]> source.dussan.org Git - gitea.git/log
gitea.git
2 years agoSet correct PR status on 3way on conflict checking (#19457) (#19458)
Gusted [Fri, 22 Apr 2022 01:11:42 +0000 (01:11 +0000)]
Set correct PR status on 3way on conflict checking (#19457) (#19458)

- Backport #19457
  - When 3-way merge is enabled for conflict checking, it has a new interesting behavior that it doesn't return any error when it found a conflict, so we change the condition to not check for the error, but instead check if conflictedfiles is populated, this fixes a issue whereby PR status wasn't correctly on conflicted PR's.
  - Refactor the mergeable property(which was incorrectly set and lead me this bug) to be more maintainable.
  - Add a dedicated test for conflicting checking, so it should prevent future issues with this.
  - Ref: Fix the latest error for https://gitea.com/gitea/go-sdk/pulls/579

Co-authored-by: zeripath <art27@cantab.net>
2 years agoRepoAssignment ensure to close before overwrite (#19449) (#19460)
6543 [Thu, 21 Apr 2022 16:55:44 +0000 (18:55 +0200)]
RepoAssignment ensure to close before overwrite (#19449) (#19460)

* check if GitRepo already open and close if

* Only run RepoAssignment once

2 years agoAdd Changelog v1.16.6 (#19339) v1.16.6
6543 [Wed, 20 Apr 2022 23:33:50 +0000 (01:33 +0200)]
Add Changelog v1.16.6 (#19339)

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoWhen dumping trim the standard suffices instead of a random suffix (#19440) (#19447)
6543 [Wed, 20 Apr 2022 22:26:03 +0000 (00:26 +0200)]
When dumping trim the standard suffices instead of a random suffix (#19440) (#19447)

* When dumping trim the standard suffices instead of a random suffix

Instead of using the `path.Ext()` to trim the last "extension" suffix, just iterate
through the supported suffices and trim those.

Fix #19424

Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix enum with to have correct supported types only

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoFix DELETE request for non-existent public key (#19443) (#19444)
Gusted [Wed, 20 Apr 2022 22:24:56 +0000 (22:24 +0000)]
Fix DELETE request for non-existent public key (#19443) (#19444)

- Backport #19443
  - Add a return for the first "block" of errors, which fixes the double error messages.
  - Add a return for `externallyManaged`.
  - Resolves #19398

Co-authored-by: 6543 <6543@obermui.de>
2 years agoDon't panic on `ErrEmailInvalid` (#19441) (#19442)
Gusted [Wed, 20 Apr 2022 22:24:07 +0000 (22:24 +0000)]
Don't panic on `ErrEmailInvalid` (#19441) (#19442)

- Backport #19441
  - Don't panic on `ErrEmailInvalid`, this was caused due that we were trying to force `ErrEmailCharIsNotSupported` interface, which panics.
  - Resolves #19397

Co-authored-by: 6543 <6543@obermui.de>
2 years agoAdd uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients...
6543 [Wed, 20 Apr 2022 18:54:36 +0000 (20:54 +0200)]
Add uploadpack.allowAnySHA1InWant to allow --filter=blob:none with older git clients (#19430) (#19438)

Older git clients need uploadpack.allowAnySHA1InWant if partial cloning is allowed.

Fix #19118

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoWarn on SSH connection for incorrect configuration (#19317) (#19437)
6543 [Wed, 20 Apr 2022 17:18:23 +0000 (19:18 +0200)]
Warn on SSH connection for incorrect configuration (#19317) (#19437)

Backport #19317

- Warn on SSH connection for incorrect configuration
- When `setting.RepoRootPath` cannot be found(most likely due to
incorrect configuration) show "Gitea: Incorrect configuration" on the
client-side to help easier with debugging the problem.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoAPI: Search Issues, dont show 500 if filter result in empty list (#19244) (#19436)
6543 [Wed, 20 Apr 2022 16:30:42 +0000 (18:30 +0200)]
API: Search Issues, dont show 500 if filter result in empty list (#19244) (#19436)

Backport #19244

* remove error who is none

* use setupSessionNoLimit instead of setupSessionWithLimit when no pagination

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoWhen updating mirror repo intervals by API reschedule next update too (#19429) (...
zeripath [Wed, 20 Apr 2022 14:04:26 +0000 (15:04 +0100)]
When updating mirror repo intervals by API reschedule next update too (#19429) (#19433)

Backport #19429

When a mirror repo interval is updated by the UI it is rescheduled with that interval
however the API does not do this. The API also lacks the enable_prune option.

This PR adds this functionality in to the API Edit Repo endpoint.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix nil error when some pages are rendered outside request context (#19428)
wxiaoguang [Tue, 19 Apr 2022 23:30:16 +0000 (07:30 +0800)]
Fix nil error when some pages are rendered outside request context (#19428)

2 years agoOnly request write when necessary (#18657) (#19422)
Lunny Xiao [Tue, 19 Apr 2022 16:10:24 +0000 (00:10 +0800)]
Only request write when necessary (#18657) (#19422)

* Only request write when necessary

- Only request write for `INTERNAL_TOKEN_URI` when no token was found.
- Resolves #18655

* Fix perm

* Update setting.go

* Update setting.go

* Update setting.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoFix double blob-hunk on diff page (#19404) (#19405)
Gusted [Fri, 15 Apr 2022 03:27:04 +0000 (03:27 +0000)]
Fix double blob-hunk on diff page (#19404) (#19405)

- Don't show the blob-hunk twice on diff page
- Backport #19404

2 years agogo get -u crypto (#19388)
techknowlogick [Wed, 13 Apr 2022 02:45:58 +0000 (22:45 -0400)]
go get -u crypto (#19388)

2 years agoUpdate locale_ru-RU.ini (#19383) (#19387)
Vasiliy Bukharev [Wed, 13 Apr 2022 00:15:03 +0000 (03:15 +0300)]
Update locale_ru-RU.ini (#19383) (#19387)

Signed-off-by: bvp <bvp-yar@ya.ru>
2 years ago Don't allow merging PR's which are being conflict checked (#19357) (#19358)
Gusted [Tue, 12 Apr 2022 16:38:41 +0000 (18:38 +0200)]
 Don't allow merging PR's which are being conflict checked (#19357) (#19358)

* Don't allow merging PR's which are being conflict checked (#19357)

- Backport of #19357
  - When a PR is still being conflict checked, don't allow the PR to be merged(the merge button could already be visible before e.g. a new commit was pushed to the PR).
  - Resolves #19352

* Update error message

2 years agoFix middleware function's placements for `/user/...` (#19377) (#19378)
Gusted [Tue, 12 Apr 2022 03:06:07 +0000 (05:06 +0200)]
Fix middleware function's placements for `/user/...` (#19377) (#19378)

- Backport #19377
  - Add reqSignIn to `/user/task/{task}` as it specific to a logged in user currently not-logged in user could cause a NPE.
  - Remove `/user/active` reqSignIn middleware, because when you want to active a account you're not "signed in" so it doesn't make sense to add that middleware.

2 years agoDisable service worker by default (#18914) (#19342)
silverwind [Thu, 7 Apr 2022 18:08:24 +0000 (20:08 +0200)]
Disable service worker by default (#18914) (#19342)

The service worker causes a lot of issues with JS errors after instance
upgrades while not bringing any real performance gain over regular HTTP
caching.

Disable it by default for this reason. Maybe later we can remove it
completely, as I simply see no benefit in having it.

2 years agoFix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)
wxiaoguang [Wed, 6 Apr 2022 15:47:58 +0000 (23:47 +0800)]
Fix invalid CSRF token bug, make sure CSRF tokens can be up-to-date (#19338)

There was a bug that the CSRF token wouldn't in 24h. This fix just does what the CSRF function comment says: If this request is a GET request, it will generate a new token. Then the CSRF token can be kept up-to-date.

2 years agoRevert the minimal golang version requirement from 1.17 to 1.16 and add a warning...
Lunny Xiao [Tue, 5 Apr 2022 17:32:24 +0000 (01:32 +0800)]
Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile (#19319)

* Revert the minimal golang version requirement from 1.17 to 1.16 and add a warning in Makefile

* Apply suggestions from code review

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
* 1.16

* Update modules/util/net.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>
* correct bool conditional

yay tests for catching this :)

* Update hostmatcher.go

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agoRestore user autoregistration with email addresses (#19261) (#19312)
zeripath [Sun, 3 Apr 2022 00:36:47 +0000 (01:36 +0100)]
Restore user autoregistration with email addresses (#19261) (#19312)

Backport #19261

Unfortunately #18789 disabled autoregistration using email addresses as they would
be shortcut to email address does not exist.

This PR attempts to restore autoregistration by allowing an unknown email address
to percolate through to the autoregistration path of UserSignin.

Fix #19256

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoPerformance improvement for add team user when org has more than 1000 repositories...
Lunny Xiao [Fri, 1 Apr 2022 08:36:12 +0000 (16:36 +0800)]
Performance improvement for add team user when org has more than 1000 repositories (#19227) (#19289)

2 years agoMove checks for pulls before merge into own function (#19271) (#19277)
6543 [Thu, 31 Mar 2022 14:57:13 +0000 (16:57 +0200)]
Move checks for pulls before merge into own function (#19271) (#19277)

Backport #19271

Fix:
* The API does ignore issue dependencies where Web does not
* The API checks if "IsSignedIfRequired" where Web does not - UI probably do but nothing will some to craft custom requests
* Default merge message is crafted a bit different between API and Web if not set on specific cases ...

2 years agoUse full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235)...
zeripath [Tue, 29 Mar 2022 20:19:57 +0000 (21:19 +0100)]
Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235) (#19236)

* Use full output of git show-ref --tags to get tags for PushUpdateAddTag (#19235)

Strangely #19038 appears to relate to an issue whereby a tag appears to
be listed in `git show-ref --tags` but then does not appear when `git
show-ref --tags -- short_name` is called.

As a solution though I propose to stop the second call as it is
unnecessary and only likely to cause problems.

I've also noticed that the tags calls are wildly inefficient and aren't using the common cat-files - so these have been added.

I've also noticed that the git commit-graph is not being written on mirroring - so I've also added writing this to the migration which should improve mirror rendering somewhat.

Fix #19038

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
* fix rebase relict

Co-authored-by: 6543 <6543@obermui.de>
2 years agoGranular webhook events in editHook (#19251) (#19257)
John Olheiser [Tue, 29 Mar 2022 16:26:51 +0000 (11:26 -0500)]
Granular webhook events in editHook (#19251) (#19257)

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2 years agoOnly send webhook events to active system webhooks and only deliver to active hooks...
zeripath [Tue, 29 Mar 2022 12:12:56 +0000 (13:12 +0100)]
Only send webhook events to active system webhooks and only deliver to active hooks (#19234) (#19248)

Backport #19234

There is a bug in the system webhooks whereby the active state is not checked when
webhooks are prepared and there is a bug that deactivating webhooks do not prevent
queued deliveries.

* Only add SystemWebhooks to the prepareWebhooks list if they are active
* At the time of delivery if the underlying webhook is not active mark it
as "delivered" but with a failed delivery so it does not get delivered.

Fix #19220

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoCheck go and nodejs version by go.mod and package.json (#19197) (#19254)
wxiaoguang [Tue, 29 Mar 2022 07:32:38 +0000 (15:32 +0800)]
Check go and nodejs version by go.mod and package.json (#19197) (#19254)

* Check go and nodejs version by go.mod and package.json
* Update Go official site URL

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: gesangtome <gesangtome@foxmail.com>
2 years agoFix clone url JS error for the empty repo page (#19209)
wxiaoguang [Tue, 29 Mar 2022 03:04:29 +0000 (11:04 +0800)]
Fix clone url JS error for the empty repo page (#19209)

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoUse goproxy.io instead of goproxy.cn (#19242) (#19246)
6543 [Tue, 29 Mar 2022 01:22:55 +0000 (03:22 +0200)]
Use goproxy.io instead of goproxy.cn (#19242) (#19246)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoPrevent intermittent failures in RepoIndexerTest (#19225 #19229) (#19228)
zeripath [Sun, 27 Mar 2022 23:01:53 +0000 (00:01 +0100)]
Prevent intermittent failures in RepoIndexerTest (#19225 #19229) (#19228)

Backport #19225
Backport #19229

The RepoIndexerTest is failing with considerable frequency due to a race inherrent in
its design. This PR adjust this test to avoid the reliance on waiting for the populate
repo indexer to run and forcibly adds the repo to the queue. It then flushes the queue.

It may be worth separating out the tests somewhat by testing the Index function
directly away from the queue however, this forceful method should solve the current
problem.

Fix #19162

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoTouch mirrors on even on fail to update (#19217) (#19233)
zeripath [Sun, 27 Mar 2022 21:08:28 +0000 (22:08 +0100)]
Touch mirrors on even on fail to update (#19217) (#19233)

Backport #19217

If a mirror fails to be synchronised it should be pushed to the bottom of the queue
of the awaiting mirrors to be synchronised. At present if there LIMIT number of
broken mirrors they can effectively prevent all other mirrors from being synchronized
as their last_updated time will remain earlier than other mirrors.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoHide sensitive content on admin panel progress monitor (#19218 & #19226) (#19231)
Lunny Xiao [Sun, 27 Mar 2022 17:21:59 +0000 (01:21 +0800)]
Hide sensitive content on admin panel progress monitor (#19218 & #19226) (#19231)

* Hide sensitive content on admin panel progress monitor (#19218)

Sanitize urls within git process descriptions.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
* Do not include global arguments in process manager (#19226)

Backport #19226

The git command by default adds a number of global arguments. These are not
helpful to be displayed in the process manager and so should be skipped for
default process descriptions.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2 years agoBump goldmark to v1.4.11 (#19201) (#19203)
Robert Kaussow [Thu, 24 Mar 2022 15:47:40 +0000 (16:47 +0100)]
Bump goldmark to v1.4.11 (#19201) (#19203)

* Bump goldmark to v1.4.11

* fix go.sum

Signed-off-by: Andrew Thornton <art27@cantab.net>
* add testcase

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2 years agoChangelog for 1.16.5 (#19189) v1.16.5
zeripath [Thu, 24 Mar 2022 00:13:52 +0000 (00:13 +0000)]
Changelog for 1.16.5 (#19189)

* Changelog for 1.16.5

 ## [1.16.5](https://github.com/go-gitea/gitea/releases/tag/1.16.5) - 2022-03-23

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2 years agoFix showing issues in your repositories (#18916) (#19191)
6543 [Wed, 23 Mar 2022 23:36:38 +0000 (00:36 +0100)]
Fix showing issues in your repositories (#18916) (#19191)

- Make a restriction on which issues can be shown based on if you the user or team has write permission to the repository.
- Fixes a issue whereby you wouldn't see any associated issues with a specific team on a organization if you wasn't a member(fixed by zeroing the User{ID} in the options).
- Resolves #18913

Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agoPrevent redirect to Host (2) (#19175) (#19186)
zeripath [Wed, 23 Mar 2022 20:01:23 +0000 (20:01 +0000)]
Prevent redirect to Host (2) (#19175) (#19186)

Backport #19175

Unhelpfully Locations starting with `/\` will be converted by the
browser to `//` because ... well I do not fully understand. Certainly
the RFCs and MDN do not indicate that this would be expected. Providing
"compatibility" with the (mis)behaviour of a certain proprietary OS is
my suspicion. However, we clearly have to protect against this.

Therefore we should reject redirection locations that match the regular
expression: `^/[\\\\/]+`

Reference #9678

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix compare link in active feeds for new branch (#19149) (#19185)
zeripath [Wed, 23 Mar 2022 19:04:50 +0000 (19:04 +0000)]
Fix compare link in active feeds for new branch (#19149) (#19185)

Backport #19149

When a new branch is pushed the old SHA is always listed as the empty sha and thus the compare link that is created does not work correctly.

Therefore when creating the compare link for new branches:

1. Attempt to get the parent of the first commit and use that as the basis
for the compare link.
2. If this is not possible make a comparison to the default branch
3. Finally if that is not possible simply do not show a compare link.

However, there are multiple broken compare links remaining therefore, in order for these to not break we will simply make the compare link redirect to the default branch.

Fix #19144

Signed-off-by: a1012112796 <1012112796@qq.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
2 years agoRedirect .wiki/* ui link to /wiki (#18831) (#19184)
zeripath [Wed, 23 Mar 2022 16:46:08 +0000 (16:46 +0000)]
Redirect .wiki/* ui link to /wiki (#18831) (#19184)

Backport #18831

Redirect .wiki/* ui link to /wiki

fix #18590

Signed-off-by: a1012112796 <1012112796@qq.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: a1012112796 <1012112796@qq.com>
2 years agoPrevent start panic due to missing DotEscape function
Andrew Thornton [Wed, 23 Mar 2022 16:08:27 +0000 (16:08 +0000)]
Prevent start panic due to missing DotEscape function

Unfortunately #19169 causing a panic at startup in prod mode. This was hidden by dev
mode because the templates are compiled dynamically there. The issue is that DotEscape
is not in the original FuncMap at the time of compilation which causes a panic.

Ref #19169

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix the bug: deploy key with write access can not push (#19010) (#19182)
zeripath [Wed, 23 Mar 2022 13:44:41 +0000 (13:44 +0000)]
Fix the bug: deploy key with write access can not push (#19010) (#19182)

Backport #19010

Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission.

Fix #19009

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoTry to prevent autolinking of displaynames by email readers (#19169) (#19183)
zeripath [Wed, 23 Mar 2022 13:18:11 +0000 (13:18 +0000)]
Try to prevent autolinking of displaynames by email readers (#19169) (#19183)

Backport #19169

Unfortunately many email readers will (helpfully) detect url or url-like names and
automatically create links to them, even in HTML emails. This is not ideal when
usernames can have dots in them.

This PR tries to prevent this behaviour by sticking ZWJ characters between dots and
also set the meta tag to prevent format detection.

Not every email template has been changed in this way - just the activation emails but
it may be that we should be setting the above meta tag in all of our emails too.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoClean paths when looking in Storage (#19124) (#19179)
zeripath [Wed, 23 Mar 2022 09:23:00 +0000 (09:23 +0000)]
Clean paths when looking in Storage (#19124) (#19179)

Backport #19124

* Clean paths when looking in Storage

Ensure paths are clean for minio aswell as local storage.

Use url.Path not RequestURI/EscapedPath in storageHandler.

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review

Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoCleanup protected branches when deleting users & teams (#19158) (#19174)
Norwin [Wed, 23 Mar 2022 05:56:53 +0000 (06:56 +0100)]
Cleanup protected branches when deleting users & teams (#19158) (#19174)

* Clean up protected_branches when deleting user

fixes #19094

* Clean up protected_branches when deleting teams

* fix issue

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoEnsure that setting.LocalURL always has a trailing slash (#19171) (#19177)
zeripath [Wed, 23 Mar 2022 04:56:52 +0000 (04:56 +0000)]
Ensure that setting.LocalURL always has a trailing slash (#19171) (#19177)

Backport #19171

Fix #19166

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoUse the new/choose link for New Issue on project page (#19172) (#19176)
zeripath [Wed, 23 Mar 2022 01:41:12 +0000 (01:41 +0000)]
Use the new/choose link for New Issue on project page (#19172) (#19176)

Backport #19172

Extend issues/new/choose to pass the project id and change New Issue
link on project page to use new/choose

Fix #19170

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoUse IterateBufferSize whilst querying repositories during adoption check (#19140...
zeripath [Tue, 22 Mar 2022 01:11:22 +0000 (01:11 +0000)]
Use IterateBufferSize whilst querying repositories during adoption check (#19140) (#19160)

Backport #19140

The adoption page checks directories to see if they are repositories by querying the
db on a per user basis. This can lead to problems if a user has a large number of
repositories or putative repositories.

This PR changes the buffering to check the db in IterataeBufferSize batches instead.

Fix #19137

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoEnsure isSSH is set whenever DISABLE_HTTP_GIT is set (#19028) (#19146)
zeripath [Mon, 21 Mar 2022 00:59:55 +0000 (00:59 +0000)]
Ensure isSSH is set whenever DISABLE_HTTP_GIT is set (#19028) (#19146)

Backport #19028

When DISABLE_HTTP_GIT is set we should always show the SSH button

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoUse custom favicon when viewing static files if it exists (#19130) (#19152)
Abheek Dhawan [Mon, 21 Mar 2022 00:28:35 +0000 (19:28 -0500)]
Use custom favicon when viewing static files if it exists (#19130) (#19152)

Redirect `/favicon.ico` to `/assets/img/favicon.png`.

Fix #19109

Co-authored-by: zeripath <art27@cantab.net>
2 years agoFix NPE /repos/issues/search when not signed in (#19154) (#19155)
Gusted [Sun, 20 Mar 2022 21:42:31 +0000 (21:42 +0000)]
Fix NPE /repos/issues/search when not signed in (#19154) (#19155)

- Backport #19154

  - Don't panic when on `/repos/issues/search?{created,assigned,mentioned,review_requested}=true` when client didn't pass any authentication.
  - Resolves #19115

2 years agoFix wrong scopes caused by empty scope input (#19029) (#19145)
zeripath [Sun, 20 Mar 2022 19:13:18 +0000 (19:13 +0000)]
Fix wrong scopes caused by empty scope input (#19029) (#19145)

Backport #19029
Fix #18972 Gitea prepends requested openid scope with + after updating authentication source

2 years agoFix the editor height in review box (#19003) (#19147)
zeripath [Sun, 20 Mar 2022 02:29:49 +0000 (02:29 +0000)]
Fix the editor height in review box (#19003) (#19147)

Backport #19003

Fix the height problem in  https://github.com/go-gitea/gitea/pull/18862#issuecomment-1059329539

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoDo not send notification emails to inactive users (#19131) (#19139)
zeripath [Sat, 19 Mar 2022 18:33:32 +0000 (18:33 +0000)]
Do not send notification emails to inactive users (#19131) (#19139)

Backport #19131
Backport #19142

Emails should not be sent to inactive users except for Activate and ResetPassword
messages.

Fix #18950

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoBump to build with go1.18 (#19120 et al) (#19127)
techknowlogick [Sat, 19 Mar 2022 17:46:47 +0000 (13:46 -0400)]
Bump to build with go1.18 (#19120 et al) (#19127)

Backport #19120
Backport #19099
Backport #18874
Backport #18420
Backport #19128
Backport #18270

Bump to build with go1.18

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Jelle Hulter <jellehulter@gmail.com>
2 years agoMake migrations SKIP_TLS_VERIFY apply to git too (#19132) (#19141)
zeripath [Sat, 19 Mar 2022 16:20:26 +0000 (16:20 +0000)]
Make migrations SKIP_TLS_VERIFY apply to git too (#19132) (#19141)

Backport #19132

Make SKIP_TLS_VERIFY apply to git data migrations too through adding the `-c http.sslVerify=false` option to the git clone command.

Fix #18998

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoDo not send activation email if manual confirm is set (#19119) (#19122)
zeripath [Sat, 19 Mar 2022 14:20:42 +0000 (14:20 +0000)]
Do not send activation email if manual confirm is set (#19119) (#19122)

Backport #19119

If the mailer is configured then even if Manual confirm is set an activation email
is still being sent because `handleUserCreated` is not checking for this case.

Fix #17263

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoUpdate golang.org/x/crypto (#19097) (#19098)
Gusted [Sat, 19 Mar 2022 12:16:15 +0000 (12:16 +0000)]
Update golang.org/x/crypto (#19097) (#19098)

Backport #19097

* Update golang.org/x/crypto (#19097)

- Backport #19097

* Fix deprecation notice

* Backport workaround removal

2 years agoHandle email address not exist (#19089) (#19121)
Lunny Xiao [Sat, 19 Mar 2022 11:35:23 +0000 (19:35 +0800)]
Handle email address not exist (#19089) (#19121)

Backport #19089

* Handle email address not exist. (#19089)

* Fix lint about strings.Title

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoUpdate json-iterator (#18644) (#19100)
Gusted [Tue, 15 Mar 2022 21:29:06 +0000 (21:29 +0000)]
Update json-iterator (#18644) (#19100)

- Backport #18644

2 years agoChangelog v1.16.4 (#19081) v1.16.4
6543 [Mon, 14 Mar 2022 20:55:33 +0000 (21:55 +0100)]
Changelog v1.16.4 (#19081)

2 years agoRestrict email address validation (#17688) (#19085)
6543 [Mon, 14 Mar 2022 19:51:58 +0000 (20:51 +0100)]
Restrict email address validation (#17688) (#19085)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix lfs bug (#19072) (#19080)
6543 [Mon, 14 Mar 2022 14:59:54 +0000 (15:59 +0100)]
Fix lfs bug (#19072) (#19080)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoRefactor mirror code & fix `StartToMirror` (#18904) (#19075)
Gusted [Mon, 14 Mar 2022 12:04:41 +0000 (12:04 +0000)]
Refactor mirror code & fix `StartToMirror` (#18904) (#19075)

- Backport #18904.

2 years agoUpdate the webauthn_credential_id_sequence in Postgres (#19048) (#19060)
zeripath [Sun, 13 Mar 2022 04:02:19 +0000 (04:02 +0000)]
Update the webauthn_credential_id_sequence in Postgres (#19048) (#19060)

Backport #19048

There is (yet) another problem with v210 in that Postgres will silently allow preset
ID insertions ... but it will not update the sequence value.

This PR simply adds a little step to the end of the v210 migration to update the
sequence number.

Users who have already migrated who find that they cannot insert new
webauthn_credentials into the DB can either run:

```bash
gitea doctor recreate-table webauthn_credential
```

or

```bash
SELECT setval('webauthn_credential_id_seq', COALESCE((SELECT MAX(id)+1 FROM `webauthn_credential`), 1), false)
```

which will fix the bad sequence.

Fix #19012

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2 years agoPrevent 500 when there is an error during new auth source post (#19041) (#19059)
zeripath [Sun, 13 Mar 2022 02:42:31 +0000 (02:42 +0000)]
Prevent 500 when there is an error during new auth source post (#19041) (#19059)

Backport #19041

Fix #19036

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoIf rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049)...
zeripath [Thu, 10 Mar 2022 21:13:55 +0000 (21:13 +0000)]
If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049) (#19056)

Backport #19049

Unfortunately #18642 does not work because a `*net.OpError` does not implement
the `Is` interface to make `errors.Is` work correctly - thus leading to the
irritating conclusion that a `*net.OpError` is not a `*net.OpError`.

Here we keep the `errors.Is` because presumably this will be fixed at
some point in the golang main source code but also we add a simply type
cast to also check.

Fix #18629

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix flag validation (#19046) (#19051)
Norwin [Thu, 10 Mar 2022 20:23:55 +0000 (21:23 +0100)]
Fix flag validation (#19046) (#19051)

Regression from #5785

2 years agoImprove SyncMirrors logging (#19045) (#19050)
zeripath [Thu, 10 Mar 2022 15:06:35 +0000 (15:06 +0000)]
Improve SyncMirrors logging (#19045) (#19050)

Backport #19045

Yet another issue has come up where the logging from SyncMirrors does not provide
enough context. This PR adds more context to these logging events.

Related #19038

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agofix pam authorization (#19040) (#19047)
6543 [Thu, 10 Mar 2022 08:15:35 +0000 (09:15 +0100)]
fix pam authorization (#19040) (#19047)

Backport #19040

The PAM module has previously only checked the results of the authentication module.

However, in normal PAM practice most users will expect account module authorization to also be checked. Without doing this check in almost every configuration expired accounts and accounts with expired passwords will still be able to login.

This is likely to represent a significant gotcha in most configurations and cause most users configurations to be potentially insecure. Therefore we should add in the account authorization check.

## :warning: **BREAKING** :warning:

Users of the PAM module who rely on account modules not being checked will need to change their PAM configuration.

However, as it is likely that the vast majority of users of PAM will be expecting account authorization to be checked in addition to authentication we should make this breaking change to make the default behaviour correct for the majority.

---

I suggest we backport this despite the BREAKING nature because of the surprising nature of this.

Thanks to @ysf for bringing this to our attention.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: ysf <34326+ysf@users.noreply.github.com>
2 years agoIgnore missing comment for user notifications (#18954) (#19043)
zeripath [Thu, 10 Mar 2022 06:48:27 +0000 (06:48 +0000)]
Ignore missing comment for user notifications (#18954) (#19043)

2 years agoSet `rel="nofollow noindex"` on new issue links (#19023) (#19042)
zeripath [Wed, 9 Mar 2022 23:01:30 +0000 (23:01 +0000)]
Set `rel="nofollow noindex"` on new issue links (#19023) (#19042)

Backport #19023

Fix #19018

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoUpgrading binding package (#19034) (#19035)
Lunny Xiao [Wed, 9 Mar 2022 18:07:46 +0000 (02:07 +0800)]
Upgrading binding package (#19034) (#19035)

Backport #19034

Fix #18855

2 years agoDon't show context cancelled errors in attribute reader (#19006) (#19027)
zeripath [Tue, 8 Mar 2022 11:20:37 +0000 (11:20 +0000)]
Don't show context cancelled errors in attribute reader (#19006) (#19027)

Backport #19006

Fix #18997

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoFix update hint bug (#19002)
Lunny Xiao [Fri, 4 Mar 2022 18:28:17 +0000 (02:28 +0800)]
Fix update hint bug (#19002)

2 years ago Fix potential assignee query for repo (#18994) (#18999)
Otto Richter (fnetX) [Fri, 4 Mar 2022 16:12:34 +0000 (17:12 +0100)]
 Fix potential assignee query for repo (#18994) (#18999)

* Fix potential assignee query for repo

* Add tests for `GetRepoAssignees`

- As per https://github.com/go-gitea/gitea/pull/18994#issuecomment-1058506640

Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agoallow overwrite artifacts for github releases (#18987) (#18988)
6543 [Thu, 3 Mar 2022 15:18:55 +0000 (16:18 +0100)]
allow overwrite artifacts for github releases (#18987) (#18988)

2 years agoChangelog for v1.16.3 (#18966) v1.16.3
Lunny Xiao [Thu, 3 Mar 2022 02:50:36 +0000 (10:50 +0800)]
Changelog for v1.16.3 (#18966)

* Changelog for v1.16.3

* Update CHANGELOG.md

* Apply suggestions from code review

* Apply suggestions from code review

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
2 years agogit backend ignore replace objects (#18979) (#18980)
6543 [Wed, 2 Mar 2022 21:31:50 +0000 (22:31 +0100)]
git backend ignore replace objects (#18979) (#18980)

Co-authored-by: zeripath <art27@cantab.net>
2 years agoSet max text height to prevent overflow (#18862) (#18977)
Otto Richter (fnetX) [Wed, 2 Mar 2022 20:12:48 +0000 (21:12 +0100)]
Set max text height to prevent overflow (#18862) (#18977)

Sets a max height for review text boxes to prevent a very annoying bug where users cannot access the "submit" button.

Before:
![image](https://user-images.githubusercontent.com/12700993/155253001-e1dab086-aaf3-4338-889d-6a861728274a.png)

After:
![image](https://user-images.githubusercontent.com/12700993/155253144-5b9a3547-9582-412f-867f-41a45a14a0fe.png)

Interestingly, I don't see this bug on Firefox.

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2 years agoFix problem when self-assign notification (#18797) (#18976)
Otto Richter (fnetX) [Wed, 2 Mar 2022 20:11:55 +0000 (21:11 +0100)]
Fix problem when self-assign notification (#18797) (#18976)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agobackport fix of #18973 (#18974)
6543 [Wed, 2 Mar 2022 19:42:02 +0000 (20:42 +0100)]
backport fix of #18973 (#18974)

2 years agoRefactor admin user filter query parameters (#18965) (#18975)
Otto Richter (fnetX) [Wed, 2 Mar 2022 18:57:18 +0000 (19:57 +0100)]
Refactor admin user filter query parameters (#18965) (#18975)

Only pass `status_filter` on admin page
Use a more general method to pass query parameters, remove hard-coded keys

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoAccounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case...
6543 [Wed, 2 Mar 2022 13:22:02 +0000 (14:22 +0100)]
Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (#18897) (#18964)

2 years agoSend 404 on `/{org}.gpg` (#18959) (#18962)
Gusted [Wed, 2 Mar 2022 01:37:47 +0000 (01:37 +0000)]
Send 404 on `/{org}.gpg` (#18959) (#18962)

2 years agoFix admin user list pagination (#18957) (#18960)
Otto Richter (fnetX) [Tue, 1 Mar 2022 23:00:03 +0000 (00:00 +0100)]
Fix admin user list pagination (#18957) (#18960)

2 years agoFix lfs management setting (#18947)
Lunny Xiao [Tue, 1 Mar 2022 19:14:18 +0000 (03:14 +0800)]
Fix lfs management setting (#18947)

2 years agoBackport locales from master (#18944)
6543 [Mon, 28 Feb 2022 21:19:19 +0000 (22:19 +0100)]
Backport locales from master (#18944)

* update

* clean

* clean2

* clean2

* clean-next

* cleanup

* finish cleanup

2 years agoFix login with email panic when email is not exist (#18942)
Lunny Xiao [Mon, 28 Feb 2022 18:14:50 +0000 (02:14 +0800)]
Fix login with email panic when email is not exist (#18942)

Co-authored-by: 6543 <6543@obermui.de>
2 years agoAdjust error for already locked db and prevent level db lock on malformed connstr...
zeripath [Mon, 28 Feb 2022 15:45:38 +0000 (15:45 +0000)]
Adjust error for already locked db and prevent level db lock on malformed connstr (#18923) (#18938)

Backport #18923

This PR adjusts the error returned when there is failure to lock the level db, and
permits a connections to the same leveldb where there is a different connection string.

Reference #18921
Reference #18917

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoUpdate go-org to v1.6.1 (#18932) (#18933)
Gusted [Sun, 27 Feb 2022 16:57:06 +0000 (16:57 +0000)]
Update go-org to v1.6.1 (#18932) (#18933)

Backport #18932

2 years agoFix `<strong>` html in translation (#18929) (#18931)
Gusted [Sun, 27 Feb 2022 15:46:34 +0000 (15:46 +0000)]
Fix `<strong>` html in translation (#18929) (#18931)

Backport #18929

2 years ago Fix page and missing return on unadopted repos API (#18848) (#18927)
qwerty287 [Sun, 27 Feb 2022 12:18:23 +0000 (13:18 +0100)]
 Fix page and missing return on unadopted repos API (#18848) (#18927)

* Fix page and missing return on unadopted repos API

Page must be 1 if it's not specified and it should return after sending an internal server error.

* Allow ignore pages

2 years agoDon't treat BOM escape sequence as hidden character. (#18909) (#18910)
Gusted [Sat, 26 Feb 2022 22:15:04 +0000 (22:15 +0000)]
Don't treat BOM escape sequence as hidden character. (#18909) (#18910)

* Don't treat BOM escape sequence as hidden character. (#18909)

Backport #18909

2 years ago Allow adminstrator teams members to see other teams (#18918) (#18919)
Gusted [Sat, 26 Feb 2022 21:45:34 +0000 (21:45 +0000)]
 Allow adminstrator teams members to see other teams (#18918) (#18919)

Allow adminstrator teams members to see other teams (#18918)

2 years agoCorrectly link URLs to users/repos with dashes, dots or underscores (#18890) (#18908)
silverwind [Sat, 26 Feb 2022 05:45:09 +0000 (06:45 +0100)]
Correctly link URLs to users/repos with dashes, dots or underscores (#18890) (#18908)

* Add tests for references with dashes

This commit adds tests for full URLs referencing repos names and user
names containing a dash.

* Extend regex to match URLs to repos/users with dashes

Co-authored-by: Alexander Neumann <62751754+rtpt-alexanderneumann@users.noreply.github.com>
2 years agoDon't update email for organisation (#18905) (#18906)
Gusted [Sat, 26 Feb 2022 02:10:21 +0000 (02:10 +0000)]
Don't update email for organisation (#18905) (#18906)

Backport #18905

2 years agoFix redirect when using lowercase reponame (#18775) (#18902)
Otto Richter (fnetX) [Sat, 26 Feb 2022 00:16:22 +0000 (01:16 +0100)]
Fix redirect when using lowercase reponame (#18775) (#18902)

* Previously,  `GET {username}/{reponame}/raw///file-path` (the middle two slashes are blank to get the default branch) when the repo name has uppercase letters, e.g., https://try.gitea.io/AbdulrhmnGhanem/CH330_Hardware, using a lowercase version of the name redirected to the correct URL
* In other words both
   * `GET https://try.gitea.io/AbdulrhmnGhanem/CH330_Hardware/raw///images/back.png`
   * `GET https://try.gitea.io/AbdulrhmnGhanem/ch330_hardware/raw///images/back.png`
were redirecting to ` GET https://try.gitea.io/AbdulrhmnGhanem/CH330_Hardware/raw/branch/master/images/back.png`
This isn't the case after  #17551. Specifically because of this [line](https://github.com/zeripath/gitea/blob/cbd5eecd148dfca5fcb1a3da469e491a84f6b32b/modules/context/repo.go#L860).

Co-authored-by: Ghanem <37152329+AbdulrhmnGhanem@users.noreply.github.com>
2 years agoFix team management UI (#18887)
Lunny Xiao [Fri, 25 Feb 2022 20:51:22 +0000 (04:51 +0800)]
Fix team management UI (#18887)

2 years agoFix migration v210 (#18893)
Lunny Xiao [Fri, 25 Feb 2022 14:08:00 +0000 (22:08 +0800)]
Fix migration v210 (#18893)

2 years agoBeforeSourcePath should point to base commit (#18880)
Jimmy Praet [Fri, 25 Feb 2022 06:45:20 +0000 (07:45 +0100)]
BeforeSourcePath should point to base commit (#18880)

2 years agoAdd changelog for v1.16.2 (#18840) v1.16.2
Lunny Xiao [Thu, 24 Feb 2022 19:03:08 +0000 (03:03 +0800)]
Add changelog for v1.16.2 (#18840)

Add changelog for v1.16.2

Co-authored-by: 6543 <6543@obermui.de>