| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Gitea was not able to supply any authentication parameters to it. So this brings support to do that, along with some light extraction of a couple of bits into some separate functions for easier testing.
I looked at other libraries supporting similar RedisUri-style connection strings (e.g. Lettuce), but it looks like this type of configuration is beyond what would typically be done in a connection string. Since gitea doesn't have configuration options for manually specifying all this redis connection detail, I went ahead and just chose straightforward names for these new parameters.
|
|
|
|
|
|
|
|
|
| |
* Bump goldmark to v1.4.11
* add testcase
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update golang.org/x/crypto
- Update dependency to include fix for CVE.
- See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer
* Fix deprecation notice
* Remove workaround
- Introduced in https://github.com/go-gitea/gitea/pull/17281
- Fixed in x/crypto:
- https://github.com/golang/crypto/commit/5d542ad81a58c89581d596f49d0ba5d435481bcf
- & https://github.com/golang/crypto/commit/3147a52a75dda54ac3a611ef8978640d85188a2a
* Update Kex Algorithms
- Use standardized name for curve22519-sha256. https://github.com/golang/crypto/commit/9b076918e3c7e908b2bdea932f272a9979f2488a
- Prefer SHA256 version over SHA1 version. https://github.com/golang/crypto/commit/e4b3678e5f38521e67eba223ddd1902ceb3a303c
|
|
|
| |
Fix #18855
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update gitea.com/go-chi/binding
* update gitea.com/go-chi/cache
* update github.com/42wim/sshsig
* update github.com/PuerkitoBio/goquery
* update github.com/blevesearch/bleve/v2
* update github.com/caddyserver/certmagic
* update github.com/denisenkom/go-mssqldb
* update github.com/duo-labs/webauthn
* update github.com/dustin/go-humanize
* update github.com/editorconfig/editorconfig-core-go/v2
* update github.com/ethantkoenig/rupture
* update github.com/go-chi/chi/v5
* update github.com/go-git/go-git/v5
* update github.com/go-ldap/ldap/v3
* update github.com/go-redis/redis/v8
* update github.com/go-swagger/go-swagger
* update github.com/gogs/chardet
* update github.com/golang-jwt/jwt/v4
* update github.com/hashicorp/go-version
* update github.com/jaytaylor/html2text
* update github.com/klauspost/compress
* update github.com/lib/pq
* update github.com/markbates/goth
* update github.com/mattn/go-sqlite3
* update github.com/mholt/archiver/v3
* update github.com/microcosm-cc/bluemonday
* update github.com/minio/minio-go/v7
* update github.com/msteinert/pam
* update github.com/niklasfasching/go-org
* update github.com/olivere/elastic/v7
* update github.com/prometheus/client_golang
* update github.com/quasoft/websspi
* update github.com/stretchr/testify
* update github.com/unknwon/i18n
* update github.com/unrolled/render
* update github.com/xanzy/go-gitlab
* update github.com/yuin/goldmark
* update github.com/yuin/goldmark-highlighting
* update github.com/yuin/goldmark-meta
* post make vendor
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add make vendor back into update_dependencies.sh
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update update_dependencies.sh
* Update contrib/update_dependencies.sh
Co-authored-by: zeripath <art27@cantab.net>
* update mvdan.cc/xurls/v2
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
|
|
|
|
|
|
| |
- It was reported in the Matrix channel that Chroma [has support](https://github.com/alecthomas/chroma/commit/d40210297631298bde98a8fcfd52c3d2555cc367)
for the Fennel language, go-enry only added detection support for this
[in v2.7.2](https://github.com/go-enry/go-enry/commit/0affa3ccca37cd781600760956581c5f94ef8a3c).
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
|
|
|
|
| |
- v1.6.0 has a inconsistency with the proxy and github's tagged version,
updating to v1.6.1 should fix this issue.
- Resolves #18864
|
|
|
|
|
|
| |
Fix #14074
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Update gitea-vet
- Update gitea-vet to include latest 2 changes
https://gitea.com/gitea/gitea-vet/compare/7c98703580bef612b10f6a603883052f79acf9c0...master
* Tidy up go.sum
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
|
|
|
|
|
|
| |
- Update json-iterator/go to handle 1.18's new memory model with slices.
- Don't panic while running gitea with go 1.18
|
|
|
|
|
|
| |
* Update Goldmark to Goldmark 1.4.4
* nolint the deprecation
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
|
| |
JSON Schema validation for data used by Gitea during migrations
Discussion at https://forum.forgefriends.org/t/common-json-schema-for-repository-information/563
Co-authored-by: Loïc Dachary <loic@dachary.org>
|
| |
|
| |
|
|
|
| |
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
|
| |
Migrate from U2F to Webauthn
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Reset Session ID on login
When logging in the SessionID should be reset and the session cleaned up.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* with new session.RegenerateID function
Signed-off-by: Andrew Thornton <art27@cantab.net>
* update go-chi/session
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure that session id is changed after oauth data is set and between account linking pages too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per review
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
| |
Update chroma to 0.9.4
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add support for ssh commit signing
* Split out ssh verification to separate file
* Show ssh key fingerprint on commit page
* Update sshsig lib
* Make sure we verify against correct namespace
* Add ssh public key verification via ssh signatures
When adding a public ssh key also validate that this user actually
owns the key by signing a token with the private key.
* Remove some gpg references and make verify key optional
* Fix spaces indentation
* Update options/locale/locale_en-US.ini
Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Update templates/user/settings/keys_ssh.tmpl
Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Update options/locale/locale_en-US.ini
Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Update options/locale/locale_en-US.ini
Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Update models/ssh_key_commit_verification.go
Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Reword ssh/gpg_key_success message
* Change Badsignature to NoKeyFound
* Add sign/verify tests
* Fix upstream api changes to user_model User
* Match exact on SSH signature
* Fix code review remarks
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
|
|
|
|
|
| |
Fix #17880
Co-authored-by: Lauris BH <lauris@nix.lv>
|
|
|
|
|
|
|
| |
This PR fixes the builtin avatar generator.
1. The random background color makes some images very dirty. So now we only use white background for avatars.
2. We use left-right mirror avatars to satisfy #14799
3. Fix a small padding error in the algorithm
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
store (#17507)
* Simplify Gothic to use our session store instead of creating a different store
We have been using xormstore to provide a separate session store for our OAuth2 logins
however, this relies on using gorilla context and some doubling of our session storing.
We can however, simplify and simply use our own chi-based session store. Thus removing
a cookie and some of the weirdness with missing contexts.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per review
Signed-off-by: Andrew Thornton <art27@cantab.net>
* as per review
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Handle MaxTokenLength
Signed-off-by: Andrew Thornton <art27@cantab.net>
* oops
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
|
| |
|
|
|
|
|
|
|
| |
Upgrade Bluemonday to latest version
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
|
|
|
| |
Return rss/atom feed for user based on rss url suffix or Content-Type header.
|
| |
|
| |
|
|
|
| |
Co-authored-by: zeripath <art27@cantab.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update to latest go-chi/session where the NewManager causes a new
Provider instantiation instead of reconfiguring an old one.
(https://gitea.com/go-chi/session/pulls/1)
The NewManager call is now concurrency safe and would allow live
reconfiguration in future but for now this PR simply fixes an
intermittent "data-race" detected in our tests. (See
https://drone.gitea.io/go-gitea/gitea/43900/2/14)
Related #17027
Related #1441
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
|
| |
Fixes issue with windows users & letsencrypt
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
| |
|
|
|
|
|
| |
* Upgrade xorm to v1.2.2
* Change the Engine interface to match xorm v1.2.2
|
|
|
|
|
| |
* Upgrade github.com/google/go-github vv32.1.0 -> v37.0.0
* refactor: use GetX() func to reduce code
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Clean up oauth2 providers
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add AzureAD, AzureADv2, MicrosoftOnline OAuth2 providers
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review
* remove unused Scopes
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Upgrade to golang-jwt 3.2.2
Upgrade to the latest version of golang-jwt
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Forcibly replace the 3.2.1 version of golang-jwt/jwt and increase minimum Go version
Using go.mod we can forcibly replace the 3.2.1 version used by goth to 3.2.2.
Further given golang-jwt/jwts stated policy of only supporting supported go versions
we should just raise our minimal version of go to 1.16 for 1.16 as by time of release
1.15 will be out of support.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* update minimal go required
Signed-off-by: Andrew Thornton <art27@cantab.net>
* update config.yaml
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
|
|
|
| |
Fix #16546
|
| |
|
|
|
|
| |
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
|
| |
* update github.com/microcosm-cc/bluemonday
* add exec flag to contrib/update_dependencies.sh
* Fix TESTS
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* update gitea.com/go-chi/binding
* update github.com/blevesearch/bleve/v2
* update github.com/caddyserver/certmagic
* update github.com/go-git/go-git/v5
* update github.com/lafriks/xormstore
* update github.com/yuin/goldmark
* Revert "update gitea.com/go-chi/binding"
This reverts commit dea2f292b116114f9316fab95c5fd124174da404.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Add Dependencie Update Script
* update gitea.com/lunny/levelqueue
* update github.com/PuerkitoBio/goquery
* update github.com/alecthomas/chroma
* update github.com/blevesearch/bleve/v2
* update github.com/caddyserver/certmagic
* update github.com/go-enry/go-enry/v2
* update github.com/go-redis/redis/v8
* update github.com/hashicorp/golang-lru
* update github.com/klauspost/compress
* update github.com/markbates/goth
* update github.com/mholt/archiver/v3
* update github.com/microcosm-cc/bluemonday
* update github.com/minio/minio-go/v7
* update github.com/olivere/elastic/v7
* update github.com/xanzy/go-gitlab
* update github.com/yuin/goldmark
|
|
|
|
|
|
| |
Following the merging of https://github.com/go-git/go-git/pull/330 we
can now add a setting to avoid go-git reading and caching large objects.
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Upgrade Gliderlabs SSH to 0.3.3 and add FailedConnectionCallback
Following the merging of https://github.com/gliderlabs/ssh/pull/143 we
can now report connections to the ssh server that have failed before
public key exchange has completed using the standard fail2ban message.
This PR updates Gliderlabs SSH and adds a callback that will provide this
logging.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* move the callback to its own function to make the logging appear little nicer
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Improve get last commit using git log --name-status
git log --name-status -c provides information about the diff between a
commit and its parents. Using this and adjusting the algorithm to use
the first change to a path allows for a much faster generation of commit
info.
There is a subtle change in the results generated but this will cause
the results to more closely match those from elsewhere.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
|
|
|
|
| |
Co-authored-by: Mura Li <typeless@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
|