summaryrefslogtreecommitdiffstats
path: root/routers/api/v1/user
Commit message (Collapse)AuthorAgeFilesLines
* Record OAuth client type at registration (#21316)M Hickford2022-10-241-7/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The OAuth spec [defines two types of client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1), confidential and public. Previously Gitea assumed all clients to be confidential. > OAuth defines two client types, based on their ability to authenticate securely with the authorization server (i.e., ability to > maintain the confidentiality of their client credentials): > > confidential > Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with > restricted access to the client credentials), or capable of secure client authentication using other means. > > **public > Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.** > > The client type designation is based on the authorization server's definition of secure authentication and its acceptable exposure levels of client credentials. The authorization server SHOULD NOT make assumptions about the client type. https://datatracker.ietf.org/doc/html/rfc8252#section-8.4 > Authorization servers MUST record the client type in the client registration details in order to identify and process requests accordingly. Require PKCE for public clients: https://datatracker.ietf.org/doc/html/rfc8252#section-8.1 > Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message Fixes #21299 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Go 1.19 format (#20758)John Olheiser2022-08-301-5/+0
| | | | | | | | | | | | | | | | | | | | | | | | * 1.19 gofumpt Signed-off-by: jolheiser <john.olheiser@gmail.com> * Change CSV test Signed-off-by: jolheiser <john.olheiser@gmail.com> * Commit whitespace fixes from @zeripath Co-authored-by: zeripath <art27@cantab.net> * Update emoji Signed-off-by: jolheiser <john.olheiser@gmail.com> * bump swagger & fix generate-swagger Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
* Move some files into models' sub packages (#20262)Lunny Xiao2022-08-252-21/+20
| | | | | | | | | | | | | | | | | | | | | | | | | * Move some files into models' sub packages * Move functions * merge main branch * Fix check * fix check * Fix some tests * Fix lint * Fix lint * Revert lint changes * Fix error comments * Fix lint Co-authored-by: 6543 <6543@obermui.de>
* Pad GPG Key ID with preceding zeroes (#20878)zeripath2022-08-211-0/+7
|
* Only show Followers that current user can access (#20220)zeripath2022-07-051-4/+4
| | | | | | | | Users who are following or being followed by a user should only be displayed if the viewing user can see them. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Move some repository related code into sub package (#19711)Lunny Xiao2022-06-061-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move some repository related code into sub package * Move more repository functions out of models * Fix lint * Some performance optimization for webhooks and others * some refactors * Fix lint * Fix * Update modules/repository/delete.go Co-authored-by: delvh <dev.lh@web.de> * Fix test * Merge * Fix test * Fix test * Fix test * Fix test Co-authored-by: delvh <dev.lh@web.de>
* Move almost all functions' parameter db.Engine to context.Context (#19748)Lunny Xiao2022-05-206-8/+8
| | | | * Move almost all functions' parameter db.Engine to context.Context * remove some unnecessary wrap functions
* Move access and repo permission to models/perm/access (#19350)Lunny Xiao2022-05-113-6/+7
| | | | | * Move access and repo permission to models/perm/access * Remove unnecessary code
* Fix DELETE request for non-existent public key (#19443)Gusted2022-04-211-4/+9
| | | | | | - Add a return for the first "block" of errors, which fixes the double error messages. - Add a return for `externallyManaged`. - Resolves #19398
* Don't panic on `ErrEmailInvalid` (#19441)Gusted2022-04-201-3/+10
| | | | | - Don't panic on `ErrEmailInvalid`, this was caused due that we were trying to force `ErrEmailCharIsNotSupported` interface, which panics. - Resolves #19397
* Move organization related structs into sub package (#18518)Lunny Xiao2022-03-293-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move organization related structs into sub package * Fix test * Fix lint * Move more functions into sub packages * Fix bug * Fix test * Update models/organization/team_repo.go Co-authored-by: KN4CK3R <admin@oldschoolhack.me> * Apply suggestions from code review Co-authored-by: KN4CK3R <admin@oldschoolhack.me> * Fix fmt * Follow suggestion from @Gusted * Fix test * Fix test * Fix bug * Use ctx but db.DefaultContext on routers * Fix bug * Fix bug * fix bug * Update models/organization/team_user.go * Fix bug Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add `ContextUser` to http request context (#18798)KN4CK3R2022-03-267-69/+20
| | | | | This PR adds a middleware which sets a ContextUser (like GetUserByParams before) in a single place which can be used by other methods. For routes which represent a repo or org the respective middlewares set the field too. Also fix a bug in modules/context/org.go during refactoring.
* Use `ctx` instead of `db.DefaultContext` in some ↵wxiaoguang2022-03-222-3/+2
| | | | | | | | | | | | packages(routers/services/modules) (#19163) * Remove `db.DefaultContext` usage in routers, use `ctx` directly * Use `ctx` directly if there is one, remove some `db.DefaultContext` in `services` * Use ctx instead of db.DefaultContext for `cmd` and some `modules` packages * fix incorrect context usage
* Renamed ctx.User to ctx.Doer. (#19161)KN4CK3R2022-03-2210-69/+69
| | | | Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Restrict email address validation (#17688)Lunny Xiao2022-03-141-1/+2
| | | This didn't follow the RFC but it's a subset of that. I think we should narrow the allowed chars at first and discuss more possibility in future PRs.
* API: Return primary language and repository language stats API URL (#18396)Lauris BH2022-01-251-0/+5
|
* format with gofumpt (#18184)65432022-01-202-6/+5
| | | | | | | | | | | * gofumpt -w -l . * gofumpt -w -l -extra . * Add linter * manual fix * change make fmt
* Refactor auth package (#17962)Lunny Xiao2022-01-021-9/+9
|
* Refactor HTTP request context (#17979)wxiaoguang2021-12-151-1/+1
|
* Add missing `X-Total-Count` and fix some related bugs (#17968)qwerty2872021-12-151-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add missing `X-Total-Count` and fix some related bugs Adds `X-Total-Count` header to APIs that return a list but doesn't have it yet. Fixed bugs: * not returned after reporting error (https://github.com/qwerty287/gitea/blob/39eb82446c6fe5da3d79124e1f701f3795625b69/routers/api/v1/user/star.go#L70) * crash with index out of bounds, API issue/issueSubscriptions I also found various endpoints that return lists but do not apply/support pagination yet: ``` /repos/{owner}/{repo}/issues/{index}/labels /repos/{owner}/{repo}/issues/comments/{id}/reactions /repos/{owner}/{repo}/branch_protections /repos/{owner}/{repo}/contents /repos/{owner}/{repo}/hooks/git /repos/{owner}/{repo}/issue_templates /repos/{owner}/{repo}/releases/{id}/assets /repos/{owner}/{repo}/reviewers /repos/{owner}/{repo}/teams /user/emails /users/{username}/heatmap ``` If this is not expected, an new issue should be opened. Closes #13043 * fmt * Update routers/api/v1/repo/issue_subscription.go Co-authored-by: KN4CK3R <admin@oldschoolhack.me> * Use FindAndCount Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: 6543 <6543@obermui.de>
* Some repository refactors (#17950)Lunny Xiao2021-12-122-6/+7
| | | | | | | | | * some repository refactors * remove unnecessary code * Fix test * Remove unnecessary banner
* Move keys to models/asymkey (#17917)Lunny Xiao2021-12-102-43/+44
| | | | | | | | | | | | | | | | | | | * Move keys to models/keys * Rename models/keys -> models/asymkey * change the missed package name * Fix package alias * Fix test * Fix docs * Fix test * Fix test * merge
* Move repository model into models/repo (#17933)Lunny Xiao2021-12-102-2/+4
| | | | | | | | | | | | | | | * Some refactors related repository model * Move more methods out of repository * Move repository into models/repo * Fix test * Fix test * some improvements * Remove unnecessary function
* Move accessmode into models/perm (#17828)Lunny Xiao2021-11-282-2/+4
|
* Fix database inconsistent when admin change user email (#17549)Lunny Xiao2021-11-251-1/+1
|
* Move user related model into models/user (#17781)Lunny Xiao2021-11-248-23/+26
| | | | | | | | | | | | | * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
* Remove unnecessary attributes of User struct (#17745)Lunny Xiao2021-11-222-5/+5
| | | | | | | | | | | | | | | * Remove unnecessary functions of User struct * Move more database methods out of user struct * Move more database methods out of user struct * Fix template failure * Fix bug * Remove finished FIXME * remove unnecessary code
* Use a standalone struct name for Organization (#17632)Lunny Xiao2021-11-191-1/+1
| | | | | | | | | | | | | | | | | | | | | * Use a standalone struct name for Organization * recover unnecessary change * make the code readable * Fix template failure * Fix template failure * Move HasMemberWithUserID to org * Fix test * Remove unnecessary user type check * Fix test Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Move user follow and openid into models/user/ (#17613)Lunny Xiao2021-11-171-2/+3
| | | | | | | | | | | | | | | | | | | | | | | * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint * Move user follow and openid into models/user * Ignore the lint * Ignore the lint * Fix test * ignore stutters lint on UserOpenID
* Move EmailAddress & UserRedirect into models/user/ (#17607)Lunny Xiao2021-11-112-14/+15
| | | | | | | | | | | | | | | | | | | | | * Move EmailAddress into models/user/ * Fix test * rename user_mail to user_email * Fix test * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint
* Move login related structs and functions to models/login (#17093)Lunny Xiao2021-09-244-11/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Move login related structs and functions to models/login * Fix test * Fix lint * Fix lint * Fix lint of windows * Fix lint * Fix test * Fix test * Only load necessary fixtures when preparing unit tests envs * Fix lint * Fix test * Fix test * Fix error log * Fix error log * Fix error log * remove unnecessary change * fix error log * merge main branch
* [API] List limited and private orgs if authentificated (#16866)65432021-08-301-4/+2
| | | | | | | * fix bug #16785 and similar * code format * CI.restart()
* [API] generalize list header (#16551)65432021-08-128-20/+52
| | | | | | | | | | | | | * Add info about list endpoints to CONTRIBUTING.md * Let all list endpoints return X-Total-Count header * Add TODOs for GetCombinedCommitStatusByRef * Fix models/issue_stopwatch.go * Rrefactor models.ListDeployKeys * Introduce helper func and use them for SetLinkHeader related func
* Related refactors to ctx.FormX functions (#16567)65432021-08-111-2/+1
| | | | | | | * use FormTrim if posible * speedup goGet * only convert if nessesary
* Rename ctx.Form() to ctx.FormString() and move code into own file (#16571)65432021-08-112-2/+2
| | | | | | | Followup from #16562 prepare for #16567 * Rename ctx.Form() to ctx.FormString() * Reimplement FormX func to need less code and cpu cycles * Move code into own file
* Swagger AccessToken fixes (#16574)zeripath2021-08-011-7/+2
| | | | | | | | | | | There is a subtle problem with the Swagger definition for AccessTokens which causes autogeneration of APIs for these endpoints to fail. This PR corrects these errors. Ref: https://github.com/zeripath/java-gitea-api/issues/4 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Rename context.Query to context.Form (#16562)Lunny Xiao2021-07-292-3/+3
|
* update `user/repos` api description (#16503)Patrick Schratz2021-07-211-1/+1
| | | | | | | | | | | Currently states > List the repos that the authenticated user owns or has access to but the endpoint does not list all repos a user has access to, only the ones a user owns (Also verified and discussed in Discord) Fixes #16502
* Add option to provide signature for a token to verify key ownership (#14054)zeripath2021-07-131-4/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix various documentation, user-facing, and source comment typos (#16367)luzpaz2021-07-081-1/+1
| | | | | * Fix various doc, user-facing, and source comment typos Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby`
* Add Visible modes function from Organisation to Users too (#16069)Sergey Dryabzhinsky2021-06-262-1/+8
| | | | | | | | | | | | | | | | | | You can limit or hide organisations. This pull make it also posible for users - new strings to translte - add checkbox to user profile form - add checkbox to admin user.edit form - filter explore page user search - filter api admin and public user searches - allow admins view "hidden" users - add app option DEFAULT_USER_VISIBILITY - rewrite many files to use Visibility field - check for teams intersection - fix context output - right fake 404 if not visible Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net>
* [API] GET / SET User Settings (#16169)65432021-06-231-0/+83
| | | | | | | | | | | | | | | | | | | | * API: GET/SET User Settings * linter * Apply suggestions from code review * Update modules/structs/user.go * lint * fix swagger * move User2UserSettings to convert * as per @zeripath "preferences" -> "settings" Co-authored-by: techknowlogick <matti@mdranta.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* [API] expose repo.GetReviewers() & repo.GetAssignees() (#16168)65432021-06-171-7/+1
| | | | | | | * API: expose repo.GetReviewers() & repo.GetAssignees() * Add tests * fix unrelated swagger query type
* add some reponse status on api docs (#15399)a10121127962021-04-111-0/+12
| | | | | | Signed-off-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: 6543 <6543@obermui.de>
* Fix delete nonexist oauth application 500 and prevent deadlock (#15384)Lunny Xiao2021-04-101-1/+5
| | | | | | | | | | | | | | | | | | * Fix delete nonexist oauth application 500 * Fix test * Close the session Signed-off-by: Andrew Thornton <art27@cantab.net> * Update integrations/api_oauth2_apps_test.go * Fix more missed sess.Close * Remove unnecessary blank line Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* rsponse 404 when delete not exist email (#15383)a10121127962021-04-101-0/+6
| | | | | fix #15357 Signed-off-by: a1012112796 <1012112796@qq.com>
* [refactor] Unify the export of user data via API (#15144)65432021-03-273-6/+6
| | | | | * [refactor] unify how user data is exported via API * test time via unix timestamp
* Move macaron to chi (#14293)Lunny Xiao2021-01-264-11/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | Use [chi](https://github.com/go-chi/chi) instead of the forked [macaron](https://gitea.com/macaron/macaron). Since macaron and chi have conflicts with session share, this big PR becomes a have-to thing. According my previous idea, we can replace macaron step by step but I'm wrong. :( Below is a list of big changes on this PR. - [x] Define `context.ResponseWriter` interface with an implementation `context.Response`. - [x] Use chi instead of macaron, and also a customize `Route` to wrap chi so that the router usage is similar as before. - [x] Create different routers for `web`, `api`, `internal` and `install` so that the codes will be more clear and no magic . - [x] Use https://github.com/unrolled/render instead of macaron's internal render - [x] Use https://github.com/NYTimes/gziphandler instead of https://gitea.com/macaron/gzip - [x] Use https://gitea.com/go-chi/session which is a modified version of https://gitea.com/macaron/session and removed `nodb` support since it will not be maintained. **BREAK** - [x] Use https://gitea.com/go-chi/captcha which is a modified version of https://gitea.com/macaron/captcha - [x] Use https://gitea.com/go-chi/cache which is a modified version of https://gitea.com/macaron/cache - [x] Use https://gitea.com/go-chi/binding which is a modified version of https://gitea.com/macaron/binding - [x] Use https://github.com/go-chi/cors instead of https://gitea.com/macaron/cors - [x] Dropped https://gitea.com/macaron/i18n and make a new one in `code.gitea.io/gitea/modules/translation` - [x] Move validation form structs from `code.gitea.io/gitea/modules/auth` to `code.gitea.io/gitea/modules/forms` to avoid dependency cycle. - [x] Removed macaron log service because it's not need any more. **BREAK** - [x] All form structs have to be get by `web.GetForm(ctx)` in the route function but not as a function parameter on routes definition. - [x] Move Git HTTP protocol implementation to use routers directly. - [x] Fix the problem that chi routes don't support trailing slash but macaron did. - [x] `/api/v1/swagger` now will be redirect to `/api/swagger` but not render directly so that `APIContext` will not create a html render. Notices: - Chi router don't support request with trailing slash - Integration test `TestUserHeatmap` maybe mysql version related. It's failed on my macOS(mysql 5.7.29 installed via brew) but succeed on CI. Co-authored-by: 6543 <6543@obermui.de>
* Redirect on changed user and org name (#11649)Andrew Bezold2021-01-243-34/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add redirect for user * Add redirect for orgs * Add user redirect test * Appease linter * Add comment to DeleteUserRedirect function * Fix locale changes * Fix GetUserByParams * Fix orgAssignment * Remove debug logging * Add redirect prompt * Dont Export DeleteUserRedirect & only use it within a session * Unexport newUserRedirect * cleanup * Fix & Dedub API code * Format Template * Add Migration & rm dublicat * Refactor: unexport newRepoRedirect() & rm dedub del exec * if this fails we'll need to re-rename the user directory Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Disable SSH key deletion of externally managed Keys (#13985)zeripath2020-12-251-1/+10
| | | | | | | | | | | | | | | | * Disable SSH key addition and deletion when externally managed When a user has a login source which has SSH key management key addition and deletion using the UI should be disabled. Fix #13983 Signed-off-by: Andrew Thornton <art27@cantab.net> * Make only externally managed keys disabled Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-10 05:00:00 +0000