11844 Commits

Author SHA1 Message Date
zeripath
1790f01dd9
Upgrade xorm to v1.2.2 (#16663) & Add test to ensure that dumping of login sources remains correct (#16847) (#16848)
* Upgrade xorm to v1.2.2 (#16663)

Backport #16663

Fix #16683

* Add test to ensure that dumping of login sources remains correct (#16847)

#16831 has occurred because of a missed regression. This PR adds a simple test to
try to prevent this occuring again.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-08-28 13:16:19 +02:00
techknowlogick
0c7927fe48
Report the correct number of pushes on the feeds (#16811) (#16822)
* Report the correct number of pushes on the feeds

Since the number of commits in the Action table has been limited to 5
the number of commits reported on the feeds page is now incorrectly also
limited to 5. The correct number is available as the Len and this PR
changes this to report this.

Fix #16804

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update templates/user/dashboard/feeds.tmpl

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: zeripath <art27@cantab.net>
2021-08-26 02:30:13 -04:00
zeripath
695e8ae81d
Add primary_key to issue_index (#16813) (#16820)
Backport #16813

Make the group_id a primary key in issue_index. This already has an
unique index and therefore is a good candidate for becoming a primary
key.

This PR also changes all other uses of this table to add the group_id as
the primary key.

The migration v192 from #16813 has not been backported but Xorm will
work fine with non-primary keyed tables. If a user on 1.15 wishes to
have the correct schema sooner than 1.16 - they can use gitea doctor
recreate-table issue_index and gitea will recreate the table with the
primary key.

Fix #16802

Signed-off-by: Andrew Thornton art27@cantab.net
2021-08-25 18:10:15 -04:00
zeripath
2148b27bfa
Prevent NPE on empty commit (#16812) (#16819)
Backport #16812

Handle completely empty commit as the first commit to a repository.

Fix #16668

Signed-off-by: Andrew Thornton art27@cantab.net
2021-08-25 13:22:48 +01:00
ab7e36e3a5
Fix branch pagination error (#16805) (#16816)
Backport #16805

Fix #16801

Even if default branch is removed from the current page, but the total branches number should be still kept. So that the pagination calculation will be correct.
2021-08-25 11:11:54 +01:00
zeripath
63178b5654
Ensure that template compilation panics are sent to the logs (#16788) (#16792)
Backport #16788

Although panics within the rendering pipeline are caught and dealt with,
panics that occur before that starts are unprotected and will kill Gitea
without being sent to the logs.

This PR adds a basic recovery handler to catch panics that occur after
the logger is initialised and ensure that they're sent to the logger.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-23 19:50:04 -04:00
zeripath
2d15126de6
Remove spurious / from issues.opened_by (#16793)
Fix #16713

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-23 18:24:30 -04:00
zeripath
31e4e8205a
Add missing return to handleSettingRemoteAddrError (#16794) (#16795)
Backport #16794

There is a missing return in handleSettingRemoteAddrError which means
that the error page for repo settings is duplicately rendered.

Fix #16771

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-23 18:09:28 -04:00
zeripath
37e4cdbbe6
Update only certmagic (#16790)
Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: jolheiser <john.olheiser@gmail.com>
2021-08-23 18:07:44 -04:00
techknowlogick
f7e7477c45
changelog for 1.15.0 (#16760)
* changelog for 1.15.0

* Slight rename of GPG feature

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
v1.15.0
2021-08-21 20:38:22 -04:00
KN4CK3R
0840a508b4
Keep attachments on tasklist update (#16750) (#16757)
* Send attachments too.

* Use tasklist flag.

* use action="ignoreAttachments" instead of "tasklist"

* Use boolean parameter.

* when the update request doesn't intend to update attachments (eg: change checkbox state), ignore attachment updates (#16762)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2021-08-21 20:10:04 +01:00
zeripath
5ceff8fda2
Recreate Tables should Recreate indexes on MySQL (#16718) (#16739)
The MySQL indexes are not being renamed at the same time as RENAME table despite the
CASCADE. Therefore it is probably better to just recreate the indexes instead.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-20 22:47:37 -04:00
Steven
778a0bf758
Fix dependency translations (#16755)
Signed-off-by: Steven Kriegler <61625851+justusbunsi@users.noreply.github.com>
2021-08-20 13:11:26 -04:00
Elouan Martinet
f19ccd8f6a
Do not use thin scrollbars on Firefox (#16738) (#16745)
In #7269, thin scrollbars were added in Arc Green theme. It got moved
in base theme in #13361.

This PR removes the use of thin scrollbars which causes an
accessibility issue. The scrollbars become too thin to be dragged.

Signed-off-by: Elouan Martinet <exa@elou.world>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-20 06:19:22 +01:00
KN4CK3R
b6e4688874
Fix wrong user in OpenID response (#16736) (#16741)
* Fix wrong user in OpenID response (#16736)

* Fixed usage of wrong user.

* Added tests.

* Fixed wrong import.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-20 00:26:44 +03:00
zeripath
25437672bf
Restore functionality for pushing non-standard refs (Partial #16705) (#16706)
Partial Backport #16705

There was an inadvertent breaking change in #15629 meaning that notes refs and other
git extension refs will be automatically rejected.

This PR removes this incorrect forced rejection of non-standard refs.

Fix #16688

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-17 10:24:47 +02:00
techknowlogick
0dc808212b
release/v1.15: set min go version to min upstream supported go1.16 (#16710)
* release/v1.15: set min go version to min upstream supported 1.16

* update drone
2021-08-17 10:09:44 +03:00
b6508b872b
Upgrade levelqueue 0.4.1 (#16696) (#16700) 2021-08-16 10:37:27 +03:00
zeripath
d89029ebac
Ensure empty lines are copiable and final new line too (#16678) (#16692)
Backport #16678

When files are highlighted the newline character needs to be added in a whitespace
compliant mode. Also ensure the final empty newline is rendered.

Fix #16434

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-15 05:39:23 +02:00
6543
62315ea731
If PatchURL is empty, skip pull patch download when migrating (Partial #16356) (#16681)
Partial backport #16356

Whilst looking at adding migration support for onedev it has become apparent that gitea would attempt to pull patches on other migration targets even if that PatchURL was empty.
2021-08-13 18:26:19 +02:00
6543
86861ee135
Update issue_index to finish migration (#16685) (#16687)
* update issue_index to finish migration

* One Func to RecalculateIssueIndexForRepo
2021-08-13 15:13:03 +01:00
6543
d2d99a25b7
Fix NPE in fuzzer (#16680) (#16682)
The fuzzer found an issue with the issue pattern processor where there is a spurious
path.Clean which does not need to be there. This PR also sets the default AppURL for
the fuzzer too.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2021-08-13 08:51:13 +03:00
nitul1991
e483ec8b0d
Change the implementation of the go-git version of GetNote to mirror the non go-git version when passed a non-existent commit (#16658) (#16659)
Backport #16658

Fixes #16657
2021-08-09 20:24:31 +01:00
zeripath
46d62ad896
Fix direct creation of external users on admin page (#16613)
From #16612 it was noticed that when creating new external users directly it was not
possible to set their username correctly. This PR restores this ability.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-09 14:18:40 +02:00
zeripath
428d58f8da
Restore compatibility with SQLServer 2008 R2 in migrations (#16638)
This fixes two problems with MSSQL:

* `ALTER TABLE DROP ... IF EXISTS ...` is only supported in SQL Server >16.

The `IF EXISTS` here is a belt-and-braces and does not need to be present. Therefore
can be dropped. Also stop attempting to drop the indexes as constraints as they're indexes!

* System tables like: `sys.indexes` should be lowercase not uppercase because of collation issues.

Fix #13615

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-08-08 13:32:07 +03:00
zeripath
1a2256bf44
Changelog for 1.15.0-rc3 (#16621)
* Changelog for 1.15.0-rc3

 ## [1.15.0-rc3](https://github.com/go-gitea/gitea/releases/tag/v1.15.0-rc3) - 2021-08-04

* BREAKING
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
* SECURITY
  * Upgrade to the latest version of golang-jwt and increase minimum go to 1.15 (#16590) (#16606)
  * Switch to maintained jwt lib (#16532) (#16533)
  * Correctly create of git-daemon-export-ok files (#16508) (#16514)
  * Don't show private user's repo in explore view (#16550) (#16554)
* API
  * Swagger AccessToken fixes (#16574) (#16597)
  * Set AllowedHeaders on API CORS handler (#16524) (#16618)
* BUGFIXES
  * Restore Accessibility for Dropdown (#16576) (#16617)
  * Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
  * Fix table alignment in markdown (#16596) (#16602)
  * Fix 500 on first wiki page (#16586) (#16598)
  * Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16564) (#16570)
  * Upgrade levelqueue to v0.4.0 (#16560) (#16561)
  * Handle too long PR titles correctly (#16517) (#16549)
  * Fix data race in bleve indexer (#16474) (#16509)
  * Restore CORS on git smart http protocol (#16496) (#16506)
  * Fix race in log (#16490) (#16505)
  * Fix prepareWikiFileName to respect existing unescaped files (#16487) (#16498)
  * Make cancel from CatFileBatch and CatFileBatchCheck wait for the command to end (#16479) (#16480)
  * Update notification table with only latest data (#16445) (#16469)
  * Revert to use alpine 3.13 (#16451) (#16452)
  * Fix crash following ldap authentication update (#16447) (#16448)
  * Fix direct creation of external users on admin page (partial #16612) (#16613)

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update CHANGELOG.md

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

* Update CHANGELOG.md

Co-authored-by: zeripath <art27@cantab.net>

* Update CHANGELOG.md

* Update CHANGELOG.md

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
v1.15.0-rc3
2021-08-06 16:08:13 -04:00
techknowlogick
20601f8463
Prevent 500 on draft releases without tag (#16634) (#16636)
It is possible to create draft releases prior to creating a tag. This will cause a
500 on the releases page due to compare page failing.

This PR only shows the compare button if there is a SHA1 present.

Fix #16610

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2021-08-06 11:09:33 +03:00
zeripath
619e6d6400
Frontport changelog for v1.14.6 (#16633)
* Frontport changelog for v1.14.6

Frontport #16619

Changelog frontported to below v1.15.0-rc1.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update config.yaml

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-06 01:17:44 +03:00
zeripath
f438b6f33b
Update node tar dependency to 6.1.6 (#16622) (#16623)
Backport #16622

Forcibly update dev dependency on tar to 6.1.6

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-05 00:40:25 -04:00
zeripath
c47065cc29
Set AllowedHeaders on API CORS handler (#16524) (#16618)
Backport #16524

Set AllowedHeaders on API CORS handler and add missing Access-Control-Expose-Headers
to pull API.

Fix #16100

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-04 21:57:59 +02:00
zeripath
719e2f26d5
Pass down SignedUserName down to AccessLogger context (#16605) (#16616)
Backport #16605

Unfortunately when the AccessLogger was moved back before the contexters the
SignedUserName reporting was lost. This is due to Request.WithContext leading to a
shallow copy of the Request and the modules/context/Context being within that request.

This PR adds a new context variable of a string pointer which is set and handled
in the contexters.

Fix #16600

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-08-04 13:26:35 -04:00
zeripath
40687a2160
Restore #10096/#8638 and re-fix #15172 (#16576) (#16617)
Backport #16576

This PR restores the vendored and patched dropdow from #8638. It
however, it partially abandons the call to `click()` using instead the
default dropdown click calls instead. This prevents the issue of the
dropdown grabbing focus permanently however, this may have negative
effects on the effect of focus on the dropdowns.

Of note, the behaviour of the template selector dropdown on the repo
creation page is slightly odd - I don't believe that this odd behaviour
is caused by this PR but rather by the feed source for this. I suspect
that the dropdown should be adding a delete button to its selection.

Fix #15172
References: #7057

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-04 13:31:10 +01:00
zeripath
f9120092c1
Fix table alignment in markdown (#16596) (#16602)
Backport #16596

Set the TableOptions in markdown to allow alignment of the tables to work correctly

Fix #15959

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-04 00:16:00 +01:00
zeripath
a17edf446f
Fix 500 on first wiki page (#16586) (#16598)
Backport #16586

There is a mistake in #16319 and #16487 which means that the first time
a wiki page is created a 500 is reported because the `master` branch is
not in existence in that wiki yet.

This PR simply checks for this error and returns not found.

Fix #16584

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-03 23:46:08 +01:00
zeripath
ff8fadd2be
Upgrade to the latest version of golang-jwt (#16590) (#16606)
* Upgrade to the latest version of golang-jwt.

Backport #16590

* Forcibly update the vendored versions too
* Update our minimal go lang version to 1.15 (differs from 1.16 in #16590)

Signed-off-by: Andrew Thornton <art27@cantab.net>

 ### ⚠️ BREAKING ⚠️

This PR raises the minimal version of go supported to 1.15 which will mean the end of support of 32-bit Mac and Mac OS versions before Sierra.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update minimal go required

Signed-off-by: Andrew Thornton <art27@cantab.net>

* update config.yaml

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-08-03 22:22:52 +01:00
zeripath
5fe7c0ed7b
Swagger AccessToken fixes (#16574) (#16597)
Backport #16574

There is a subtle problem with the Swagger definition for AccessTokens which causes
autogeneration of APIs for these endpoints to fail.

This PR corrects these errors.

Ref: https://github.com/zeripath/java-gitea-api/issues/4
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2021-08-02 20:24:47 +02:00
6543
763e4196ba
[CI] Use node v14 instead of node v16 until it will pass again (#16595) (#16599)
* for CI release: use node 14 (lts) to build until 16 do fail

* all in for node v14.x
2021-08-02 07:41:58 +01:00
zeripath
903bdefb58
Lock goth/gothic and Re-attempt OAuth2 registration on login if registration failed at startup (#16570)
Backport #16564

This PR has two parts:

* Add locking to goth and gothic calls with a RWMutex

The goth and gothic calls are currently unlocked and thus are a cause of multiple potential races

* Reattempt OAuth2 registration on login if registration failed

If OAuth2 registration fails at startup we currently disable the login_source however an alternative approach could be to reattempt registration on login attempt.
    
Fix #16096

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-29 18:52:38 +01:00
840d240a61
Upgrade levelqueue to v0.4.0 (#16560) (#16561)
Fix #16546
2021-07-27 18:59:06 +02:00
a1012112796
7365b4e757
not show private user's repo in explore view (#16550) (#16554)
after #16069, visibility is also usefull for user,
so this limit is not usefull.

fix #16545
2021-07-27 07:34:25 +01:00
6543
e10cd3da1e
Fix session bugs (#16552) (#16553)
* Fix session bugs (#16552)

* fix deadlog bug

* Fix models/issue_stopwatch.go

* Update models/issue_stopwatch.go

Co-authored-by: zeripath <art27@cantab.net>

* fix getLatestCommitStatus

Co-authored-by: zeripath <art27@cantab.net>
2021-07-27 09:44:44 +08:00
zeripath
693275455e
Handle too long PR titles correctly (#16517) (#16549)
Backport #16517

The CompareAndPullRequestPost handler for POST to /compare
incorrectly handles returning errors to the user. For a start
it does not set the necessary markers to switch SimpleMDE
but it also does not immediately return to the form.

This PR fixes this by setting the appropriate values, fixing
the templates and preventing the suggestion of a too long
title.

Fix #16507

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-26 17:49:48 +02:00
6543
91527434d0
upgraded github.com/markbates/goth v1.67.1 => v1.68.0 (#16539) 2021-07-24 18:17:50 +01:00
89f680aa04
Fix issue pasted image missing if no release permission (#16520) (#16527)
* Fix issue pasted image missing if no release permission


Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
2021-07-24 18:34:57 +02:00
zeripath
67942ac1a9
Switch to maintained jwt lib (#16532) (#16533)
Backport #16532

Co-authored-by: Matti R <matti@mdranta.net>
2021-07-24 11:13:50 -04:00
zeripath
0b06b2019f
Add basic edit ldap auth test & actually fix #16252 (#16465) (#16494)
Backport #16465

One of the reasons why #16447 was needed and why #16268 was needed in
the first place was because it appears that editing ldap configuration
doesn't get tested.

This PR therefore adds a basic test that will run the edit pipeline.

In doing so it's now clear that #16447 and #16268 aren't actually
solving #16252. It turns out that what actually happens is that is that
the bytes are actually double encoded.

This PR now changes the json unmarshal wrapper to handle this double
encode.

Fix #16252

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
v1.15.0-rc2
2021-07-22 17:24:21 +03:00
zeripath
057205a4b7
Restore creation of git-daemon-export-ok files (#16508) (#16514)
Backport #16508

Somewhere along the line the creation of git-daemon-export-ok
files disappeared but the updating of these files when
repo visibility changes remained. The problem is that the
current state will create files even when the org or user
is private.

This PR restores creation correctly.

Fix #15521

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-22 15:52:02 +02:00
zeripath
1b6c0c6bdc
Changelog for 1.15.0-rc2 (#16511)
* Changelog for 1.15.0-rc2

Results of `~/go/bin/changelog -m 1.15.0 --after 16422 generate`

We need to release RC2 as there are mulitple problems with alpine 3.14 related to
the seccomp issues on Docker <20.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update CHANGELOG.md

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: 6543 <6543@obermui.de>
2021-07-22 15:47:38 +03:00
6543
c4f3f5bdf2
Fix data race in bleve indexer (#16474) (#16509)
* Fix data race in bleve indexer

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2021-07-22 11:42:32 +08:00
zeripath
1f5011dff7
Restore CORS on git smart http protocol (#16496) (#16506)
Backport #16496

Unfortunately the chi changes have resulted in the CORS headers for the
git smart http protocol going missing.

This is mostly because the OPTIONS method is not being handled by
httpBase anymore.

This PR adds a GetOptions, PostOptions and Options methods to web
handler to allow OPTIONS method requests to still reach the httpBase
function.

Fix #16350
Close #16491

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-21 15:03:02 +01:00