1
1
mirror of https://github.com/go-gitea/gitea synced 2024-12-23 17:14:27 +00:00
Commit Graph

69 Commits

Author SHA1 Message Date
Aleksandr Bulyshchenko
ee878e3951 Support secure cookie for csrf-token (#3839)
* dep: Update github.com/go-macaron/csrf

Update github.com/go-macaron/csrf with dep to revision 503617c6b372
to fix issue of csrf-token security.

This update includes following commits:
- Add support for the Cookie HttpOnly flag
- Support secure mode for csrf cookie

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>

* routers: set csrf-token security depending on COOKIE_SECURE

Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
2018-05-22 02:09:48 +03:00
Antoine GIRARD
3f3383dc0a Migrate to dep (#3972)
* Update makefile to use dep

* Migrate to dep

* Fix some deps

* Try to find a better version for golang.org/x/net

* Try to find a better version for golang.org/x/oauth2
2018-05-21 15:34:20 +03:00
Antoine GIRARD
8dca5ad526 Fetch missing file in github.com/davecgh/go-spew/spew (#3995) 2018-05-20 09:09:35 +03:00
Jonas Franz
951309f76a Add support for FIDO U2F (#3971)
* Add support for U2F

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add vendor library
Add missing translations

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Minor improvements

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library
Add U2F error handling

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F login page to OAuth

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Move U2F user settings to a separate file

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add unit tests for u2f model
Renamed u2f table name

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix problems caused by refactoring

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add U2F documentation

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove not needed console.log-s

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add default values to app.ini.sample
Add FIDO U2F to comparison

Signed-off-by: Jonas Franz <info@jonasfranz.software>
2018-05-19 17:12:37 +03:00
Antoine GIRARD
917b9641ec Update to last common bleve (#3986) 2018-05-19 20:49:46 +08:00
Lauris BH
e74055878f Update xormstore dependency to fix OAuth2 support for MySQL (#3955) 2018-05-13 13:10:50 +08:00
Lauris BH
ff64f188fd Switch back to upstream goth repository and update govendor to latest goth version (#3863) 2018-04-30 09:05:59 +08:00
Lauris BH
5a62eb30df
Store OAuth2 session data in database (#3660)
* Store OAuth2 session data in database

* Rename table to `oauth2_session` and do not skip xormstorage initialization error
2018-04-29 09:09:24 +03:00
PJ Eby
fc36567ee1 Update blackfriday dependency per #2994 (#3857)
Signed-off-by: PJ Eby <pje@telecommunity.com>
2018-04-29 13:07:36 +08:00
Lauris BH
ad33730dca
Update markbates/goth libary to fix OAuth2 support (#3661) 2018-03-13 01:35:46 +02:00
Lauris BH
7b297808ce
Update markbates/goth library (#3533)
Signed-off-by: Lauris Bukšis-Haberkorns <lauris@nix.lv>
2018-02-19 07:10:51 +02:00
Ethan Koenig
a89592d4ab Reduce repo indexer disk usage (#3452) 2018-02-05 20:29:17 +02:00
Lunny Xiao
97fe773491 fix MSSQL bug on org (#3405) 2018-01-27 17:20:59 +02:00
Antoine GIRARD
d2736e268b Remove unused vendor github.com/stretchr/testify/require (#3273) 2017-12-31 09:11:08 +08:00
Ethan Koenig
58a7de2aea Update code.gitea.io/git (#3137) 2017-12-11 10:23:34 +08:00
Ethan Koenig
b7ebaf6d20 Various wiki bug fixes (#2996)
* Update macaron

* Various wiki bug fixes
2017-11-28 17:43:51 +08:00
Lunny Xiao
10b54df2b2 Add dingtalk webhook (#2777)
* add dingtalk webhook type

* add vendor

* some fixes

* fix name check

* fix name check & improvment
2017-11-21 06:26:43 +02:00
Lauris BH
a6f337046f Update go-ini dependency and remove semicolon hack in translations (#2913) 2017-11-15 11:34:42 +08:00
Ethan Koenig
5866eb2321 Code/repo search (#2582)
Indexed search of repository contents (for default branch only)
2017-10-27 09:10:54 +03:00
Jonas Bröms
e86a0bf3fe Add support for extra sendmail arguments (#2731)
* Add support for extra sendmail arguments

* Sendmail args to exec.command should be a list

* Add go-shellquote package

* Use go-shellquote lib for parsing Sendmail args

* Only parse if sendmail is configured
2017-10-25 22:27:25 +03:00
Antoine GIRARD
2112eb8741 Update vendor github.com/lib/pq (#2752) 2017-10-21 12:05:58 +08:00
Lunny Xiao
a8717e5e3a Use AfterLoad instead of AfterSet on Structs (#2628)
* use AfterLoad instead of AfterSet on Structs

* fix the comments on AfterLoad

* fix the comments on action AfterLoad
2017-10-01 19:52:35 +03:00
Lunny Xiao
0d80af649a Add init support of orgmode document type on file view and readme (#2525)
* add init support of orgmode document type on file view and readme

* fix imports

* fix imports and readmeExist

* fix imports order

* fix format

* remove unnecessary convert
2017-09-21 13:20:14 +08:00
Ethan Koenig
b0f7457d9e Improve issue search (#2387)
* Improve issue indexer

* Fix new issue sqlite bug

* Different test indexer paths for each db

* Add integration indexer paths to make clean
2017-09-16 23:16:21 +03:00
Lunny Xiao
0f9e20b3d7 fix updated update on public key (#2514)
* fix updated update on public key

* update vendor.json

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>

* fix root path

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2017-09-15 11:23:48 +08:00
Lunny Xiao
005900baea Use created & updated instead BeforeInsert & BeforeUpdate (#2482)
* use created & updated instead BeforeInsert & BeforeUpdate

* fix vendor checksum

* only show generated SQL when development mode

* remove extra update column updated_unix

* remove trace config
2017-09-13 08:18:22 +03:00
Lunny Xiao
2c6a0fdca8 update latest xorm version to vendor (#2353) 2017-08-22 14:39:52 +03:00
Andrey Nering
2ef33b5338 vendor: update sqlite to fix "database is locked" errors (#2116)
closes #2040

upstream commit: acfa601240
2017-07-06 14:43:30 +08:00
Antoine GIRARD
274149dd14 Switch to keybase go-crypto (for some elliptic curve key) + test (#1925)
* Switch to keybase go-crypto (for some elliptic curve key) + test

* Use assert.NoError 

and add a little more context to failing test description

* Use assert.(No)Error everywhere 🌈

and assert.Error in place of .Nil/.NotNil
2017-06-14 08:43:43 +08:00
Ethan Koenig
cf02cd7ba0 Fix and test for delete user (#1713)
* Fix and test for delete user

* Run updates in batches

* Unit test
2017-05-20 16:48:22 +08:00
Lauris BH
79494047b0 Show commit status icon in commits table (#1688)
* Show commit status icon in commits table

* Add comments

* Fix icons

* Few more places where commit table is displayed

* Change integration test to use goquery for parsing html

* Add integration tests for commit table and status icons

* Fix status to return lates status correctly on all databases

* Rewrote lates commit status selects
2017-05-07 22:40:31 +08:00
Lauris BH
3792867955 Update xorm to latest version (#1651)
* Update xorm to latest version

* Update xorm/builder
2017-05-02 08:50:33 +08:00
Willem van Dreumel
950f2e2074 Additional OAuth2 providers (#1010)
* add google+

* sort signin oauth2 providers based on the name so order is always the same

* update auth tip for google+

* add gitlab provider

* add bitbucket provider (and some go fmt)

* add twitter provider

* add facebook provider

* add dropbox provider

* add openid connect provider incl. new format of tips section in "Add New Source"

* lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow)

* imports according to goimport and code style

* make it possible to set custom urls to gitlab and github provider (only these could have a different host)

* split up oauth2 into multiple files

* small typo in comment

* fix indention

* fix indentation

* fix new line before external import

* fix layout of signin part

* update "broken" dependency
2017-05-01 21:26:53 +08:00
Lunny Xiao
e3c2963222 remove unused vendor packages (#1620) 2017-04-27 18:10:34 +08:00
Antoine GIRARD
eb1075dd4c Check if missing/modified/unused deps in vendor and fix errors (#1468)
* Check if missing deps in vendor

This will catch import from other repos. (maybe by auto-import)

* Remove github.com/smartystreets unused deps

* Remove github.com/boltdb/bolt unused dep

* Fetch github.com/go-xorm/core + sync gopkg.in/ldap.v2/ldap.go

* Auto-install govendor + reinstall github.com/boltdb/bolt needed by vendor/github.com/blevesearch/bleve/index/store/boltdb

* Update go-xorm/xorm to a5cb21 in vendor.json

* Use a custom repo for implementing change to bolt dep.

* Switching bolt to github.com/go-gitea/bolt

* Switching bolt to github.com/go-gitea/bolt (fork version)

* change the drone sign
2017-04-24 22:31:46 +08:00
Lunny Xiao
5acfc7c4bc fix migrate failed and org dashboard failed on MSSQL database (#1448) 2017-04-06 18:47:25 -07:00
Damien Gaignon
a78a0266c4 Correct broken unaligned load/store in armv5 (#1355)
Update vendor github.com/boltdb/bolt to take care of the issue #1354.
2017-04-05 18:50:33 -07:00
Sandro Santilli
71d16f69ff Login via OpenID-2.0 (#618) 2017-03-17 15:16:08 +01:00
Lunny Xiao
fa41ddd3eb fix build failed on aarch64 (#1132) 2017-03-07 15:09:05 +08:00
Lunny Xiao
6bdfadf4a9 fix broken caused by boltdb in mips/mipsle (#1107) 2017-03-03 15:57:54 +08:00
Willem van Dreumel
01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00
Lunny Xiao
c5f8b96dda update xorm for fixing bug on processor BeforeSet and AfterSet when Find a map (#987) 2017-02-20 19:33:10 +08:00
Lunny Xiao
46320f9630 refactor notificationsForUser since xorm In support slice of customerize type (#956) 2017-02-16 12:07:00 +08:00
Lunny Xiao
284c0160c3 update xorm vendor and also fix #740 (#886) 2017-02-10 23:02:26 +08:00
Ethan Koenig
d2329e1c26 Use assert in legacy unit tests (#867) 2017-02-08 14:29:07 +08:00
Thomas Boerger
ea8c8cdaf3 Fix master builds on mips* again (#815)
* Use local folder for xgo

* Always do crosscompile and testing to fail early

* Added mips* values for boltdb

In order to get master building again I have applied these 2 additional
files to boltdb. This should get dropped when
https://github.com/boltdb/bolt/issues/656 gets solved.
2017-02-02 11:56:08 +08:00
Andrey Nering
e7c3be5f2f Merge pull request #736 from andreynering/fix-windows-ssh
Fix SSH server on Windows when running as service
2017-01-25 14:19:55 -02:00
Bo-Yi Wu
691fbdf1d3 fix: delete attachment after remove comment. 2017-01-25 16:40:43 +01:00
Bwko
8555e888d8 Add ETag header to avatars (#721) 2017-01-25 12:26:31 +08:00
Ethan Koenig
833f8b94c2 Search bar for issues/pulls (#530) 2017-01-25 10:43:02 +08:00