Gitea allows to whitelist email domains so that only email addresses from certain domains are allowed to register an account, but does not currently allows to do the opposite: blacklisting email domains so that addresses from certain domains are *forbidden* to register an account.
The idea has been briefly mentioned in the discussion about issue #6350, but never implemented. This PR does that.
The rationale is that, in my experience of running a Gitea instance, *a single email domain* is responsible for *most* of the spam accounts, and for *all* of the spam accounts that manage to get past the email confirmation step. So on top of the other spam mitigation measures already available (email confirmation, CAPTCHA, etc.), having the option to block a particularly annoying domain would be helpful.
close#13628
Gitea runs diff on highlighted code fragment for each line in order to provide
code highlight diffs. Unfortunately this diff algorithm is not aware that span tags
and entities are atomic and cannot be split.
The current fixup code makes some attempt to fix these broken tags however, it cannot
handle situations where a tag is split over multiple blocks.
This PR provides a more algorithmic fixup mechanism whereby spans and entities are
completely coalesced into their respective blocks.
This may result in a incompletely reduced diff but - it will definitely prevent the
broken entities and spans that are currently possible.
As a result of this fixup several inconsistencies were discovered in our testcases
and these were also fixed.
Fix#14231
Signed-off-by: Andrew Thornton <art27@cantab.net>
When there is a panic during template rendering unrolled/render
will automatically render the error. This leads to the
panic being displayed in the page and not a 500 page
Fix#14467Fix#14525
Signed-off-by: Andrew Thornton <art27@cantab.net>
There is potentially a race with a slow starting internal
queue causing a NPE if Has is checked before the internal
queue has been setup.
This PR adds a lock on the Has() fn.
Fix#14311
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix truncated organization names
Previous ellipsis implementation hid vertical overflow - image + descent line of letters.
Organization visibility in select on dashboard was not always visible.
This commit extracts classes which don't make collisions with other items on page.
* Fix a runtime error when modifying a repository through API call
Using the `PATCH /repos/{owner}/{repo}` endpoint and attempting to
modify `default_branch` on an empty repository will cause a
panic. This commit adds a check for a nil pointer before attempting
to dereference it.
* Apply suggestions from code review
* Apply suggestions from code review
* Ensure that the git repository is loaded
If you change the default branch for a repository you must change it in
git too. Therefore you must open the repository before changing the
default branch.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Allow empty repos to have their default branches changed
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
* Make fileheader sticky #12552
* Remove sticky filenames when width is 480px or less
On mobile phone sticky filename is hidden due to the combination
of many possible widths and lengths.
* Fix text color for .markdown-info
* Fix visual of sticky diff box on 480px or less
- Hide arrow for select buttons.
- Fix changes, additions and deletions.
With flexbox they look very broken.
This commit hides some words to, so the result is:
"123 changed files 987 additions 456 deletions"
- center text in buttons
Co-authored-by: zeripath <art27@cantab.net>
* Added option to disable web hooks
This mod introduces DISABLE_WEB_HOOKS parameter in [security] section
of app.ini (by default set to false). If set to true it disables web
hooks feature. Any existing undelivered web hook tasks will be cancelled.
Any existing web hook definitions will be left untouched in db but
its delivery tasks will be ignored.
Author-Change-Id: IB#1105130
* Webhook spelling fixed
Webhook spelling fixed.
Fixes: 07df6614dc
Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-510868421
Author-Change-Id: IB#1105174
* Parameter description fixed
Parameter description fixed.
Fixes: 07df6614dc
Related: https://github.com/go-gitea/gitea/pull/13176#pullrequestreview-514086107
Author-Change-Id: IB#1105174
* Update go-redis to v8.4.0
* github.com/go-redis/redis/v8 v8.4.0 -> v8.5.0
* Apply suggestions from code review
Co-authored-by: zeripath <art27@cantab.net>
* TODO
* Use the Queue termination channel as the default context for pushes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* missed one
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
GetCommit() assumes that all 40 char strings are SHA1s. This leads to an
error if you try to do a PR on a branch which is 40 characters long.
This PR attempts the SHA first - and if it fails will switch to using rev-parse.
Fix#14470
Signed-off-by: Andrew Thornton <art27@cantab.net>
This PR improves HasPreviousCommit to prevent the automatic and recursive loading
of previous commits using git merge-base --is-ancestor and git rev-list
Fix#13684
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Prevent adding nil label to .AddedLabels or .RemovedLabels
There are possibly a few old databases out there with malmigrated data that can
cause panics with empty labels being migrated.
This PR adds a few tests to prevent nil labels being added.
Fix#14466
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add doctor command to remove the broken label comments
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Memcached TTL cannot be > 30 days and if it is attempted the TTL is interpreted as
a unix timestamp.
This PR ensures that the TTL is switched to a unix timestamp in those cases.
Fix#14571
Signed-off-by: Andrew Thornton <art27@cantab.net>
I do have go-1.13.8 installed and get the error message
```
Gitea requires Go 1.13 or greater to build. You can get it at https://golang.org/dl/
```
I do thing that Go 1.14 or greater is actually required
* Exclude the current dump file from the dump
Always prevent the current file from being added to the dump.
Fix#13618
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add skip custom directory option
Signed-off-by: Andrew Thornton <art27@cantab.net>
* placate lint
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Breaking the pipe is a valid way of killing a piped command and any error from
a broken cat-file batch command should be passed back up to the writer any way
therefore specifically logging it is unnecessary.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add files affected by a commit to gitea API -- similar to github
* Add files affected by a commit to gitea API
* Fix stupid error
* Fix other stupid typo
* Generate swagger tmpl
* Comply with convert to git commit refacto
* update swagger docs
* extend test
* format code
* Update integrations/api_repo_git_commits_test.go
* Update modules/convert/git_commit.go
Co-authored-by: Laurent Cahour <laurent.cahour@dont-nod.com>
Co-authored-by: zeripath <art27@cantab.net>
just log if lang is already loaded since we can not reload it
Co-authored-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
* Add Content-Length header to HEAD requests
This change adds the header Content-Length to HEAD HTTP requests.
The previous behaviour was blocking some Windows executables (i.e
bitsadmin.exe) from downloading files hosted in Gitea.
This along with PR #14541, makes the web server compliant with HTTP RFC 2616 which states
"The methods GET and HEAD MUST be supported by all general-purpose servers"
and
"The HEAD method is identical to GET except that the server MUST NOT return a message-body in the response."
This should also respond to issues #8030 and #14532.
* This change adds the header Content-Length to HEAD HTTP requests
Pass the Size of the content as a parameter to ServeData() instead of
calculating it using ioutil.ReadAll(reader) --> this call is dangerous
and can result in a denial of service.
* Add Content-Length header to HEAD requests
Quick fix for imported dependency not used.
* Check if size is positiv int ...
Co-authored-by: zeripath <art27@cantab.net>
REGISTER_MANUAL_CONFIRM is not honored when doing performing an openid registration. The new account is directly accessible.
With this patch, the manual confirm flag gets honored in the same way as a "normal" registration.
* Fix GPG key deletion when user is deleted
Per #14531, deleting a user account will delete the user's GPG keys
from the `gpg_key` table but not from `gpg_key_import`, which causes
an error when creating an account with the same email and attempting
to re-add the same key. This commit deletes all entries from
`gpg_key_import` that match any GPG key IDs belonging to the user.
* Format added code in models/user.go
* Create a new function for listing GPG keys and apply it
Create a new function `listGPGKeys` and replace a previous use
of `ListGPGKeys`. Thanks to @6543 for the patch.
Co-authored-by: Anton Khimich <anton.khimicha@mail.utoronto.ca>
Co-authored-by: 6543 <6543@obermui.de>