Commit graph

1748 commits

Author SHA1 Message Date
mrsdizzie f2de5dc8c8 Replace linkRegex with xurls library (#6261)
* Replace linkRegex with xurls library

Rather than maintaining a complicated regex to match URLs for
autolinking, gitea can use this existing go library that takes care of
the matching with very little code change to gitea itself. After
spending a while trying to find the perfect regex for all cases this library
still works better as it is more flexible than a single regex ever will be.

This will also fix the following issues: #5844 #3095 #3381

This passes all our current tests and I've added new ones mentioned in
those issues as well.

* Use xurls.StrictMatchingScheme instead of xurls.Strict

This is much faster and we only care about https? links to preserve
existing behavior.
2019-03-07 15:12:01 -05:00
mrsdizzie 020075e12f Remove visitLinksForShortLinks features (#6257)
The visitLinksForShortLinks feature would look inside of an <a> tag and
run shortLinkProcessorFull on any text, which attempts to create links
out of potential 'short links' like [[test]] [[link|example]] etc...
This makes no sense because you can't have nested links within an <a>
tag. Specifically, the html5 standard says <a> tags can't include
interactive content if they contain the href attribute:

 http://w3c.github.io/html/single-page.html#the-a-element

And also defines an <a> element with a href attribute as interactive:

 http://w3c.github.io/html/single-page.html#interactive-content

Therefore you can't really put a link inside of another link. In
practice none of this works anyways since browsers won't render it, it
would probably be broken if they tried, and it is causing a bug
(#4946). No current tests rely on this behavior either.

This removes the feature and also explicitly excludes the
current visitNodeForShortLinks from looking in <a> tags.
2019-03-07 14:13:44 -05:00
Zsombor f80caa5a8c Fix #6234 : Check organization visibility before everything else (#6235)
* Fix #6234 : Check organization visibility before everything else

* Ensure that Owner is available in the Repo
2019-03-05 15:15:24 -05:00
mrsdizzie 4a2e92bcd1 Modify linkRegex to require http|https (#6171)
Modify the current linkRegex to require http|https which appears to be
the intended behavior based on the comments. Right now, it also matches
anything starting with www as well. Also add testing for linkRegex
2019-02-28 20:31:53 +08:00
Lunny Xiao c812ba7f87
fix display dashboard even if require to change password (#6214)
* fix display dashboard even if require to change password

* fix comments
2019-02-28 16:01:42 +08:00
James E. Blair 48c101affe Create a repo redirect when transferring ownership (#6210) (#6211)
When transferring ownership of a repo to a different user/org,
create a repo redirect that points to the new location in the same
way that is done when a repo is renamed.

Signed-off-by: James E. Blair <jeblair@redhat.com>
2019-02-28 11:51:46 +08:00
Segev Finer 594f591691 Increase Username and Orgname MaxSize 35 -> 40 (#6178)
* Increase Username and Orgname MaxSize 35 -> 40

Signed-off-by: Segev Finer <segev@codeocean.com>

* Dep update code.gitea.io/sdk

Signed-off-by: Segev Finer <segev@codeocean.com>

* Run generate-swagger

Signed-off-by: Segev Finer <segev@codeocean.com>
2019-02-25 13:56:47 -05:00
Lunny Xiao 15ecc08475 fix bug when set indexer as db and add tests (#6173) 2019-02-24 11:16:20 -05:00
Lunny Xiao 477ef46251
Add more tests and docs for issue indexer, add db indexer type for searching from database (#6144)
* add more tests and docs for issue indexer, add db indexer type for searching from database

* fix typo

* fix typo

* fix lint

* improve docs
2019-02-21 13:01:28 +08:00
Lunny Xiao 0751153613
refactor issue indexer, add some testing and fix a bug (#6131)
* refactor issue indexer, add some testing and fix a bug

* fix error copyright year on comment header

* issues indexer package import keep consistent
2019-02-21 08:54:05 +08:00
John Olheiser d26d249748 Minor UI tweaks (#5980)
* Remove all CommitStatus when a repo is deleted

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Minor UI tweaks (#5782)
Added 'No License' option
Added link and octicon change for external issue trackers
Reset password now notifies right away if the code is invalid

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* More UI tweaks
More info in PR

* Generate stylesheet for arc-green

* Make gofmt work

* Change PR integration since the button is changed

* Rebase

* Generate stylesheet

* UI updates
Made the PR button a "basic" button
Vertically centered the issue checkboxes
Labels will update only once after modal is closed

* Commit to reference related issues
Resolves #5782
Resolves #5861
Addresses original question in #5993

* Change the comment wording since PR button is no longer little and green.

* Revert changes that made Windows work

* Regenerate stylesheet

* Regenerate stylesheets

* make generate-stylesheets

* Update integration again, changed button style

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Added ID to PR button
Changed integration to use the ID to avoid breaking in the future

* Added missing semi-colons

* Added back distinction between issue actions and filters (overlooked it before)
Moved action button over next to other action dropdowns

* Remove extra tab formatting in list.tmpl

* Remove more formatting from GoLand

* Replace hardcoded "No License" with i18n license helper.
2019-02-19 18:09:47 -05:00
Lunny Xiao 987a521e2f remove unused file (#6121) 2019-02-19 17:22:42 +02:00
Lunny Xiao 830ae61456 Refactor issue indexer (#5363) 2019-02-19 09:39:39 -05:00
Lunny Xiao f5fa22a499 Fix prohibit login check on authorization (#6106)
* fix bug prohibit login not applied on dashboard

* fix tests

* fix bug user status leak

* fix typo

* return after render
2019-02-19 09:19:28 +02:00
Lanre Adelowo 44114b38e6 Implement "conversation lock" for issue comments (#5073) 2019-02-18 22:55:04 +02:00
Rémy Boulanouar 64ce159a6e Allow to set organization visibility (public, internal, private) (#1763) 2019-02-18 18:00:27 +02:00
zeripath 22770c324d
Move to ldap.v3 to fix #5928 (#6105)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-18 12:34:37 +00:00
xdch47 5e7dee0db5 modules/context/auth.go: fix redirect loop (#5965)
Closes #5815
2019-02-17 13:44:25 +08:00
zeripath 2a03e96bce
Allow markdown files to read from the LFS (#5787)
This PR makes it possible for the markdown renderer to render images and media straight from the LFS.

Fix #5746

Signed-off-by: Andrew Thornton [art27@cantab.net](mailto:art27@cantab.net)
2019-02-12 15:09:43 +00:00
zeripath 296814e887 Refactor editor upload, update and delete to use git plumbing and add LFS support (#5702)
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFile

* Use git plumbing for upload: #5621 repo_editor.go: GetDiffPreview

* Use git plumbing for upload: #5621 repo_editor.go: DeleteRepoFile

* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFiles

* Move branch checkout functions out of repo_editor.go as they are no longer used there

* BUGFIX: The default permissions should be 100644

    This is a change from the previous code but is more in keeping
    with the default behaviour of git.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Standardise cleanUploadFilename to more closely match git

See verify_path in: 7f4e641693/read-cache.c (L951)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Redirect on bad paths

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Refactor to move the uploading functions out to a module

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add LFS support

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update upload.go attribution header

Upload.go is essentially the remnants of repo_editor.go. The remaining code is essentially unchanged from the Gogs code, hence the Gogs attribution.

* Delete upload files after session committed

* Ensure that GIT_AUTHOR_NAME etc. are valid for git

see #5774

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add in test cases per @lafriks comment

* Add space between gitea and github imports

Signed-off-by: Andrew Thornton <art27@cantab.net>

* more examples in TestCleanUploadName

Signed-off-by: Andrew Thornton <art27@cantab.net>

* fix formatting

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Set the SSH_ORIGINAL_COMMAND to ensure hooks are run

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Switch off SSH_ORIGINAL_COMMAND

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-12 15:07:31 +02:00
manuelluis fc038caa69 In basic auth check for tokens before call UserSignIn (#5725)
* Check first if user/password is a token

* In basic auth check if user/password is a token

* Remove unnecessary else statement

* Changes of fmt
2019-02-12 11:20:08 +02:00
Lanre Adelowo 9d8178b3ac Add option to close issues via commit on a non master branch (#5992)
* fixes #5957

* add tests to make sure config option is respected

* use already defined struct

* - use migration to make the flag repo wide not for the entire gitea instance
Also note that the config value can still be set so as to be able to control the value for new repositories that are to be created

- fix copy/paste error in copyright header year and rearrange import

- use repo config instead of server config value to determine if a commit should close an issue

- update testsuite

* use global config only when creating a new repository

* allow repo admin toggle feature via UI

* fix typo and improve testcase

* fix fixtures

* add DEFAULT prefix to config value

* fix test
2019-02-10 21:27:19 +02:00
Lunny Xiao 820e28c904
Split setting.go as multiple files (#6014)
* split setting.go as multiple files

* fix comments
2019-02-10 09:37:37 +08:00
Lunny Xiao 9e8cc3b18d add default time out for git operations (#6015) 2019-02-09 22:44:24 +00:00
Thomas Loubiou d252d4eb8c Remove extra spaces (#6016) 2019-02-09 14:48:28 +02:00
Thomas Loubiou 7fb09f035a Fix #5799 - swagger for mergePullRequest (#5996) 2019-02-08 08:08:38 +00:00
Lunny Xiao 2d213b64d1 use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines (#5976)
* use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines

* fix tests and add comment head
2019-02-07 02:13:12 -05:00
Richard Mahn da1edbfb79 Feature - Pagination for git tree API (#5838)
* Feature - Pagination for git tree API

* Handles case when page is negative

* Does a for loop over the start and end rather than all entries

* Removed redundent logic

* Adds per_page as a query parameter

* Adds DEFAULT_GIT_TREES_PER_PAGE for settings, ran make fmt

* Fix typo in cheat-sheet en

* Makes page start at 1, generated swagger

* Use updates to SDK

* Updates to use latest sdk

* Updates swagger for tree api

* Adds test for GetTreeBySHA

* Updates per PR reviews

* Updates per PR reviews

* Remove file

* Formatting

* Fix to swagger file

* Fix to swagger

* Update v1_json.tmpl

* Fix to swagger file
2019-02-06 18:19:26 +00:00
zeripath f286a5abb4 Allow Macaron to be set to log through to gitea.log (#5667)
* Allow Macaron to be set to log through gitea.log

Fix #4291
2019-02-05 22:06:41 -05:00
techknowlogick 9de871a0f8
add other session providers (#5963) 2019-02-05 11:52:51 -05:00
zeripath 01c10a951b
Fix ssh deploy and user key constraints (#1357) (#5939)
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix #1357
2019-02-03 23:56:53 +00:00
zeripath 3d91bb2f2d Make log mailer for testing (#5893)
* Create log mailer for testing email settings

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Switch on the log mailer for the integration tests

This ensures that the sending mail process works

Signed-off-by: Andrew Thornton <art27@cantab.net>

* rename the from user for mysql/mssql

* rename log sender to dummy sender

* update the integration tests
2019-02-02 21:06:52 -05:00
Lunny Xiao bbad9b6178 Fix bug when read public repo lfs file (#5912)
* fix bug when read public repo lfs file

* add comment on lfs permission check
2019-01-31 13:36:57 +00:00
zeripath 0823791d17 Recover panic in orgmode.Render if bad orgfile (#4982) (#5903)
This PR protects against the panic referred to in chaseadmsio/goorgeous#82
by recovering from the panic and just returning the raw bytes if
there is an error.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-30 17:17:43 -05:00
zeripath ca00ca8ee4 Provide better panic handling (#5902)
This PR gitea'ises the macaron.Recovery() handler meaning that in
the event of panic we get proper gitea 500 pages and the stacktrace
is logged with the gitea logger.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-30 17:00:00 -05:00
zeripath 0f295ababa Only allow local login if password is non-empty (#5906) 2019-01-30 23:18:54 +02:00
Lauris BH 80098bd752 Fix go-get URL generation (#5905) 2019-01-30 21:04:19 +00:00
sebastian-sauer 84076211b3 Config option to disable automatic repo watching (#5852)
Add a new config option to enable / disable the automatic watching of
repos for new repositories and if a user is added to a team.

Fixes #653

Signed-off-by: Sebastian Sauer <sauer.sebastian@gmail.com>
2019-01-27 09:25:21 +00:00
Lunny Xiao 892bfd0b19 improve the releases api paging (#5831)
* improve the releases api paging

* add max limit on API paging
2019-01-24 20:59:27 +02:00
Joona Hoikkala 3b364029f7 Fix TLS errors when using acme/autocert for local connections (#5820) 2019-01-23 19:47:54 -05:00
Lauris BH 331c9120e8
Request for public keys only if LDAP attribute is set (#5816)
* Update go-ldap dependency

* Request for public keys only if attribute is set
2019-01-24 01:25:33 +02:00
kolaente 0b510725c9 Feature: Archive repos (#5009) 2019-01-23 13:58:38 -05:00
zeripath 7d434376f1 Pooled and buffered gzip implementation (#5722)
* Pooled and buffered gzip implementation

* Add test for gzip

* Add integration test

* Ensure lfs check within transaction

The previous code made it possible for a race condition to occur whereby a LFSMetaObject could be checked into the database twice. We should check if the LFSMetaObject is within the database and insert it if not in one transaction.

* Try to avoid primary key problem in postgres

The integration tests are being affected by
https://github.com/go-testfixtures/testfixtures/issues/39 if we set the
primary key high enough, keep a count of this and remove at the end of
each test we shouldn't be affected by this.
2019-01-23 10:56:51 +02:00
Lanre Adelowo e1fcd6b742 Disallow empty titles (#5785)
* add util method and tests

* make sure the title of an issue cannot be empty

* wiki title cannot be empty

* pull request title cannot be empty

* update to make use of the new util methof
2019-01-21 13:45:32 +02:00
Paul Brackin 1bb22b2b47 Make db connect more robust (#5738) 2019-01-19 16:17:08 -05:00
John Olheiser 6f194b83c6 Moved defaults in defaults.go to setting.go (#5764)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-01-19 15:39:27 -05:00
Harshit Bansal 6822a8993b ldap: Adjust log settings when a user is not found. (#5771)
Fixes: #3849.
2019-01-19 14:57:27 -05:00
Robert Sprunk 65b6ebf243 Log IP of failed ssh connection (#5766)
Fix #5765 by log the IP address of a connecting remote machine in case of a SSH connection error for the built-in ssh server.

Signed-off-by: Robert Sprunk <github@sprunk.me>
2019-01-19 16:29:17 +00:00
zeripath 07802a2bc5 Refactor repo.isBare to repo.isEmpty #5629 (#5714)
* Refactor repo.isBare to repo.isEmpty #5629

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove Sync call
2019-01-17 19:01:04 -05:00
Lunny Xiao 82e08a3364
Refactor notification for indexer (#5111)
* notification for indexer

* use NullNotifier as parent struct
2019-01-17 22:23:22 +08:00