| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
WebAuthn have updated their specification to set the maximum size of the
CredentialID to 1023 bytes. This is somewhat larger than our current
size and therefore we need to migrate.
The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string
to the bytes field before another migration drops the old CredentialID field. Another migration
renames this field back.
Fix #20457
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Added properties for packages.
* Fixed authenticate header format.
* Added _catalog endpoint.
* Check owner visibility.
* Extracted condition.
* Added test for _catalog.
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
| |
hotfix #20106
|
| |
|
| |
Backport #20509
|
| |
|
|
| |
(#20504) (#20507)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
(#20432) (#20459)
`no-transform` allegedly disables CloudFlare auto-minify and we did not
set caching headers on html or api requests, which seems good to have
regardless.
Transformation is still allowed for asset requests.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Andrew Thornton <art27@cantab.net>
|
| | |
|
| |
|
|
|
| |
When viewing a subdirectory and the latest commit to that directory in
the table, the commit status icon incorrectly showed the status of the
HEAD commit instead of the latest for that directory.
|
| |
|
| |
Co-authored-by: 6543 <6543@obermui.de>
|
| |
|
|
|
|
|
|
|
| |
Backport #20220
Users who are following or being followed by a user should only be
displayed if the viewing user can see them.
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to issue (#20133) (#20188)
* Check if project has the same repository id with issue when assign project to issue
* Check if issue's repository id match project's repository id
* Add more permission checking
* Remove invalid argument
* Fix errors
* Add generic check
* Remove duplicated check
* Return error + add check for new issues
* Apply suggestions from code review
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
|
| | |
|
| |
|
|
|
|
|
| |
The code introduced by #18185 gets the error from response after it was processed by goth.
That is incorrect, as goth (and golang.org/x/oauth) doesn't really care about the error, and it sends a token request with an empty authorization code to the server anyway, which always results in a `oauth2: cannot fetch token: 400 Bad Request` error from goth.
It means that unless the "state" parameter is omitted from the error response (which is required to be present, according to [RFC 6749, Section 4.1.2.1](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1)) or the page is reloaded (makes the session invalid), a 500 Internal Server Error page will be displayed.
This fixes it by handling the error before the request is passed to goth.
|
| |
|
| |
Fixes #20080
|
| |
|
|
|
|
|
| |
Backport #20070
Just get all tags when creating the compare dropdown.
Fix #19936
|
| |
|
|
|
|
|
|
|
| |
Backport #20032
In DeleteIssue the PR git head reference should be `/refs/pull/xxx/head` not `/refs/pull/xxx`
Fix #19655
Signed-off-by: a1012112796 <1012112796@qq.com>
|
| |
|
|
|
|
|
|
|
| |
If there are dangling stopwatches with missing issues there will be repeated
logging of Unable to APIFormat stopwatches. These are unhelpful and instead
we should only log if the error is not an issue not exist error.
And we should also prevent an error on missing issue in GetActiveStopwatch too
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
| |
Fix #19988
Co-authored-by: zeripath <art27@cantab.net>
|
| |
|
|
|
| |
Use DisplayName() in Oauth as this provides a fallback if FullName is not set.
Closes #19382
|
| |
|
|
|
|
|
| |
fix #19970
by the way, fix some error response about protected tags.
Signed-off-by: a1012112796 <1012112796@qq.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Allow render HTML with css/js external links
* Fix bug because of filename escape chars
* Fix lint
* Update docs about new configuration item
* Fix bug of render HTML in sub directory
* Add CSP head for displaying iframe in rendering file
* Fix test
* Apply suggestions from code review
Co-authored-by: delvh <dev.lh@web.de>
* Some improvements
* some improvement
* revert change in SanitizerDisabled of external renderer
* Add sandbox for iframe and support allow-scripts and allow-same-origin
* refactor
* fix
* fix lint
* fine tune
* use single option RENDER_CONTENT_MODE, use sandbox=allow-scripts
* fine tune CSP
* Apply suggestions from code review
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
* When non-admin users use code search, get code unit accessible repos in one main query
* Modified some comments to match the changes
* Removed unnecessary check for Access Mode in Collaboration table
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
|
| |
|
| |
`tab` query argument and `TabName` in context is used only in profile so remove it from all other places where it's not used anymore.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Move access and repo permission to models/perm/access
* fix test
* fix git test
* Move functions sequence
* Some improvements per @KN4CK3R and @delvh
* Move issues related code to models/issues
* Move some issues related sub package
* Merge
* Fix test
* Fix test
* Fix test
* Fix test
* Rename some files
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Move access and repo permission to models/perm/access
* fix test
* Move some git related files into sub package models/git
* Fix build
* fix git test
* move lfs to sub package
* move more git related functions to models/git
* Move functions sequence
* Some improvements per @KN4CK3R and @delvh
|
| |
|
|
| |
* Unify context data
* Actually show invalid url in error
|
| | |
|
| |
|
|
|
|
|
|
| |
Add WebUI part of Auto merge feature
close #19621
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Fix some mirror bugs
* Remove unnecessary code
* Fix lint
* rename stdard url
* Allow more charactors in git ssh protocol url
* improve the detection
* support ipv6 for git url parse
* Fix bug
* Fix template
* Fix bug
* fix template
* Fix tmpl
* Fix tmpl
* Fix parse ssh with interface
* Rename functions name
Co-authored-by: zeripath <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Implement custom regular expression for external issue tracking.
Signed-off-by: Alexander Beyn <malex@fatelectrons.org>
* Fix syntax/style
* Update repo.go
* Set metas['regexp']
* gofmt
* fix some tests
* fix more tests
* refactor frontend
* use LRU cache for regexp
* Update modules/markup/html_internal_test.go
Co-authored-by: Alexander Beyn <malex@fatelectrons.org>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Refactor git module, make Gitea use internal git config, add safe.directory config
* introduce git.InitSimple and git.InitWithConfigSync, make serv cmd use gitconfig
* use HOME instead of GIT_CONFIG_GLOBAL, because git always needs a correct HOME
* fix cmd env in cmd/serv.go
* fine tune error message
* Fix a incorrect test case
* fix configAddNonExist
* fix configAddNonExist logic, add `--fixed-value` flag, add tests
* add configSetNonExist function in case it's needed.
* use configSetNonExist for `user.name` and `user.email`
* add some comments
* Update cmd/serv.go
Co-authored-by: zeripath <art27@cantab.net>
* Update cmd/serv.go
Co-authored-by: zeripath <art27@cantab.net>
* Update modules/git/git.go
Co-authored-by: zeripath <art27@cantab.net>
* Update modules/setting/setting.go
Co-authored-by: zeripath <art27@cantab.net>
* Update modules/git/repo_attribute.go
Co-authored-by: zeripath <art27@cantab.net>
* fix spaces in messages
* use `configSet("core.protectNTFS", ...)` instead of `globalCommandArgs`
* remove GIT_CONFIG_NOSYSTEM, continue to use system's git config
* Update cmd/serv.go
Co-authored-by: zeripath <art27@cantab.net>
* fix merge
* remove code for safe.directory
* separate git.CommonEnvs to CommonGitCmdEnvs and CommonCmdServEnvs
* avoid Golang's data race error
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Create finding files page ui in repo page
* Get tree entries for find repo files.
* Move find files JS to individual file.
* gen swagger.
* Add enry.IsVendor to exclude entries
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
|
| | |
|
| |
|
|
|
|
| |
Automatically add sidebar in the wiki view containing a TOC for the wiki page.
Make the TOC collapsable
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Ensure minimum mirror interval is reported on settings page
Expecting users to guess the minimum mirror interval appears a little unkind.
In this PR we simply change the locale string to include the minimum interval.
This will of course be affected by our current localization framework but...
we can fix that else where.
This PR also includes some fixes for error handling on the settings page as
previously the mirror block amongst others would simply disappear on error.
Fix #3737
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update options/locale/locale_en-US.ini
Co-authored-by: Gusted <williamzijl7@hotmail.com>
* placate lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update options/locale/locale_en-US.ini
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Move some repository related code into sub package
* Move more repository functions out of models
* Fix lint
* Some performance optimization for webhooks and others
* some refactors
* Fix lint
* Fix
* Update modules/repository/delete.go
Co-authored-by: delvh <dev.lh@web.de>
* Fix test
* Merge
* Fix test
* Fix test
* Fix test
* Fix test
Co-authored-by: delvh <dev.lh@web.de>
|
| |
|
|
|
| |
Fixes #19791 by adding an check if filtering after any repo; if yes, simply set the total count for the pageing to the sum of the issue count for each selected repo by utilize `issueCountByRepo`.
Fix #19791
|
| |
|
|
|
|
|
|
|
|
| |
- To use the web's API to get information about a issue/pull on a
repository, doesn't require authorization(nor that the repository isn't
archived).
- Regressed by: #19318
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
| |
Milestones in archived repos should not be displayed on `/milestones`. Therefore
we should exclude these repositories from milestones page.
Fix #18257
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Disable unnecessary mirroring elements
This mod fixes disabling unnecessary mirroring elements.
Related: https://github.com/go-gitea/gitea/pull/16957
Related: https://github.com/go-gitea/gitea/pull/13084
Author-Change-Id: IB#1105104
* Checkbox rendering disabled instead of hiding it
Fixes: 02b45051503d4330da9757ff084c9cc5e6e60d84
Related: https://github.com/go-gitea/gitea/pull/18527#pullrequestreview-878061913
Author-Change-Id: IB#1105104
* Update custom/conf/app.example.ini
Co-authored-by: silverwind <me@silverwind.io>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-authored-by: silverwind <me@silverwind.io>
* Mirror filter removed only when whole mirroring feature is disabled
Fixes: 02b45051503d4330da9757ff084c9cc5e6e60d84
Related: https://github.com/go-gitea/gitea/pull/18527#discussion_r883268890
Author-Change-Id: IB#1105104
Co-authored-by: silverwind <me@silverwind.io>
|
| |
|
|
|
| |
* Adding button to link accounts from user settings
* Only display button to link user accounts when at least one OAuth2 provider is active
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the context is cancelled `.NotificationUnreadCount` in a template can
cause an infinite loop with `ctx.ServerError()` being called, which
creates a template that then calls `.NotificationUnreadCount` calling
`GetNotificationCount()` with the cancelled context resulting in an
error that calls `ctx.ServerError`... and so on...
This PR simply stops calling `ctx.ServerError` in the error handler code
for `.NotificationUnreadCount` as we have already started rendering and
so it is too late to call `ctx.ServerError`. Additionally we skip
logging the error if it's a context cancelled error.
Fix #19793
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The cache service can be disabled - at which point ctx.Cache will be nil
and the use of it will cause an NPE.
The main part of this PR is that the cache is used for restricting
resending of activation mails and without this we cache we cannot
restrict this. Whilst this code could be re-considered to use the db and
probably should be, I think we can simply disable this code in the case
that the cache is disabled.
There are also several bug fixes in the /nodeinfo API endpoint.
Signed-off-by: Andrew Thornton <art27@cantab.net>
|
| |
|
|
| |
* Move almost all functions' parameter db.Engine to context.Context
* remove some unnecessary wrap functions
|
| |
|
|
|
| |
* Move org functions
* Fix comment
|
| |
|
|
|
|
|
|
| |
use http.StatusTemporaryRedirect(307) when serve avatar directly
browser caches 301 redirections, pre-signed s3 url would expire at some later point
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
|
| |
|
|
|
|
|
| |
- Don't use hacky solution to limit to the correct RepoID's, instead use
current code to handle these limits. The existing code is more correct
than the hacky solution.
- Resolves #19636
- Add test-case
|
| |
|
|
|
|
|
| |
* update gitea.com/go-chi/cache -> v0.2.0
* ajust to new interface
* refactor
|
