1
1
mirror of https://github.com/go-gitea/gitea synced 2024-11-18 08:04:25 +00:00
Commit Graph

564 Commits

Author SHA1 Message Date
zeripath
92d6bca41e
Ensure that 2fa is checked on reset-password (#9857)
* Ensure that 2fa is checked on reset-password

* Apply suggestions from code review

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Properly manage scratch_code regeneration

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-01-19 20:17:12 +00:00
Lunny Xiao
b641c68fee Improve notification pager (#9821)
Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
2020-01-17 19:31:26 +01:00
David Svantesson
3c07d03c03 Add setting to set default and global disabled repository units. (#8788)
* Add possibility to global disable repo units.

* Add Default Repo Unit app.ini setting.

* Hide units

* Hide disabled repo units

* Minor fixes

* Indicate disabled units in team settings.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2020-01-17 09:34:37 +02:00
Manush Dodunekov
1751d5fcf2 Restricted users (#6274)
* Restricted users (#4334): initial implementation

* Add User.IsRestricted & UI to edit it

* Pass user object instead of user id to places where IsRestricted flag matters

* Restricted users: maintain access rows for all referenced repos (incl public)

* Take logged in user & IsRestricted flag into account in org/repo listings, searches and accesses

* Add basic repo access tests for restricted users

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Mention restricted users in the faq

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Revert unnecessary change `.isUserPartOfOrg` -> `.IsUserPartOfOrg`

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Remove unnecessary `org.IsOrganization()` call

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* Revert to an `int64` keyed `accessMap`

* Add type `userAccess`
* Add convenience func updateUserAccess()
* Turn accessMap into a `map[int64]userAccess`

Signed-off-by: Manush Dodunekov <manush@stendahls.se>

* or even better: `map[int64]*userAccess`

* updateUserAccess(): use tighter syntax as suggested by lafriks

* even tighter

* Avoid extra loop

* Don't disclose limited orgs to unauthenticated users

* Don't assume block only applies to orgs

* Use an array of `VisibleType` for filtering

* fix yet another thinko

* Ok - no need for u

* Revert "Ok - no need for u"

This reverts commit 5c3e886aab.

Co-authored-by: Antoine GIRARD <sapk@users.noreply.github.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-01-13 18:33:46 +01:00
David Svantesson
03d59bcd1d Fix access issues on milestone and issue overview pages. (#9603)
* Fix access issues on milestone and issue overview pages.

* Fix filter algorithm
2020-01-04 20:23:29 -05:00
Antoine GIRARD
8b24073713 Only serve attachments when linked to issue/release and if accessible by user (#9340)
* test: add current attachement responses

* refactor: check if attachement is linked and accessible by user

* chore: clean TODO

* fix: typo attachement -> attachment

* revert un-needed go.sum change

* refactor: move models logic to models

* fix TestCreateIssueAttachment which was wrongly successful

* fix unit tests with unittype added

* fix unit tests with changes

* use a valid uuid format for pgsql int. test

* test: add unit test TestLinkedRepository

* refactor: allow uploader to access unlinked attachement

* add missing blank line

* refactor: move to a separate function repo.GetAttachment

* typo

* test: remove err test return

* refactor: use repo perm for access checking generally + 404 for all reject
2020-01-05 01:20:08 +02:00
guillep2k
bedd7b2833 Fix error logged when repos qs is empty (#9591)
* Fix error logged when repos qs is empty

* Update routers/user/home.go

Co-Authored-By: Lauris BH <lauris@nix.lv>

Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-01-03 23:39:12 +02:00
6543
d59536c222 [BugFix] use default avatar for ghost user (fix 500 error) (#9536)
* remove since it is there for 3years

* fix 500 error for ghost avatar

* dont insert "-1" in any case to issue.poster_id

* fix lint

* Test: ghost avatar link

* fix test

* Revert "remove since it is there for 3years"

This reverts commit fd9ad05159.

* Revert "dont insert "-1" in any case to issue.poster_id"

This reverts commit 05469ab6d8.

Co-authored-by: zeripath <art27@cantab.net>
2019-12-29 16:24:50 +02:00
Lunny Xiao
c6b3c5bcef Fix cache problem on dashboard (#9358) 2019-12-15 15:44:23 -05:00
Brad Albright
f6b29012e0 Add /milestones endpoint (#8733)
Create a /milestones endpoint which basically serves as a dashboard view for milestones, very similar to the /issues or /pulls page.

Closes #8232
2019-12-15 14:20:08 +00:00
Lunny Xiao
484e3dc5a9 site admin could view org's members (#9346) 2019-12-14 01:36:59 -05:00
Lunny Xiao
e3081c667a
Only show part of members on orgnization dashboard and add paging for orgnization members page (#9092)
* Only show part of members on orgnization dashboard and add paging for orgnization members page

* fix test

* fix typo
2019-12-06 13:34:54 +08:00
6543
e43de0db4c Fix Dashboard Issues/PR list (#9235)
* fix it

* revert suggestion part
2019-12-03 09:26:02 +02:00
John Olheiser
e459f99ef2 Fix active issue (#9238)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-12-03 14:01:29 +08:00
6543
66028d58f9 [UI] IssuePage multi repo select (#8741)
* Make repository list @ issues/PR page persist

Will partially fix #6355

* Enable multiple selections in repo list @ issues/PR page

Part of issue #6355

* Add RepoIDs to UserIssueStatsOptions to make "type" count correct when selecting one/multiple repos.
* Replace variable "repo" with list "repos[]" and enable multiple selections of repositories from list by including/excluding RepoIDs in list.
*

* Remove redundant code

* Add 'All' button 

Improves functionality of the page, so that backtracking is not necessary to reset the page

* Remove redundant variable

Completely replace 'RepoID' with 'RepoIDs' and remove redundant code

* Add RepoIDs to label link

* Revert part of code to previous version to troubleshoot build failure

* Implement old and new pieces of code whilst adhering to multi select

* Attempt to join the two versions

Last commit passed tests but doesn't work in practice, this works in practice and hopefully passes the tests.

* Update tests to desired state

* Fix pagination implementation and tests

* Pass repoIDs as `repos=[1,2,3...]` instead of several `repos[]=..`
* Update tests file to reflect new functionality
* Update template with new `repos` format
* Implement new solution to show constant "total issues" count for "All" button

* Correct behavior when passing zero to array

* Comment out test url returning 404

This keeps returning 404 in the test despite working in practice, for the sake of running more tests I am commenting it out

* Comment out another test url returning 404

Last attempt, if more tests crash I will uncomment the urls and request assistance.

* Reenable tests and test fix

* Re-enable tests
* Make selecting "In your repositories" reset selection as passing IDs of repos belonging to other profiles causes breakage
* Remove unnecessary (with multi-selection enable) code

* Drop repo from repo map and total count if permission denied

* Remove extra parenthesis

* make template work again

* find bug!

* forgot the '#' at bugfixing

* delete unused RepoID

* compile regex only one time

* make fmt

* local variable = capital letter lower

* check if repos query pattern is correct

* pagination remove last , - make regex work again

* use Replace instead of ReplaceAll; del delete

* fix test

* how did this test binary got in?!?
dont forgot the "-p" at git add * !

* dont replace -> cut fisrt & last string

Co-Authored-By: zeripath <art27@cantab.net>

* jet another regex

dont mind as long as it has the same result and is performatn ...

Co-Authored-By: zeripath <art27@cantab.net>

* dont use nonexisting repo for test

* exclude /issues?type=created_by from test

* add table to querys
use same syntax in each query (table.colum)

* add new issue for test

* dont make a workaround or something else
this need a refactor itself and is out of scope for this PR

* fix misspell

* CI.redo()

* englisch txt update

Co-Authored-By: zeripath <art27@cantab.net>

* add sugestions

* Tweak & Fix

* CI.restart()
2019-12-01 22:50:36 -05:00
Benno
e8241bf55e update #9066 Always show Password field on link account sign in page (#9147) 2019-11-24 15:17:53 -05:00
QuaSoft
7b4d2f7a2a Add single sign-on support via SSPI on Windows (#8463)
* Add single sign-on support via SSPI on Windows

* Ensure plugins implement interface

* Ensure plugins implement interface

* Move functions used only by the SSPI auth method to sspi_windows.go

* Field SSPISeparatorReplacement of AuthenticationForm should not be required via binding, as binding will insist the field is non-empty even if another login type is selected

* Fix breaking of oauth authentication on download links. Do not create new session with SSPI authentication on download links.

* Update documentation for the new 'SPNEGO with SSPI' login source

* Mention in documentation that ROOT_URL should contain the FQDN of the server

* Make sure that Contexter is not checking for active login sources when the ORM engine is not initialized (eg. when installing)

* Always initialize and free SSO methods, even if they are not enabled, as a method can be activated while the app is running (from Authentication sources)

* Add option in SSPIConfig for removing of domains from logon names

* Update helper text for StripDomainNames option

* Make sure handleSignIn() is called after a new user object is created by SSPI auth method

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Remove default value from text of form field helper

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Only make a query to the DB to check if SSPI is enabled on handlers that need that information for templates

* Remove code duplication

* Log errors in ActiveLoginSources

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert suffix of randomly generated E-mails for Reverse proxy authentication

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Revert unneeded white-space change in template

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Add copyright comments at the top of new files

* Use loopback name for randomly generated emails

* Add locale tag for the SSPISeparatorReplacement field with proper casing

* Revert casing of SSPISeparatorReplacement field in locale file, moving it up, next to other form fields

* Update docs/content/doc/features/authentication.en-us.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

* Remove Priority() method and define the order in which SSO auth methods should be executed in one place

* Log authenticated username only if it's not empty

* Rephrase helper text for automatic creation of users

* Return error if more than one active SSPI auth source is found

* Change newUser() function to return error, letting caller log/handle the error

* Move isPublicResource, isPublicPage and handleSignIn functions outside SSPI auth method to allow other SSO methods to reuse them if needed

* Refactor initialization of the list containing SSO auth methods

* Validate SSPI settings on POST

* Change SSPI to only perform authentication on its own login page, API paths and download links. Leave Toggle middleware to redirect non authenticated users to login page

* Make 'Default language' in SSPI config empty, unless changed by admin

* Show error if admin tries to add a second authentication source of type SSPI

* Simplify declaration of global variable

* Rebuild gitgraph.js on Linux

* Make sure config values containing only whitespace are not accepted
2019-11-23 01:33:31 +02:00
guillep2k
c57edb6c7b Add password requirement info on error (#9074)
* Add password requirement info on error

* Move BuildComplexityError to the password pkg

* Unexport complexity type

* Fix extra line

* Update modules/password/password.go

Co-Authored-By: Lauris BH <lauris@nix.lv>
2019-11-19 22:44:58 +00:00
Lunny Xiao
bb6879d339
Improve notification (#8835)
* Improve notifications

* batch load user

* Update notification only when read

* Fix reorder

* fix lint

* fix test

* fix lint

* make function meaningful

* fix comment
2019-11-12 16:33:34 +08:00
guillep2k
f4937879b0 Fix require external registration password (#8885)
* Fix require external registration password

* Fix ctx on error condition by @jolheiser
2019-11-09 17:42:34 +08:00
guillep2k
6e1912c73a Fix password complexity check on registration (#8887)
* Fix registration password complexity

* Fix integration to use a complex password ;)
2019-11-09 11:40:37 +08:00
John Olheiser
240f46a422 Fix template error on account page (#8562) 2019-10-19 10:01:33 +01:00
guillep2k
31655aabfc Fix password complexity regex for special characters (on master) (#8525)
* Fix extra space

* Fix regular expression

* Fix error template name

* Simplify check code, fix default values, add test

* Fix router tests

* Fix fmt

* Fix setting and lint

* Move cleaning up code to test, improve comments

* Tidy up variable declaration
2019-10-16 11:09:58 +08:00
Maxim Tkachenko
db657192d0 Password Complexity Checks (#6230)
Add password complexity checks. The default settings require a lowercase, uppercase, number and a special character within passwords.

Co-Authored-By: T-M-A <maxim.tkachenko@gmail.com>
Co-Authored-By: Lanre Adelowo <adelowomailbox@gmail.com>
Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-Authored-By: Lauris BH <lauris@nix.lv>
2019-10-14 16:24:26 +01:00
Lunny Xiao
e3e44a59d0 Update migrated repositories' issues/comments/prs poster id if user has a github external user saved (#7751)
* update migrated issues/comments when login as github

* add get userid when migrating or login with github oauth2

* fix lint

* add migrations for repository service type

* fix build

* remove unnecessary dependencies on migrations

* add cron task to update migrations poster ids and fix posterid when migrating

* fix lint

* fix lint

* improve code

* fix lint

* improve code

* replace releases publish id to actual author id

* fix import

* fix bug

* fix lint

* fix rawdata definition

* fix some bugs

* fix error message
2019-10-14 09:10:42 +03:00
Lunny Xiao
170743c8a0 Revert "Fix issues/pr list broken when there are many repositories (#8409)" (#8427)
This reverts commit 78438d310b.
2019-10-08 20:55:16 +03:00
Lunny Xiao
78438d310b
Fix issues/pr list broken when there are many repositories (#8409)
* fix issues/pr list broken when there are many repositories

* remove unused codes

* fix counting error on issues/prs

* keep the old logic

* fix panic

* fix tests
2019-10-08 10:57:41 +08:00
Sandro Santilli
d958b9db4f Alwaywas return local url for users avatar (#8245)
* Always return local url for users avatar

Avoids having to wait for DNS lookups when libravatar is activated
fixing #6046

* Avoid double slash in avatar link

* Move avatar route to the correct place
2019-09-26 12:21:23 -04:00
Lunny Xiao
5a438ee3c0
Move all mail related codes from models to services/mailer (#7200)
* move all mail related codes from models to modules/mailer

* fix lint

* use DBContext instead Engine

* use WithContext not WithEngine

* Use DBContext instead of Engine

* don't use defer when sess.Close()

* move DBContext to context.go and add some methods

* move mailer from modules/ to services

* fix lint

* fix tests

* fix fmt

* add gitea copyright

* fix tests

* don't expose db functions

* make code clear

* add DefaultDBContext

* fix build

* fix bug
2019-09-24 13:02:49 +08:00
guillep2k
8a0379d68a Allow registration when button is hidden (#8237) 2019-09-19 22:40:33 +08:00
jaqra
28362195a0 Add 'Mentioning you' group to /issues page (#8201) 2019-09-18 10:24:44 +03:00
Gary Kim
f1c414882c Add Ability for User to Customize Email Notification Frequency (#7813)
* Add Backend Logic for Toggling Email Notification

This commit adds the backend logic for
allowing users to enable or disable email
notifications. The implementation ensures
that only issue notification emails get disabled
and important emails are still sent regardless
of the setting.

The UI to toggle this setting has not yet been
implemented.

* Add UI and complete user email notification enable

This commit completes the functionality to allow
users to disable their own email notifications.

Signed-off-by: Gary Kim <gary@garykim.dev>

* Add Third Option for Only Email on Mention

Signed-off-by: Gary Kim <gary@garykim.dev>

* Readd NOT NULL to new preference string

Signed-off-by: Gary Kim <gary@garykim.dev>

* Add Tests and Rewrite Comment

Signed-off-by: Gary Kim <gary@garykim.dev>

* Allow admin to set default email frequency

Signed-off-by: Gary Kim <gary@garykim.dev>

* Add new config option to docs

Signed-off-by: Gary Kim <gary@garykim.dev>

* Fix a few mistakes

Signed-off-by: Gary Kim <gary@garykim.dev>

* Only update required columns

Signed-off-by: Gary Kim <gary@garykim.dev>

* Simplify an error check

Signed-off-by: Gary Kim <gary@garykim.dev>

* Make email_notification_preference column in DB be VARCHAR(20)

Signed-off-by: Gary Kim <gary@garykim.dev>

* Handle errors

Signed-off-by: Gary Kim <gary@garykim.dev>

* Update models/migrations/v93.go

Co-Authored-By: Lauris BH <lauris@nix.lv>
2019-08-29 17:05:42 +03:00
David Svantesson
c9546d4cdd Include description in repository search. (#7942)
* Add description in repository search.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Refactor SearchRepositoryByName with a general function SearchRepository

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Allow to specify if description shall be included in API repo search.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add new app.ini setting for whether to search within repo description.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Search keyword in description (if setting enabled) on:
 - Explore page
 - Organization profile page
 - User profile page
 - Admin repo page

Do not search keyword in description on:
 - Any non-keyword search (not relevant)
 - Incremental search (uses API)

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Put parameters related to keyword directly after it

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Add test cases for including (and not including) repository description in search.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Rename test function from TestSearchRepositoryByName to TestSearchRepository.

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>

* Make setting SEARCH_REPO_DESCRIPTION default to true

Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
2019-08-25 20:06:36 +03:00
Tamal Saha
171b359877 Use gitea forked macaron (#7933)
Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-08-23 12:40:29 -04:00
Lunny Xiao
85202d4784
Display ui time with customize time location (#7792)
* display ui time with customize time location

* fix lint

* rename UILocation to DefaultUILocation

* move time related functions to modules/timeutil

* fix tests

* fix tests

* fix build

* fix swagger
2019-08-15 22:46:21 +08:00
Christian Muehlhaeuser
b0cd3b8ab9 Fixed ineffectual assignments (#7555)
Don't assign values we never use.
2019-07-22 17:35:53 +08:00
Tamal Saha
2102f9d92d Support setting cookie domain (#6288)
Signed-off-by: Tamal Saha <tamal@appscode.com>
2019-07-12 09:57:31 -04:00
AJ ONeal
62d6127f1b Make captcha and password optional for external accounts (#6606) 2019-07-06 15:48:02 -04:00
leonklingele
96b66e330b routers/user: ensure that decryption of cookie actually suceeds (#7363)
Previously, only the first return value of ctx.GetSuperSecureCookie
was used to check whether decryption of the auth cookie succeeded.
ctx.GetSuperSecureCookie also returns a second value, a boolean,
indicating success or not. That value should be checked first to
be on the safe side and not rely on internal logic of the encryption
and decryption blackbox.
2019-07-06 23:47:09 +08:00
Cherrg
2f39fc7bb6 fix drone build bug (#7192) 2019-06-13 00:23:45 -04:00
kolaente
f9ec2f89f2 Add golangci (#6418) 2019-06-12 15:41:28 -04:00
Sergey Dryabzhinsky
3fd18838aa Repository avatars (#6986)
* Repository avatars

- first variant of code from old work for gogs
- add migration 87
- add new option in app.ini
- add en-US locale string
- add new class in repository.less

* Add changed index.css, remove unused template name

* Update en-us doc about configuration options

* Add comments to new functions, add new option to docker app.ini

* Add comment for lint

* Remove variable, not needed

* Fix formatting

* Update swagger api template

* Check if avatar exists

* Fix avatar link/path checks

* Typo

* TEXT column can't have a default value

* Fixes:

- remove old avatar file on upload
- use ID in name of avatar file - users may upload same files
- add simple tests

* Fix fmt check

* Generate PNG instead of "static" GIF

* More informative comment

* Fix error message

* Update avatar upload checks:

- add file size check
- add new option
- update config docs
- add new string to en-us locale

* Fixes:

- use FileHEader field for check file size
- add new test - upload big image

* Fix formatting

* Update comments

* Update log message

* Removed wrong style - not needed

* Use Sync2 to migrate

* Update repos list view

- bigger avatar
- fix html blocks alignment

* A little adjust avatar size

* Use small icons for explore/repo list

* Use new cool avatar preparation func by @lafriks

* Missing changes for new function

* Remove unused import, move imports

* Missed new option definition in app.ini

Add file size check in user/profile avatar upload

* Use smaller field length for Avatar

* Use session to update repo DB data, update DeleteAvatar - use session too

* Fix err variable definition

* As suggested @lafriks - return as soon as possible, code readability
2019-05-29 22:22:26 -04:00
Bo-Yi Wu
743697a549
refactor: append, build variable and type switch (#4940)
* refactor: append, build variable and type switch

* fix: remove redundant space.
2019-05-28 23:45:54 +08:00
Hui Hui
cf3ffebfde fix issuer of OTP URI should be URI-encoded. (#6634)
* fix: Issuer of OTP URI should be URI-encoded.

follow this link https://github.com/google/google-authenticator/wiki/Key-Uri-Format .

* filter unsafe character ':' in issuer

* Use Replace rather than ReplaceAll
2019-05-27 18:00:32 +01:00
zeripath
56ae539bed SearchRepositoryByName improvements and unification (#6897) 2019-05-15 11:24:39 -04:00
techknowlogick
2f21bc33a5 Use AppURL for Oauth user link (#6894)
* Use AppURL for Oauth user link

Fix #6843

* Update oauth.go

* Update oauth.go
2019-05-09 20:22:35 +03:00
techknowlogick
46373e7657
Hash App token (#6724) 2019-05-04 11:45:34 -04:00
zeripath
ade88a877d Allow Recaptcha service url to be configured (#6820) 2019-05-02 16:09:39 +03:00
Lunny Xiao
e8f4c7733a
fix missing return (#6751) 2019-04-25 19:30:38 +08:00
Lunny Xiao
ff03b2f606 Fix: Sort repos on org home page with non-admin login (#6741) 2019-04-24 19:20:22 +01:00
zeripath
be666b03ee Trace Logging on Permission Denied & ColorFormat (#6618)
* Add log.ColorFormat and log.ColorFormatted

Structs can now implement log.ColorFormatted to provide their own
colored format when logged with `%-v` or additional flags.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add basic ColorFormat to repository and user

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add basic ColorFormat to access and unit

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add ColorFormat to permission and on trace log it

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add log.NewColoredIDValue to make ID value coloring consistent

Signed-off-by: Andrew Thornton <art27@cantab.net>

* formatting changes

* Add some better tracing to permission denied for read issues/pulls

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add Trace logging on permission denied

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove isTrace() check from deferred func

* Adjust repo and allow logging of team

* use FormatInt instead of Itoa

* Add blank line

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update access.go
2019-04-22 23:40:51 +03:00
Mario Lubenka
fcbac38d6f Unifies pagination template usage (#6531) (#6533) 2019-04-20 00:15:19 -04:00
AJ ONeal
6dbd261852 UX + Security current user password reset (#5042)
* allow current user to reset their own password

* handle reset password edge cases properly and consistently

* remove dangling assignment

* properly label account recovery instead of reset password

* remove 'Click here' from button

* update English-only account-recovery templates
2019-04-18 10:23:59 +03:00
Jonas Franz
7a4c29c739 OAuth2 Grant UI (#6625)
* Add oauth2 grants ui

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add delete functionality
Add translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix unit tests

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix unit tests

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Refactor DeleteOAuth2Grant
Use results.Close()

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Refactor DeleteOAuth2Grant (again)

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Check if user ID is zero

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Check if grant ID is zero

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-17 16:18:16 +08:00
Antoine GIRARD
d699de32f2 add .gpg url (match github behaviour) (#6610)
* add .gpg url (match github behaviour)

* wildcard

* test to export maximum data

* working POC

* add comment for old imported keys

* cleaning

* Update routers/user/profile.go

Co-Authored-By: sapk <sapk@users.noreply.github.com>

* add migration script

* add integration tests
2019-04-14 12:43:56 -04:00
Jonas Franz
783cd64927 Add option to disable refresh token invalidation (#6584)
* Add option to disable refresh token invalidation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add integration tests and remove wrong todos

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix typo

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix tests and add documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-04-12 15:50:21 +08:00
Elias Norberg
bf5af87eef Show last commit status in pull request lists (#6465) 2019-04-02 15:54:29 -04:00
zeripath
704da08fdc
Better logging (#6038) (#6095)
* Panic don't fatal on create new logger

Fixes #5854

Signed-off-by: Andrew Thornton <art27@cantab.net>

* partial broken

* Update the logging infrastrcture

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Reset the skip levels for Fatal and Error

Signed-off-by: Andrew Thornton <art27@cantab.net>

* broken ncsa

* More log.Error fixes

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Remove nal

* set log-levels to lowercase

* Make console_test test all levels

* switch to lowercased levels

* OK now working

* Fix vetting issues

* Fix lint

* Fix tests

* change default logging to match current gitea

* Improve log testing

Signed-off-by: Andrew Thornton <art27@cantab.net>

* reset error skip levels to 0

* Update documentation and access logger configuration

* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE

* Fix broken level caching

* Refactor the router log

* Add Router logger

* Add colorizing options

* Adjust router colors

* Only create logger if they will be used

* update app.ini.sample

* rename Attribute ColorAttribute

* Change from white to green for function

* Set fatal/error levels

* Restore initial trace logger

* Fix Trace arguments in modules/auth/auth.go

* Properly handle XORMLogger

* Improve admin/config page

* fix fmt

* Add auto-compression of old logs

* Update error log levels

* Remove the unnecessary skip argument from Error, Fatal and Critical

* Add stacktrace support

* Fix tests

* Remove x/sync from vendors?

* Add stderr option to console logger

* Use filepath.ToSlash to protect against Windows in tests

* Remove prefixed underscores from names in colors.go

* Remove not implemented database logger

This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.

* Ensure that log paths are relative to ROOT_PATH

* use path.Join

* rename jsonConfig to logConfig

* Rename "config" to "jsonConfig" to make it clearer

* Requested changes

* Requested changes: XormLogger

* Try to color the windows terminal

If successful default to colorizing the console logs

* fixup

* Colorize initially too

* update vendor

* Colorize logs on default and remove if this is not a colorizing logger

* Fix documentation

* fix test

* Use go-isatty to detect if on windows we are on msys or cygwin

* Fix spelling mistake

* Add missing vendors

* More changes

* Rationalise the ANSI writer protection

* Adjust colors on advice from @0x5c

* Make Flags a comma separated list

* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING

* Ensure matching is done on the non-colored message - to simpify EXPRESSION
2019-04-02 08:48:31 +01:00
mrsdizzie
6f2e1bd23a Don't Unescape redirect_to cookie value (#6399)
redirect_to holds a value that we want to redirect back to after login.
This value can be a path with intentonally escaped values and we
should not unescape it.

Fixes #4475
2019-03-20 22:06:16 -04:00
techknowlogick
d1c982cb73
Add bio field for user (#6113)
Fix #4339
2019-03-18 22:28:10 -04:00
Jonas Franz
2315019fef Add support for client basic auth for exchanging access tokens (#6293)
* Add support for client basic auth for exchanging access tokens

* Improve error messages

* Fix tests
2019-03-11 10:54:59 +08:00
Jonas Franz
8fffb06168
Add regenerate secret feature for oauth2 (#6291)
* Add regenerate secret functionality

* Fix lint
2019-03-09 17:29:58 +01:00
Jonas Franz
e777c6bdc6 Integrate OAuth2 Provider (#5378) 2019-03-08 11:42:50 -05:00
John Olheiser
d26d249748 Minor UI tweaks (#5980)
* Remove all CommitStatus when a repo is deleted

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Minor UI tweaks (#5782)
Added 'No License' option
Added link and octicon change for external issue trackers
Reset password now notifies right away if the code is invalid

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* More UI tweaks
More info in PR

* Generate stylesheet for arc-green

* Make gofmt work

* Change PR integration since the button is changed

* Rebase

* Generate stylesheet

* UI updates
Made the PR button a "basic" button
Vertically centered the issue checkboxes
Labels will update only once after modal is closed

* Commit to reference related issues
Resolves #5782
Resolves #5861
Addresses original question in #5993

* Change the comment wording since PR button is no longer little and green.

* Revert changes that made Windows work

* Regenerate stylesheet

* Regenerate stylesheets

* make generate-stylesheets

* Update integration again, changed button style

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Added ID to PR button
Changed integration to use the ID to avoid breaking in the future

* Added missing semi-colons

* Added back distinction between issue actions and filters (overlooked it before)
Moved action button over next to other action dropdowns

* Remove extra tab formatting in list.tmpl

* Remove more formatting from GoLand

* Replace hardcoded "No License" with i18n license helper.
2019-02-19 18:09:47 -05:00
Lanre Adelowo
094263db4d Show email if the authenticated user owns the profile page being requested for (#4981)
* Show email if the authenticated user owns the profile page being
requested for.

Also removed `setting.UI.ShowUserEmail` as it's documentation says it
only controls the email setting on the explore page

* fix current user check... This prevents a panic as a user must be signed in before ctx.User is called

* fix panic in tests

* try to fix tests

* Update year

* Test CI fail

* Revert change

* User 3 is not allowed to authorize

* Set user2 email to be private

* Change to user4 in explore page as user2 now has private email option set
2019-02-19 09:11:50 -05:00
Lunny Xiao
f5fa22a499 Fix prohibit login check on authorization (#6106)
* fix bug prohibit login not applied on dashboard

* fix tests

* fix bug user status leak

* fix typo

* return after render
2019-02-19 09:19:28 +02:00
Rémy Boulanouar
64ce159a6e Allow to set organization visibility (public, internal, private) (#1763) 2019-02-18 18:00:27 +02:00
Richard Mahn
ba91214633 Feature - #3031 - search for org repos (#5986) 2019-02-08 11:45:43 -05:00
Lunny Xiao
06a1739553 fix bug when deleting a linked account will removed all (#5989) 2019-02-07 01:51:23 -05:00
Lanre Adelowo
8b5f6ced22 if repo does not exist, show a 404 not a 500 (#5900) 2019-01-30 11:13:39 -05:00
Lauris BH
075649572d Add the ability to use multiple labels as filters(#5786) 2019-01-22 23:10:38 -05:00
zeripath
2b36bdd490 Do not display the raw OpenID error in the UI (#5705)
* Do not display the raw OpenID error in the UI

If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix #4973

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update auth_openid.go

Place error log within the `err != nil` branch.
2019-01-12 14:24:47 -05:00
Lanre Adelowo
8d2c24f7f9 Allow for user specific themes (#5668)
* add migration and basic UI for changing a user's theme

* update user themem

* use right text on button

* load theme based on users' selection

* load theme based on users' selection in pwa too

* update sample config

* delete older theme loading

* implement AfterLoad to set users' theme properly

* set up default theme when creating a user. This uses the installation wide theme

* use flash messages for error

* set default theme when creating a user from the cli

* fix @lunny review
2019-01-09 12:22:57 -05:00
Lunny Xiao
b3b7598ec6 Improve performance of dashboard (#4977) 2018-12-13 10:55:43 -05:00
Lunny Xiao
eabbddcd98
Restrict permission check on repositories and fix some problems (#5314)
* fix units permission problems

* fix some bugs and merge LoadUnits to repoAssignment

* refactor permission struct and add some copyright heads

* remove unused codes

* fix routes units check

* improve permission check

* add unit tests for permission

* fix typo

* fix tests

* fix some routes

* fix api permission check

* improve permission check

* fix some permission check

* fix tests

* fix tests

* improve some permission check

* fix some permission check

* refactor AccessLevel

* fix bug

* fix tests

* fix tests

* fix tests

* fix AccessLevel

* rename CanAccess

* fix tests

* fix comment

* fix bug

* add missing unit for test repos

* fix bug

* rename some functions

* fix routes check
2018-11-28 19:26:14 +08:00
Lanre Adelowo
b97af15de6 Block registration based on email domain (#5157)
* implement email domain whitelist
2018-11-14 20:00:04 -05:00
AJ ONeal
b8451190d8 UX of link account (Step 1) (#5006)
* Show either sign up OR sign in

* disambiguate fresh start from adding recovery options

* use tabs to switch between account link flows

* add active to tab body as well

* changes as per discussion

* handle specific error; fix missing err typo
2018-10-28 18:46:16 -04:00
Rodrigo Villablanca Vásquez
48badd59e9 Fix to 3819 - Filtering issues by tags on main screen issues (#3824)
* Fix to 3819

* Changes suggested

* Empty line removed

* Fix error: non-name opts.Labels on left side of :=
2018-10-28 07:55:01 +01:00
kolaente
6759237eda User action heatmap (#5131)
* Added basic heatmap data

* Added extra case for sqlite

* Built basic heatmap into user profile

* Get contribution data from api & styling

* Fixed lint & added extra group by statements for all database types

* generated swagger spec

* generated swagger spec

* generated swagger spec

* fixed swagger spec

* fmt

* Added tests

* Added setting to enable/disable user heatmap

* Added locale for loading text

* Removed UseTiDB

* Updated librejs & moment.js

* Fixed import order

* Fixed heatmap in postgresql

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: kolaente <konrad@kola-entertainments.de>

* Added copyright header

* Fixed a bug to show the heatmap for the actual user instead of the currently logged in

* Added integration test for heatmaps

* Added a heatmap on the dashboard

* Fixed timestamp parsing

* Hide heatmap on mobile

* optimized postgresql group by query

* Improved sqlite group by statement
2018-10-23 10:57:42 +08:00
Oleg Kovalov
5a4648cdd6 Remove check for negative length (#5120) 2018-10-20 17:25:14 -04:00
Lanre Adelowo
126ba796dc Force user to change password (#4489)
* redirect to login page after successfully activating account

* force users to change password if account was created by an admin

* force users to change password if account was created by an admin

* fixed build

* fixed build

* fix pending issues with translation and wrong routes

* make sure path check is safe

* remove unneccessary newline

* make sure users that don't have to view the form get redirected

* move route to use /settings prefix so as to make sure unauthenticated users can't view the page

* update as per @lafriks review

* add necessary comment

* remove unrelated changes

* support redirecting to location the user actually want to go to before being forced to change his/her password

* run make fmt

* added tests

* improve assertions

* add assertion

* fix copyright year

Signed-off-by: Lanre Adelowo <yo@lanre.wtf>
2018-09-13 15:04:25 +03:00
Bo-Yi Wu
ea20adaa84
feat(repo): support search repository by topic name (#4505)
* feat(repo): support search repository by topic name
2018-09-13 10:33:48 +08:00
SagePtr
0449330dbc Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) 2018-08-14 23:16:37 +03:00
Lanre Adelowo
69a855f3d4 log user in after a successful sign up (#4615) 2018-08-11 15:33:19 -04:00
Dingjun
819f50ccd5 fix panic issue on update avatar email (#4580) (#4581)
fix #4580
2018-08-01 17:38:56 +08:00
techknowlogick
adf3f004b6
Switch plaintext scratch tokens to use hash instead (#4331) 2018-07-27 08:54:50 -04:00
Lanre Adelowo
630f234223 Add flash message after an account has been successfully activated (#4510)
* added new locale text
2018-07-25 20:54:56 +03:00
techknowlogick
492ec97a46
Redirect to correct page after using scratch token (#4458) 2018-07-19 13:58:33 -04:00
Fluf
f035dcd4f2 Add Recaptcha functionality to Gitea (#4044) 2018-07-05 00:13:05 -04:00
Clar Charr
c71ee33057 Increase default TOTP secret size to 320 bits (#4287) 2018-07-03 18:10:35 -04:00
Jonas Franz
801843b011 Fix open redirect vulnerability on login screen (#4312)
* Fix open redirect vulnerability on login screen

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Reorder imports

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Replace www. from Domain too

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-06-26 22:45:18 +08:00
David Schneiderbauer
0b3ea42847 hide issues from org private repos w/o team assignment (#4034) 2018-06-21 12:00:13 -04:00
David Schneiderbauer
69bfd81b1c fix missing data on redirects (#3975) 2018-06-18 14:24:45 -04:00
Magnus Lindvall
cdb9478774 LDAP Public SSH Keys synchronization (#1844)
* Add LDAP Key Synchronization feature

Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>

* Add migration: add login source id column for public_key table

* Only update keys if needed

* Add function to only list pubkey synchronized from ldap

* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.

* Only get keys belonging to current login source id

* Set default login source id to 0

* Some minor cleanup. Add integration tests (updete dep testify)
2018-05-24 07:59:02 +03:00
Alexey Terentyev
b908ac9fab Added repository search ordered by stars or forks. Forks column in admin repo list. (#3969)
* Added repository search order by stars or forks.
Added Forks column to admin repository list.

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>

* Renamed search repo template

Signed-off-by: Alexey Terentyev <axifnx@gmail.com>
2018-05-24 09:03:42 +08:00
David Schneiderbauer
31067c0a89 remove collaborative repositories from search on user profiles (#3996)
* remove collaborative repositories from search on user profiles

* rename 'My Repositories' to 'Repositories'
2018-05-21 23:07:34 +03:00
Jonas Franz
951309f76a Add support for FIDO U2F (#3971)
* Add support for U2F

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add vendor library
Add missing translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Minor improvements

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library
Add U2F error handling

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F login page to OAuth

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Move U2F user settings to a separate file

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add unit tests for u2f model
Renamed u2f table name

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems caused by refactoring

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove not needed console.log-s

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add default values to app.ini.sample
Add FIDO U2F to comparison

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-05-19 17:12:37 +03:00
David Schneiderbauer
44754774f1 Re-enable random avatar feature (#3988)
* reenable random avatar feature

* replace Size check by Filename check
2018-05-19 21:22:09 +08:00
David Schneiderbauer
2aabfc1afa Splitted the user settings code into several files to be more maintainable (#3968)
* refactor setting router code

splitted up one huge router settings file into the smaller files
representing the actual page structure

* move code to subfolder

* rename functions

* renamed files

* add copyright information
2018-05-17 12:05:00 +08:00
David Schneiderbauer
099372d76c Refactor User Settings (#3900)
* moved avatar to profile page

* combined password change, email and account deletion into account settings page

* combined totp, access tokens, linked accounts and openid into security settings page

* move access tokens to applications settings page

* small change to restart drone build

* fix change avatar url on profile page

* redirect old settings urls to new ones

* enforce only one autofocus attribute on settings pages

* set correct redirect status code

* fmt fix
2018-05-15 13:07:32 +03:00