Commit Graph

1804 Commits

Author SHA1 Message Date
AJ ONeal 0ae89454e1 Merge branch 'release/v1.5' into gitroast 2018-10-08 22:40:19 -06:00
AJ ONeal 4c7727c3ed allow current user to reset their own password 2018-10-07 05:36:05 +00:00
AJ ONeal 8718156545 treat register like sign in, even oauth 2018-10-07 05:33:29 +00:00
AJ ONeal e64ff60c13 do not require password for external registration 2018-10-06 21:21:37 +00:00
AJ ONeal ee0fa3e58f handle specific error; fix missing err typo 2018-10-06 20:05:16 +00:00
AJ ONeal 5a42829dbd changes as per discussion 2018-10-06 16:37:27 +00:00
AJ ONeal fa7fc43a13 Show either sign up OR sign in 2018-10-03 05:07:49 +00:00
Lauris BH 33c3cbc968 Detect charset and convert non UTF-8 files for display (#4950) (#4994)
* Detect charset and convert non UTF-8 files for display

* Refactor and move function to correct module

* Revert unrelated changes

* More unrelated changes

* Duplicate content for small text to have better encoding detection

* Check if original content is valid before duplicating it
2018-09-30 09:02:16 +08:00
techknowlogick 1a68b3962f
backport "Enforce token on api routes (#4840)" (#4905) 2018-09-11 10:39:32 -04:00
Lunny Xiao 1901f35980 issues api allow pulls and fix #4832 (#4852) (#4862) 2018-09-04 22:13:56 -04:00
Lanre Adelowo e9def84bf2 Fixed bug where team with admin privelege type doesn't get any unit attached to the team (#4719) (#4759) 2018-08-21 15:29:25 -04:00
Lauris BH 066515429f Improve URL validation for external wiki and external issues (#4710) (#4740)
* Improve URL validation for external wiki  and external issues

* Do not allow also localhost address for external URLs
2018-08-17 20:21:20 -04:00
SagePtr 052aa54b2b Make cookies HttpOnly and obey COOKIE_SECURE flag (#4707) 2018-08-14 16:19:20 -04:00
Dingjun 940e30bcd4 fix panic issue on update avatar email (#4580) (#4590)
fix #4580

back port PR for release/v1.5,  refer to #4581
2018-08-01 21:34:57 +08:00
techknowlogick b37ca4a6ff
backport: Redirect to correct page after using scratch token (#4472) 2018-07-19 17:15:12 -04:00
Nicolas Da Mutten 85f3966338 Fixes repo membership check in API (#4341) (#4379)
Untested, since I can't compile (yet).
2018-07-05 23:34:31 +03:00
Lauris BH 155caa8e0a Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
* Repositories can only migrated to own user or organizations

* Add check for organization that user does not belong to

* Allow admin to migrate repositories for other users
2018-07-05 01:18:06 +02:00
Jonas Franz 801843b011 Fix open redirect vulnerability on login screen (#4312)
* Fix open redirect vulnerability on login screen

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Reorder imports

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Replace www. from Domain too

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-06-26 22:45:18 +08:00
David Schneiderbauer 0b3ea42847 hide issues from org private repos w/o team assignment (#4034) 2018-06-21 12:00:13 -04:00
Alexey Terentyev 46d19c4676 Fix topics addition (Another solution) (#4031) (#4258)
* Added topics validation, fixed repo topics duplication (#4031)

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added tests

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed fmt

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added comments to exported functions

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Deleted RemoveDuplicateTopics function

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed messages

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added migration

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* fmt migration file

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* fixed lint

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added Copyright

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added query solution for duplicates

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed migration query

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Changed RegExp. Fixed migration

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* fmt migration file

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed test for changed regexp

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Removed validation log messages

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed migration file

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed validate function

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-06-21 17:09:46 +08:00
Russell Aunger 9ae7664df7 Fix webhook type conflation. (#4285)
- Fix typo that caused Gogs hooks to be created as Gitea hooks.
- Fix typo that caused Gogs hooks to be duplicated upon edit (though this bug was masked by the previous one).

Signed-off-by: Russell Aunger <rba@live.com>
2018-06-21 07:22:03 +02:00
Jonas Franz 467ff4d343 Fix milestone appliance and permission checks (#4271)
* Fix milestone appliance
Fix missing permission check

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix comment

* Add Gitea copyright line
2018-06-19 23:15:11 +08:00
David Schneiderbauer 69bfd81b1c fix missing data on redirects (#3975) 2018-06-18 14:24:45 -04:00
stevegt a7aaacb633 fix CreateIssueCommentOption reference (#4239)
* fixes a warning remaining from #4010 and #4220
2018-06-15 15:47:13 +08:00
David Schneiderbauer adba2ad609 fix not respecting landing page setting (#4209)
* fix not respecting landing page setting

* fmt

* add landing page test
2018-06-15 11:42:46 +08:00
Antoine GIRARD 6efdcaed86 Fix swagger security parts (#4236) 2018-06-12 19:23:00 -04:00
Antoine GIRARD 908e8942cc Fix swagger errors (#4220)
Fix all the resting errors to have a valid swagger file.

They are still some warnings but nothing blocking.

Doing so I found that some request still misses son parameters for some POST/PUT/PATCH request. This means the a client generated from the swagger file will not work completely. 

Fix #4088 by activating validation in drone
Should fix #4010.
2018-06-12 22:59:22 +08:00
nickolas360 2bb73fe12c HTML-escape text READMEs (#4192) 2018-06-10 21:42:16 +03:00
stevegt a5f63fc4d1 swagger: add 'required: true' for params in URL (#4097)
* Partial fix for #4010

Swagger validation needs 'required: true' for parameters that are in
the URL path.

Signed-off-by: Steve Traugott <stevegt@t7a.org>
2018-06-02 18:20:28 +03:00
stevegt 39f2aa7c12 add simple descriptions for file API responses (#4089)
* Partial fix for #4010

Swagger needs a description field in each swagger:operation response.  Adding
minimal text for now on the way to getting swagger validate to pass.  Many
standard swagger client libraries will not work with gitea until validate
passes, so prioritizing that over better descriptions for now.

Signed-off-by: Steve Traugott <stevegt@t7a.org>
2018-06-01 13:51:49 +08:00
stevegt 7707ad7a0a add simple descriptions for swagger validate (#4087)
* Partial fix for #4010

Swagger needs a comment line above each swagger:response comment -- it
uses these to populate the description: fields.  Adding minimal text
for now on the way to getting swagger validate to pass.  Many standard
swagger client libraries will not work at all with gitea until validate
passes, so prioritizing that over better descriptions for now.

Signed-off-by: Steve Traugott <stevegt@t7a.org>
2018-05-31 19:13:55 +08:00
Alexey Terentyev f86f56e19c Added deletion of an empty line at the end of the file (#4050) (#4054)
Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-29 11:08:55 +08:00
Michael Kuhn fd274ffcd9 Fix wiki redirects (#3919)
When creating or editing a wiki page, the redirect to the wiki page does
not work because the file name is used instead of the page name.
2018-05-28 09:38:20 -04:00
Fluf 2a9799493a Make home.tmpl visible with Signin-View enabled (#4040)
Fix #3846
2018-05-24 15:51:28 -04:00
Magnus Lindvall cdb9478774 LDAP Public SSH Keys synchronization (#1844)
* Add LDAP Key Synchronization feature

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Add migration: add login source id column for public_key table

* Only update keys if needed

* Add function to only list pubkey synchronized from ldap

* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.

* Only get keys belonging to current login source id

* Set default login source id to 0

* Some minor cleanup. Add integration tests (updete dep testify)
2018-05-24 07:59:02 +03:00
Alexey Terentyev b908ac9fab Added repository search ordered by stars or forks. Forks column in admin repo list. (#3969)
* Added repository search order by stars or forks.
Added Forks column to admin repository list.

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed search repo template

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-24 09:03:42 +08:00
Lunny Xiao 60d95a0b85
fix bugs caused by #3929 (#3999) 2018-05-23 15:23:23 +08:00
Aleksandr Bulyshchenko ee878e3951 Support secure cookie for csrf-token (#3839)
* dep: Update github.com/go-macaron/csrf

Update github.com/go-macaron/csrf with dep to revision 503617c6b372
to fix issue of csrf-token security.

This update includes following commits:
- Add support for the Cookie HttpOnly flag
- Support secure mode for csrf cookie

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>

* routers: set csrf-token security depending on COOKIE_SECURE

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
2018-05-22 02:09:48 +03:00
David Schneiderbauer 31067c0a89 remove collaborative repositories from search on user profiles (#3996)
* remove collaborative repositories from search on user profiles

* rename 'My Repositories' to 'Repositories'
2018-05-21 23:07:34 +03:00
Lunny Xiao 6bdc556b7f
Fix some webhooks bugs (#3981)
* fix some webhooks bugs

* update vendor

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* fix test

* fix clearlabels

* fix pullrequest webhook bug fix #3492

* update release webhook description

* remove unused code

* fix push webhook in pull request

* small changes
2018-05-21 10:28:29 +08:00
Jonas Franz 951309f76a Add support for FIDO U2F (#3971)
* Add support for U2F

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add vendor library
Add missing translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Minor improvements

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library
Add U2F error handling

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F login page to OAuth

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Move U2F user settings to a separate file

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add unit tests for u2f model
Renamed u2f table name

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems caused by refactoring

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove not needed console.log-s

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add default values to app.ini.sample
Add FIDO U2F to comparison

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-05-19 17:12:37 +03:00
David Schneiderbauer 44754774f1 Re-enable random avatar feature (#3988)
* reenable random avatar feature

* replace Size check by Filename check
2018-05-19 21:22:09 +08:00
David Schneiderbauer 2aabfc1afa Splitted the user settings code into several files to be more maintainable (#3968)
* refactor setting router code

splitted up one huge router settings file into the smaller files
representing the actual page structure

* move code to subfolder

* rename functions

* renamed files

* add copyright information
2018-05-17 12:05:00 +08:00
Lunny Xiao 24941a1046
Add more webhooks support and refactor webhook templates directory (#3929)
* add more webhook support

* move hooks templates to standalone dir and add more webhooks ui

* fix tests

* update vendor checksum

* add more webhook support

* move hooks templates to standalone dir and add more webhooks ui

* fix tests

* update vendor checksum

* update vendor

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* load attributes when created release

* update comparsion doc
2018-05-16 22:01:55 +08:00
David Schneiderbauer 099372d76c Refactor User Settings (#3900)
* moved avatar to profile page

* combined password change, email and account deletion into account settings page

* combined totp, access tokens, linked accounts and openid into security settings page

* move access tokens to applications settings page

* small change to restart drone build

* fix change avatar url on profile page

* redirect old settings urls to new ones

* enforce only one autofocus attribute on settings pages

* set correct redirect status code

* fmt fix
2018-05-15 13:07:32 +03:00
FabioFortini 1546458f7d issue-2768: added new option allow_only_external_registration (#3910) 2018-05-13 15:51:16 +08:00
Lunny Xiao c14870c5ac
fix blank topic (#3948) 2018-05-11 16:15:18 +08:00
kolaente 95f2e2b57b Multiple assignees (#3705) 2018-05-09 19:29:04 +03:00
David Schneiderbauer ea01decb6b fix wrong issue endpoints in swagger doc (#3914) 2018-05-08 14:05:18 +08:00
Lauris BH 501fb228e6
Add option to use paged LDAP search when synchronizing users (#3895) 2018-05-05 17:30:47 +03:00