TRIGGER THAT F*CKIN CI SO IT PICKS UP THE LATEST COMMIT AS IT SHOULD

* DO NOTHING BUT TRIGGER THAT F*CKIN CI SO IT PICKS UP THE LATEST COMMIT AS IT SHOULD

* regenerated stylesheets
2018-07-16 14:43:00 +02:00
Lauris BH 659bc727bd
Fix query parameter name comment in issue API (#4421) 2018-07-12 16:40:41 +03:00
techknowlogick ab55ca7ebd
Add ability to delete a token (#4235)
Fix #4234
2018-07-06 21:54:30 -04:00
Nicolas Da Mutten e07d3ad0fc Fixes repo membership check in API (#4341)
Untested, since I can't compile (yet).
2018-07-05 15:14:56 +08:00
Fluf f035dcd4f2 Add Recaptcha functionality to Gitea (#4044) 2018-07-05 00:13:05 -04:00
Lauris BH 69e2ab1611 Allow administrator to create repository for any organization (#4368) 2018-07-05 01:51:02 +02:00
Lauris BH 4a8ee0b5cc
Check that repositories can only be migrated to own user or organizations (#4366)
* Repositories can only migrated to own user or organizations

* Add check for organization that user does not belong to

* Allow admin to migrate repositories for other users
2018-07-05 01:45:15 +03:00
tarelda 5676f60cba Keep preseeded database password (#4284) 2018-07-03 20:09:55 -04:00
Clar Charr c71ee33057 Increase default TOTP secret size to 320 bits (#4287) 2018-07-03 18:10:35 -04:00
Jonas Franz 801843b011 Fix open redirect vulnerability on login screen (#4312)
* Fix open redirect vulnerability on login screen

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Reorder imports

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Replace www. from Domain too

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-06-26 22:45:18 +08:00
David Schneiderbauer 0b3ea42847 hide issues from org private repos w/o team assignment (#4034) 2018-06-21 12:00:13 -04:00
Alexey Terentyev 46d19c4676 Fix topics addition (Another solution) (#4031) (#4258)
* Added topics validation, fixed repo topics duplication (#4031)

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added tests

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed fmt

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added comments to exported functions

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Deleted RemoveDuplicateTopics function

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed messages

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added migration

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* fmt migration file

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* fixed lint

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added Copyright

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added query solution for duplicates

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed migration query

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Changed RegExp. Fixed migration

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* fmt migration file

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed test for changed regexp

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Removed validation log messages

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed migration file

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed validate function

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-06-21 17:09:46 +08:00
Russell Aunger 9ae7664df7 Fix webhook type conflation. (#4285)
- Fix typo that caused Gogs hooks to be created as Gitea hooks.
- Fix typo that caused Gogs hooks to be duplicated upon edit (though this bug was masked by the previous one).

Signed-off-by: Russell Aunger <rba@live.com>
2018-06-21 07:22:03 +02:00
Jonas Franz 467ff4d343 Fix milestone appliance and permission checks (#4271)
* Fix milestone appliance
Fix missing permission check

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix comment

* Add Gitea copyright line
2018-06-19 23:15:11 +08:00
David Schneiderbauer 69bfd81b1c fix missing data on redirects (#3975) 2018-06-18 14:24:45 -04:00
stevegt a7aaacb633 fix CreateIssueCommentOption reference (#4239)
* fixes a warning remaining from #4010 and #4220
2018-06-15 15:47:13 +08:00
David Schneiderbauer adba2ad609 fix not respecting landing page setting (#4209)
* fix not respecting landing page setting

* fmt

* add landing page test
2018-06-15 11:42:46 +08:00
Antoine GIRARD 6efdcaed86 Fix swagger security parts (#4236) 2018-06-12 19:23:00 -04:00
Antoine GIRARD 908e8942cc Fix swagger errors (#4220)
Fix all the resting errors to have a valid swagger file.

They are still some warnings but nothing blocking.

Doing so I found that some request still misses son parameters for some POST/PUT/PATCH request. This means the a client generated from the swagger file will not work completely. 

Fix #4088 by activating validation in drone
Should fix #4010.
2018-06-12 22:59:22 +08:00
nickolas360 2bb73fe12c HTML-escape text READMEs (#4192) 2018-06-10 21:42:16 +03:00
stevegt a5f63fc4d1 swagger: add 'required: true' for params in URL (#4097)
* Partial fix for #4010

Swagger validation needs 'required: true' for parameters that are in
the URL path.

Signed-off-by: Steve Traugott <stevegt@t7a.org>
2018-06-02 18:20:28 +03:00
stevegt 39f2aa7c12 add simple descriptions for file API responses (#4089)
* Partial fix for #4010

Swagger needs a description field in each swagger:operation response.  Adding
minimal text for now on the way to getting swagger validate to pass.  Many
standard swagger client libraries will not work with gitea until validate
passes, so prioritizing that over better descriptions for now.

Signed-off-by: Steve Traugott <stevegt@t7a.org>
2018-06-01 13:51:49 +08:00
stevegt 7707ad7a0a add simple descriptions for swagger validate (#4087)
* Partial fix for #4010

Swagger needs a comment line above each swagger:response comment -- it
uses these to populate the description: fields.  Adding minimal text
for now on the way to getting swagger validate to pass.  Many standard
swagger client libraries will not work at all with gitea until validate
passes, so prioritizing that over better descriptions for now.

Signed-off-by: Steve Traugott <stevegt@t7a.org>
2018-05-31 19:13:55 +08:00
Alexey Terentyev f86f56e19c Added deletion of an empty line at the end of the file (#4050) (#4054)
Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-29 11:08:55 +08:00
Michael Kuhn fd274ffcd9 Fix wiki redirects (#3919)
When creating or editing a wiki page, the redirect to the wiki page does
not work because the file name is used instead of the page name.
2018-05-28 09:38:20 -04:00
Fluf 2a9799493a Make home.tmpl visible with Signin-View enabled (#4040)
Fix #3846
2018-05-24 15:51:28 -04:00
Magnus Lindvall cdb9478774 LDAP Public SSH Keys synchronization (#1844)
* Add LDAP Key Synchronization feature

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Add migration: add login source id column for public_key table

* Only update keys if needed

* Add function to only list pubkey synchronized from ldap

* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.

* Only get keys belonging to current login source id

* Set default login source id to 0

* Some minor cleanup. Add integration tests (updete dep testify)
2018-05-24 07:59:02 +03:00
Alexey Terentyev b908ac9fab Added repository search ordered by stars or forks. Forks column in admin repo list. (#3969)
* Added repository search order by stars or forks.
Added Forks column to admin repository list.

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed search repo template

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-24 09:03:42 +08:00
Lunny Xiao 60d95a0b85
fix bugs caused by #3929 (#3999) 2018-05-23 15:23:23 +08:00
Aleksandr Bulyshchenko ee878e3951 Support secure cookie for csrf-token (#3839)
* dep: Update github.com/go-macaron/csrf

Update github.com/go-macaron/csrf with dep to revision 503617c6b372
to fix issue of csrf-token security.

This update includes following commits:
- Add support for the Cookie HttpOnly flag
- Support secure mode for csrf cookie

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>

* routers: set csrf-token security depending on COOKIE_SECURE

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
2018-05-22 02:09:48 +03:00
David Schneiderbauer 31067c0a89 remove collaborative repositories from search on user profiles (#3996)
* remove collaborative repositories from search on user profiles

* rename 'My Repositories' to 'Repositories'
2018-05-21 23:07:34 +03:00
Lunny Xiao 6bdc556b7f
Fix some webhooks bugs (#3981)
* fix some webhooks bugs

* update vendor

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* fix test

* fix clearlabels

* fix pullrequest webhook bug fix #3492

* update release webhook description

* remove unused code

* fix push webhook in pull request

* small changes
2018-05-21 10:28:29 +08:00
Jonas Franz 951309f76a Add support for FIDO U2F (#3971)
* Add support for U2F

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add vendor library
Add missing translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Minor improvements

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library
Add U2F error handling

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F login page to OAuth

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Move U2F user settings to a separate file

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add unit tests for u2f model
Renamed u2f table name

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems caused by refactoring

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove not needed console.log-s

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add default values to app.ini.sample
Add FIDO U2F to comparison

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-05-19 17:12:37 +03:00
David Schneiderbauer 44754774f1 Re-enable random avatar feature (#3988)
* reenable random avatar feature

* replace Size check by Filename check
2018-05-19 21:22:09 +08:00
David Schneiderbauer 2aabfc1afa Splitted the user settings code into several files to be more maintainable (#3968)
* refactor setting router code

splitted up one huge router settings file into the smaller files
representing the actual page structure

* move code to subfolder

* rename functions

* renamed files

* add copyright information
2018-05-17 12:05:00 +08:00
Lunny Xiao 24941a1046
Add more webhooks support and refactor webhook templates directory (#3929)
* add more webhook support

* move hooks templates to standalone dir and add more webhooks ui

* fix tests

* update vendor checksum

* add more webhook support

* move hooks templates to standalone dir and add more webhooks ui

* fix tests

* update vendor checksum

* update vendor

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* load attributes when created release

* update comparsion doc
2018-05-16 22:01:55 +08:00
David Schneiderbauer 099372d76c Refactor User Settings (#3900)
* moved avatar to profile page

* combined password change, email and account deletion into account settings page

* combined totp, access tokens, linked accounts and openid into security settings page

* move access tokens to applications settings page

* small change to restart drone build

* fix change avatar url on profile page

* redirect old settings urls to new ones

* enforce only one autofocus attribute on settings pages

* set correct redirect status code

* fmt fix
2018-05-15 13:07:32 +03:00
FabioFortini 1546458f7d issue-2768: added new option allow_only_external_registration (#3910) 2018-05-13 15:51:16 +08:00
Lunny Xiao c14870c5ac
fix blank topic (#3948) 2018-05-11 16:15:18 +08:00
kolaente 95f2e2b57b Multiple assignees (#3705) 2018-05-09 19:29:04 +03:00
David Schneiderbauer ea01decb6b fix wrong issue endpoints in swagger doc (#3914) 2018-05-08 14:05:18 +08:00
Lauris BH 501fb228e6
Add option to use paged LDAP search when synchronizing users (#3895) 2018-05-05 17:30:47 +03:00
kolaente 1fdf560678 Added user language setting (#3875)
* Added user language setting

* Added translation string for setting

* Fixed import order + typo

* improved checking if the user has a language saved in the db

* The current saved language is now set a default inside the dropdown

* fmt

* When a user signs in and doesn't have a language saved, the current browser language is saved

* updated gitea-sdk

* Merge branch 'master' of https://github.com/go-gitea/gitea into save-user-language

# Conflicts:
#	models/migrations/migrations.go
#	models/migrations/v62.go

* Made tests work again

* trigger CI

* trigger CI

* fmt

* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO

* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO

* When loggin in, only the language col gets updated instead of everything
2018-05-05 08:28:30 +08:00
Lauris BH 1e1ece8f3d
Do not allow to reuse TOTP passcode (#3878) 2018-05-02 18:02:02 +03:00