Commit Graph

1796 Commits

Author SHA1 Message Date
techknowlogick 1a68b3962f
backport "Enforce token on api routes (#4840)" (#4905) 2018-09-11 10:39:32 -04:00
Lunny Xiao 1901f35980 issues api allow pulls and fix #4832 (#4852) (#4862) 2018-09-04 22:13:56 -04:00
Lanre Adelowo e9def84bf2 Fixed bug where team with admin privelege type doesn't get any unit attached to the team (#4719) (#4759) 2018-08-21 15:29:25 -04:00
Lauris BH 066515429f Improve URL validation for external wiki and external issues (#4710) (#4740)
* Improve URL validation for external wiki  and external issues

* Do not allow also localhost address for external URLs
2018-08-17 20:21:20 -04:00
SagePtr 052aa54b2b Make cookies HttpOnly and obey COOKIE_SECURE flag (#4707) 2018-08-14 16:19:20 -04:00
Dingjun 940e30bcd4 fix panic issue on update avatar email (#4580) (#4590)
fix #4580

back port PR for release/v1.5,  refer to #4581
2018-08-01 21:34:57 +08:00
techknowlogick b37ca4a6ff
backport: Redirect to correct page after using scratch token (#4472) 2018-07-19 17:15:12 -04:00
Nicolas Da Mutten 85f3966338 Fixes repo membership check in API (#4341) (#4379)
Untested, since I can't compile (yet).
2018-07-05 23:34:31 +03:00
Lauris BH 155caa8e0a Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
* Repositories can only migrated to own user or organizations

* Add check for organization that user does not belong to

* Allow admin to migrate repositories for other users
2018-07-05 01:18:06 +02:00
Jonas Franz 801843b011 Fix open redirect vulnerability on login screen (#4312)
* Fix open redirect vulnerability on login screen

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Reorder imports

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Replace www. from Domain too

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-06-26 22:45:18 +08:00
David Schneiderbauer 0b3ea42847 hide issues from org private repos w/o team assignment (#4034) 2018-06-21 12:00:13 -04:00
Alexey Terentyev 46d19c4676 Fix topics addition (Another solution) (#4031) (#4258)
* Added topics validation, fixed repo topics duplication (#4031)

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added tests

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed fmt

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added comments to exported functions

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Deleted RemoveDuplicateTopics function

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed messages

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added migration

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* fmt migration file

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* fixed lint

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added Copyright

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Added query solution for duplicates

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed migration query

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Changed RegExp. Fixed migration

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* fmt migration file

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Fixed test for changed regexp

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Removed validation log messages

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed migration file

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed validate function

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-06-21 17:09:46 +08:00
Russell Aunger 9ae7664df7 Fix webhook type conflation. (#4285)
- Fix typo that caused Gogs hooks to be created as Gitea hooks.
- Fix typo that caused Gogs hooks to be duplicated upon edit (though this bug was masked by the previous one).

Signed-off-by: Russell Aunger <rba@live.com>
2018-06-21 07:22:03 +02:00
Jonas Franz 467ff4d343 Fix milestone appliance and permission checks (#4271)
* Fix milestone appliance
Fix missing permission check

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix comment

* Add Gitea copyright line
2018-06-19 23:15:11 +08:00
David Schneiderbauer 69bfd81b1c fix missing data on redirects (#3975) 2018-06-18 14:24:45 -04:00
stevegt a7aaacb633 fix CreateIssueCommentOption reference (#4239)
* fixes a warning remaining from #4010 and #4220
2018-06-15 15:47:13 +08:00
David Schneiderbauer adba2ad609 fix not respecting landing page setting (#4209)
* fix not respecting landing page setting

* fmt

* add landing page test
2018-06-15 11:42:46 +08:00
Antoine GIRARD 6efdcaed86 Fix swagger security parts (#4236) 2018-06-12 19:23:00 -04:00
Antoine GIRARD 908e8942cc Fix swagger errors (#4220)
Fix all the resting errors to have a valid swagger file.

They are still some warnings but nothing blocking.

Doing so I found that some request still misses son parameters for some POST/PUT/PATCH request. This means the a client generated from the swagger file will not work completely. 

Fix #4088 by activating validation in drone
Should fix #4010.
2018-06-12 22:59:22 +08:00
nickolas360 2bb73fe12c HTML-escape text READMEs (#4192) 2018-06-10 21:42:16 +03:00
stevegt a5f63fc4d1 swagger: add 'required: true' for params in URL (#4097)
* Partial fix for #4010

Swagger validation needs 'required: true' for parameters that are in
the URL path.

Signed-off-by: Steve Traugott <stevegt@t7a.org>
2018-06-02 18:20:28 +03:00
stevegt 39f2aa7c12 add simple descriptions for file API responses (#4089)
* Partial fix for #4010

Swagger needs a description field in each swagger:operation response.  Adding
minimal text for now on the way to getting swagger validate to pass.  Many
standard swagger client libraries will not work with gitea until validate
passes, so prioritizing that over better descriptions for now.

Signed-off-by: Steve Traugott <stevegt@t7a.org>
2018-06-01 13:51:49 +08:00
stevegt 7707ad7a0a add simple descriptions for swagger validate (#4087)
* Partial fix for #4010

Swagger needs a comment line above each swagger:response comment -- it
uses these to populate the description: fields.  Adding minimal text
for now on the way to getting swagger validate to pass.  Many standard
swagger client libraries will not work at all with gitea until validate
passes, so prioritizing that over better descriptions for now.

Signed-off-by: Steve Traugott <stevegt@t7a.org>
2018-05-31 19:13:55 +08:00
Alexey Terentyev f86f56e19c Added deletion of an empty line at the end of the file (#4050) (#4054)
Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-29 11:08:55 +08:00
Michael Kuhn fd274ffcd9 Fix wiki redirects (#3919)
When creating or editing a wiki page, the redirect to the wiki page does
not work because the file name is used instead of the page name.
2018-05-28 09:38:20 -04:00
Fluf 2a9799493a Make home.tmpl visible with Signin-View enabled (#4040)
Fix #3846
2018-05-24 15:51:28 -04:00
Magnus Lindvall cdb9478774 LDAP Public SSH Keys synchronization (#1844)
* Add LDAP Key Synchronization feature

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Add migration: add login source id column for public_key table

* Only update keys if needed

* Add function to only list pubkey synchronized from ldap

* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.

* Only get keys belonging to current login source id

* Set default login source id to 0

* Some minor cleanup. Add integration tests (updete dep testify)
2018-05-24 07:59:02 +03:00
Alexey Terentyev b908ac9fab Added repository search ordered by stars or forks. Forks column in admin repo list. (#3969)
* Added repository search order by stars or forks.
Added Forks column to admin repository list.

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed search repo template

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-24 09:03:42 +08:00
Lunny Xiao 60d95a0b85
fix bugs caused by #3929 (#3999) 2018-05-23 15:23:23 +08:00
Aleksandr Bulyshchenko ee878e3951 Support secure cookie for csrf-token (#3839)
* dep: Update github.com/go-macaron/csrf

Update github.com/go-macaron/csrf with dep to revision 503617c6b372
to fix issue of csrf-token security.

This update includes following commits:
- Add support for the Cookie HttpOnly flag
- Support secure mode for csrf cookie

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>

* routers: set csrf-token security depending on COOKIE_SECURE

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
2018-05-22 02:09:48 +03:00
David Schneiderbauer 31067c0a89 remove collaborative repositories from search on user profiles (#3996)
* remove collaborative repositories from search on user profiles

* rename 'My Repositories' to 'Repositories'
2018-05-21 23:07:34 +03:00
Lunny Xiao 6bdc556b7f
Fix some webhooks bugs (#3981)
* fix some webhooks bugs

* update vendor

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* fix test

* fix clearlabels

* fix pullrequest webhook bug fix #3492

* update release webhook description

* remove unused code

* fix push webhook in pull request

* small changes
2018-05-21 10:28:29 +08:00
Jonas Franz 951309f76a Add support for FIDO U2F (#3971)
* Add support for U2F

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add vendor library
Add missing translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Minor improvements

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library
Add U2F error handling

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F login page to OAuth

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Move U2F user settings to a separate file

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add unit tests for u2f model
Renamed u2f table name

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems caused by refactoring

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove not needed console.log-s

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add default values to app.ini.sample
Add FIDO U2F to comparison

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-05-19 17:12:37 +03:00
David Schneiderbauer 44754774f1 Re-enable random avatar feature (#3988)
* reenable random avatar feature

* replace Size check by Filename check
2018-05-19 21:22:09 +08:00
David Schneiderbauer 2aabfc1afa Splitted the user settings code into several files to be more maintainable (#3968)
* refactor setting router code

splitted up one huge router settings file into the smaller files
representing the actual page structure

* move code to subfolder

* rename functions

* renamed files

* add copyright information
2018-05-17 12:05:00 +08:00
Lunny Xiao 24941a1046
Add more webhooks support and refactor webhook templates directory (#3929)
* add more webhook support

* move hooks templates to standalone dir and add more webhooks ui

* fix tests

* update vendor checksum

* add more webhook support

* move hooks templates to standalone dir and add more webhooks ui

* fix tests

* update vendor checksum

* update vendor

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* load attributes when created release

* update comparsion doc
2018-05-16 22:01:55 +08:00
David Schneiderbauer 099372d76c Refactor User Settings (#3900)
* moved avatar to profile page

* combined password change, email and account deletion into account settings page

* combined totp, access tokens, linked accounts and openid into security settings page

* move access tokens to applications settings page

* small change to restart drone build

* fix change avatar url on profile page

* redirect old settings urls to new ones

* enforce only one autofocus attribute on settings pages

* set correct redirect status code

* fmt fix
2018-05-15 13:07:32 +03:00
FabioFortini 1546458f7d issue-2768: added new option allow_only_external_registration (#3910) 2018-05-13 15:51:16 +08:00
Lunny Xiao c14870c5ac
fix blank topic (#3948) 2018-05-11 16:15:18 +08:00
kolaente 95f2e2b57b Multiple assignees (#3705) 2018-05-09 19:29:04 +03:00
David Schneiderbauer ea01decb6b fix wrong issue endpoints in swagger doc (#3914) 2018-05-08 14:05:18 +08:00
Lauris BH 501fb228e6
Add option to use paged LDAP search when synchronizing users (#3895) 2018-05-05 17:30:47 +03:00
kolaente 1fdf560678 Added user language setting (#3875)
* Added user language setting

* Added translation string for setting

* Fixed import order + typo

* improved checking if the user has a language saved in the db

* The current saved language is now set a default inside the dropdown

* fmt

* When a user signs in and doesn't have a language saved, the current browser language is saved

* updated gitea-sdk

* Merge branch 'master' of https://github.com/go-gitea/gitea into save-user-language

# Conflicts:
#	models/migrations/migrations.go
#	models/migrations/v62.go

* Made tests work again

* trigger CI

* trigger CI

* fmt

* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO

* re-trigger that FUCKING CI SO IT REALLY PICKS UP THE LATEST COMMIT ISTEAD OF PREDENDING TO DO SO

* When loggin in, only the language col gets updated instead of everything
2018-05-05 08:28:30 +08:00
Lauris BH 1e1ece8f3d
Do not allow to reuse TOTP passcode (#3878) 2018-05-02 18:02:02 +03:00
kolaente 1a97030017 Issue due date (#3794)
* Started adding deadline to ui

* Implemented basic issue due date managing

* Improved UI for due date managing

* Added at least write access to the repo in order to modify issue due dates

* Ui improvements

* Added issue comments creation when adding/modifying/removing a due date

* Show due date in issue list

* Added api support for issue due dates

* Fixed lint suggestions

* Added deadline to sdk

* Updated css

* Added support for adding/modifiying deadlines for pull requests via api

* Fixed comments not created when updating or removing a deadline

* update sdk (will do properly once go-gitea/go-sdk#103 is merged)

* enhanced updateIssueDeadline

* Removed unnessecary Issue.DeadlineString

* UI improvements

* Small improvments to comment creation
+ ui & validation improvements

* Check if an issue is overdue is now a seperate function

* Updated go-sdk with govendor as it was merged

* Simplified isOverdue method

* removed unessecary deadline to 0 set

* Update swagger definitions

* Added missing return

* Added an explanary comment

* Improved updateIssueDeadline method so it'll only update `deadline_unix`

* Small changes and improvements
* no need to explicitly load the issue when updating a deadline, just use whats already there
* small optimisations

* Added check if a deadline was modified before updating it

* Moved comment creating logic into its own function

* Code cleanup for creating deadline comment

* locale improvement

* When modifying a deadline, the old deadline is saved with the comment

* small improvments to xorm session handling when updating an issue deadline
+ style nitpicks

* style nitpicks

* Moved checking for if the user has write acces to middleware
2018-05-01 22:05:28 +03:00
Lauris BH 181b3a8f09 Fix path cleanup in multiple places (#3871) 2018-05-01 09:46:04 +08:00
Ethan Koenig 7ea4bfc561 API endpoint for testing webhook (#3550)
* API endpoint for testing webhook

* Empty commit to rerun CI
2018-04-29 14:21:33 +08:00
Lauris BH 5a62eb30df
Store OAuth2 session data in database (#3660)
* Store OAuth2 session data in database

* Rename table to `oauth2_session` and do not skip xormstorage initialization error
2018-04-29 09:09:24 +03:00
Jonas Franz 8d5f58d834 Shows total tracked time in issue and milestone list (#3341)
* Show total tracked time in issue and milestone list
Show total tracked time at issue page

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Optimizing TotalTimes by using SumInt

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fixing wrong total times for milestones caused by a missing JOIN
Adding unit tests for total times

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Logging error instead of ignoring it

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Correcting spelling mistakes

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Change error message to a short version

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add error handling to TotalTimes
Add variable for totalTimes

Signed-off-by: Jonas Franz <info@jonasfranz.de>

* Introduce TotalTrackedTimes as variable of issue
Load TotalTrackedTimes by loading attributes of IssueList
Load TotalTrackedTimes by loading attributes of single issue
Add Sec2Time as helper to use it in templates

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fixed test + gofmt

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Load TotalTrackedTimes via MilestoneList instead of single requests

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add documentation for MilestoneList

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add documentation for MilestoneList

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix test

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Change comment from SQL query to description

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix unit test by using int64 instead of int

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix unit test by using int64 instead of int

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Check if timetracker is enabled

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix test by enabling timetracking

Signed-off-by: Jonas Franz <info@jonasfranz.de>
2018-04-29 13:58:47 +08:00
Morgan Bazalgette e3028d124f don't reset team/repo count when updating team via API (#3831)
fixes #3600
2018-04-29 13:22:57 +08:00