Correctly rollback in ForkRepository (#17034) (#17045)
Backport #17034
The rollback functionality in
services/repository/repository.go:ForkRepository is incorrect and could
lead to a deadlock as it uses DeleteRepository to delete the rolled-back
repository - a function which creates its own transaction.
This PR adjusts the rollback function to only use RemoveAll as any
database changes will be automatically rolled-back. It also handles
panics and adjusts the Close within WithTx to ensure that if there is a
panic the session will always be closed.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
When the external context is cancelled it is possible for the
GitLogReader to not itself be Closed.
This PR does three things:
1. Instead of adding a plain defer it wraps the `g.Close` in a func as
`g` may change.
2. It adds the missing explicit g.Close - although the defer fix makes
this unnecessary.
3. It passes down the external context as the base context for the
GitLogReader meaning that the cancellation of the external context will
pass down automatically.
Use filename as id/class prefix. (#16997) (#17000)
Currently the svg minifier (`make svg`) rewrites all `id` and `class` attributes in svg files. Every file gets the ids `a, b, ...`. If multiple svgs with ids are used on a page these ids are conflicting and the results are broken images.
This PR adds a prefix (the filename) to every id/class.
Follow up problem: Because we embed svg images there are duplicated ids if one svg image is used multiple times on a page. As those ids refer to the same content it may be no real problem because browser handle that fine.
Skip AllowedUserVisibilityModes validation on update user if it is an organisation (#16988) (#16990)
if AllowedUserVisibilityModes allow only public & limited, and orgs can be private, a user can create a repo to that organisation whitch will result in an update of the user. On this call the user is validaten and will be rejected since private is not allowed, but its not an user its an valid org ...
Fix issue with issue default mail template (#16956) (#16975)
Backport #16956
The mail template rendering was failing with the error -
`...vices/mailer/mail.go:301:composeIssueCommentMessages() [E] ExecuteTemplate [issue/default/body]: template: issue/default:65:10: executing "issue/default" at <.i18n.Tr>: can't evaluate field i18n in type *models.Comment`
The issue was the template variable i18n is available in the outer scope.
Prevent panic on diff generation (#16950) (#16951)
Backport #16950
The lastLeftIdx should be reset at the same time as creating a new section otherwise
it is possible for a second addition to end up attempting to read a nil entry.
Close storage objects before cleaning (#16934) (#16942)
Backport #16934
Storage.Iterate provides the path and an open object. On windows using
local storage means that the objects will be locked thus preventing clean
from deleting them.
Add unique constraint back into issue_index (#16938)
There is a flaw in #16820 where it was missed that although xorm will
not add a primary key to a table during syncing, it will remove an
unique constraint.
Users upgrading from 1.15.0 to 1.15.1 will therefore lose the unique
constraint that makes this table work unless they run `gitea doctor
recreate-table issue_index`. Postgres helpfully warns about this
situation but MySQL does not.
Main/1.16-dev is not affected by this issue as there is a migration that
does the above recreation by default. Users moving directly to 1.15.1
from 1.14.x or lower are also not affected.
Whilst we could force all users who ran 1.15.0 to do the above
recreate-table call, this PR proposes an alternative: Just add the
unique constraint back in for 1.15.x. This won't have any long term
effects - just some wasted space for the unnecessary index.
* BUGFIXES
* Allow BASIC authentication access to /:owner/:repo/releases/download/* (#16916) (#16923)
* Prevent leave changes dialogs due to autofill fields (#16912) (#16920)
* Ignore review comment when ref commit is missed (#16905) (#16919)
* Fix wrong attachment removal (#16915) (#16917)
* Gitlab Migrator: dont ignore reactions of last request (#16903) (#16913)
* Correctly return the number of Repositories for Organizations (#16807) (#16911)
* Test if LFS object is accessible (#16865) (#16904)
* Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
* Fix dump and restore respository (#16698) (#16898)
* Repare and Improve GetDiffRangeWithWhitespaceBehavior (#16894) (#16895)
* Fix wiki raw commit diff/patch view (#16891) (#16892)
* Ensure wiki repos are all closed (#16886) (#16888)
* List limited and private orgs if authenticated on API (#16866) (#16879)
* Simplify split diff view generation and remove JS dependency (#16775) (#16863)
* Ensure that the default visibility is set on the user create page (#16845) (#16862)
* In Render tolerate not being passed a context (#16842) (#16858)
* Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)
* Report the correct number of pushes on the feeds (#16811) (#16822)
* Add primary_key to issue_index (#16813) (#16820)
* Prevent NPE on empty commit (#16812) (#16819)
* Fix branch pagination error (#16805) (#16816)
* Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
* Remove spurious / from issues.opened_by (#16793)
* Ensure that template compilation panics are sent to the logs (#16788) (#16792)
* Update caddyserver/certmagic (#16789) (#16790)
Lunny Xiao [Tue, 31 Aug 2021 09:44:14 +0000 (17:44 +0800)]
Fix dump and restore respository (#16698) (#16898)
* Fix dump and restore
* return different error message for get commit
* Fix missing delete release attachment when deleting repository
* Fix ci and add some comments
6543 [Tue, 31 Aug 2021 08:06:01 +0000 (10:06 +0200)]
Fix git.Blob.DataAsync(): close pipe since we return a NopCloser (#16899) (#16900)
* make sure headGitRepo is closed on err too
* refactor
* Fix git.Blob.DataAsync(): exec cancel since we already read all bytes (close pipe since we return a NopCloser)
Gitea has relied on some slow JS code to match up added and deleted lines on the
diff pages. This can cause a considerable slow down on large diff pages.
This PR makes a small change meaning that the matching up can occur much more simply.
6543 [Sun, 29 Aug 2021 14:25:45 +0000 (16:25 +0200)]
In Render tolerate not being passed a context (#16842) (#16858)
* In Render tolerate not being passed a context
It is possible for RenderString to be passed to an external renderer if markdown
is set to be rendered by an external renderer. No context is currently sent to these
meaning that this will error out.
Fix #16835
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Context to Repo calls for RenderString
All calls from routers can easily add the context - so add it.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
techknowlogick [Thu, 26 Aug 2021 06:30:13 +0000 (02:30 -0400)]
Report the correct number of pushes on the feeds (#16811) (#16822)
* Report the correct number of pushes on the feeds
Since the number of commits in the Action table has been limited to 5
the number of commits reported on the feeds page is now incorrectly also
limited to 5. The correct number is available as the Len and this PR
changes this to report this.
Fix #16804
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update templates/user/dashboard/feeds.tmpl
zeripath [Wed, 25 Aug 2021 22:10:15 +0000 (23:10 +0100)]
Add primary_key to issue_index (#16813) (#16820)
Backport #16813
Make the group_id a primary key in issue_index. This already has an
unique index and therefore is a good candidate for becoming a primary
key.
This PR also changes all other uses of this table to add the group_id as
the primary key.
The migration v192 from #16813 has not been backported but Xorm will
work fine with non-primary keyed tables. If a user on 1.15 wishes to
have the correct schema sooner than 1.16 - they can use gitea doctor
recreate-table issue_index and gitea will recreate the table with the
primary key.
Lunny Xiao [Wed, 25 Aug 2021 10:11:54 +0000 (18:11 +0800)]
Fix branch pagination error (#16805) (#16816)
Backport #16805
Fix #16801
Even if default branch is removed from the current page, but the total branches number should be still kept. So that the pagination calculation will be correct.
zeripath [Mon, 23 Aug 2021 23:50:04 +0000 (00:50 +0100)]
Ensure that template compilation panics are sent to the logs (#16788) (#16792)
Backport #16788
Although panics within the rendering pipeline are caught and dealt with,
panics that occur before that starts are unprotected and will kill Gitea
without being sent to the logs.
This PR adds a basic recovery handler to catch panics that occur after
the logger is initialised and ensure that they're sent to the logger.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
zeripath [Sat, 21 Aug 2021 02:47:37 +0000 (03:47 +0100)]
Recreate Tables should Recreate indexes on MySQL (#16718) (#16739)
The MySQL indexes are not being renamed at the same time as RENAME table despite the
CASCADE. Therefore it is probably better to just recreate the indexes instead.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
6543 [Fri, 13 Aug 2021 16:26:19 +0000 (18:26 +0200)]
If PatchURL is empty, skip pull patch download when migrating (Partial #16356) (#16681)
Partial backport #16356
Whilst looking at adding migration support for onedev it has become apparent that gitea would attempt to pull patches on other migration targets even if that PatchURL was empty.
6543 [Fri, 13 Aug 2021 05:51:13 +0000 (07:51 +0200)]
Fix NPE in fuzzer (#16680) (#16682)
The fuzzer found an issue with the issue pattern processor where there is a spurious
path.Clean which does not need to be there. This PR also sets the default AppURL for
the fuzzer too.
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
zeripath [Mon, 9 Aug 2021 12:18:40 +0000 (13:18 +0100)]
Fix direct creation of external users on admin page (#16613)
From #16612 it was noticed that when creating new external users directly it was not
possible to set their username correctly. This PR restores this ability.
zeripath [Sun, 8 Aug 2021 10:32:07 +0000 (11:32 +0100)]
Restore compatibility with SQLServer 2008 R2 in migrations (#16638)
This fixes two problems with MSSQL:
* `ALTER TABLE DROP ... IF EXISTS ...` is only supported in SQL Server >16.
The `IF EXISTS` here is a belt-and-braces and does not need to be present. Therefore
can be dropped. Also stop attempting to drop the indexes as constraints as they're indexes!
* System tables like: `sys.indexes` should be lowercase not uppercase because of collation issues.
Fix #13615
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* BREAKING
* Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
* SECURITY
* Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
* Switch to maintained jwt lib (#16532) (#16533)
* Correctly create of git-daemon-export-ok files (#16508) (#16514)
* Don't show private user's repo in explore view (#16550) (#16554)
* API
* Swagger AccessToken fixes (#16574) (#16597)
* Set AllowedHeaders on API CORS handler (#16524) (#16618)
* BUGFIXES
* Restore Accessibility for Dropdown (#16576) (#16617)
* Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
* Fix table alignment in markdown (#16596) (#16602)
* Fix 500 on first wiki page (#16586) (#16598)
* Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564) (#16570)
* Upgrade levelqueue to v0.4.0 (#16560) (#16561)
* Handle too long PR titles correctly (#16517) (#16549)
* Fix data race in bleve indexer (#16474) (#16509)
* Restore CORS on git smart http protocol (#16496) (#16506)
* Fix race in log (#16490) (#16505)
* Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
* Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
* Update notification table with only latest data (#16445) (#16469)
* Revert to use alpine 3.13 (#16451) (#16452)
* Fix crash following ldap authentication update (#16447) (#16448)
* Fix direct creation of external users on admin page (partial #16612) (#16613)
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update CHANGELOG.md
zeripath [Wed, 4 Aug 2021 17:26:35 +0000 (18:26 +0100)]
Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
Backport #16605
Unfortunately when the AccessLogger was moved back before the contexters the
SignedUserName reporting was lost. This is due to Request.WithContext leading to a
shallow copy of the Request and the modules/context/Context being within that request.
This PR adds a new context variable of a string pointer which is set and handled
in the contexters.
Fix #16600
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
zeripath [Wed, 4 Aug 2021 12:31:10 +0000 (13:31 +0100)]
Restore #10096/#8638 and re-fix #15172 (#16576) (#16617)
Backport #16576
This PR restores the vendored and patched dropdow from #8638. It
however, it partially abandons the call to `click()` using instead the
default dropdown click calls instead. This prevents the issue of the
dropdown grabbing focus permanently however, this may have negative
effects on the effect of focus on the dropdowns.
Of note, the behaviour of the template selector dropdown on the repo
creation page is slightly odd - I don't believe that this odd behaviour
is caused by this PR but rather by the feed source for this. I suspect
that the dropdown should be adding a delete button to its selection.
zeripath [Tue, 3 Aug 2021 22:46:08 +0000 (23:46 +0100)]
Fix 500 on first wiki page (#16586) (#16598)
Backport #16586
There is a mistake in #16319 and #16487 which means that the first time
a wiki page is created a 500 is reported because the `master` branch is
not in existence in that wiki yet.
This PR simply checks for this error and returns not found.
Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16570)
Backport #16564
This PR has two parts:
* Add locking to goth and gothic calls with a RWMutex
The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races
* Reattempt OAuth2 registration on login if registration failed
If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt.
Handle too long PR titles correctly (#16517) (#16549)
Backport #16517
The CompareAndPullRequestPost handler for POST to /compare
incorrectly handles returning errors to the user. For a start
it does not set the necessary markers to switch SimpleMDE
but it also does not immediately return to the form.
This PR fixes this by setting the appropriate values, fixing
the templates and preventing the suggestion of a too long
title.
One of the reasons why #16447 was needed and why #16268 was needed in
the first place was because it appears that editing ldap configuration
doesn't get tested.
This PR therefore adds a basic test that will run the edit pipeline.
In doing so it's now clear that #16447 and #16268 aren't actually
solving #16252. It turns out that what actually happens is that is that
the bytes are actually double encoded.
This PR now changes the json unmarshal wrapper to handle this double
encode.
Fix #16252
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
Restore creation of git-daemon-export-ok files (#16508) (#16514)
Backport #16508
Somewhere along the line the creation of git-daemon-export-ok
files disappeared but the updating of these files when
repo visibility changes remained. The problem is that the
current state will create files even when the org or user
is private.
Update notification table with only latest data (#16445) (#16469)
When marking notifications read the results may be returned out of order
or be delayed. This PR sends a sequence number to gitea so that the
browser can ensure that only the results of the latest notification
change are shown.
Fix crash following ldap authentication update (#16447) (#16448)
Backport #16447
Unfortunately #16268 contained a terrible error, whereby there was a double
indirection taken when unmarshalling the source data. This fatally breaks
authentication configuration reading.