* Move keys to models/keys
* Rename models/keys -> models/asymkey
* change the missed package name
* Fix package alias
* Fix test
* Fix docs
* Fix test
* Fix test
* merge
* Some refactors related repository model
* Move more methods out of repository
* Move repository into models/repo
* Fix test
* Fix test
* some improvements
* Remove unnecessary function
Use hostmacher to replace matchlist.
And we introduce a better DialContext to do a full host/IP check, otherwise the attackers can still bypass the allow/block list by a 302 redirection.
* Add option to provide signed token to verify key ownership
Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.
* Ensure verified keys can act for all active emails for the user
* Add code to mark keys as verified
* Slight UI adjustments
* Slight UI adjustments 2
* Simplify signature verification slightly
* fix postgres test
* add api routes
* handle swapped primary-keys
* Verify the no-reply address for verified keys
* Only add email addresses that are activated to keys
* Fix committer shortcut properly
* Restructure gpg_keys.go
* Use common Verification Token code
Signed-off-by: Andrew Thornton <[email protected]>
* Always store primary email address into email_address table and also the state
* Add lower_email to not convert email to lower as what's added
* Fix fixture
* Fix tests
* Use BeforeInsert to save lower email
* Fix v180 migration
* fix tests
* Fix test
* Remove wrong submited codes
* Fix test
* Fix test
* Fix test
* Add test for v181 migration
* remove change user's email to lower
* Revert change on user's email column
* Fix lower email
* Fix test
* Fix test
* chore: rewrite format.
* chore: update format
Signed-off-by: Bo-Yi Wu <[email protected]>
* chore: update format
Signed-off-by: Bo-Yi Wu <[email protected]>
* chore: Adjacent parameters with the same type should be grouped together
* chore: update format.
* make repo as "pending transfer" if on transfer start doer has no right to create repo in new destination
* if new pending transfer ocured, create UI & Mail notifications
* Add redirect for user
* Add redirect for orgs
* Add user redirect test
* Appease linter
* Add comment to DeleteUserRedirect function
* Fix locale changes
* Fix GetUserByParams
* Fix orgAssignment
* Remove debug logging
* Add redirect prompt
* Dont Export DeleteUserRedirect & only use it within a session
* Unexport newUserRedirect
* cleanup
* Fix & Dedub API code
* Format Template
* Add Migration & rm dublicat
* Refactor: unexport newRepoRedirect() & rm dedub del exec
* if this fails we'll need to re-rename the user directory
Co-authored-by: 6543 <[email protected]>
Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
* add black list and white list support for migrating repositories
* fix fmt
* fix lint
* fix vendor
* fix modules.txt
* clean diff
* specify log message
* use blocklist/allowlist
* allways use lowercase to match url
* Apply allow/block
* Settings: use existing "migrations" section
* convert domains lower case
* dont store unused value
* Block private addresses for migration by default
* fix lint
* use proposed-upstream func to detect private IP addr
* a nit
* add own error for blocked migration, add tests, imprufe api
* fix test
* fix-if-localhost-is-ipv4
* rename error & error message
* rename setting options
* Apply suggestions from code review
Co-authored-by: Lunny Xiao <[email protected]>
Co-authored-by: zeripath <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
* Improve error feedback for duplicate deploy keys
Instead of a generic HTTP 500 error page, a flash message is rendered
with the deploy key page template so inform the user that a key with the
intended title already exists.
* API returns 422 error when key with name exists
* Add email validity checking
Add email validity checking for the following routes:
[Web interface]
1. User registration
2. User creation by admin
3. Adding an email through user settings
[API]
1. POST /admin/users
2. PATCH /admin/users/:username
3. POST /user/emails
* Add further tests
* Add signup email tests
* Add email validity check for linking existing account
* Address PR comments
* Remove unneeded DB session
* Move email check to updateUser
Co-authored-by: zeripath <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
Instead of a generic HTTP 500 error page, a flash message is rendered with the deploy key page template to inform the user that a key with the intended title already exists.
Fixes#13110
* Don't automatically delete repository files if they are present
Prior to this PR Gitea would delete any repository files if they are
present during creation or migration. This can in certain circumstances
lead to data-loss and is slightly unpleasant.
This PR provides a mechanism for Gitea to adopt repositories on creation
and otherwise requires an explicit flag for deletion.
PushCreate is slightly different - the create will cause adoption if
that is allowed otherwise it will delete the data if that is allowed.
Signed-off-by: Andrew Thornton <[email protected]>
* Update swagger
Signed-off-by: Andrew Thornton <[email protected]>
* Fix tests and migrate overwrite
Signed-off-by: Andrew Thornton <[email protected]>
* as per @lunny
Only offer to adopt or overwrite if the user can do that.
Allow the site administrator to adopt or overwrite in all
circumstances
Signed-off-by: Andrew Thornton <[email protected]>
* Use setting.Repository.DefaultBranch for the default branch
Signed-off-by: Andrew Thornton <[email protected]>
* Always set setting.Repository.DefaultBranch
Signed-off-by: Andrew Thornton <[email protected]>
* update swagger
Signed-off-by: Andrew Thornton <[email protected]>
* update templates
Signed-off-by: Andrew Thornton <[email protected]>
* ensure repo closed
Signed-off-by: Andrew Thornton <[email protected]>
* Rewrite of adoption as per @6543 and @lunny
Signed-off-by: Andrew Thornton <[email protected]>
* Apply suggestions from code review
* update swagger
Signed-off-by: Andrew Thornton <[email protected]>
* missing not
Signed-off-by: Andrew Thornton <[email protected]>
* add modals and flash reporting
Signed-off-by: Andrew Thornton <[email protected]>
* Make the unadopted page searchable
Signed-off-by: Andrew Thornton <[email protected]>
* Add API
Signed-off-by: Andrew Thornton <[email protected]>
* Fix swagger
Signed-off-by: Andrew Thornton <[email protected]>
* fix swagger
Signed-off-by: Andrew Thornton <[email protected]>
* Handle empty and non-master branched repositories
Signed-off-by: Andrew Thornton <[email protected]>
* placate lint
Signed-off-by: Andrew Thornton <[email protected]>
* remove commented out code
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
* [FEATURE] [API] Add Endpoint for Branch Creation
Issue: https://github.com/go-gitea/gitea/issues/11376
This commit introduces an API endpoint for branch creation.
The added route is POST /repos/{owner}/{repo}/branches.
A JSON with the name of the new branch and the name of the old branch is
required as parameters.
Signed-off-by: Terence Le Huu Phuong <[email protected]>
* Put all the logic into CreateBranch and removed CreateRepoBranch
* - Added the error ErrBranchDoesNotExist in error.go
- Made the CreateNewBranch function return an errBranchDoesNotExist error
when the OldBranch does not exist
- Made the CreateBranch API function checks that the repository is not
empty and that branch exists.
* - Added a resetFixtures helper function in integration_test.go to
fine-tune test env resetting
- Added api test for CreateBranch
- Used resetFixture instead of the more general prepareTestEnv in the
repo_branch_test CreateBranch tests
* Moved the resetFixtures call inside the loop for APICreateBranch function
* Put the prepareTestEnv back in repo_branch_test
* fix import order/sort api branch test
Co-authored-by: zeripath <[email protected]>
* Refactor Cron and merge dashboard tasks
* Merge Cron and Dashboard tasks
* Make every cron task report a system notice on completion
* Refactor the creation of these tasks
* Ensure that execution counts of tasks is correct
* Allow cron tasks to be started from the cron page
* golangci-lint fixes
* Enforce that only one task with the same name can be registered
Signed-off-by: Andrew Thornton <[email protected]>
* fix name check
Signed-off-by: Andrew Thornton <[email protected]>
* as per @guillep2k
* as per @lafriks
Signed-off-by: Andrew Thornton <[email protected]>
* Add git.CommandContext variants
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: Lauris BH <[email protected]>
Co-authored-by: Lunny Xiao <[email protected]>
Co-authored-by: techknowlogick <[email protected]>
* Add organization wide labels
Implement organization wide labels similar to organization wide
webhooks. This lets you create individual labels for organizations that can be used
for all repos under that organization (so being able to reuse the same
label across multiple repos).
This makes it possible for small organizations with many repos to use
labels effectively.
Fixes#7406
* Add migration
* remove comments
* fix tests
* Update options/locale/locale_en-US.ini
Removed unused translation string
* show org labels in issue search label filter
* Use more clear var name
* rename migration after merge from master
* comment typo
* update migration again after rebase with master
* check for orgID <=0 per guillep2k review
* fmt
* Apply suggestions from code review
Co-Authored-By: guillep2k <[email protected]>
* remove unused code
* Make sure RepoID is 0 when searching orgID per code review
* more changes/code review requests
* More descriptive translation var per code review
* func description/delete comment when issue label deleted instead of hiding it
* remove comment
* only use issues in that repo when calculating number of open issues for org label on repo label page
* Add integration test for IssuesSearch API with labels
* remove unused function
* Update models/issue_label.go
Co-Authored-By: guillep2k <[email protected]>
* Use subquery in GetLabelIDsInReposByNames
* Fix tests to use correct orgID
* fix more tests
* IssuesSearch api now uses new BuildLabelNamesIssueIDsCondition. Add a few more tests as well
* update comment for clarity
* Revert previous code change now that we can use the new BuildLabelNamesIssueIDsCondition
* Don't sort repos by date in IssuesSearch API
After much debugging I've found a strange issue where in some cases MySQL will return a different result than other enigines if a query is sorted by a null collumn. For example with our integration test data where we don't set updated_unix in repository fixtures:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 45
Returns different results for MySQL than other engines. However, the similar query:
SELECT `id`, `owner_id`, `owner_name`, `lower_name`, `name`, `description`, `website`, `original_service_type`, `original_url`, `default_branch`, `num_watches`, `num_stars`, `num_forks`, `num_issues`, `num_closed_issues`, `num_pulls`, `num_closed_pulls`, `num_milestones`, `num_closed_milestones`, `is_private`, `is_empty`, `is_archived`, `is_mirror`, `status`, `is_fork`, `fork_id`, `is_template`, `template_id`, `size`, `is_fsck_enabled`, `close_issues_via_commit_in_any_branch`, `topics`, `avatar`, `created_unix`, `updated_unix` FROM `repository` ORDER BY updated_unix DESC LIMIT 15 OFFSET 30
Returns the same results.
This causes integration tests to fail on MySQL in certain cases but would never show up in a real installation. Since this API call always returns issues based on the optionally provided repo_priority_id or the issueID itself, there is no change to results by changing the repo sorting method used to get ids earlier in the function.
* linter is back!
* code review
* remove now unused option
* Fix newline at end of files
* more unused code
* update to master
* check for matching ids before query
* Update models/issue_label.go
Co-Authored-By: 6543 <[email protected]>
* Update models/issue_label.go
* update comments
* Update routers/org/setting.go
Co-authored-by: Lauris BH <[email protected]>
Co-authored-by: guillep2k <[email protected]>
Co-authored-by: 6543 <[email protected]>
* upgrade golangci-lint to 1.24.0 to allow go 1.14 compatibility
* fix golangci-lint errors
* make make golangci-lint work when out of go-path
Signed-off-by: Andrew Thornton <[email protected]>
* Handle push rejections and push out-of-date in branch creation and
file upload.
* Remove the duplicated sanitize from services/pull/merge
* Move the errors Err(Merge)PushOutOfDate and ErrPushRejected to
modules/git
* Handle errors better in the upload file dialogs
Fix#10460
Signed-off-by: Andrew Thornton <[email protected]>
Co-authored-by: guillep2k <[email protected]>
* Add require signed commit for protected branch
* Fix fmt
* Make editor show if they will be signed
* bugfix
* Add basic merge check and better information for CRUD
* linting comment
* Add descriptors to merge signing
* Slight refactor
* Slight improvement to appearances
* Handle Merge API
* manage CRUD API
* Move error to error.go
* Remove fix to delete.go
* prep for merge
* need to tolerate \r\n in message
* check protected branch before trying to load it
* Apply suggestions from code review
Co-Authored-By: guillep2k <[email protected]>
* fix commit-reader
Co-authored-by: guillep2k <[email protected]>
* Adds functionality to change target branch of created pull requests
Signed-off-by: Mario Lubenka <[email protected]>
* Use const instead of var in JavaScript additions
Signed-off-by: Mario Lubenka <[email protected]>
* Check if branches are equal and if PR already exists before changing target branch
Signed-off-by: Mario Lubenka <[email protected]>
* Make sure to check all commits
Signed-off-by: Mario Lubenka <[email protected]>
* Print error messages for user as error flash message
Signed-off-by: Mario Lubenka <[email protected]>
* Disallow changing target branch of closed or merged pull requests
Signed-off-by: Mario Lubenka <[email protected]>
* Resolve conflicts after merge of upstream/master
Signed-off-by: Mario Lubenka <[email protected]>
* Change order of branch select fields
Signed-off-by: Mario Lubenka <[email protected]>
* Removes duplicate check
Signed-off-by: Mario Lubenka <[email protected]>
* Use ctx.Tr for translations
Signed-off-by: Mario Lubenka <[email protected]>
* Recompile JS
Signed-off-by: Mario Lubenka <[email protected]>
* Use correct translation namespace
Signed-off-by: Mario Lubenka <[email protected]>
* Remove redundant if condition
Signed-off-by: Mario Lubenka <[email protected]>
* Moves most change branch logic into pull service
Signed-off-by: Mario Lubenka <[email protected]>
* Completes comment
Signed-off-by: Mario Lubenka <[email protected]>
* Add Ref to ChangesPayload for logging changed target branches
instead of creating a new struct
Signed-off-by: Mario Lubenka <[email protected]>
* Revert changes to go.mod
Signed-off-by: Mario Lubenka <[email protected]>
* Directly use createComment method
Signed-off-by: Mario Lubenka <[email protected]>
* Return 404 if pull request is not found. Move written check up
Signed-off-by: Mario Lubenka <[email protected]>
* Remove variable declaration
Signed-off-by: Mario Lubenka <[email protected]>
* Return client errors on change pull request target errors
Signed-off-by: Mario Lubenka <[email protected]>
* Return error in commit.HasPreviousCommit
Signed-off-by: Mario Lubenka <[email protected]>
* Adds blank line
Signed-off-by: Mario Lubenka <[email protected]>
* Test patch before persisting new target branch
Signed-off-by: Mario Lubenka <[email protected]>
* Update patch before testing (not working)
Signed-off-by: Mario Lubenka <[email protected]>
* Removes patch calls when changeing pull request target
Signed-off-by: Mario Lubenka <[email protected]>
* Removes unneeded check for base name
Signed-off-by: Mario Lubenka <[email protected]>
* Moves ChangeTargetBranch completely to pull service. Update patch status.
Signed-off-by: Mario Lubenka <[email protected]>
* Set webhook mode after errors were validated
Signed-off-by: Mario Lubenka <[email protected]>
* Update PR in one transaction
Signed-off-by: Mario Lubenka <[email protected]>
* Move logic for check if head is equal with branch to pull model
Signed-off-by: Mario Lubenka <[email protected]>
* Adds missing comment and simplify return
Signed-off-by: Mario Lubenka <[email protected]>
* Adjust CreateComment method call
Signed-off-by: Mario Lubenka <[email protected]>
* reject reactions wich ar not allowed
* dont duble check CreateReaction now throw ErrForbiddenIssueReaction
* add /repos/{owner}/{repo}/issues/comments/{id}/reactions endpoint
* add Find Functions
* fix some swagger stuff + add issue reaction endpoints + GET ReactionList now use FindReactions...
* explicite Issue Only Reaction for FindReactionsOptions with "-1" commentID
* load issue; load user ...
* return error again
* swagger def canged after LINT
* check if user has ben loaded
* add Tests
* better way of comparing results
* add suggestion
* use different issue for test
(dont interfear with integration test)
* test dont compare Location on timeCompare
* TEST: add forbidden dubble add
* add comments in code to explain
* add settings.UI.ReactionsMap
so if !setting.UI.ReactionsMap[opts.Type] works
There are two major components to this PR:
* This PR handles merge and rebase failures from merging a little more nicely with Flash errors rather a 500.
* All git commands are run in the LC_ALL="C" environment to ensure that error messages are in English. This DefaultLocale is defined in a way that if necessary (due to platform weirdness) it can be overridden at build time using LDFLAGS="-X "code.gitea.io/gitea/modules/git.DefaultLocale=C"" with C changed for the locale as necessary.
* Check if file is locked on upload file commit.
* Better user message if file is locked.
* Check lfs lock before creating temporary repository. fix some errors.
* move lines
* Add comment that enabled setting is checked.
* move all mail related codes from models to modules/mailer
* fix lint
* use DBContext instead Engine
* use WithContext not WithEngine
* Use DBContext instead of Engine
* don't use defer when sess.Close()
* move DBContext to context.go and add some methods
* move mailer from modules/ to services
* fix lint
* fix tests
* fix fmt
* add gitea copyright
* fix tests
* don't expose db functions
* make code clear
* add DefaultDBContext
* fix build
* fix bug
* Add teams to repo on collaboration page.
Signed-off-by: David Svantesson <[email protected]>
* Add option for repository admins to change teams access to repo.
Signed-off-by: David Svantesson <[email protected]>
* Add comment for functions
Signed-off-by: David Svantesson <[email protected]>
* Make RepoAdminChangeTeamAccess default false in xorm and make it default checked in template instead.
Signed-off-by: David Svantesson <[email protected]>
* Make proper language strings and fix error redirection.
* Add unit tests for adding and deleting team from repository.
Signed-off-by: David Svantesson <[email protected]>
* Add database migration
Signed-off-by: David Svantesson <[email protected]>
* Fix redirect
Signed-off-by: David Svantesson <[email protected]>
* Fix locale string mismatch.
Signed-off-by: David Svantesson <[email protected]>
* Move team access mode text logic to template.
* Move collaborator access mode text logic to template.
Lunny Xiao
wxiaoguang
zeripath
luzpaz
KN4CK3R
a1012112796
Bo-Yi Wu
6543
Andrew Bezold
Chris Shyi
Lanre Adelowo
Terence Le Huu Phuong
mrsdizzie
Lauris BH
guillep2k
Mario Lubenka
David Svantesson
John Olheiser