Previously, this required authentication, but there's not actually
any privileged information on this page. Move the endpoint out of
the group that requires sign-in. It still requires the ability to
read issues and pull requests, so private repositories (for instance)
will not be exposed.
Fixes#10312Fixes#11233
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
It is possible for misconfigured protected branches to have required status checks that are not in any of the current statuses: Pending, Success, Error, Failure, or Warning - presumably because the CI has not contacted us as yet.
Fix#10636 by adding case: missing StatusChecks when these are missing
* Fix milestones too many SQL variables bug
* Fix test
* Don't display repositories with no milestone and fix tests
* Remove unused code and add some comments
* Protect against NPEs in notifications list (#10879)
Unfortunately there appears to be potential race with notifications
being set before the associated issue has been committed.
This PR adds protection in to the notifications list to log any failures
and remove these notifications from the display.
References #10815 - and prevents the panic but does not completely fix
this.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* add log import
* Update models/notification.go
Co-Authored-By: Lauris BH <lauris@nix.lv>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix panic in API pulls when headbranch does not exist (#10676)
Backport #10676
* Fix panic in API pulls when headbranch does not exist
* refix other reference to plumbing.ErrReferenceNotFound
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review
Co-Authored-By: Lauris BH <lauris@nix.lv>
Backport #10425
Backport #10511
* Show Signer in commit lists and add basic trust (#10425)
Show the avatar of the signer in the commit list pages as we do not
enforce that the signer is an author or committer. This makes it
clearer who has signed the commit.
Also display commits signed by non-members differently from
members and in particular make it clear when a non-member signer
is different from the committer to help reduce the risk of
spoofing.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Fix the signing icon in the view_list.tmpl page (#10511)
Co-Authored-By: silverwind <me@silverwind.io>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Change admin dashboard to POST (#10465)
* Add form and convert to POST
* Redirect for flash
* Convert octicons back to fa for 1.11
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Change action GETs to POST
* submite = submit + smite
* No more # href
* Fix test
* Match other tests
* Explicit csrf
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
* Fix wrong hint when status checking is running on pull request view
* fix lint
* fix test
* fix test
* fix wrong tmpl
* fix import
* rename function name
* Fix wrong permissions check when issues/prs shared operations
* move redirect to the last of the function
* fix swagger
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix push-to-create
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Check URL path and service
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Send dummy payload on receive-pack GET
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* The space was actually a NUL byte
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Use real bare repo instead of manufactured payload
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
Once a branch has been merged if the commit ID no longer equals that of
the pulls ref commit id don't offer to delete the branch on the pull screen
and don't list it as merged on branches.
Fix#9201
When looking at the pull page we should also get the commits from the refs/pulls/x/head
Fix#9158
