Commit Graph

5492 Commits

Author SHA1 Message Date
Moritz Heiber 7e12aac61c Only allow token authentication with 2FA enabled (#2184)
* Don't allow for plain username/password authentication when 2FA is enabled

* Removed debugging statement

* Don't assume a token belongs to a given user, handle two-factor errors properly

* Simplified user/token matching, refactored error handling for two-factor authentication

* Change authentication response to avoid bruteforcing

* Add TODO item as a comment for changing the response for security purposes
2017-07-26 15:33:16 +08:00
Lauris BH 1d032f5220 Fix compiling without sqlite and gcc (#2177) 2017-07-26 15:27:30 +08:00
Tao Wang 41cc110e62 Use sqlite3 database as default for Docker image (#2182)
Signed-off-by: Tao Wang <twang2218@gmail.com>
2017-07-26 15:21:23 +08:00
Bwko 8f171210b9 Revert "Add ability to fork your own repos (#761)" (#2193) 2017-07-26 15:17:38 +08:00
Ethan Koenig 48898e5d0b Fix PR nil-dereference bug (#2195)
* Fix PR nil-dereference bug

* Revert to original error format
2017-07-26 15:16:45 +08:00
Lauris BH dde0052ca2 Fix key usage time update if the key is used in parallel for multiple operations (#2185) 2017-07-20 11:15:10 +08:00
Lauris BH 3702dac0d5 Fix profile update for non-local users (#2178) 2017-07-19 09:36:37 +08:00
Lauris BH f33e6ae09e Remove unit types commits and settings (#2161)
* Remove unit types commits and settings

* Can not limit units in administrator teams

* Limit changing units only to teams with read and write access mode

* Small code optimization
2017-07-17 10:04:43 +08:00
Lauris BH 047a67a90b Refactor vue delimeters to use es6 template delimeters (#2171) 2017-07-15 22:22:26 +08:00
Stefan Kalscheuer 0b177574c9 Only show SSH clone URL if signed in (#2169) (#2170)
* Add configuration flag SSH_EXPOSE_ANONYMOUS

If this flag (default True) is set to false, the SSH clone URL will only be exposed if the current user is signed in.

* Default SSH exposure set to false

To match GitHub and for security reasons, SSH URL exposure is disabled by default.
In addition to that. minor code changes have been applied.

Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>

* Add integration tests

* Hide clone button neither HTTP and SSH is enabled

Signed-off-by: Stefan Kalscheuer <stefan@stklcode.de>
2017-07-15 22:21:51 +08:00
Wiktor Żurawik 32f289ae3b Make compare button URL aware if current repo is a fork (#2162) (#2163)
* Make compare button URL aware if current repo is a fork (#2162)

* Optimize code

* To not change current behaviour check if signed in user has fork of base repository

* Fix to check only if signed user has forked repo otherwise it will still redirect to wrong page
2017-07-15 11:14:02 +08:00
bit 98c5a1e006 Only show "No Description" to repo admins (#2167)
Only show note about missing description ("No Description") to repo admins, nobody else can change it.
2017-07-14 20:30:03 +03:00
Ethan Koenig dd758ad8dc More integration tests for comment API (#2156) 2017-07-14 01:33:26 +03:00
Christian Weiske c4ccf16c43 Fix OpenID registration route (#2160)
Fixes #2101
2017-07-13 23:58:53 +03:00
Aaron Walker 6a3c03762a API: support '/orgs/:org/repos' (#2047)
* API: support '/orgs/:org/repos'
2017-07-13 13:14:15 +02:00
Bo-Yi Wu f011d6d4d7 fix: replace tmp with TMPDIR. (#2152) 2017-07-13 14:09:29 +03:00
Lauris BH b639fa1648 Ignore invalid issue numbers in commit messages. Fixes #2022 (#2150) 2017-07-12 22:35:47 -05:00
Lauris BH 7d61834dc9 Update code.gitea.io/git dependency (#2149) 2017-07-12 22:35:21 -05:00
Lauris BH a739991b36 Fix repository settings collobration list display (#2151) 2017-07-12 22:32:28 -05:00
Ethan Koenig 858324c21a Fix username rendering bug (#2122)
* Fix username rendering bug

* XSS integration test

* Migration to unescape user full names
2017-07-12 17:58:52 +03:00
Bo-Yi Wu 2c3efd72ce fix typo (#2145)
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2017-07-12 16:52:00 +08:00
Bo-Yi Wu 2b05b104ef Add verify changed less-file step to Makefile (#1861) 2017-07-12 04:28:57 +02:00
Roy Marples 89845f6728 Fix SHA1 hash linking (#2143)
This changes the regex to look for a hash from 7 to 40 characters,
to match the use of abbreviated hash lookups in both git and github.
The restriction of not being a pure number is also removed because
1234567 is now considered a valid abbreviated hash, as is deadbeef.

A note has been added to the top of the code to state that the
literal regex match is fine, but no extra validation is currently
performed so some false positives are expected.

A future change could ensure that the hash exists in the repository
before rendering it as a link, although this might incur a slight
performance penalty.

Reverts part of commit 4a46613 and fixes #2053.
2017-07-12 04:26:54 +02:00
Patrick G ceb3544697 Small grammar fixes (#2144) 2017-07-12 04:25:45 +02:00
Ethan Koenig 93a1de4842 Fix repo API bug (#2133)
Don't require token when not necessary
2017-07-12 03:23:41 +02:00
Bo-Yi Wu da89afda58 feat: upgrade drone docker image to support multi-stage build. (#1732)
* feat: upgrade drone docker image to support multi-stage build.

* update drone sig file.

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* update drone sig file.

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2017-07-11 02:16:18 -05:00
Ethan Koenig 8f1d62ad3b Fix GET /users/:username/repos endpoint (#2125) 2017-07-10 14:07:39 +03:00
Roy Marples c016d48735 Use POSIX complaint ! operator in find (#2132)
* Use POSIX complaint ! operator in find

-not is a GNU extension and not all find(8) implementations
support it. It's just an alias for ! which is POSIX compliant.

Now gitea compiles on NetBSD at least.

* Revert change in vendor directory as requested
2017-07-10 09:48:46 +08:00
Lauris BH 5e9bcb6301 Missing signed commit display translation (#2134) 2017-07-10 09:46:06 +08:00
Ethan Koenig 89cd4dd424 Cache session cookies in tests (#2128) 2017-07-09 10:07:29 +08:00
Ethan Koenig 4c57db7924 Remove unused files (#2124) 2017-07-07 21:52:30 +02:00
Ethan Koenig f1adaef458 Less verbose integration tests (#2123)
* Helper functions for intergration test boilerplate
2017-07-07 21:36:47 +02:00
Andrey Nering 5651cc7413 Merge pull request #2119 from ethantkoenig/fix/wiki
Fix wiki preview links
2017-07-07 11:00:31 -03:00
Ethan Koenig e58237ee3f Fix import order 2017-07-06 16:38:38 -04:00
Ethan Koenig e14ea9979b Relative URL tests 2017-07-06 12:46:31 -04:00
Ethan Koenig b1d7348a20 Fix wiki preview links 2017-07-06 12:07:15 -04:00
Antoine GIRARD 30787e48f2 Improve org error handling (#2117)
* Improve ErrOrgNotExist type
Return new error type
Use good error check
Use new method to check error
Update tests

* Fix unchanged method name report
2017-07-06 21:30:19 +08:00
Andrey Nering 2ef33b5338 vendor: update sqlite to fix "database is locked" errors (#2116)
closes #2040

upstream commit: acfa601240
2017-07-06 14:43:30 +08:00
Ethan Koenig a52cd59727 Fix unchecked error bug (#2110) 2017-07-04 09:30:41 +08:00
Ethan Koenig 2fd039864b Fix missing-return bug (#2109) 2017-07-04 09:29:57 +08:00
Lauris BH 310866525b Sync latest translations from crowdin (#2104) 2017-07-03 21:44:20 +08:00
Lunny Xiao dde9a8648e Add make command update-translations for update translations from crodwin (#2097)
* add make command update-translations for update translations from crowdin to options/locale

* use curl & resolve double quote on make file
2017-07-03 16:37:00 +03:00
Lauris BH f189ccd2d6 Fix git hooks update to receive required arguments. Fixes #2090 (#2095)
* Changed migration calling so that migrations can use models package
2017-07-02 21:50:57 +08:00
Ethan Koenig f99489d5c5 Fix API for branches with slashes (#2096) 2017-07-02 10:03:57 +08:00
Ethan Koenig fea902adc8 Check for valid renamed usernames (#2077)
* Check for valid renamed usernames

* Integration test

* Test for username with space

* Make name field required
2017-07-01 22:48:29 +03:00
Bo-Yi Wu 678fec3f6a upgrade git source code. (#2094)
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2017-07-01 23:05:01 +08:00
Ethan Koenig eae9154811 Fix SQL bug in models.PullRequests 2017-07-01 14:08:43 +03:00
Ethan Koenig 3c0705ecf3 Absolute path for setting.CustomConf (#2085) 2017-07-01 11:10:04 +08:00
Lauris BH 12cb6cd3c9 Merge pull request #2087 from Bwko/fix_error_exit
Fix exit status 1 not handled @ getMergeCommit (#2087)
2017-06-30 15:46:49 +03:00
Bwko b36849dc1f
Fix exit status 1 not handled @ getMergeCommit 2017-06-30 12:35:26 +02:00