This PR fixes#7598 by providing a configurable way of signing commits across the Gitea instance. Per repository configurability and import/generation of trusted secure keys is not provided by this PR - from a security PoV that's probably impossible to do properly. Similarly web-signing, that is asking the user to sign something, is not implemented - this could be done at a later stage however.
## Features
- [x] If commit.gpgsign is set in .gitconfig sign commits and files created through repofiles. (merges should already have been signed.)
- [x] Verify commits signed with the default gpg as valid
- [x] Signer, Committer and Author can all be different
- [x] Allow signer to be arbitrarily different - We still require the key to have an activated email on Gitea. A more complete implementation would be to use a keyserver and mark external-or-unactivated with an "unknown" trust level icon.
- [x] Add a signing-key.gpg endpoint to get the default gpg pub key if available
- Rather than add a fake web-flow user I've added this as an endpoint on /api/v1/signing-key.gpg
- [x] Try to match the default key with a user on gitea - this is done at verification time
- [x] Make things configurable?
- app.ini configuration done
- [x] when checking commits are signed need to check if they're actually verifiable too
- [x] Add documentation
I have decided that adjusting the docker to create a default gpg key is not the correct thing to do and therefore have not implemented this.
* Api endpoint for searching teams.
Signed-off-by: dasv <david.svantesson@qrtech.se>
* Move API to /orgs/:org/teams/search
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Regenerate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix search is Get
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test for search team API.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update routers/api/v1/org/team.go
grammar
Co-Authored-By: Richard Mahn <richmahn@users.noreply.github.com>
* Fix review comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix some issues in repo collaboration team search, after changes in this PR.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Remove teamUser which is not used and replace with actual user id.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Remove unused search variable UserIsAdmin.
* Add paging to team search.
* Re-genereate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix review comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* fix
* Regenerate swagger
* Create API endpoints for repo topics.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Generate swagger
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add documentation to functions
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Grammar fix
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix function comment
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Can't use FindTopics when looking for a single repo topic, as it doesnt use exact match
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add PUT /repos/{owner}/{repo}/topics and remove GET /repos/{owner}/{repo}/topics
* Ignore if topic is sent twice in same request, refactoring.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix topic dropdown with api changes.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Style fix
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update API documentation
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Better way to handle duplicate topics in slice
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Make response element TopicName an array of strings, instead of using an array of TopicName
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add test cases for API Repo Topics.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix format of tests
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix comments
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix unit tests after adding some more topics to the test fixture.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Update models/topic.go
Limit multiple if else if ...
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Engine as first parameter in function
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* Replace magic numbers with http status code constants.
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix variable scope
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Test one read with login and one with token
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Add some more tests
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Apply suggestions from code review
Use empty struct for efficiency
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Add test case to check access for user with write access
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fix access, repo admin required to change topics
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Correct first test to be without token
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Any repo reader should be able to access topics.
* No need for string pointer
Signed-off-by: David Svantesson <davidsvantesson@gmail.com>
* Fixes#2738 - /git/tags API
* proper URLs
* Adds function comments
* Updates swagger
* Removes newline from tag message
* Removes trailing newline from commit message
* Adds integration test
* Removed debugging
* Adds tests
* Fixes bug where multiple tags of same commit show wrong tag name
* Fix formatting
* Removes unused varaible
* Fix to annotated tag function names and response
* Update modules/git/repo_tag.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
* Uses TagPrefix
* Changes per review, better error handling for getting tag and commit IDs
* Fix to getting commit ID
* Fix to getting commit ID
* Fix to getting commit ID
* Fix to getting commit ID
* Feature - #5960 - API Endpoint for Repo Editing
* Revert from merge
* Adds integration testing
* Updates to integration tests
* Revert changes
* Update year in file header
* Misspell fix
* XORM = test
* XORM = test
* revert XORM = file
* Makes RepoUnit.ID be pk and autoincr
* Fix to units
* revert header
* Remove print statement
* Adds other responses
* Improves swagger for creating repo
* Fixes import order
* Better Unit Type does not exist error
* Adds editable repo properties to the response repo structure
* Fix to api_repo_edit_test.go
* Fixes repo test
* Changes per review
* Fixes typo and standardizes comments in the EditRepoOption struct for swagger
* Fixes typo and standardizes comments in the EditRepoOption struct for swagger
* Actually can unarchive through the API
* Unlike delete, user doesn't have to be the owner of the org, just admin to the repo
* Fix to swagger comments for field name change
* Update to swagger docs
* Update swagger
* Changes allow_pull_requests to has_pull_requests
* fix org visibility bug
* fix permission check
* add integration tests
* fix tests
* change test user name for easier maintainance and fix test
* fix test git repo name
* Add log.ColorFormat and log.ColorFormatted
Structs can now implement log.ColorFormatted to provide their own
colored format when logged with `%-v` or additional flags.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add basic ColorFormat to repository and user
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add basic ColorFormat to access and unit
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add ColorFormat to permission and on trace log it
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add log.NewColoredIDValue to make ID value coloring consistent
Signed-off-by: Andrew Thornton <art27@cantab.net>
* formatting changes
* Add some better tracing to permission denied for read issues/pulls
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Trace logging on permission denied
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove isTrace() check from deferred func
* Adjust repo and allow logging of team
* use FormatInt instead of Itoa
* Add blank line
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update access.go
* Add API for manipulating Git hooks
Signed-off-by: Segev Finer <segev@codeocean.com>
* Replace code.gitea.io/sdk with PR branch temporarily for CI
* Switch back to code.gitea.io/sdk@master
* Return 403 instead of 404 on no permission to edit hooks in API
* Add tests for Git hooks API
* Update models/repo_list_test.go
Co-Authored-By: segevfiner <segev208@gmail.com>
* Update models/repo_list_test.go
Co-Authored-By: segevfiner <segev208@gmail.com>
* empty line
* Improve issue autolinks
Update autolinks to match what github does here:
Issue in same repo: #1
Issue in different repo: org/repo#1Fixes#6264
* Use setting.AppURL when parsing URL
Using setting.AppURL here is a more reliable way of parsing the current
URL and what other functions in this file seem to use.
* Make ComposeMetas always return a valid context
* Add per repository markdown renderers for better context
* Update for use of context metas
Now that we include the user and repo name inside context metas, update
various code and tests for this new logic
* cleaned permission checks for API -> site admin can now do anything
Signed-off-by: Vasek Sraier <git@vakabus.cz>
* PR #6483: helper methods moved to context/context.go, added missing return
Signed-off-by: Vasek Sraier <git@vakabus.cz>
* PR #6483: added documentation to new exported helper functions in context/context.go
Signed-off-by: Vasek Sraier <git@vakabus.cz>
* don't allow pull requests to be created on an archived repository
Also disable the "PR" button if the repo is archived
* Refuse creating an issue/PR via API calls too
* api: Add an endpoint to list a particular member of team.
* models: Rename `GetUserTeams()` to `GetUserOrgTeams()` in `org_team` model.
`GetUserTeams()` sounds a bit misnomer since it actually returns
the teams that user belongs to in a given organization rather than
all the teams across all the organization that the user has joined.
* models: Add `GetUserTeams()`.
Returns all the teams that a user belongs to.
* api: Add an endpoint for GET '/user/teams'.
A GET request to this endpoint lists all the teams that a user
belongs to.
* Inital routes to git refs api
* Git refs API implementation
* Update swagger
* Fix copyright
* Make swagger happy add basic test
* Fix test
* Fix test again :)
* add api for user to create org
* remove unused blank line on the swagger file end
* fix create and add test
* fix tests
* fix routes of create org API
* fix bug
* add copyright heads
* Add CSRF checking to reqToken and place CSRF in the post for deadline creation
Fixes#5226, #5249
* /api/v1/admin/users routes should have reqToken middleware
* Added basic heatmap data
* Added extra case for sqlite
* Built basic heatmap into user profile
* Get contribution data from api & styling
* Fixed lint & added extra group by statements for all database types
* generated swagger spec
* generated swagger spec
* generated swagger spec
* fixed swagger spec
* fmt
* Added tests
* Added setting to enable/disable user heatmap
* Added locale for loading text
* Removed UseTiDB
* Updated librejs & moment.js
* Fixed import order
* Fixed heatmap in postgresql
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-Authored-By: kolaente <konrad@kola-entertainments.de>
* Added copyright header
* Fixed a bug to show the heatmap for the actual user instead of the currently logged in
* Added integration test for heatmaps
* Added a heatmap on the dashboard
* Fixed timestamp parsing
* Hide heatmap on mobile
* optimized postgresql group by query
* Improved sqlite group by statement
* Implemented basic api endpoint to manage deadlines
* Fixed checking for permissions
* Updating a deadline from the ui is now entirely done via the api
* cleanup
* Cosmetics
* fixed lint + fmt
* Added swagger model definition for deadline response
* Updated gitea-sdk
* Updated gitea-sdk
* More cleanup
* Generate swagger json
* Merge branch 'master' of https://github.com/go-gitea/gitea into issue-due-date-api
# Conflicts:
# public/swagger.v1.json
* Fixed permission to update a deadline via api
* Re-added form to change a deadline
* Added client-side validation + not ignore error messages from the api
* Added locale for error message
* Merge branch 'master' of https://github.com/go-gitea/gitea
# Conflicts:
# models/issue_comment.go
* Proper date validation
* Fixed indention
* moved css to css file
* added documentation for error codes
* after merge cleanup
* Added swagger description
* DO NOTHING BUT TRIGGER THAT F*CKIN CI SO IT PICKS UP THE LATEST COMMIT AS IT SHOULD
* DO NOTHING BUT TRIGGER THAT F*CKIN CI SO IT PICKS UP THE LATEST COMMIT AS IT SHOULD
* regenerated stylesheets
* add topic models and unit tests
* fix comments
* fix comment
* add the UI to show or add topics for a repo
* show topics on repositories list
* fix test
* don't show manage topics link when no permission
* use green basic as topic label
* fix topic label color
* remove trace content
* remove debug function
* Add Attachment API
* repos/:owner/:repo/releases (add attachments)
* repos/:owner/:repo/releases/:id (add attachments)
* repos/:owner/:repo/releases/:id/attachments
* repos/:owner/:repo/releases/:id/attachments/:attachment_id
Signed-off-by: Jonas Franz <info@jonasfranz.de>
* Add unit tests for new attachment functions
Fix comments
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* fix lint
* Update vendor.json
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* remove version of sdk
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix unit tests
Add missing license header
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add CreateReleaseAttachment
Add EditReleaseAttachment
Add DeleteReleaseAttachment
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add filename query parameter for choosing another name for an attachment
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix order of imports
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Restricting updatable attachment columns
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* gofmt
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update go-sdk
Replace Attachments with Assets
Signed-off-by: Jonas Franz <info@jonasfranz.de>
* Update go-sdk
Signed-off-by: Jonas Franz <info@jonasfranz.de>
* Updating go-sdk and regenerating swagger
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add missing file of go-sdk
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Change origin of code.gitea.io/sdk to code.gitea.io/sdk
Update code.gitea.io/sdk
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update swagger
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Update updateAttachment
* Pull request options migration and UI in settings
* Add ignore whitespace functionality
* Fix settings if pull requests are disabled
* Fix migration transaction
* Merge with Rebase functionality
* UI changes and related functionality for pull request merging button
* Implement squash functionality
* Fix rebase merging
* Fix pull request merge tests
* Add squash and rebase tests
* Fix API method to reuse default message functions
* Some refactoring and small fixes
* Remove more hardcoded values from tests
* Remove unneeded check from API method
* Fix variable name and comment typo
* Fix reset commit count after PR merge
* Delete a user's public key via admin api
* Test admin ssh endpoint for creating a new ssh key
* Adapt public ssh key test to also test the delete operation
* Test that deleting a missing key will result in a 404
* Test that a normal user can't delete another user's ssh key
* Make DeletePublicKey return err
* Update swagger doc
* Make URL scheme unambiguous
Redirect old routes to new routes
* Fix redirects to new URL scheme, and update template
* Fix branches/_new endpoints, and update integration test
* Move swagger interface under /api/v1
* Update swagger-ui
* Add /api/swagger and prepare for multiple api version
* Update test links
* Fix footer link
* Added comment's hashtag to url for mail notifications.
* Added explanation to return statement + documentation.
* Replacing in-line link generation with HTMLURL. (+gofmt)
* Replaced action-based model with nil-based model. (+gofmt)
* Replaced mailIssueActionToParticipants with mailIssueCommentToParticipants.
* Updating comment for mailIssueCommentToParticipants
* Added link to comment in "Dashboard"
* Deleting feed entry if a comment is going to be deleted
* Added migration
* Added improved migration to add a CommentID column to action.
* Added improved links to comments in feed entries.
* Fixes#1956 by filtering for deleted comments that are referenced in actions.
* Introducing "IsDeleted" column to action.
* Adding design draft (not functional)
* Adding database models for stopwatches and trackedtimes
* See go-gitea/gitea#967
* Adding design draft (not functional)
* Adding translations and improving design
* Implementing stopwatch (for timetracking)
* Make UI functional
* Add hints in timeline for time tracking events
* Implementing timetracking feature
* Adding "Add time manual" option
* Improved stopwatch
* Created report of total spent time by user
* Only showing total time spent if theire is something to show.
* Adding license headers.
* Improved error handling for "Add Time Manual"
* Adding @sapks 's changes, refactoring
* Adding API for feature tracking
* Adding unit test
* Adding DISABLE/ENABLE option to Repository settings page
* Improving translations
* Applying @sapk 's changes
* Removing repo_unit and using IssuesSetting for disabling/enabling timetracker
* Adding DEFAULT_ENABLE_TIMETRACKER to config, installation and admin menu
* Improving documentation
* Fixing vendor/ folder
* Changing timtracking routes by adding subgroups /times and /times/stopwatch (Proposed by @lafriks )
* Restricting write access to timetracking based on the repo settings (Proposed by @lafriks )
* Fixed minor permissions bug.
* Adding CanUseTimetracker and IsTimetrackerEnabled in ctx.Repo
* Allow assignees and authors to track there time too.
* Fixed some build-time-errors + logical errors.
* Removing unused Get...ByID functions
* Moving IsTimetrackerEnabled from context.Repository to models.Repository
* Adding a seperate file for issue related repo functions
* Adding license headers
* Fixed GetUserByParams return 404
* Moving /users/:username/times to /repos/:username/:reponame/times/:username for security reasons
* Adding /repos/:username/times to get all tracked times of the repo
* Updating sdk-dependency
* Updating swagger.v1.json
* Adding warning if user has already a running stopwatch (auto-timetracker)
* Replacing GetTrackedTimesBy... with GetTrackedTimes(options FindTrackedTimesOptions)
* Changing code.gitea.io/sdk back to code.gitea.io/sdk
* Correcting spelling mistake
* Updating vendor.json
* Changing GET stopwatch/toggle to POST stopwatch/toggle
* Changing GET stopwatch/cancel to POST stopwatch/cancel
* Added migration for stopwatches/timetracking
* Fixed some access bugs for read-only users
* Added default allow only contributors to track time value to config
* Fixed migration by chaging x.Iterate to x.Find
* Resorted imports
* Moved Add Time Manually form to repo_form.go
* Removed "Seconds" field from Add Time Manually
* Resorted imports
* Improved permission checking
* Fixed some bugs
* Added integration test
* gofmt
* Adding integration test by @lafriks
* Added created_unix to comment fixtures
* Using last event instead of a fixed event
* Adding another integration test by @lafriks
* Fixing bug Timetracker enabled causing error 500 at sidebar.tpl
* Fixed a refactoring bug that resulted in hiding "HasUserStopwatch" warning.
* Returning TrackedTime instead of AddTimeOption at AddTime.
* Updating SDK from go-gitea/go-sdk#69
* Resetting Go-SDK back to default repository
* Fixing test-vendor by changing ini back to original repository
* Adding "tags" to swagger spec
* govendor sync
* Removed duplicate
* Formatting templates
* Adding IsTimetrackingEnabled checks to API
* Improving translations / english texts
* Improving documentation
* Updating swagger spec
* Fixing integration test caused be translation-changes
* Removed encoding issues in local_en-US.ini.
* "Added" copyright line
* Moved unit.IssuesConfig().EnableTimetracker into a != nil check
* Removed some other encoding issues in local_en-US.ini
* Improved javascript by checking if data-context exists
* Replaced manual comment creation with CreateComment
* Removed unnecessary code
* Improved error checking
* Small cosmetic changes
* Replaced int>string>duration parsing with int>duration parsing
* Fixed encoding issues
* Removed unused imports
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Separate generate-swagger
* Remove go generate rules
* Add missing definition replacement + remove use of -i sed flag
for compatibility with mac os default sed version.
This is a little hacky a better solution could be use.
* Use custom SED_INPLACE
depending of platform detection
* Use SED_INPLACE for swagger-ui also
- Generate swagger.json into public/
- Add swagger-ui auto-installation
- Add footer link to local swagger-ui
- Add /swagger url for using app url.
- Fix Swagger-UI version via git tag
* Implement '/api/v1/version'
* Cleanup and various fixes
* Enhance run.sh
* Add install_test.go
* Add parameter utils.Config for testing handlers
* Re-organize TestVersion.go
* Rename functions
* handling process cleanup properly
* Fix missing function renaming
* Cleanup the 'retry' logic
* Cleanup
* Remove unneeded logging code
* Logging messages tweaking
* Logging message tweaking
* Fix logging messages
* Use 'const' instead of hardwired numbers
* We don't really need retries anymore
* Move constant ServerHttpPort to install_test.go
* Restore mistakenly removed constant
* Add required comments to make the linter happy.
* Fix comments and naming to address linter's complaints
* Detect Gitea executale version automatically
* Remove tests/run.sh, `go test` suffices.
* Make `make build` a prerequisite of `make test`
* Do not sleep before trying
* Speedup the server pinging loop
* Use defined const instead of hardwired numbers
* Remove redundant error handling
* Use a dedicated target for running code.gitea.io/tests
* Do not make 'test' depend on 'build' target
* Rectify the excluded package list
* Remove redundant 'exit 1'
* Change the API to allow passing test.T to test handlers
* Make testing.T an embedded field
* Use assert.Equal to comparing results
* Add copyright info
* Parametrized logging output
* Use tmpdir instead
* Eliminate redundant casting
* Remove unneeded variable
* Fix last commit
* Add missing copyright info
* Replace fmt.Fprintf with fmt.Fprint
* rename the xtest to integration-test
* Use Symlink instead of hard-link for cross-device linking
* Turn debugging logs on
* Follow the existing framework for APIs
* Output logs only if test.v is true
* Re-order import statements
* Enhance the error message
* Fix comment which breaks the linter's rule
* Rename 'integration-test' to 'e2e-test' for saving keystrokes
* Add comment to avoid possible confusion
* Rename tests -> integration-tests
Also change back the Makefile to use `make integration-test`.
* Use tests/integration for now
* tests/integration -> integrations
Slightly flattened directory hierarchy is better.
* Update Makefile accordingly
* Fix a missing change in Makefile
* govendor update code.gitea.io/sdk/gitea
* Fix comment of struct fields
* Fix conditional nonsense
* Fix missing updates regarding version string changes
* Make variable naming more consistent
* Check http status code
* Rectify error messages
* Add API support for labels.
* Error handling for adding/replacing multiple issue labels
* Revisions to function names and error handling. Use issue.ClearLabels in replace/clear functions
* Additional code cleanup
Allows the deletion of a webhook from a repository at the
/:user/:repo/hooks/:id endpoint.
Solves drone/drone issue #1603.
Signed-off-by: Dennis Chen <barracks510@gmail.com>
