Commit graph

9781 commits

Author SHA1 Message Date
6543
505e456f26
Protect default branch against deletion (#11115)
Although default branch is not offered for deletion in the templates, we need to prevent it both at the router level and in the pre-receive hook.

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-05-06 12:08:45 +01:00
6543
a1f11a05e9
Load Repo Topics on blame view (#11307)
Fix #11280
2020-05-05 22:51:49 +01:00
zeripath
d9de58beee
api.Context.NotFound(...) should tolerate nil (#11288)
There is an unfortunate signature change with the api.Context
NotFound function; whereas the normal modules/context/Context
NotFound function requires an error or nil, the api.Context
variant will panic with an NPE if a nil is provided.

This PR will allow api.Context.NotFound to tolerate a being
passed a nil.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-05-05 21:52:13 +03:00
赵智超
0396fcf4b5
Change the style in admin notice content view from <p> to <pre> (#11301)
That's because many notic have more than one lines. So I think
pre is more better to used in here than p

Signed-off-by: a1012112796 <1012112796@qq.com>
2020-05-05 10:16:55 -05:00
silverwind
a104864da2
Update JS dependencies (#11297)
Contains an apparently important bug fix for highlight.js [1],
otherwise nothing of interest.

[1] https://github.com/highlightjs/highlight.js/releases/tag/10.0.2

Co-authored-by: zeripath <art27@cantab.net>
2020-05-05 00:48:52 -03:00
Kyle Evans
38cd9ba47b
Allow unauthenticated users to compare (#11240)
* routers: make /compare route available to unauthenticated users

Remove some bits of the compare interface if the user isn't signed in.
Notably, they don't need to see the "New Pull Request" button box nor the
hidden form that would fail to submit due to the POST request continuing to
require proper privileges.

Follow-up commits will improve the UI a bit around this, removing some
"Pull Request" verbiage in favor of "Compare."

* ui: home: show "compare" button for unauthenticated users

This change requires pulling in the BaseRepo unconditionally and
recording if the pull request is in-fact not allowed
(.PullRequestCtx.Allowed). If the user isn't allowed to create a pull
request, either because this isn't a fork or same-fork branch PRs aren't
allowed, then we'll name the button "Compare" instead of "Pull Request."

* ui: branch list: use the new Compare language when available

When viewing the branch listing as an unauthenticated user, you'll get
"Pull Request" buttons. use the new "Compare" verbiage instead, which
matches GitHub behavior when you can't issue a pull request from the
branches.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-05-04 19:44:30 -03:00
zeripath
680dfab2ee
Fix Create new branch (#11294)
Fix #11212

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-05-04 16:55:52 -04:00
Adrian POIGET
99082eebd7
Fix; declare DOMAIN variable for docker setup (#10780)
In the /install form, the value for SSH Server Domain is taken form the DOMAIN variable
and overwrites SSH_DOMAIN environment variable set the first time if nothing done

Co-authored-by: Adrian POIGET <adrian.poiget@viveris.fr>
2020-05-04 10:50:29 +01:00
guillep2k
64029e1468
Update lunny/levelqueue to 0.3.0 (#11285)
Co-authored-by: Guillermo Prandi <guillep2k@users.noreply.github.com>
2020-05-04 07:51:09 +01:00
Cirno the Strongest
b7c82cd1a9
Fix orgs not being displayed on create repo form (#11279) 2020-05-03 18:08:24 -03:00
zeripath
ce66ca7f9f
Restore checkbox rendering and prevent poor sanitization of spans (#11277)
* Add test

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Restore checkbox rendering and prevent poor sanitization of spans

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Also fix preview context

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Also fix preview context

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-05-03 17:17:24 -03:00
Kyle Evans
940ed92392
repo: milestone: make /milestone/:id endpoint accessible (#11264)
Previously, this required authentication, but there's not actually
any privileged information on this page.  Move the endpoint out of
the group that requires sign-in.  It still requires the ability to
read issues and pull requests, so private repositories (for instance)
will not be exposed.

Fixes #10312 
Fixes #11233
2020-05-03 10:07:04 +01:00
GiteaBot
472a7702a7 [skip ci] Updated translations via Crowdin 2020-05-03 03:59:30 +00:00
Kyle Evans
a5018d099d
cmd: dump: check value of skip-repository flag (#11254)
This is a boolean flag; simply checking if it's set isn't enough, we must check the value as well.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-05-03 00:57:45 -03:00
zeripath
4f9d59be17
Sendmail should create a process on the gitea system and have a default timeout (#11256)
* Make sure that sendmail processes register with the process manager
* Provide a timeout for these (initially of 5 minutes)
* Add configurable value and tie in to documentation
* Tie in to the admin config page.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-05-03 00:04:31 +01:00
GiteaBot
319eb83112 [skip ci] Updated translations via Crowdin 2020-05-02 14:05:12 +00:00
Lunny Xiao
71e4c75a61
Fix bug about comment attachment (#11272) 2020-05-02 15:03:47 +01:00
zeripath
28f8308d47
Show pull request selection even when unrelated branches (#11239)
Fix #10525

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-05-02 16:06:01 +08:00
GiteaBot
452b69b71e [skip ci] Updated translations via Crowdin 2020-05-02 00:22:11 +00:00
6543
c97494a4f4
API: Add pull review endpoints (#11224)
* API: Added pull review read only endpoints

* Update Structs, move Conversion, Refactor

* refactor

* lint & co

* fix lint + refactor

* add new Review state, rm unessesary, refacotr loadAttributes, convert patch to diff

* add DeletePullReview

* add paggination

* draft1: Create & submit review

* fix lint

* fix lint

* impruve test

* DONT use GhostUser for loadReviewer

* expose comments_count of a PullReview

* infent GetCodeCommentsCount()

* fixes

* fix+impruve

* some nits

* Handle Ghosts 👻

* add TEST for GET apis

* complete TESTS

* add HTMLURL to PullReview responce

* code format as per @lafriks

* update swagger definition

* Update routers/api/v1/repo/pull_review.go

Co-authored-by: David Svantesson <davidsvantesson@gmail.com>

* add comments

Co-authored-by: Thomas Berger <loki@lokis-chaos.de>
Co-authored-by: David Svantesson <davidsvantesson@gmail.com>
2020-05-02 03:20:51 +03:00
mrsdizzie
4ed7d2a2bb
Remove last traces of has-emoji class (#11263)
Now that emojify.js has been removed, get rid of all instances of has-emoji class that was only used for that. Support for rendering shortcodes should remain in all of these places so it should still work the same.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-05-01 20:58:45 +03:00
Kyle Evans
1bdffefc05
cmd: dump: add an -L/--skip-log option (#11253)
Not all dumps need to include the logs, in a similar vain to not all dumps
needing to include repositories; these may be subject to different backup
mechanisms/constraints. Add a simple option to let them be excluded from the
dump to simplify workflows that need to exclude them or not collect in the
first place.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
2020-04-30 21:30:31 -04:00
6543
e9e8638f18
Return issue subscription status from API subscribe (#10966)
* [API] issue subscription indicate by http status

* CI.restart()
2020-04-30 23:55:24 +01:00
zeripath
4974b7c120
Fix spelling mistake with Rewiew (#11262)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-04-30 21:24:08 +01:00
6543
ab69b9b1a6
Refactor UpdateOAuth2Application (#11034)
Following on from #11008 refactor UpdateOAuth2Application
2020-04-30 18:50:47 +01:00
GiteaBot
c25969e694 [skip ci] Updated translations via Crowdin 2020-04-30 15:14:00 +00:00
Andrew Bezold
3dc6af3d70
Fix creation of Organization repos by Users with max created personal repos (#11183)
* Fix creation of Org repos

Fix go-gitea#9269

* Change variable name to appease linter

* Update PR with suggestions

Add a note for user.CanCreateRepo() about failure assumptions
Change repo.create help message

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-04-30 16:11:56 +01:00
silverwind
28e5e7fcbc
Add a 'this' to issue close/reopened messages (#11204)
* add a 'this' to issue close/reopened messages

* add 'this issue/pull request' and create new localization entries

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-30 14:49:12 +01:00
Jason Duan
4468b0b2b2
When using API CreateRelease set created_unix to the tag commit time (#11218) 2020-04-30 14:10:42 +01:00
Km
d0e7361bd9
Propose an explanation how to restart gracefully gitea after an update (#10866)
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-30 15:14:27 +03:00
silverwind
606d9d63f6
Update JS dependencies, min Node.js version 10.13 (#11246)
`less-loader` now dictates a minimum Node.js version of 10.13.0,
released 2018-10-30 so I've updated this requirement to match.

https://github.com/webpack-contrib/less-loader/releases/tag/v6.0.0
2020-04-30 11:37:01 +01:00
zeripath
1853131d42
Use keys.openpgp.org instead of pgp.mit.edu (#11249)
The SKS Keyserver network has been under attack with poisoned
certificates since at least 2019. Downloading a poisoned certificate has
the awful side-effect of completely breaking your keyring and most
software has now moved off the network and uses the keys.openpgp.org
which has a different protocol instead - in fact one whereby emails are
verified.

For more details regarding the attack see: https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f

See: https://keys.openpgp.org/about and https://keys.openpgp.org/about/faq

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-04-30 12:08:43 +03:00
mrsdizzie
a2683e5ddb
Allow emoji short code in labels (#11250)
* Allow emoji short code in labels

As title, turn :alias: type short code into emojis when rendering labels to match previous behavior

* Update models/issue_label.go

Co-Authored-By: John Olheiser <john.olheiser@gmail.com>

* render text in templates not code

* remove has-emoji class

🧙‍♀️

* fix new issue form

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-04-30 09:10:15 +01:00
silverwind
310699bca7
Patch fomantic-ui to workaround build issue (#11244)
* Patch fomantic-ui to workaround build issue

Better workaround than https://github.com/go-gitea/gitea/issues/10653
for https://github.com/fomantic/Fomantic-UI/issues/1356. It does not
seem like we're getting a new Fomantic-UI release anytime soon, so
this patches it after node_modules installation.

Fixes: https://github.com/go-gitea/gitea/issues/11243
Fixes: https://github.com/go-gitea/gitea/issues/10679

* copy instead of patch

* update package-lock.json

* Update Makefile

Co-Authored-By: Sorien <Sorien@users.noreply.github.com>

* Update web_src/fomantic/css.js

Co-Authored-By: zeripath <art27@cantab.net>

Co-authored-by: Sorien <Sorien@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-04-30 07:26:37 +01:00
6543
bfda0f3864
[API] ListIssues add filter for milestones (#10148)
* Refactor Issue Filter Func

* ListIssues add filter for milestones

* as per @lafriks

* documentation ...
2020-04-30 01:15:39 -03:00
zeripath
cbf5dffaf2
Fix submit review form (#11252)
* Fix submit review form

Signed-off-by: Andrew Thornton <art27@cantab.net>

* placate lint

Signed-off-by: Andrew Thornton <art27@cantab.net>

* try something different

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update web_src/less/_base.less

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-04-30 09:59:47 +08:00
n0emis
33738ff91b
Don't allow registration via the web form, when AllowOnlyExternalRegistration is True (#11248)
* Don't allow registration via the web form, when AllowOnlyExternalRegistration is True

* Show Disabled Registration message if DisableRegistration or AllowOnlyExternalRegistration options are true
2020-04-29 22:46:43 +01:00
Alexander Scheel
1bf9e44bda
Fix sanitizer config - multiple rules (#11133)
In #9888, it was reported that my earlier pull request #9075 didn't quite function as expected. I was quite hopeful the `ValuesWithShadow()` worked as expected (and, I thought my testing showed it did) but I guess not. @zeripath proposed an alternative syntax which I like:

```ini
[markup.sanitizer.1]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
[markup.sanitizer.2]
ELEMENT=a
ALLOW_ATTR=target
REGEXP=something
```

This was quite easy to adopt into the existing code. I've done so in a semi-backwards-compatible manner:

 - The value from `.Value()` is used for each element.
 - We parse `[markup.sanitizer]` and all `[markup.sanitizer.*]` sections and add them as rules.

This means that existing configs will load one rule (not all rules). It also means people can use string identifiers (`[markup.sanitiser.KaTeX]`) if they prefer, instead of numbered ones.

Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-04-29 12:34:59 +01:00
6543
6b6f20b6d4
BugFix: updateLabel can updated not allowed fields #11242 (#11242) 2020-04-28 19:28:56 -04:00
mrsdizzie
4563eb873d
Support unicode emojis and remove emojify.js (#11032)
* Support unicode emojis and remove emojify.js

This PR replaces all use of emojify.js and adds unicode emoji support to various areas of gitea.

This works in a few ways:

First it adds emoji parsing support into gitea itself. This allows us to

 * Render emojis from valid alias (😄)
 * Detect unicode emojis and let us put them in their own class with proper aria-labels and styling
 * Easily allow for custom "emoji"
 * Support all emoji rendering and features without javascript
 * Uses plain unicode and lets the system render in appropriate emoji font
 * Doesn't leave us relying on external sources for updates/fixes/features

That same list of emoji is also used to create a json file which replaces the part of emojify.js that populates the emoji search tribute. This file is about 35KB with GZIP turned on and I've set it to load after the page renders to not hinder page load time (and this removes loading emojify.js also)

For custom "emoji" it uses a pretty simple scheme of just looking for /emojis/img/name.png where name is something a user has put in the "allowed reactions" setting we already have. The gitea reaction that was previously hard coded into a forked copy of emojify.js is included and works as a custom reaction under this method.

The emoji data sourced here is from https://github.com/github/gemoji which is the gem library Github uses for their emoji rendering (and a data source for other sites). So we should be able to easily render any emoji and :alias: that Github can, removing any errors from migrated content. They also update it as well, so we can sync when there are new unicode emoji lists released.

I've included a slimmed down and slightly modified forked copy of https://github.com/knq/emoji to make up our own emoji module. The code is pretty straight forward and again allows us to have a lot of flexibility in what happens.

I had seen a few comments about performance in some of the other threads if we render this ourselves, but there doesn't seem to be any issue here. In a test it can parse, convert, and render 1,000 emojis inside of a large markdown table in about 100ms on my laptop (which is many more emojis than will ever be in any normal issue). This also prevents any flickering and other weirdness from using javascript to render some things while using go for others.

Not included here are image fall back URLS. I don't really think they are necessary for anything new being written in 2020. However, managing the emoji ourselves would allow us to add these as a feature later on if it seems necessary.

Fixes: https://github.com/go-gitea/gitea/issues/9182
Fixes: https://github.com/go-gitea/gitea/issues/8974
Fixes: https://github.com/go-gitea/gitea/issues/8953
Fixes: https://github.com/go-gitea/gitea/issues/6628
Fixes: https://github.com/go-gitea/gitea/issues/5130

* add new shared function emojiHTML

* don't increase emoji size in issue title

* Update templates/repo/issue/view_content/add_reaction.tmpl

Co-Authored-By: 6543 <6543@obermui.de>

* Support for emoji rendering in various templates

* Render code and review comments as they should be

* Better way to handle mail subjects

* insert unicode from tribute selection

* Add template helper for plain text when needed

* Use existing replace function I forgot about

* Don't include emoji greater than Unicode Version 12

Only include emoji and aliases in JSON

* Update build/generate-emoji.go

* Tweak regex slightly to really match everything including random invisible characters. Run tests for every emoji we have

* final updates

* code review

* code review

* hard code gitea custom emoji to match previous behavior

* Update .eslintrc

Co-Authored-By: silverwind <me@silverwind.io>

* disable preempt

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-04-28 15:05:39 -03:00
mrsdizzie
922a239079
Disable new signal-based asynchronous goroutine preemption from GO 1.14 in git env (#11237)
As seen in trouble shooting #11032 the new feature of Go 1.14 is causing several second delays in startup in certain situations. Debugging shows it spending several seconds handling SIGURG commands during init:

```
6922:04:51.984234 trace init() ./modules/queue/unique_queue_wrapped.go
remote: ) = 69 <0.000012>
remote: [pid 15984] 22:04:51 write(1, "\ttime taken: 236.761\302\265s\n\n", 25    time taken: 236.761µs
remote:
remote: ) = 25 <0.000011>
remote: [pid 15984] 22:04:51 --- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=15984, si_uid=0} ---
remote: [pid 15984] 22:04:52 --- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=15984, si_uid=0} ---
remote: [pid 15984] 22:04:52 --- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=15984, si_uid=0} ---
```

This causes up to 20 seconds added to a push in some cases as it happens for each call of the gitea hook command. This is likely the cause of #10661 as well and would start to effect users once we release 1.12 which would be the first release compiled with Go 1.14. I suspect this is just a slight issue with the upstream implementatation as there have been a few very similar bugs fixed and reported:

 https://github.com/golang/go/issues/37741
 https://github.com/golang/go/issues/37942

We should revisit this in the future and see if a newer version of Go has solved it, but for now disable this option in the environment that gitea hook runs in to avoid it.
2020-04-28 11:45:32 -04:00
zeripath
1f0b797ddc
Make the PushCreate test declarative (#11229)
Reduce the code duplication in the PushCreate test and switch
to a declarative format.

* Instead of explicitly creating the repository re-use functions from the other declarative tests and add comments
* Ensure that the test repository is deleted at the end of test
* Slightly reorder the sub-tests

Also reduce the code duplication in MergeFork and add some comments there too and make doGitCloneFail be self-contained.

Signed-off-by: Andrew Thornton art27@cantab.net
2020-04-28 09:32:23 +01:00
GiteaBot
b0849abf3d [skip ci] Updated translations via Crowdin 2020-04-27 23:43:08 +00:00
Bagas Sanjaya
b52ec4a19e
[Docs] Config Cheat Sheet - Task Edit (#9972)
* backwards compatibility typo

* Unlist description and separate from list by an empty line

* redis needs password edit

* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2020-04-27 19:41:59 -04:00
6543
41cebeb8fa
Make error pages translatable (#11163)
* make error pages translatable

* dont translate ":"

* link need Safe
2020-04-27 18:03:15 -05:00
GiteaBot
6a3de9e25f [skip ci] Updated translations via Crowdin 2020-04-27 11:21:30 +00:00
zeripath
d26aee3830
Slight performance changes to integrations/git_test.go (#11227)
* switch to use pseudorandom generator and stop cloning in pushcreate

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Add some logging of BranchProtectPRMerge

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Stop running prepareTestEnv so often for TestAPIGetBranch

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-04-27 14:20:09 +03:00
zeripath
0e799c26ba
Prevent panic during wrappedConn close at hammertime (#11219)
* Prevent panic during wrappedConn close at hammertime

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update modules/graceful/server.go

* Fix extraneous debug in goldmark.go

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-04-26 21:01:06 -03:00
zeripath
9f959ac064
Make TaskCheckBox render correctly (#11214)
* Fix checkbox rendering

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Normalize checkbox rendering

Signed-off-by: Andrew Thornton <art27@cantab.net>

* set the checkboxes to readonly instead of disabled

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-26 02:09:08 -03:00
colorfulberry
f1f56da4d1
On logout redirect to start page and clear redirect cookie (#11202)
when one user logout should clear redirect to value, otherwise switch the account will occur error.

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-04-25 23:11:32 +01:00