summaryrefslogtreecommitdiffstats
path: root/templates/user
Commit message (Collapse)AuthorAgeFilesLines
* Prevent hang in git cat-file if repository is not a valid repository and ↵zeripath2021-12-161-22/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | other fixes (#17991) This PR contains multiple fixes. The most important of which is: * Prevent hang in git cat-file if the repository is not a valid repository Unfortunately it appears that if git cat-file is run in an invalid repository it will hang until stdin is closed. This will result in deadlocked /pulls pages and dangling git cat-file calls if a broken repository is tried to be reviewed or pulls exists for a broken repository. Fix #14734 Fix #9271 Fix #16113 Otherwise there are a few small other fixes included which this PR was initially intending to fix: * Fix panic on partial compares due to missing PullRequestWorkInProgressPrefixes * Fix links on pulls pages due to regression from #17551 - by making most /issues routes match /pulls too - Fix #17983 * Fix links on feeds pages due to another regression from #17551 but also fix issue with syncing tags - Fix #17943 * Add missing locale entries for oauth group claims * Prevent NPEs if ColorFormat is called on nil users, repos or teams.
* Removed SizeFmt. (#17890)KN4CK3R2021-12-031-2/+2
| | | Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Remove unnecessary attributes of User struct (#17745)Lunny Xiao2021-11-222-2/+2
| | | | | | | | | | | | | | | * Remove unnecessary functions of User struct * Move more database methods out of user struct * Move more database methods out of user struct * Fix template failure * Fix bug * Remove finished FIXME * remove unnecessary code
* Support pagination of organizations on user settings pages (#16083)Lunny Xiao2021-11-221-0/+1
| | | | | | * Add pagination for user setting orgs * Use FindOrgs instead of GetOrgsByUserID * Remove unnecessary functions and fix test * remove unnecessary code
* Fix correct usage of teams (#17732)Gusted2021-11-201-2/+2
| | | | | | | - `.Teams` isn't a field on the User type, thus using the seperate loaded teams. - Add a space between `PathEscape` and argument. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Cleanup and use global style on popups (#17674)silverwind2021-11-184-11/+11
| | | | | | | | | | | | | * Cleanup and use global style on popups - Fix typo 'poping' to 'popping' - Remove most inline 'data-variation' attributes - Initialize all popups with 'inverted tiny' variation * misc tweaks * rename to .tooltip, use jQuery Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Multiple Escaping Improvements (#17551)zeripath2021-11-168-64/+64
| | | | | | | | | | | | | | There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this. This is an extensive PR attempting to fix these issues. 1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping. 2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand. 3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.) 5. The title generation in feeds is now properly escaped. 6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow U2F 2FA without TOTP (#11573)Kamil Domański2021-11-083-27/+25
| | | | | | | This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495
* Move key forms before list and add cancel button (#17432)qwerty2872021-10-282-65/+63
| | | | | | | * Move GPG form before list and add cancel button * Move SSH form before list and add cancel button Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add appearance section in settings (#17433)qwerty2872021-10-274-52/+77
| | | | | | | | | | | | | * Add appearance section in settings * Fix lint * Fix lint * Apply suggestions from code review Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lauris BH <lauris@nix.lv>
* Add groups scope/claim to OIDC/OAuth2 Provider (#17367)Nico Schieder2021-10-221-2/+4
| | | | | | | | | | | * Add groups scope/claim to OICD/OAuth2 Add support for groups claim as part of the OIDC/OAuth2 flow. Groups is a list of "org" and "org:team" strings to allow clients to authorize based on the groups a user is part of. Signed-off-by: Nico Schieder <code@nico-schieder.de> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix dashboard repolist alignment and repolisting (#17355)zeripath2021-10-191-1/+2
| | | | | | | | | | | | | | Unfortunately #17301 broke the restriction of the dashboard repolist to the user's repos because it stopped passing in the uid for the current user. This PR restores this. There is also a weird alignment problem - not caused by that PR - where the menu items in the repolist spread over multiple lines. This PR simply reduces the padding on these items and switches the justification of the flex elements to space-evenly. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Disable form autofill (#17291)wxiaoguang2021-10-191-1/+2
| | | | | | | ]* fix aria-hidden and tabindex * use {{template "base/disable_form_autofill"}} instead of {{DisableFormAutofill}} Co-authored-by: zeripath <art27@cantab.net>
* Frontend refactor: move Vue related code from `index.js` to `components` ↵wxiaoguang2021-10-151-7/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dir, and remove unused codes. (#17301) * frontend refactor * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Update templates/base/head.tmpl Co-authored-by: delvh <dev.lh@web.de> * Update docs/content/doc/developers/guidelines-frontend.md Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> * fix typo * fix typo * refactor PageData to pageData * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Simply for the visual difference. Co-authored-by: delvh <dev.lh@web.de> * Revert "Apply suggestions from code review" This reverts commit 4d78ad9b0e96ca180e0823de17659a2e0814c099. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Prevent leave changes dialogs due to autofill fields (#16912)zeripath2021-09-021-1/+1
| | | | | | | | | Add ignore-dirty to /user/settings/account Add autocomplete="off" to push_mirror_address form on /:owner/:repo/settings Fix #16861 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add modals to Organization and Team remove/leave (#16471)zeripath2021-08-2611-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | * Add modals to Organization and Team remove/leave Add confirmation modals to Organization and Team remove and leave. Fix #16215 Signed-off-by: Andrew Thornton <art27@cantab.net> * avoid for-in Signed-off-by: Andrew Thornton <art27@cantab.net> * Revert "avoid for-in" This reverts commit 2af9a6f9d46ed31b6fc6e3a29e695577dcf09f75. * Apply suggestions from code review Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Report the correct number of pushes on the feeds (#16811)zeripath2021-08-251-1/+1
| | | | | | | | | | | | | | | | * Report the correct number of pushes on the feeds Since the number of commits in the Action table has been limited to 5 the number of commits reported on the feeds page is now incorrectly also limited to 5. The correct number is available as the Len and this PR changes this to report this. Fix #16804 Signed-off-by: Andrew Thornton <art27@cantab.net> * Update templates/user/dashboard/feeds.tmpl Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Added introspection endpoint. (#16752)KN4CK3R2021-08-201-0/+1
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Replace `list.List` with slices (#16311)KN4CK3R2021-08-091-11/+9
| | | | | | | | | | | | | | | | | | | * Replaced list with slice. * Fixed usage of pointer to temporary variable. * Replaced LIFO list with slice. * Lint * Removed type check. * Removed duplicated code. * Lint * Fixed merge. Co-authored-by: 6543 <6543@obermui.de>
* Refactor: Move login out of models (#16199)zeripath2021-07-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | `models` does far too much. In particular it handles all `UserSignin`. It shouldn't be responsible for calling LDAP, SMTP or PAM for signing in. Therefore we should move this code out of `models`. This code has to depend on `models` - therefore it belongs in `services`. There is a package in `services` called `auth` and clearly this functionality belongs in there. Plan: - [x] Change `auth.Auth` to `auth.Method` - as they represent methods of authentication. - [x] Move `models.UserSignIn` into `auth` - [x] Move `models.ExternalUserLogin` - [x] Move most of the `LoginVia*` methods to `auth` or subpackages - [x] Move Resynchronize functionality to `auth` - Involved some restructuring of `models/ssh_key.go` to reduce the size of this massive file and simplify its files. - [x] Move the rest of the LDAP functionality in to the ldap subpackage - [x] Re-factor the login sources to express an interfaces `auth.Source`? - I've done this through some smaller interfaces Authenticator and Synchronizable - which would allow us to extend things in future - [x] Now LDAP is out of models - need to think about modules/auth/ldap and I think all of that functionality might just be moveable - [x] Similarly a lot Oauth2 functionality need not be in models too and should be moved to services/auth/source/oauth2 - [x] modules/auth/oauth2/oauth2.go uses xorm... This is naughty - probably need to move this into models. - [x] models/oauth2.go - mostly should be in modules/auth/oauth2 or services/auth/source/oauth2 - [x] More simplifications of login_source.go may need to be done - Allow wiring in of notify registration - *this can now easily be done - but I think we should do it in another PR* - see #16178 - More refactors...? - OpenID should probably become an auth Method but I think that can be left for another PR - Methods should also probably be cleaned up - again another PR I think. - SSPI still needs more refactors.* Rename auth.Auth auth.Method * Restructure ssh_key.go - move functions from models/user.go that relate to ssh_key to ssh_key - split ssh_key.go to try create clearer function domains for allow for future refactors here. Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add fluid to ui container class to remove margin (#16396)Stanley Hu2021-07-202-2/+2
|
* Improve 2FA autofill (#16473)Jonathan Herlin2021-07-181-1/+1
| | | This improves the autofill suggestion on mobile devices and some password managers
* show tag name on dashboard items list (#16466)a10121127962021-07-171-1/+1
| | | | | fix #16458 Signed-off-by: a1012112796 <1012112796@qq.com>
* Update notification table with only latest data (#16445)zeripath2021-07-171-1/+1
| | | | | | | | | | When marking notifications read the results may be returned out of order or be delayed. This PR sends a sequence number to gitea so that the browser can ensure that only the results of the latest notification change are shown. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Fix activation of primary email addresses (#16385)Meano2021-07-131-1/+1
| | | | | | | | | | | | | | | | * fix: primary email cannot be activated * Primary email should be activated together with user account when 'RegisterEmailConfirm' is enabled. * To fix the existing error state. When 'RegisterEmailConfirm' is enabled, the admin should have permission to modify the activations status of user email. And the user should be allowed to send activation to primary email. * Only judge whether email is primary from email_address table. * Improve logging and refactor isEmailActive Co-authored-by: zeripath <art27@cantab.net>
* Add option to provide signature for a token to verify key ownership (#14054)zeripath2021-07-131-2/+58
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
* Implemented head_commit for webhooks (#16282)KN4CK3R2021-06-291-1/+1
| | | | | | | * Removed Len field. * Added head_commit webhook field. * Added comment for returns.
* Make allowed Visiblity modes configurable for Users (#16271)65432021-06-271-15/+15
| | | | | | | Now that #16069 is merged, some sites may wish to enforce that users are all public, limited or private, and/or disallow users from becoming private. This PR adds functionality and settings to constrain a user's ability to change their visibility. Co-authored-by: zeripath <art27@cantab.net>
* Add Visible modes function from Organisation to Users too (#16069)Sergey Dryabzhinsky2021-06-261-12/+47
| | | | | | | | | | | | | | | | | | You can limit or hide organisations. This pull make it also posible for users - new strings to translte - add checkbox to user profile form - add checkbox to admin user.edit form - filter explore page user search - filter api admin and public user searches - allow admins view "hidden" users - add app option DEFAULT_USER_VISIBILITY - rewrite many files to use Visibility field - check for teams intersection - fix context output - right fake 404 if not visible Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net>
* Add better errors for disabled account recovery (#15117)John Olheiser2021-06-251-1/+7
| | | | | | Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de>
* Remove User.GetOrganizations() (#14032)65432021-06-181-1/+1
| | | as title
* Add asymmetric JWT signing (#16010)KN4CK3R2021-06-171-0/+7
| | | | | | | | | | | * Added asymmetric token signing. * Load signing key from settings. * Added optional kid parameter. * Updated documentation. * Add "kid" to token header.
* Add OpenID claims "profile" and "email". (#16141)KN4CK3R2021-06-141-0/+29
| | | | | | | | | | | | * Added OpenID claims "profile" and "email". * Splitted error. * Added scopes_supported and claims_supported. * Added more metadata. Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lauris BH <lauris@nix.lv>
* Remove remaining fontawesome usage in templates (#15952)silverwind2021-05-224-7/+7
| | | Can not remove the dependency yet because easymde depends on it.
* Issue sidebar and misc css fixes (#15524)silverwind2021-05-161-7/+13
| | | | | | | | | | | - Replace remaining font icons with SVG in issue sidebar - Rework issue due date display - Realign avatar in timeline - Fix font size in repo search and code explore - Consolidate active button styles - Fix loading form on arc-green - Align time tracker buttons vertically Fixes: https://github.com/go-gitea/gitea/issues/15896
* Create a session on ReverseProxy and ensure that ReverseProxy users cannot ↵zeripath2021-05-151-2/+2
| | | | | | | | | | | | | | | change username (#15304) * Create a session on ReverseProxy and ensure that ReverseProxy users cannot change username ReverseProxy users should generate a session on reverse proxy username change. Also prevent ReverseProxy users from changing their username. Fix #2407 * add testcase Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow only internal registration (#15795)65432021-05-092-5/+7
| | | | | * Add ALLOW_ONLY_INTERNAL_REGISTRATION into settings * OpenID respect setting too
* Use a generic markup class to display externally rendered files and diffs ↵65432021-05-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#15735) * creates and implements generic markup less class * How to give custom CSS to externally rendered html * Clarifies sources of CSS styling of markup * further clarification of sources of markup styling * rename _markdown to _markup * remove defunct import * fix orphaned reference * Update docs/content/doc/advanced/external-renderers.en-us.md * more renames markdown -> markup * do not suggest less customization * add back tokens * fix class whitespace, remove useless if-clause * remove unused csv-data rules * use named exports and rename functions * sort imports Co-authored-by: HarvsG <11440490+HarvsG@users.noreply.github.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: silverwind <me@silverwind.io>
* Feature/oauth userinfo (#15721)N. L. H2021-05-061-0/+1
| | | | | | | | | | | | | | | | | | | | | | * Implemented userinfo #8534 * Make lint happy * Add userinfo endpoint to openid-configuration * Give an error when uid equals 0 * Implemented BearerTokenErrorCode handling * instead of ctx.error use ctx.json so that clients parse error and error_description correctly * Removed unneeded if statement * Use switch instead of subsequent if statements Have a default for unknown errorcodes. Co-authored-by: Nils Hillmann <hillmann@nlh-software.de> Co-authored-by: nlhsoftware <nlhsoftware@noreply.localhost>
* Fixed several activation bugs (#15473)KN4CK3R2021-04-301-11/+9
| | | | | | | | | | | * Removed unneeded form tag. * Fixed typo. * Fixed NPE. * Use better error page. * Splitted GET and POST.
* Unified link creation. (#15619)KN4CK3R2021-04-302-8/+8
|
* add well-known config for OIDC (#15355)techknowlogick2021-04-151-0/+9
| | | | | | | | | | | | | | * add well-known config for OIDC * spacing per feedback * Update oidc_wellknown.tmpl * add id_token * Update oidc_wellknown.tmpl Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Disable Stars config option (#14653)Kyle D2021-04-152-9/+17
| | | | | | | * Add config option to disable stars * Replace "stars" with watched in user profile * Add documentation
* Use subdir for URL (#15446)KN4CK3R2021-04-141-1/+1
| | | | Fixes #15444
* Fix repository search (#15428)KN4CK3R2021-04-121-1/+1
| | | | Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Enforce tab indentation in templates (#15289)silverwind2021-04-108-191/+189
| | | | | | | | | | | | | | | | | | * Enforce tab indendation in templates This adds editorconfig-checker [1] to lint the template files so they conform the editorconfig files. I fixed all current identation issues using the fix mode of eclint [2] and some manual corrections. We can extend this linting to other files later, for now I'd like this PR to focus on HTML template files only. [1] https://github.com/editorconfig-checker/editorconfig-checker [2] https://github.com/jedmao/eclint * fix indendation Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Remove usage of JS globals (#15378)silverwind2021-04-091-3/+2
| | | | | | Refactor the exported globals in index.js to JS-initialized event handlers. Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add dashboard milestone search and repo milestone search by name (#14866)Roger Luo2021-04-081-28/+43
| | | | | Feature for issue #13845: - Add milestones search by name on dashboard milestones page. - Add milestones search by name on repo issue/milestones page.
* fix org navbar (#15173)Jimmy Praet2021-03-261-1/+2
|
* Update JS dependencies (#15033)silverwind2021-03-2213-16/+16
| | | | | | | | | | | | | * Update JS dependencies - Update all JS dependencies - For octicons, rename trashcan to trash - For svgo, migrate to v2 api, output seems to have slightly changed but icons look the same - For stylelint, update config, fix custom property duplicates - For monaco, drop legacy Edge support - For eslint, enable new rules, fix new issues - For less-loader, remove deprecated import syntax * update svgo usage in generate-images and rebuild logo.svg with it