* cleaned permission checks for API -> site admin can now do anything
Signed-off-by: Vasek Sraier <git@vakabus.cz>
* PR #6483: helper methods moved to context/context.go, added missing return
Signed-off-by: Vasek Sraier <git@vakabus.cz>
* PR #6483: added documentation to new exported helper functions in context/context.go
Signed-off-by: Vasek Sraier <git@vakabus.cz>
* Use stricter boundaries for auto-link detection
Currently autolinks use \W for boundary detection which creates many
situations of inserting links into places they don't belong (paths,
URLs, UUIDs, etc...)
This fixes that by replacing \W and only allowing these matches to touch
an open paren or bracket (matching what seems to be Github behavior) in
addition to whitespace and start of line. Similar for ending boundary as
well.
Fixes#6149
(and probably others)
* Update test
Replace incorrect test with a value that is a valid username, based on:
"Username should contain only alphanumeric, dash ('-'), underscore ('_')
and dot ('.') characters."
* Also allow for period at the end
Matching Github behavior
* Fix email regex to work properly with specificed boundaries
Create a specific capture group for email address and then use
FindStringSubmatchIndex to allow for non-matching patterns as
boundaries.
* Add Tests
Add tests for new behavior -- including tests for email addresses which
were absent before.
* Rename BaseLogger to WriterLogger to help the creation of other providers
* Don't export ColorBytes and ResetBytes from ColoredValues
* Make integration tests only print logs if they fail
* check can color before coloring
* I always forget about MSSQL
* Oh and use LEVEL in sqlite.ini
* Make the test logger log at info - as it means you see the router
* Remove empty expected changes
* Make the migrations quieter too
* Don't display SQL on error - it can be looked at in the file logs if necessary
* Fix skip when using onGiteaRun
This improves the SHA1 link detection to not pick up extraneous
non-whitespace characters at the end of the URL. The '.' is a special
case handled in code itself because of missing regexp lookahead
support.
Regex test cases: https://regex101.com/r/xUMlqh/3
* Panic don't fatal on create new logger
Fixes#5854
Signed-off-by: Andrew Thornton <art27@cantab.net>
* partial broken
* Update the logging infrastrcture
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Reset the skip levels for Fatal and Error
Signed-off-by: Andrew Thornton <art27@cantab.net>
* broken ncsa
* More log.Error fixes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove nal
* set log-levels to lowercase
* Make console_test test all levels
* switch to lowercased levels
* OK now working
* Fix vetting issues
* Fix lint
* Fix tests
* change default logging to match current gitea
* Improve log testing
Signed-off-by: Andrew Thornton <art27@cantab.net>
* reset error skip levels to 0
* Update documentation and access logger configuration
* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE
* Fix broken level caching
* Refactor the router log
* Add Router logger
* Add colorizing options
* Adjust router colors
* Only create logger if they will be used
* update app.ini.sample
* rename Attribute ColorAttribute
* Change from white to green for function
* Set fatal/error levels
* Restore initial trace logger
* Fix Trace arguments in modules/auth/auth.go
* Properly handle XORMLogger
* Improve admin/config page
* fix fmt
* Add auto-compression of old logs
* Update error log levels
* Remove the unnecessary skip argument from Error, Fatal and Critical
* Add stacktrace support
* Fix tests
* Remove x/sync from vendors?
* Add stderr option to console logger
* Use filepath.ToSlash to protect against Windows in tests
* Remove prefixed underscores from names in colors.go
* Remove not implemented database logger
This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.
* Ensure that log paths are relative to ROOT_PATH
* use path.Join
* rename jsonConfig to logConfig
* Rename "config" to "jsonConfig" to make it clearer
* Requested changes
* Requested changes: XormLogger
* Try to color the windows terminal
If successful default to colorizing the console logs
* fixup
* Colorize initially too
* update vendor
* Colorize logs on default and remove if this is not a colorizing logger
* Fix documentation
* fix test
* Use go-isatty to detect if on windows we are on msys or cygwin
* Fix spelling mistake
* Add missing vendors
* More changes
* Rationalise the ANSI writer protection
* Adjust colors on advice from @0x5c
* Make Flags a comma separated list
* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING
* Ensure matching is done on the non-colored message - to simpify EXPRESSION
* Migrate to go modules
* make vendor
* Update mvdan.cc/xurls
* make vendor
* Update code.gitea.io/git
* make fmt-check
* Update github.com/go-sql-driver/mysql
* make vendor
* Clean up ref name rules
Clean up checks on reference names to better conform to the guideline
here: https://git-scm.com/docs/git-check-ref-format
This fixes half of #6321
* Update branch create integration test
According to: https://git-scm.com/docs/git-check-ref-format
And: git check-ref-format "master/feature=test1"
This is a valid branch name and we should not be testing for it to fail.
* Markdown: enable some more extensions
Improve Markdown-rendering by enabling some extensions:
- enable definitions lists
- enable footnotes
- enable header-ids and automatically generate header-ids (for linking to README-sections or creating table-of-contents for larger READMEs)
* Markdown: update and exted tests
Update and add tests for additionally enabled Markdown-extensions.
* Use PathUnescape instead of QueryUnescape when working with branch names
Currently branch names with a '+' fail in certain situations because
QueryUnescape replaces the + character with a blank space.
Using PathUnescape should be better since it is defined as:
// PathUnescape is identical to QueryUnescape except that it does not
// unescape '+' to ' ' (space).
Fixes#6333
* Change error to match new function name
* Add new util function PathEscapeSegments
This function simply runs PathEscape on each segment of a path without
touching the forward slash itself. We want to use this instead of
PathEscape/QueryEscape in most cases because a forward slash is a valid name for a
branch etc... and we don't want that escaped in a URL.
Putting this in new file url.go and also moving a couple similar
functions into that file as well.
* Use EscapePathSegments where appropriate
Replace various uses of EscapePath/EscapeQuery with new
EscapePathSegments. Also remove uncessary uses of various
escape/unescape functions when the text had already been escaped or was
not escaped.
* Reformat comment to make drone build happy
* Remove no longer used url library
* Requested code changes
* Add lang specific font stacks
* Force font changes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix icons
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix octicons and icons
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Just override the semantic ui fonts only
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Missed the headers... override them too
* Missed some more semantic ui stuff
* Fix PT Sans
Signed-off-by: Andrew Thornton <art27@cantab.net>
* More changes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Squashed commit of the following:
commit 7d1679e9079541359869c9e677ba7412bfcc59f3
Author: Mike L <cl.jeremy@qq.com>
Date: Wed Mar 13 13:53:49 2019 +0100
Remove missed YaHei leftover from _home.less
commit 0079121ea91860a323ed4e5cc1a9c0d490d9cefd
Author: Mike L <cl.jeremy@qq.com>
Date: Wed Mar 13 12:03:54 2019 +0100
Fix overdone fixes (inherit, :lang)
commit 62c919915928ec1db4731d547e95885f91a0618d
Author: Mike L <cl.jeremy@qq.com>
Date: Wed Mar 13 02:29:10 2019 +0100
Fix elements w/ explicit lang (language chooser)
commit b3117587aa2eb8570d60bed583a11ee5565418be
Author: Mike L <cl.jeremy@qq.com>
Date: Tue Mar 12 20:17:26 2019 +0100
Fix textarea also (to match body)
commit 81cedf2c3012c4dd05a7680782b4a98e1b947f67
Author: Mike L <cl.jeremy@qq.com>
Date: Tue Mar 12 19:41:39 2019 +0100
Revert css temporarily to fix conflict
commit 80ff82797f3203cbeaf866f22e961334e137df89
Author: Mike L <cl.jeremy@qq.com>
Date: Tue Mar 12 19:15:30 2019 +0100
Tweak CJK, fix Yu Gothic, more monospace inherits
commit 581dceb9a869646c2c486dabb925c88c2680d70c
Author: Mike L <cl.jeremy@qq.com>
Date: Mon Mar 11 13:09:26 2019 +0100
Add Lato for latin extd. & cyrillic, improve CJK
* update stylesheet
* Use url.PathEscape to escape the branchname
* GetRepositoryByOwnerAndName should also have url.PathEscape as the owner and reponame are provided by the client
* Replace linkRegex with xurls library
Rather than maintaining a complicated regex to match URLs for
autolinking, gitea can use this existing go library that takes care of
the matching with very little code change to gitea itself. After
spending a while trying to find the perfect regex for all cases this library
still works better as it is more flexible than a single regex ever will be.
This will also fix the following issues: #5844#3095#3381
This passes all our current tests and I've added new ones mentioned in
those issues as well.
* Use xurls.StrictMatchingScheme instead of xurls.Strict
This is much faster and we only care about https? links to preserve
existing behavior.
The visitLinksForShortLinks feature would look inside of an <a> tag and
run shortLinkProcessorFull on any text, which attempts to create links
out of potential 'short links' like [[test]] [[link|example]] etc...
This makes no sense because you can't have nested links within an <a>
tag. Specifically, the html5 standard says <a> tags can't include
interactive content if they contain the href attribute:
http://w3c.github.io/html/single-page.html#the-a-element
And also defines an <a> element with a href attribute as interactive:
http://w3c.github.io/html/single-page.html#interactive-content
Therefore you can't really put a link inside of another link. In
practice none of this works anyways since browsers won't render it, it
would probably be broken if they tried, and it is causing a bug
(#4946). No current tests rely on this behavior either.
This removes the feature and also explicitly excludes the
current visitNodeForShortLinks from looking in <a> tags.
Modify the current linkRegex to require http|https which appears to be
the intended behavior based on the comments. Right now, it also matches
anything starting with www as well. Also add testing for linkRegex
When transferring ownership of a repo to a different user/org,
create a repo redirect that points to the new location in the same
way that is done when a repo is renamed.
Signed-off-by: James E. Blair <jeblair@redhat.com>
* Remove all CommitStatus when a repo is deleted
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Minor UI tweaks (#5782)
Added 'No License' option
Added link and octicon change for external issue trackers
Reset password now notifies right away if the code is invalid
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* More UI tweaks
More info in PR
* Generate stylesheet for arc-green
* Make gofmt work
* Change PR integration since the button is changed
* Rebase
* Generate stylesheet
* UI updates
Made the PR button a "basic" button
Vertically centered the issue checkboxes
Labels will update only once after modal is closed
* Commit to reference related issues
Resolves#5782Resolves#5861
Addresses original question in #5993
* Change the comment wording since PR button is no longer little and green.
* Revert changes that made Windows work
* Regenerate stylesheet
* Regenerate stylesheets
* make generate-stylesheets
* Update integration again, changed button style
Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Added ID to PR button
Changed integration to use the ID to avoid breaking in the future
* Added missing semi-colons
* Added back distinction between issue actions and filters (overlooked it before)
Moved action button over next to other action dropdowns
* Remove extra tab formatting in list.tmpl
* Remove more formatting from GoLand
* Replace hardcoded "No License" with i18n license helper.
This PR makes it possible for the markdown renderer to render images and media straight from the LFS.
Fix#5746
Signed-off-by: Andrew Thornton [art27@cantab.net](mailto:art27@cantab.net)
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFile
* Use git plumbing for upload: #5621 repo_editor.go: GetDiffPreview
* Use git plumbing for upload: #5621 repo_editor.go: DeleteRepoFile
* Use git plumbing for upload: #5621 repo_editor.go: UploadRepoFiles
* Move branch checkout functions out of repo_editor.go as they are no longer used there
* BUGFIX: The default permissions should be 100644
This is a change from the previous code but is more in keeping
with the default behaviour of git.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Standardise cleanUploadFilename to more closely match git
See verify_path in: 7f4e641693/read-cache.c (L951)
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Redirect on bad paths
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor to move the uploading functions out to a module
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add LFS support
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update upload.go attribution header
Upload.go is essentially the remnants of repo_editor.go. The remaining code is essentially unchanged from the Gogs code, hence the Gogs attribution.
* Delete upload files after session committed
* Ensure that GIT_AUTHOR_NAME etc. are valid for git
see #5774
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add in test cases per @lafriks comment
* Add space between gitea and github imports
Signed-off-by: Andrew Thornton <art27@cantab.net>
* more examples in TestCleanUploadName
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fix formatting
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Set the SSH_ORIGINAL_COMMAND to ensure hooks are run
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Switch off SSH_ORIGINAL_COMMAND
Signed-off-by: Andrew Thornton <art27@cantab.net>
* fixes#5957
* add tests to make sure config option is respected
* use already defined struct
* - use migration to make the flag repo wide not for the entire gitea instance
Also note that the config value can still be set so as to be able to control the value for new repositories that are to be created
- fix copy/paste error in copyright header year and rearrange import
- use repo config instead of server config value to determine if a commit should close an issue
- update testsuite
* use global config only when creating a new repository
* allow repo admin toggle feature via UI
* fix typo and improve testcase
* fix fixtures
* add DEFAULT prefix to config value
* fix test
* use native golang SSH library but ssh-keygen when enable built-in SSH server to remove dependent on that command lines
* fix tests and add comment head
* Feature - Pagination for git tree API
* Handles case when page is negative
* Does a for loop over the start and end rather than all entries
* Removed redundent logic
* Adds per_page as a query parameter
* Adds DEFAULT_GIT_TREES_PER_PAGE for settings, ran make fmt
* Fix typo in cheat-sheet en
* Makes page start at 1, generated swagger
* Use updates to SDK
* Updates to use latest sdk
* Updates swagger for tree api
* Adds test for GetTreeBySHA
* Updates per PR reviews
* Updates per PR reviews
* Remove file
* Formatting
* Fix to swagger file
* Fix to swagger
* Update v1_json.tmpl
* Fix to swagger file
1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.
We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:
- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.
Fix#1357
* Create log mailer for testing email settings
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Switch on the log mailer for the integration tests
This ensures that the sending mail process works
Signed-off-by: Andrew Thornton <art27@cantab.net>
* rename the from user for mysql/mssql
* rename log sender to dummy sender
* update the integration tests
This PR protects against the panic referred to in chaseadmsio/goorgeous#82
by recovering from the panic and just returning the raw bytes if
there is an error.
Signed-off-by: Andrew Thornton <art27@cantab.net>
This PR gitea'ises the macaron.Recovery() handler meaning that in
the event of panic we get proper gitea 500 pages and the stacktrace
is logged with the gitea logger.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Add a new config option to enable / disable the automatic watching of
repos for new repositories and if a user is added to a team.
Fixes#653
Signed-off-by: Sebastian Sauer <sauer.sebastian@gmail.com>
* Pooled and buffered gzip implementation
* Add test for gzip
* Add integration test
* Ensure lfs check within transaction
The previous code made it possible for a race condition to occur whereby a LFSMetaObject could be checked into the database twice. We should check if the LFSMetaObject is within the database and insert it if not in one transaction.
* Try to avoid primary key problem in postgres
The integration tests are being affected by
https://github.com/go-testfixtures/testfixtures/issues/39 if we set the
primary key high enough, keep a count of this and remove at the end of
each test we shouldn't be affected by this.
* add util method and tests
* make sure the title of an issue cannot be empty
* wiki title cannot be empty
* pull request title cannot be empty
* update to make use of the new util methof
Fix#5765 by log the IP address of a connecting remote machine in case of a SSH connection error for the built-in ssh server.
Signed-off-by: Robert Sprunk <github@sprunk.me>
* add migration and basic UI for changing a user's theme
* update user themem
* use right text on button
* load theme based on users' selection
* load theme based on users' selection in pwa too
* update sample config
* delete older theme loading
* implement AfterLoad to set users' theme properly
* set up default theme when creating a user. This uses the installation wide theme
* use flash messages for error
* set default theme when creating a user from the cli
* fix @lunny review
* Add branch protection for approvals
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add required approvals
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add missing comments and fmt
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add type = approval and group by reviewer_id to review
* Prevent users from adding negative review limits
* Add migration for approval whitelists
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Explicitly disable Git credential helper
If the user running Gitea has configured a credential helper, Git
credentials might leak out of Gitea.
There are two problems with credential helpers when combined with Gitea:
1. Credentials entered by a user when doing a migration or setting up a
mirror will end up in the credential store. In the worst case, this
is the plain text file ~/.git-credentials.
2. Credentials in the credential store will be used for migrations and
mirrors by all users. For example, if user A sets up a mirror, their
credentials will be stored. If user B later sets up a mirror from the
same host and does not enter any credentials, user A's credentials
will be used.
This PR prepends -c credential.helper= to all Git commands to clear the
list of helpers. This requires at least Git version 2.9, as previous
versions will try to load an empty helper instead. For more details, see
24321375cd
* Update git module
* Create manifest and serviceworker
* Create templates and add AppSubUrl
* Add JSRenderer
* fix ctx type
* Add JSRenderer to static.go
* Complete adding {{AppSubUrl}}
* Add more fonts to urlsToCache
* Add 512px and 192px icons
* Hardcode font MD5
* Default theme doesn't have a specific CSS file
* Add raw blob endpoint
This should make it possible to download raw blobs directly from
/:repo/:username/raw/blob/:sha1 URLs.
* fix: Make it work
* As an SHA-ID is no path getRefNameFromPath can't be used to verify
file specifying parameter
* added relevant change in go-gitea/git #132
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>
* Update Gopkg.lock
Can't update all vendors due to errors
Signed-off-by: Berengar W. Lehr <Berengar.Lehr@kompetenztest.de>
* style: Add Gitea copyright header
* feat: Added integration test for /repo/u/r/raw/blob
* fix: correct year in copyright header