summaryrefslogtreecommitdiffstats
path: root/routers/web
Commit message (Collapse)AuthorAgeFilesLines
* Fix various typos (#18219)luzpaz2022-01-101-1/+1
| | | | | Found via `codespell -q 3 -S ./options/locale,./vendor -L ba,pullrequest,pullrequests,readby,te,unknwon` Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Show OAuth callback error message (#18185)KN4CK3R2022-01-071-1/+35
| | | | | | | | | | | * Show callback error message. * lint * Use error code to display a message. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add warning for BIDI characters in page renders and in diffs (#17562)zeripath2022-01-074-16/+40
| | | | | | | | | | | | Fix #17514 Given the comments I've adjusted this somewhat. The numbers of characters detected are increased and include things like the use of U+300 to make à instead of à and non-breaking spaces. There is a button which can be used to escape the content to show it. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Gwyneth Morgan <gwymor@tilde.club> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add replay of webhooks. (#18191)KN4CK3R2022-01-052-5/+36
|
* Load EasyMDE/CodeMirror dynamically, remove RequireEasyMDE (#18069)wxiaoguang2022-01-057-19/+0
| | | This PR makes frontend load EasyMDE/CodeMirror dynamically, and removes `RequireEasyMDE`.
* refactoring nits (#18188)65432022-01-051-1/+0
| | | | | | | * no octal for time values * rm artifact from refactoring Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Team permission allow different unit has different permission (#17811)Lunny Xiao2022-01-051-27/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * fix * gofumpt * Integration test for migration (#18124) integrations: basic test for Gitea {dump,restore}-repo This is a first step for integration testing of DumpRepository and RestoreRepository. It: runs a Gitea server, dumps a repo via DumpRepository to the filesystem, restores the repo via RestoreRepository from the filesystem, dumps the restored repository to the filesystem, compares the first and second dump and expects them to be identical The verification is trivial and the goal is to add more tests for each topic of the dump. Signed-off-by: Loïc Dachary <loic@dachary.org> * Team permission allow different unit has different permission * Finish the interface and the logic * Fix lint * Fix translation * align center for table cell content * Fix fixture * merge * Fix test * Add deprecated * Improve code * Add tooltip * Fix swagger * Fix newline * Fix tests * Fix tests * Fix test * Fix test * Max permission of external wiki and issues should be read * Move team units with limited max level below units table * Update label and column names * Some improvements * Fix lint * Some improvements * Fix template variables * Add permission docs * improve doc * Fix fixture * Fix bug * Fix some bug * Fix bug Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
* Don't delete branch if other PRs with this branch are open (#18164)a10121127962022-01-032-1/+35
| | | | | fix #18149 Signed-off-by: a1012112796 <1012112796@qq.com>
* Remove unused route "/tasks/trigger" (#18160)Gusted2022-01-033-66/+0
| | | ref: https://github.com/go-gitea/gitea/pull/18160#issuecomment-1004091325
* Refactor auth package (#17962)Lunny Xiao2022-01-0223-2228/+2355
|
* Unify and simplify TrN for i18n (#18141)wxiaoguang2022-01-023-17/+4
| | | | | Refer: https://github.com/go-gitea/gitea/pull/18135#issuecomment-1003246099 Now we have a unique and simple `TrN`, and make the fix of PR #18135 also use the better `TrN` logic.
* Use correct user when determining max repo limits for error messages (#18153)Gusted2022-01-023-3/+3
| | | - Use the correct user(`owner` instead of `ctx.User`) to get the maxCreationLimit.
* Allow admin to associate missing LFS objects for repositories (#18143)wxiaoguang2022-01-011-10/+18
| | | | | | | This PR reworked the Find pointer files feature in Settings -> LFS page. When a LFS object is missing from database but exists in LFS content store, admin can associate it to the repository by clicking the Associate button. This PR is not perfect (because the LFS module itself should be improved too), it's just a nice-to-have feature to help users recover their LFS repositories (eg: database was lost / table was truncated)
* Use correct translation key (#18135)Gusted2021-12-313-3/+22
| | | | | - Resolves #18122 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix wrong redirect on org labels (#18128)KN4CK3R2021-12-301-1/+1
|
* Removed unused method. (#18129)KN4CK3R2021-12-301-36/+0
| | | Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Removed unused endpoint. (#18127)KN4CK3R2021-12-292-15/+0
|
* Use conditions but not repo ids as query condition (#16839)Lunny Xiao2021-12-291-156/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Use conditions but not repo ids as query condition * Improve the performance of pulls/issue * Remove duplicated code * fix lint * Fix bug * Fix stats * More fixes * Fix build * Fix lint * Fix test * Fix build * Adjust the logic * Merge * Fix conflicts * improve the performance * Add comments for the query conditions functions * Some improvements
* Instead of using routerCtx just escape the url before routing (#18086)zeripath2021-12-251-5/+0
| | | | | | | | | | | | | | | | A consequence of forcibly setting the RoutePath to the escaped url is that the auto routing to endpoints without terminal slashes fails (Causing #18060.) This failure raises the possibility that forcibly setting the RoutePath causes other unexpected behaviors too. Therefore, instead we should simply pre-escape the URL in the process registering handler. Then the request URL will be properly escaped for all the following calls. Fix #17938 Fix #18060 Replace #18062 Replace #17997 Signed-off-by: Andrew Thornton <art27@cantab.net>
* When the git repository on storage is changed, the repository modal should ↵wxiaoguang2021-12-241-2/+24
| | | | | | | | | | also be updated (#18088) User would keep seeing an empty repo if: * An error occurs during the first git pushing/receiving * A user replaces the Gitea's empty repository manually Fix: when a user is viewing the repository web page, if the repoModal.IsEmpty is true, we check the git repository again to detect whether it is really empty. However: the IsEmpty flag is deeply broken and should be removed. For example it's possible for a repository to be non-empty by that flag but still 500 because there are no branches - only tags -or the default branch is non-extant as it has been 0-pushed.
* Improve interface when comparing a branch which has created a pull request ↵Lunny Xiao2021-12-241-0/+4
| | | | | | | | (#17911) * Improve interface when comparing a branch which has created a pull request * Take the note back
* Do not read or write git reference files directly (#18079)zeripath2021-12-231-2/+2
| | | | | | | | | | Git will and can pack references into packfiles and therefore if you write/read the files directly you will get false results. Instead you should use update-ref and show-ref. To that end I have created three new functions in git/repo_commit.go that will do this correctly. Related #17191 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Migrated Repository will show modifications when possible (#17191)99rgosse2021-12-231-1/+39
| | | | * Read patches to get history
* Add NotFound handler (#18062)zeripath2021-12-221-0/+10
| | | | | | | | | | | | | PR #17997 means that urls with terminal '/' are no longer immediately mapped to the url without a terminal slash. However, it has revealed that the NotFound handler appears to have been lost. This PR adds back in a NotFound handler that simply redirects to a path without the terminal slash or runs the NotFound handler. Fix #18060 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Ensure that git repository is closed before transfer (#18049)zeripath2021-12-211-0/+5
| | | | | | | | | | Repository Transfer requires that the repository directory is renamed - which is not possible on Windows if the git repository is open. Fix #17885 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Move POST /{username}/action/{action} to simply POST /{username} (#18045)zeripath2021-12-202-5/+3
| | | | | | | | | | The current code unfortunately requires that `action` be a reserved repository name as it prevents posts to change the settings for action repositories. However, we can simply change action handler to work on POST /{username} instead. Fix #18037 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Reset Session ID on login (#18018)zeripath2021-12-202-5/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | * Reset Session ID on login When logging in the SessionID should be reset and the session cleaned up. Signed-off-by: Andrew Thornton <art27@cantab.net> * with new session.RegenerateID function Signed-off-by: Andrew Thornton <art27@cantab.net> * update go-chi/session Signed-off-by: Andrew Thornton <art27@cantab.net> * Ensure that session id is changed after oauth data is set and between account linking pages too Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> * as per review Signed-off-by: Andrew Thornton <art27@cantab.net>
* Simplify parameter types (#18006)Gusted2021-12-205-7/+7
| | | Remove repeated type declarations in function definitions.
* Abort merge if head has been updated before pressing merge (#18032)zeripath2021-12-201-1/+6
| | | | | | | | | | | | | | | | | | | | | | | * Abort merge if head has been updated before pressing merge It is possible that a PR head may be pushed to between the merge page being shown and the merge button being pressed. Pass the current expected head in as a parameter and cancel the merge if it has changed. Fix #18028 Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust swagger Signed-off-by: Andrew Thornton <art27@cantab.net> * fix test Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net>
* Reset locale on login (#18023)zeripath2021-12-191-0/+33
| | | | | | | | | | | | | | * Reset locale on login Fix #18020 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update routers/web/user/auth.go Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com>
* Add support for ssh commit signing (#17743)Wim2021-12-191-0/+23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add support for ssh commit signing * Split out ssh verification to separate file * Show ssh key fingerprint on commit page * Update sshsig lib * Make sure we verify against correct namespace * Add ssh public key verification via ssh signatures When adding a public ssh key also validate that this user actually owns the key by signing a token with the private key. * Remove some gpg references and make verify key optional * Fix spaces indentation * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update templates/user/settings/keys_ssh.tmpl Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update models/ssh_key_commit_verification.go Co-authored-by: Gusted <williamzijl7@hotmail.com> * Reword ssh/gpg_key_success message * Change Badsignature to NoKeyFound * Add sign/verify tests * Fix upstream api changes to user_model User * Match exact on SSH signature * Fix code review remarks Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Support open compare page directly (#17975)Lunny Xiao2021-12-172-14/+13
| | | | | | | | | * Support open compare page directly * simple code * Some improvements Co-authored-by: 6543 <6543@obermui.de>
* Add option to define refs in issue templates (#17842)qwerty2872021-12-171-0/+3
| | | | Adds a markdown header option `ref` that allows you to set the ref the issue should belong.
* Ensure complexity, minlength and ispwned are checked on password setting ↵zeripath2021-12-171-1/+16
| | | | | | | | | | | | (#18005) It appears that there are several places that password length, complexity and ispwned are not currently been checked when changing passwords. This PR adds these. Fix #17977 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Use JSON module instead of stdlib json (#18003)Gusted2021-12-171-1/+1
|
* Prevent hang in git cat-file if repository is not a valid repository and ↵zeripath2021-12-162-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | other fixes (#17991) This PR contains multiple fixes. The most important of which is: * Prevent hang in git cat-file if the repository is not a valid repository Unfortunately it appears that if git cat-file is run in an invalid repository it will hang until stdin is closed. This will result in deadlocked /pulls pages and dangling git cat-file calls if a broken repository is tried to be reviewed or pulls exists for a broken repository. Fix #14734 Fix #9271 Fix #16113 Otherwise there are a few small other fixes included which this PR was initially intending to fix: * Fix panic on partial compares due to missing PullRequestWorkInProgressPrefixes * Fix links on pulls pages due to regression from #17551 - by making most /issues routes match /pulls too - Fix #17983 * Fix links on feeds pages due to another regression from #17551 but also fix issue with syncing tags - Fix #17943 * Add missing locale entries for oauth group claims * Prevent NPEs if ColorFormat is called on nil users, repos or teams.
* Add Reindex buttons to repository settings page (#17494)zeripath2021-12-161-0/+47
| | | | | | | | | | This PR adds reindexing request buttons to the repository settings page. Fix #3796 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Shorten page title in file view (#17987)silverwind2021-12-151-1/+5
| | | | | | | | Move the more relevant sections of the page title earlier which make it possible to distinguish multiple tabs from each other when tab width is limited. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Refactor HTTP request context (#17979)wxiaoguang2021-12-159-36/+36
|
* Add missing `X-Total-Count` and fix some related bugs (#17968)qwerty2872021-12-153-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add missing `X-Total-Count` and fix some related bugs Adds `X-Total-Count` header to APIs that return a list but doesn't have it yet. Fixed bugs: * not returned after reporting error (https://github.com/qwerty287/gitea/blob/39eb82446c6fe5da3d79124e1f701f3795625b69/routers/api/v1/user/star.go#L70) * crash with index out of bounds, API issue/issueSubscriptions I also found various endpoints that return lists but do not apply/support pagination yet: ``` /repos/{owner}/{repo}/issues/{index}/labels /repos/{owner}/{repo}/issues/comments/{id}/reactions /repos/{owner}/{repo}/branch_protections /repos/{owner}/{repo}/contents /repos/{owner}/{repo}/hooks/git /repos/{owner}/{repo}/issue_templates /repos/{owner}/{repo}/releases/{id}/assets /repos/{owner}/{repo}/reviewers /repos/{owner}/{repo}/teams /user/emails /users/{username}/heatmap ``` If this is not expected, an new issue should be opened. Closes #13043 * fmt * Update routers/api/v1/repo/issue_subscription.go Co-authored-by: KN4CK3R <admin@oldschoolhack.me> * Use FindAndCount Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: 6543 <6543@obermui.de>
* Add Option to synchronize Admin & Restricted states from OIDC/OAuth2 along ↵zeripath2021-12-143-30/+113
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | with Setting Scopes (#16766) * Add setting to OAuth handlers to override local 2FA settings This PR adds a setting to OAuth and OpenID login sources to allow the source to override local 2FA requirements. Fix #13939 Signed-off-by: Andrew Thornton <art27@cantab.net> * Fix regression from #16544 Signed-off-by: Andrew Thornton <art27@cantab.net> * Add scopes settings Signed-off-by: Andrew Thornton <art27@cantab.net> * fix trace logging in auth_openid Signed-off-by: Andrew Thornton <art27@cantab.net> * add required claim options Signed-off-by: Andrew Thornton <art27@cantab.net> * Move UpdateExternalUser to externalaccount Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow OAuth2/OIDC to set Admin/Restricted status Signed-off-by: Andrew Thornton <art27@cantab.net> * Allow use of the same group claim name for the prohibit login value Signed-off-by: Andrew Thornton <art27@cantab.net> * fixup! Move UpdateExternalUser to externalaccount * as per wxiaoguang Signed-off-by: Andrew Thornton <art27@cantab.net> * add label back in Signed-off-by: Andrew Thornton <art27@cantab.net> * adjust localisation Signed-off-by: Andrew Thornton <art27@cantab.net> * placate lint Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Return nicer error for ForcePrivate (#17971)zeripath2021-12-141-1/+1
|
* Some repository refactors (#17950)Lunny Xiao2021-12-1212-40/+42
| | | | | | | | | * some repository refactors * remove unnecessary code * Fix test * Remove unnecessary banner
* Move keys to models/asymkey (#17917)Lunny Xiao2021-12-108-67/+78
| | | | | | | | | | | | | | | | | | | * Move keys to models/keys * Rename models/keys -> models/asymkey * change the missed package name * Fix package alias * Fix test * Fix docs * Fix test * Fix test * merge
* Clean legacy SimpleMDE code (#17926)wxiaoguang2021-12-107-19/+19
| | | | | | | | | | | Since we are using EasyMDE now, we do not need to keep the SimpleMDE code anymore. This PR removes all legacy SimpleMDE code, and makes some related changes: * `createCommentEasyMDE` can accept native DOM element, and it doesn't need `jQuery.data` to store EasyMDE editor object (as discussed about the frontend guideline). * introduce `getAttachedEasyMDE` to get the attached EasyMDE editor object, it's easier to find all the usage of EasyMDE. * rename variable names from `$simplemde` to `easyMDE`, the `$` was incorrect because it is a EasyMDE editor, not a jQuery object. With this PR, it will be easier to do more refactoring or replacing EasyMDE with other editors.
* Move repository model into models/repo (#17933)Lunny Xiao2021-12-1026-163/+198
| | | | | | | | | | | | | | | * Some refactors related repository model * Move more methods out of repository * Move repository into models/repo * Fix test * Fix test * some improvements * Remove unnecessary function
* Improve checkBranchName (#17901)zeripath2021-12-083-5/+5
| | | | | | | | | | | | The current implementation of checkBranchName is highly inefficient involving opening the repository, the listing all of the branch names checking them individually before then using using opened repo to get the tags. This PR avoids this by simply walking the references from show-ref instead of opening the repository (in the nogogit case). Signed-off-by: Andrew Thornton <art27@cantab.net>
* Support sorting for project board issuses (#17152)Anbraten2021-12-082-19/+39
| | | Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Allow default branch to be inferred on compare page (#17908)John Olheiser2021-12-061-3/+9
| | | | | | | | | | | * Allow default branch to be inferred Signed-off-by: jolheiser <john.olheiser@gmail.com> * Add test for inferred default branch Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Move repo archiver to models/repo (#17913)Lunny Xiao2021-12-061-9/+9
| | | | | | | | | | | * Move repo archiver to models/repo * Move archiver service into services/repository/ * Fix imports * Fix test * Fix test