1
1
mirror of https://github.com/go-gitea/gitea synced 2024-10-31 23:34:25 +00:00
Commit Graph

3379 Commits

Author SHA1 Message Date
wxiaoguang
994257d266
Add missing sorting column in project_issue table (#19635) 2022-05-06 22:25:59 +08:00
zeripath
a7f52684cb
Prevent NPE when checking repo units if the user is nil (#19625)
CheckRepoUnitUser should tolerate nil users.

Fix #19613

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-05-06 11:54:22 +08:00
singuliere
b536b65189
GetFeeds must always discard actions with dangling repo_id (#19598)
* GetFeeds must always discard actions with dangling repo_id

See https://discourse.gitea.io/t/blank-page-after-login/5051/12
for a panic in 1.16.6.

* add comment to explain the dangling ID in the fixture

* loadRepoOwner must not attempt to use a nil action.Repo

* make fmt

Co-authored-by: Loïc Dachary <loic@dachary.org>
2022-05-05 11:39:26 -04:00
Gusted
3114cd30b8
Only check for non-finished migrating task (#19601)
* Only check for non-finished migrating task

- Only check if a non-finished migrating task exists for a mirror before
fetching the mirror details from the database.
- Resolves #19600
- Regression: #19588

* Clarify function
2022-05-04 12:09:42 +02:00
6543
92f139d091
Use for a repo action one database transaction (#19576)
... more context

(part of #9307)
2022-05-03 21:46:28 +02:00
Gusted
982b726b08
Don't fetch Mirror when it's migrating (#19588)
- When a repository is still being migrated, don't try to fetch the
Mirror from the database. Instead skip it. This allows to visit
repositories that are still being migrated and were configured to be
mirrored.
- Resolves #19585
- Regression: #19295

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-05-03 16:55:17 +03:00
Lunny Xiao
772ad761eb
Fix some slice problems (incorrect slice length) (#19592) 2022-05-03 17:04:23 +08:00
6543
e2a3f3d259
Federation: return useful statistic information for nodeinfo (#19561)
Add statistic information for total user count, active user count, issue count and comment count for `/nodeinfo`
2022-05-02 21:35:45 +08:00
wxiaoguang
71bafa0263
ignore DNS error when doing migration allow/block check (#19566)
Co-authored-by: 6543 <6543@obermui.de>
2022-05-02 12:02:17 +08:00
Jimmy Praet
5aebc4f000
Respect DefaultUserIsRestricted system default when creating new user (#19310)
* Apply DefaultUserIsRestricted in CreateUser

* Enforce system defaults in CreateUser

Allow for overwrites with CreateUserOverwriteOptions

* Fix compilation errors

* Add "restricted" option to create user command

* Add "restricted" option to create user admin api

* Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed

* Revert "Respect default setting.Service.RegisterEmailConfirm and setting.Service.RegisterManualConfirm where needed"

This reverts commit ee95d3e8dc.
2022-04-29 15:38:11 -04:00
Florin Hillebrand
ad6d08d155
Add API to query collaborators permission for a repository (#18761)
Targeting #14936, #15332

Adds a collaborator permissions API endpoint according to GitHub API: https://docs.github.com/en/rest/collaborators/collaborators#get-repository-permissions-for-a-user to retrieve a collaborators permissions for a specific repository.

### Checks the repository permissions of a collaborator. 

`GET` `/repos/{owner}/{repo}/collaborators/{collaborator}/permission`

Possible `permission` values are `admin`, `write`, `read`, `owner`, `none`.

```json
{
  "permission": "admin",
  "role_name": "admin",
  "user": {}
}
```

Where `permission` and `role_name` hold the same `permission` value and `user` is filled with the user API object. Only admins are allowed to use this API endpoint.
2022-04-29 14:24:38 +02:00
qwerty287
8eb1cd9264
Add "Allow edits from maintainer" feature (#18002)
Adds a feature [like GitHub has](https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/proposing-changes-to-your-work-with-pull-requests/creating-a-pull-request-from-a-fork) (step 7).
If you create a new PR from a forked repo, you can select (and change later, but only if you are the PR creator/poster) the "Allow edits from maintainers" option.
Then users with write access to the base branch get more permissions on this branch:
* use the update pull request button
* push directly from the command line (`git push`)
* edit/delete/upload files via web UI
* use related API endpoints

You can't merge PRs to this branch with this enabled, you'll need "full" code write permissions.

This feature has a pretty big impact on the permission system. I might forgot changing some things or didn't find security vulnerabilities. In this case, please leave a review or comment on this PR.

Closes #17728

Co-authored-by: 6543 <6543@obermui.de>
2022-04-28 17:45:33 +02:00
6543
06e4687cec
more context for models (#19511)
make more usage of context, to have more db transaction in one session

(make diff of  #9307 smaller)
2022-04-28 13:48:48 +02:00
Lunny Xiao
6cc8aed737
Fix two typos (#19504) 2022-04-26 18:01:42 +02:00
Gusted
4e912a61c8
Improve Stopwatch behavior (#18930)
- Don't send empty stopwatch over and over again, only send once.
- Stop interval to update stopwatch's timer when there is no more stopwatch.
2022-04-25 22:45:22 +02:00
6543
ddbbe6e15c
User specific repoID or xorm builder conditions for issue search (#19475)
* extend models.IssuesOptions to have more specific repo filter options

* use new options

* unrelated refactor

* rm RepoIDs
2022-04-25 16:06:24 +02:00
Lunny Xiao
fc002860d8
Simplify the code to get issue count (#19380)
* Simple the code to get issue count

* Improve codes
2022-04-25 15:04:42 +08:00
Gusted
ebe569a268
Set correct PR status on 3way on conflict checking (#19457)
* Set correct PR status on 3way on conflict checking

- When 3-way merge is enabled for conflict checking, it has a new
interesting behavior that it doesn't return any error when it found a
conflict, so we change the condition to not check for the error, but
instead check if conflictedfiles is populated, this fixes a issue
whereby PR status wasn't correctly on conflicted PR's.
- Refactor the mergeable property(which was incorrectly set and lead me this
bug) to be more maintainable.
- Add a dedicated test for conflicting checking, so it should prevent
future issues with this.

* Fix linter
2022-04-21 22:55:45 +01:00
qwerty287
ae6a52440a
Fix panic in team repos API (#19431)
* Fix panic in team repos API

* Fix pagination

* fmt
2022-04-20 18:43:26 +08:00
KN4CK3R
18727df73a
Add Helm Chart registry (#19406) 2022-04-19 12:55:35 -04:00
Lunny Xiao
b8911fb456
Use a struct as test options (#19393)
* Use a struct as test options

* Fix name

* Fix test
2022-04-14 21:58:21 +08:00
wxiaoguang
d906858847
Use "main" as default branch name (#19354)
* Use "main" as default branch name

* fix test code
2022-04-08 23:26:48 -05:00
Lunny Xiao
1dfa26e00e
Move milestone to models/issues/ (#19278)
* Move milestone to models/issues/

* Fix lint

* Fix test

* Fix lint

* Fix lint
2022-04-08 17:11:15 +08:00
6543
75f8534c3a
API: Search Issues, dont show 500 if filter result in empty list (#19244)
* remove error who is none

* use setupSessionNoLimit instead of setupSessionWithLimit when no pagination

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-04-08 04:39:03 +02:00
KN4CK3R
5e242e021b
Package registry changes (#19305)
* removed debug logs
* fixed SELECT
* removed unneeded error type
* use common SearchVersions method
* remove empty container upload versions
* return err
2022-04-06 03:32:09 +02:00
wxiaoguang
4f27c28947
Remove legacy unknwon/com package (#19298)
Follows: #19284
* The `CopyDir` is only used inside test code
* Rewrite `ToSnakeCase` with more test cases
* The `RedisCacher` only put strings into cache, here we use internal `toStr` to replace the legacy `ToStr`
* The `UniqueQueue` can use string as ID directly, no need to call `ToStr`
2022-04-02 00:34:57 +08:00
wxiaoguang
65f17bfc31
Refactor legacy unknwon/com package, improve golangci lint (#19284)
The main purpose is to refactor the legacy `unknwon/com` package.
1. Remove most imports of `unknwon/com`, only `util/legacy.go` imports the legacy `unknwon/com`
2. Use golangci's depguard to process denied packages
3. Fix some incorrect values in golangci.yml, eg, the version should be quoted string `"1.18"`
4. Use correctly escaped content for `go-import` and `go-source` meta tags
5. Refactor `com.Expand` to our stable (and the same fast) `vars.Expand`, our `vars.Expand` can still return partially rendered content even if the template is not good (eg: key mistach).
2022-04-01 16:47:50 +08:00
Lunny Xiao
89b9d42f08
Fix broken of team create (#19288)
* Fix broken of team create

* Update models/organization/team.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-04-01 14:05:31 +08:00
wxiaoguang
124b072f0b
Remove git.Command.Run and git.Command.RunInDir* (#19280)
Follows #19266, #8553, Close #18553, now there are only three `Run..(&RunOpts{})` functions.
 * before: `stdout, err := RunInDir(path)`
 * now: `stdout, _, err := RunStdString(&git.RunOpts{Dir:path})`
2022-04-01 10:55:30 +08:00
Lunny Xiao
3a73645502
Performance improvement for add team user when org has more than 1000 repositories (#19227)
* performance improvement for add team user when org has more than 1000 repositories

* Fix bug

* Fix bug
2022-04-01 09:53:18 +08:00
6543
9c349a4277
Move checks for pulls before merge into own function (#19271)
This make checks in one single place so they dont differ and maintainer can not forget a check in one place while adding it to the other .... ( as it's atm )

Fix:
* The API does ignore issue dependencies where Web does not
* The API checks if "IsSignedIfRequired" where Web does not - UI probably do but nothing will some to craft custom requests
* Default merge message is crafted a bit different between API and Web if not set on specific cases ...
2022-03-31 16:53:08 +02:00
Lunny Xiao
d4f84f1c93
Move reaction to models/issues/ (#19264)
* Move reaction to models/issues/

* Fix test

* move the function

* improve code

* Update models/issues/reaction.go

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-31 17:20:39 +08:00
Gusted
43332a483f
Update reserved usernames list (#18438)
Adding additional usernames which are already routes, remove unused ones.
In future, avoid reserving names as much as possible, use `/-/` in path instead.
2022-03-31 12:02:13 +08:00
wxiaoguang
c83168104b
Use a more general (and faster) method to sanitize URLs with credentials (#19239)
Use a more general method to sanitize URLs with credentials: Simple and intuitive / Faster /  Remove all credentials in all URLs
2022-03-31 10:25:40 +08:00
KN4CK3R
1d332342db
Add Package Registry (#16510)
* Added package store settings.

* Added models.

* Added generic package registry.

* Added tests.

* Added NuGet package registry.

* Moved service index to api file.

* Added NPM package registry.

* Added Maven package registry.

* Added PyPI package registry.

* Summary is deprecated.

* Changed npm name.

* Sanitize project url.

* Allow only scoped packages.

* Added user interface.

* Changed method name.

* Added missing migration file.

* Set page info.

* Added documentation.

* Added documentation links.

* Fixed wrong error message.

* Lint template files.

* Fixed merge errors.

* Fixed unit test storage path.

* Switch to json module.

* Added suggestions.

* Added package webhook.

* Add package api.

* Fixed swagger file.

* Fixed enum and comments.

* Fixed NuGet pagination.

* Print test names.

* Added api tests.

* Fixed access level.

* Fix User unmarshal.

* Added RubyGems package registry.

* Fix lint.

* Implemented io.Writer.

* Added support for sha256/sha512 checksum files.

* Improved maven-metadata.xml support.

* Added support for symbol package uploads.

* Added tests.

* Added overview docs.

* Added npm dependencies and keywords.

* Added no-packages information.

* Display file size.

* Display asset count.

* Fixed filter alignment.

* Added package icons.

* Formatted instructions.

* Allow anonymous package downloads.

* Fixed comments.

* Fixed postgres test.

* Moved file.

* Moved models to models/packages.

* Use correct error response format per client.

* Use simpler search form.

* Fixed IsProd.

* Restructured data model.

* Prevent empty filename.

* Fix swagger.

* Implemented user/org registry.

* Implemented UI.

* Use GetUserByIDCtx.

* Use table for dependencies.

* make svg

* Added support for unscoped npm packages.

* Add support for npm dist tags.

* Added tests for npm tags.

* Unlink packages if repository gets deleted.

* Prevent user/org delete if a packages exist.

* Use package unlink in repository service.

* Added support for composer packages.

* Restructured package docs.

* Added missing tests.

* Fixed generic content page.

* Fixed docs.

* Fixed swagger.

* Added missing type.

* Fixed ambiguous column.

* Organize content store by sha256 hash.

* Added admin package management.

* Added support for sorting.

* Add support for multiple identical versions/files.

* Added missing repository unlink.

* Added file properties.

* make fmt

* lint

* Added Conan package registry.

* Updated docs.

* Unify package names.

* Added swagger enum.

* Use longer TEXT column type.

* Removed version composite key.

* Merged package and container registry.

* Removed index.

* Use dedicated package router.

* Moved files to new location.

* Updated docs.

* Fixed JOIN order.

* Fixed GROUP BY statement.

* Fixed GROUP BY #2.

* Added symbol server support.

* Added more tests.

* Set NOT NULL.

* Added setting to disable package registries.

* Moved auth into service.

* refactor

* Use ctx everywhere.

* Added package cleanup task.

* Changed packages path.

* Added container registry.

* Refactoring

* Updated comparison.

* Fix swagger.

* Fixed table order.

* Use token auth for npm routes.

* Enabled ReverseProxy auth.

* Added packages link for orgs.

* Fixed anonymous org access.

* Enable copy button for setup instructions.

* Merge error

* Added suggestions.

* Fixed merge.

* Handle "generic".

* Added link for TODO.

* Added suggestions.

* Changed temporary buffer filename.

* Added suggestions.

* Apply suggestions from code review

Co-authored-by: Thomas Boerger <thomas@webhippie.de>

* Update docs/content/doc/packages/nuget.en-us.md

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Thomas Boerger <thomas@webhippie.de>
2022-03-30 16:42:47 +08:00
6543
3e88af898a
Make git.OpenRepository accept Context (#19260)
* OpenRepositoryCtx -> OpenRepository
* OpenRepository -> openRepositoryWithDefaultContext, only for internal usage
2022-03-30 03:13:41 +08:00
zeripath
1eebbf23f0
When conflicts have been previously detected ensure that they can be resolved (#19247)
There is yet another problem with conflicted files not being reset when
the test patch resolves them.

This PR adjusts the code for checkConflicts to reset the ConflictedFiles
field immediately at the top. It also adds a reset to conflictedFiles
for the manuallyMerged and a shortcut for the empty status in
protectedfiles.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-29 18:42:34 +02:00
Lunny Xiao
74731c3a5a
Move some issue methods as functions (#19255)
* Move some issue methods as functions

* Fix bug
2022-03-29 16:57:33 +02:00
Lunny Xiao
bd97736b9c
Move project files into models/project sub package (#17704)
* Move project files into models/project sub package

* Fix test

* Fix test

* Fix test

* Fix build

* Fix test

* Fix template bug

* Fix bug

* Fix lint

* Fix test

* Fix import

* Improve codes

Co-authored-by: 6543 <6543@obermui.de>
2022-03-29 22:16:31 +08:00
Lunny Xiao
76aa33d884
Move init repository related functions to modules (#19159)
* Move init repository related functions to modules

* Fix lint

* Use ctx but db.DefaultContext

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-29 15:23:45 +08:00
Lunny Xiao
b06b9a056c
Move organization related structs into sub package (#18518)
* Move organization related structs into sub package

* Fix test

* Fix lint

* Move more functions into sub packages

* Fix bug

* Fix test

* Update models/organization/team_repo.go

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

* Apply suggestions from code review

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>

* Fix fmt

* Follow suggestion from @Gusted

* Fix test

* Fix test

* Fix bug

* Use ctx but db.DefaultContext on routers

* Fix bug

* Fix bug

* fix bug

* Update models/organization/team_user.go

* Fix bug

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-03-29 14:29:02 +08:00
wxiaoguang
d4c789dfc1
Refactor repo clone button and repo clone links, fix JS error on empty repo page (#19208)
The last PR about clone buttons introduced an JS error when visiting an empty repo page:
* https://github.com/go-gitea/gitea/pull/19028
* `Uncaught ReferenceError: isSSH is not defined`, because the variables are scoped and doesn't share between sub templates.

This:
1. Simplify `templates/repo/clone_buttons.tmpl` and make code clear
2. Move most JS code into `initRepoCloneLink`
3. Remove unused `CloneLink.Git`
4. Remove `ctx.Data["DisableSSH"] / ctx.Data["ExposeAnonSSH"] / ctx.Data["DisableHTTP"]`, and only set them when is is needed (eg: deploy keys / ssh keys)
5. Introduce `Data["CloneButton*"]` to provide data for clone buttons and links
6. Introduce `Data["RepoCloneLink"]` for the repo clone link (not the wiki)
7. Remove most `ctx.Data["PageIsWiki"]` because it has been set in the `/wiki` middleware
8. Remove incorrect `quickstart` class in `migrating.tmpl`
2022-03-29 05:21:30 +02:00
Pilou
893c8938fc
New cron task: delete old system notices (#19219)
Add a new cron task which deletes the old system notices.
2022-03-28 13:54:59 +01:00
zeripath
d6fa138e7c
Only send webhook events to active system webhooks and only deliver to active hooks (#19234)
There is a bug in the system webhooks whereby the active state is not checked when
webhooks are prepared and there is a bug that deactivating webhooks do not prevent
queued deliveries.

* Only add SystemWebhooks to the prepareWebhooks list if they are active
* At the time of delivery if the underlying webhook is not active mark it
as "delivered" but with a failed delivery so it does not get delivered.

Fix #19220

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-28 11:17:21 +08:00
zeripath
d2ca021df0
Touch mirrors on even on fail to update (#19217)
* Touch mirrors on even on fail to update

If a mirror fails to be synchronised it should be pushed to the bottom of the queue
of the awaiting mirrors to be synchronised. At present if there LIMIT number of
broken mirrors they can effectively prevent all other mirrors from being synchronized
as their last_updated time will remain earlier than other mirrors.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-27 15:40:17 +01:00
Abheek Dhawan
f316582458
Set the default branch for repositories generated from templates (#19136)
* Set the default branch for repositories generated from templates
* Allows default branch to be set through the API for repos generated from templates
* Update swagger API template
* Only set default branch to the one from the template if not specified
* Use specified default branch if it exists while generating git commits

Fix #19082 

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-03-27 03:56:28 +01:00
Gusted
a5f2894071
Fix showing issues in your repositories (#18916)
- Make a restriction on which issues can be shown based on if you the user or team has write permission to the repository.
- Fixes a issue whereby you wouldn't see any associated issues with a specific team on a organization if you wasn't a member(fixed by zeroing the User{ID} in the options).
- Resolves #18913
2022-03-23 23:57:09 +01:00
wxiaoguang
2b55422cd7
Fix the bug: deploy key with write access can not push (#19010)
Use DeployKeyID to replace the IsDeployKey, then CanWriteCode uses the DeployKeyID to check the write permission.
2022-03-22 17:29:07 +08:00
Norwin
77d1c7bf2f
Cleanup protected branches when deleting users & teams (#19158)
* Clean up protected_branches when deleting user

fixes #19094

* Clean up protected_branches when deleting teams

* fix issue

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-03-22 09:09:45 +08:00
Otto Richter (fnetX)
04fcf23ea3
Delete related notifications on issue deletion too (#18953)
* use .Decr for issue comment counting

* Remove notification on issue removal
2022-03-17 23:04:09 +01:00
6543
45f8d97131
nit fix (#19116) 2022-03-17 20:04:36 +02:00
Aravinth Manivannan
fa73cbf5a7
Store the foreign ID of issues during migration (#18446)
Storing the foreign identifier of an imported issue in the database is a prerequisite to implement idempotent migrations or mirror for issues. It is a baby step towards mirroring that introduces a new table.

At the moment when an issue is created by the Gitea uploader, it fails if the issue already exists. The Gitea uploader could be modified so that, instead of failing, it looks up the database to find an existing issue. And if it does it would update the issue instead of creating a new one. However this is not currently possible because an information is missing from the database: the foreign identifier that uniquely represents the issue being migrated is not persisted. With this change, the foreign identifier is stored in the database and the Gitea uploader will then be able to run a query to figure out if a given issue being imported already exists.

The implementation of mirroring for issues, pull requests, releases, etc. can be done in three steps:

1. Store an identifier for the element being mirrored (issue, pull request...) in the database (this is the purpose of these changes)
2. Modify the Gitea uploader to be able to update an existing repository with all it contains (issues, pull request...) instead of failing if it exists
3. Optimize the Gitea uploader to speed up the updates, when possible.

The second step creates code that does not yet exist to enable idempotent migrations with the Gitea uploader. When a migration is done for the first time, the behavior is not changed. But when a migration is done for a repository that already exists, this new code is used to update it.

The third step can use the code created in the second step to optimize and speed up migrations. For instance, when a migration is resumed, an issue that has an update time that is not more recent can be skipped and only newly created issues or updated ones will be updated. Another example of optimization could be that a webhook notifies Gitea when an issue is updated. The code triggered by the webhook would download only this issue and call the code created in the second step to update the issue, as if it was in the process of an idempotent migration.

The ForeignReferences table is added to contain local and foreign ID pairs relative to a given repository. It can later be used for pull requests and other artifacts that can be mirrored. Although the foreign id could be added as a single field in issues or pull requests, it would need to be added to all tables that represent something that can be mirrored. Creating a new table makes for a simpler and more generic design. The drawback is that it requires an extra lookup to obtain the information. However, this extra information is only required during migration or mirroring and does not impact the way Gitea currently works.

The foreign identifier of an issue or pull request is similar to the identifier of an external user, which is stored in reactions, issues, etc. as OriginalPosterID and so on. The representation of a user is however different and the ability of users to link their account to an external user at a later time is also a logic that is different from what is involved in mirroring or migrations. For these reasons, despite some commonalities, it is unclear at this time how the two tables (foreign reference and external user) could be merged together.

The ForeignID field is extracted from the issue migration context so that it can be dumped in files with dump-repo and later restored via restore-repo.

The GetAllComments downloader method is introduced to simplify the implementation and not overload the Context for the purpose of pagination. It also clarifies in which context the comments are paginated and in which context they are not.

The Context interface is no longer useful for the purpose of retrieving the LocalID and ForeignID since they are now both available from the PullRequest and Issue struct. The Reviewable and Commentable interfaces replace and serve the same purpose.

The Context data member of PullRequest and Issue becomes a DownloaderContext to clarify that its purpose is not to support in memory operations while the current downloader is acting but is not otherwise persisted. It is, for instance, used by the GitLab downloader to store the IsMergeRequest boolean and sort out issues.

---
[source](https://lab.forgefriends.org/forgefriends/forgefriends/-/merge_requests/36)

Signed-off-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: Loïc Dachary <loic@dachary.org>
2022-03-17 18:08:35 +01:00
Lunny Xiao
18033f49ba
Restrict email address validation (#17688)
This didn't follow the RFC but it's a subset of that. I think we should narrow the allowed chars at first and discuss more possibility in future PRs.
2022-03-14 18:39:54 +01:00
6543
bc0d2c8ada
RSS/Atom support for Repos (#19055)
* support for repos
* refactor
* advertise the feeds via meta tags
* allow feed suffix and feed header
* optimize performance
2022-03-13 17:40:47 +01:00
zeripath
886b1de949
Update the webauthn_credential_id_sequence in Postgres (#19048)
* Update the webauthn_credential_id_sequence in Postgres

There is (yet) another problem with v210 in that Postgres will silently allow preset
ID insertions ... but it will not update the sequence value.

This PR simply adds a little step to the end of the v210 migration to update the
sequence number.

Users who have already migrated who find that they cannot insert new
webauthn_credentials into the DB can either run:

```bash
gitea doctor recreate-table webauthn_credential
```

or

```bash
./gitea doctor --run=check-db-consistency --fix
```

which will fix the bad sequence.

Fix #19012

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-10 23:04:55 +01:00
6543
ba470a85dd
use xorm builder for models.getReviewers() (#19033)
* xorm builder

* dedup code
2022-03-10 19:12:10 +01:00
6543
cc98737ca8
RSS/Atom support for Orgs (#17714)
part of #569
2022-03-10 15:54:51 +01:00
zeripath
75eb6cc9c1
Improve SyncMirrors logging (#19045)
Yet another issue has come up where the logging from SyncMirrors does not provide
enough context. This PR adds more context to these logging events.

Related #19038

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-03-10 10:09:48 +00:00
Norwin
eceab9e26f
Allow users to self-request a PR review (#19030)
The review request feature was added in https://github.com/go-gitea/gitea/pull/10756,
where the doer got explicitly excluded from available reviewers. I don't see a
functionality or security related reason to forbid this case.

As shown by GitHubs implementation, it may be useful to self-request a review,
to be reminded oneselves about reviewing, while communicating to team mates that a
review is missing.

Co-authored-by: delvh <dev.lh@web.de>
2022-03-08 22:48:47 +01:00
Otto Richter (fnetX)
e46a8c90ea
Fix potential assignee query for repo (#18994)
* Fix potential assignee query for repo

* Add tests for `GetRepoAssignees`

- As per https://github.com/go-gitea/gitea/pull/18994#issuecomment-1058506640

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-04 18:29:12 +00:00
Jimmy Praet
5184c83f6b
Add config option to disable "Update branch by rebase" (#18745) 2022-03-04 03:30:49 -05:00
eladyn
7a893dab39
ignore missing comment for user notifications (#18954)
* ignore missing comment for user notifications

* instead fix bug in notifications model

* use local variable instead

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-03-03 16:18:26 +01:00
6543
eddd2fb242
fix & refactor (#18973)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-03-03 19:51:13 +08:00
KN4CK3R
f3cbdee38e
Don't clean up hardcoded tmp (#18983)
* Don't clean up hardcoded `tmp`.

* Fixed import.
2022-03-02 23:50:29 +01:00
Lunny Xiao
04971c33a3
Improve the deletion of issue (#18945)
Co-authored-by: 6543 <6543@obermui.de>
2022-03-02 18:38:56 +01:00
wxiaoguang
dd712b77f7
Refactor admin user filter query parameters (#18965)
Only pass `status_filter` on admin page
Use a more general method to pass query parameters, remove hard-coded keys
2022-03-02 16:30:14 +01:00
6543
1f45d1e130
Accounts with WebAuthn only (no TOTP) now exist ... fix code to handle that case (#18897) 2022-03-02 01:24:31 +01:00
Otto Richter (fnetX)
062fd4c217
[API] Allow removing issues (#18879)
Add new feature to delete issues and pulls via API

Co-authored-by: fnetx <git@fralix.ovh>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-03-01 01:20:15 +01:00
René Schaar
6859b69198
Refactor SecToTime() function (#18863)
- Add helper method to reduce redundancy
- Expand the scope from displaying days to years
- Reduce irrelevance by not displaying small units (hours, minutes, seconds) when bigger ones apply (years)
2022-02-28 23:57:20 +01:00
Lunny Xiao
b75ad7b87f
Improve mirror iterator (#18928)
* Improve mirror iterator

* fix test
2022-02-28 20:41:06 +01:00
Gusted
548adb94b4
Avoid database lookups for DescriptionHTML (#18924)
* Avoid database lookups for `DescriptionHTML`

- Don't Compose meta's for DescriptionHTML, they are only needed in
order to correctly format and show issue's but it's highly unlikely that
a repository description will refer to a local issue.

Using 125 Connections for 5 seconds: on `/explore/repos`(which is the most
noticeable usage by this function's database lookups):

Before:

Statistics        Avg      Stdev        Max
  Reqs/sec       569.41     506.05    2715.00
  Latency      214.27ms    16.60ms   294.84ms
  HTTP codes:
    1xx - 0, 2xx - 2974, 3xx - 0, 4xx - 0, 5xx - 0
    others - 0
  Throughput:    27.17MB/s

After:

Statistics        Avg      Stdev        Max
  Reqs/sec      1585.04     789.84    4144.56
  Latency       78.89ms    15.89ms   206.94ms
  HTTP codes:
    1xx - 0, 2xx - 7975, 3xx - 0, 4xx - 0, 5xx - 0
    others - 0
  Throughput:    73.85MB/s

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2022-02-27 18:51:34 +01:00
Gusted
f56bba1a78
Fix trace log to show value instead of pointers (#18926)
- Fixes a issue with a trace of repo.Units whereby it would show the pointers.

Before:
![image](https://user-images.githubusercontent.com/25481501/155876811-036bf40e-db89-4e09-ac00-0c78ce3f5bef.png)

After:
![image](https://user-images.githubusercontent.com/25481501/155885102-16c9cf29-314b-4f32-bcee-80e332f63dec.png)
2022-02-27 15:49:22 +00:00
qwerty287
1563a45623
Fix page and missing return on unadopted repos API (#18848)
* Fix page and missing return on unadopted repos API

Page must be 1 if it's not specified and it should return after sending an internal server error.

* Allow ignore pages

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-27 20:17:42 +08:00
KN4CK3R
5b0cdd6155
Set is_empty in fixtures (#18869) 2022-02-26 01:15:25 -05:00
Gusted
33e19c8004
Don't update email for organisation (#18905)
- Fix regression caused by: f1b1472632
- Don't try to insert a email for Organisation(as they don't have one).
- Resolves #18891

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-26 10:38:08 +08:00
KN4CK3R
9d7a431b71
Set is_private in fixtures. (#18868)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-25 16:22:20 -05:00
Lunny Xiao
a5e8daee73
Fix migration v210 (#18892) 2022-02-25 15:04:59 +01:00
singuliere
49cab2b01f
migrations: add test for importing pull requests in gitea uploader (#18752)
* logs: add the buffer logger to inspect logs during testing

Signed-off-by: Loïc Dachary <loic@dachary.org>

* migrations: add test for importing pull requests in gitea uploader

Signed-off-by: Loïc Dachary <loic@dachary.org>

* for each git.OpenRepositoryCtx, call Close

* Content is expected to return the content of the log

* test for errors before defer

Co-authored-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-25 17:20:50 +08:00
Lunny Xiao
6621710deb
Fix update user (#18878) 2022-02-24 19:29:10 +01:00
Lunny Xiao
f1b1472632
Fix ldap user sync missed email in email_address table (#18786)
* Fix ldap user sync missed email in email_address table

* Fix test
2022-02-24 14:13:59 +08:00
zeripath
cb41f5cae1
Update assignees check to include any writing team and change org sidebar (#18680)
Following the merging of #17811 teams can now have differing write and readonly permissions, however the assignee list will not include teams which have mixed perms.

Further the org sidebar is no longer helpful as it can't describe these mixed permissions situations.

Fix #18572

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-23 22:07:05 +00:00
silverwind
2b9df564b8
Lock gofumpt to v0.3.0 and run it (#18866)
We can't depend on `latest` version of gofumpt because the output will
not be stable across versions. Lock it down to the latest version
released yesterday and run it again.
2022-02-23 20:16:07 +00:00
Lunny Xiao
dc988eae0c
Fix bug for get user by email (#18833)
Co-authored-by: zeripath <art27@cantab.net>
2022-02-21 22:20:34 +08:00
Wim
a387636b9a
Show fullname on issue edits and gpg/ssh signing info (#18827)
Show missing full names when configured to do so

Co-authored-by: zeripath <art27@cantab.net>
2022-02-20 19:50:11 +00:00
Johan Van de Wauw
0cc2675c44
Fix ldap loginname (#18789)
* Use email_address table to check user's email when login with email adress

* Update services/auth/signin.go

* Fix test

* Fix test

* Fix logging in with ldap username != loginname

* Fix if user does not exist yet

* Make more clear this is loginName

* Fix formatting

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-02-18 17:33:00 +08:00
Lunny Xiao
397d2ac303
Move deletebeans into models/db (#18781) 2022-02-17 16:37:48 +08:00
zeripath
3a29a23cdc
Attempt to fix the webauthn migration again - part 3 (#18770)
v208.go is seriously broken as it misses an ID() check. We need to no-op and remigrate all of the u2f keys.

See #18756

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-16 21:03:58 +00:00
René Schaar
609c91665e
Fix display time of milestones (#18753)
* Fix display time of milestones

* Move the SecToTime function

From the models/issue_stopwatch.go file to the modules/util package

* Rename the sec_to_time file

* Updated formatting

* Include copyright notice in sec_to_time.go

* Apply PR review suggestions

- Update copyright notice dates to 2022
- Change `1 day 3h 5min 7s` to `1d 3h 5m 7s`

* Rename hrs var and combine conditions

* Update unit tests to match new time pattern

Changed `1min` to `1m`

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-16 00:50:10 +08:00
Lunny Xiao
581a563cac
Ignore the migrate if u2f_registration is not exist (#18760) 2022-02-14 08:13:17 +00:00
zeripath
32599bf060
Increase the size of the webauthn_credential credential_id field (#18739)
Unfortunately credentialIDs in u2f are 255 bytes long which with base32 encoding
becomes 408 bytes. The default size of a xorm string field is only a VARCHAR(255)

This problem is not apparent on SQLite because strings get mapped to TEXT there.

Fix #18727

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-13 21:19:12 +00:00
Gusted
ae0d8d94df
Let MinUnitAccessMode return correct perm (#18675)
- Don't let `TypeExternalTracker` or `TypeExternalWiki` influence the
minimal permission, as they won't be higher than read. So even if all
the other ones are write, these 2 will ensure that's not higher than
read.
- Partially resolves #18572 (Point 1,2,5?)

Co-authored-by: zeripath <art27@cantab.net>
2022-02-08 21:16:17 +00:00
Viktor Suprun
4d939845d2
Added auto-save whitespace behavior if it changed manually (#15566) 2022-02-08 14:15:04 +08:00
Clar Fon
99d14f6051
Add separate SSH_USER config option (#17584)
Co-authored-by: zeripath <art27@cantab.net>
2022-02-07 16:56:45 -05:00
Clar Fon
9911b66aea
Be more lenient with label colors (#17752)
Accept 12-bit color specifications.
2022-02-07 21:21:02 +00:00
singuliere
3a91f845e8
remove redundant call to UpdateRepoStats during migration (#18591)
There is no need to call UpdateRepoStats in the InsertIssues and
InsertPullRequests function. They are only called during migration by
the CreateIssues and CreateReviews methods of the gitea uploader.

The UpdateRepoStats function will be called by the Finish method of
the gitea uploader after all reviews and issues are inserted. Calling
it before is therefore redundant and the associated SQL requests are
not cheap.

The statistics tests done after inserting an issue or a pull request
are also removed. They predate the implementation of UpdateRepoStats,
back when the calculation of the statistics was an integral part of
the migration function. The UpdateRepoStats is now tested
independantly and these tests are no longer necessary.

Signed-off-by: singuliere <singuliere@autistici.org>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-02-07 10:43:08 -05:00
wxiaoguang
47c1b623dd
No longer show the db-downgrade SQL in production (#18653)
* make messages more friendly
2022-02-07 12:04:12 +02:00
6543
3043eb36bf
Delete old git.NewCommand() and use it as git.NewCommandContext() (#18552) 2022-02-06 20:01:47 +01:00
Gusted
7a42e35741
Pass correct context (#18638)
- Pass the correct context into `db.GetEngine()`.
- Introduced in: https://github.com/go-gitea/gitea/pull/18604
2022-02-06 12:05:07 +00:00
singuliere
8bd89ca294
preserve users if restoring a repository on the same Gitea instance (#18604)
When calling DumpRepository and RestoreRepository on the same Gitea
instance, the users are preserved: all labels, issues etc. belong to
the external user who is, in this particular case, the local user.

Dead code verifying g.gitServiceType.Name() == "" (i.e. plain git) is
removed. The function is never called because the plain git downloader
does not migrate anything that is associated to a user, by definition.

Errors returned by GetUserIDByExternalUserID are no longer ignored.

The userMap is used when the external user is not kown, which is the
most common case. It was only used when the external user exists
which happens less often and, as a result, every occurence of an
unknown external user required a SQL query.

Signed-off-by: Loïc Dachary <loic@dachary.org>

Co-authored-by: Loïc Dachary <loic@dachary.org>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-02-06 17:05:29 +08:00
Gusted
aa23f477b7
Use CryptoRandomBytes instead of CryptoRandomString (#18439)
- Switch to use `CryptoRandomBytes` instead of `CryptoRandomString`, OAuth's secrets are copied pasted and don't need to avoid dubious characters etc.
- `CryptoRandomBytes` gives ![2^256 = 1.15 * 10^77](https://render.githubusercontent.com/render/math?math=2^256%20=%201.15%20\cdot%2010^77) `CryptoRandomString` gives ![62^44 = 7.33 * 10^78](https://render.githubusercontent.com/render/math?math=62^44%20=%207.33%20\cdot%2010^78) possible states.
- Add a prefix, such that code scanners can easily grep these in source code.
- 32 Bytes + prefix
2022-02-04 18:03:15 +01:00