Commit Graph

7005 Commits

Author SHA1 Message Date
Lunny Xiao
cbfc7f52b9 fix bug when migrate repository 500 when repo is existed (#6188) (#6197) 2019-02-26 22:32:25 -05:00
John Olheiser
d602ba564f Load Issue attributes for API call (#6122) (#6185)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-02-25 21:05:45 -05:00
Lunny Xiao
55063f2524 fix bug user could change private repository to public when force private enabled. (#6156) (#6165) 2019-02-23 05:53:52 +00:00
Lunny Xiao
585dd13cce fix bug when update owner team then visit team's repo return 404 (#6119) (#6166) 2019-02-22 22:55:32 -05:00
Lauris BH
12d883412f Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137) 2019-02-20 22:11:58 +08:00
Lunny Xiao
597a30b727 Fix prohibit login check on authorization (#6106) (#6115)
* Fix prohibit login check on authorization (#6106)

* fix bug prohibit login not applied on dashboard

* fix tests

* fix bug user status leak

* fix typo

* return after render

* remove unused tests
2019-02-19 11:38:04 +02:00
zeripath
b5ae8945e5
Move to ldap.v3 to fix #5928 (#6105) (#6107)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-18 14:24:25 +00:00
zeripath
5cca840bb8 Fix deadlock in webhook PullRequest (#6102) (#6104)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-17 22:38:26 -05:00
xdch47
f4c7e87fc9 modules/context/auth.go: fix redirect loop (#5965) (#6101)
Closes #5815
2019-02-17 12:51:37 +00:00
zeripath
fe99c9901d Issue 5924 fix compare button (#5929) (#6098)
* Revert #5877

This unfortunately was not the solution.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Change permission check to create pull requests to CanReadIssuesOrPulls

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-16 20:11:07 +02:00
zeripath
2e1540e827 Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
This PR protects against the panic referred to in chaseadmsio/goorgeous#82
by recovering from the panic and just returning the raw bytes if
there is an error.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-16 12:39:52 -05:00
Lauris BH
3b612ce42e
Changelog for release v1.7.2 (#6084) 2019-02-15 10:19:51 +02:00
Lauris BH
1d8e56e6bb
In basic auth check for tokens before call UserSignIn (#5725) (#6083)
* Check first if user/password is a token

* In basic auth check if user/password is a token

* Remove unnecessary else statement

* Changes of fmt
2019-02-15 10:01:53 +02:00
techknowlogick
57ab65d922
1.7.2 changelog (#6079) 2019-02-15 02:14:00 -05:00
techknowlogick
3ac4a7fab8
Switch to more recent build of xgo (#6070) (#6072) 2019-02-14 13:35:27 -05:00
Lanre Adelowo
253efbcb51 Make sure labels are actually returned (#6053) (#6059) 2019-02-13 17:51:18 +00:00
zeripath
c8f061e15b Create repository on organisation by default on its dashboard (#6026) (#6048)
* Create repository on organisation by default on its dashboard
* Only show owners the add new repositories to an organisation button.

Fix #3253

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-12 22:04:48 -05:00
Paul
7f7c451de4 Fix metrics auth token detection (#6006) (#6017)
Backport of #6006 

Signed-off-by: Pauls Barkans <paulsb@gmail.com>
2019-02-09 14:35:51 +00:00
zeripath
b0b574f805 Fix empty ssh key importing in ldap (#5984) (#6009) 2019-02-09 14:44:53 +02:00
Lunny Xiao
d269179523 fix bug when deleting a linked account will removed all (#5989) (#5990) 2019-02-07 07:11:51 +00:00
zeripath
6416f06508
Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
Backport of #5939 

1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix #1357
2019-02-04 21:41:03 +00:00
Lanre Adelowo
1a8ab63dda show user who created the repository instead of the organization in action feed (#5948) (#5956) 2019-02-04 11:20:36 +02:00
Lanre Adelowo
477b4de0d1 handle milestone events for issues and PR (#5947) (#5955)
Backport of #5947
2019-02-04 08:33:56 +00:00
zeripath
849c85a2ec Fix #5866: Silence console logger in gitea serv (#5887) (#5943)
By default, if `setting.NewContext()` prints out any warning logs, these are printed to the stdout breaking `git receive-pack` etc. meaning that even if there is a warning because of a minor problem in your app.ini but gitea starts despite this - you **CANNOT** push or pull over SSH.

This PR disables the console logger whilst in `serv.go`

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-03 13:50:41 -05:00
zeripath
731275247d Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
The gitea prerecieve and postrecieve hooks and the gitea PushUpdate function require that the PusherID and PusherName are real users. Previously, these environment variables were not being set when using a deploy key - the main result being that pushing to empty repositories meant that is_empty status was not changed.

I've also added an integration test to ensure that the is_empty status is updated on pushing with a deploy key.

There is a slight issue in that the deploy key is now considered a proxy for the owner - we don't have a way of separating out the deploy key from the owner at present. This can be fixed in another PR.

Fix #3795 

Signed-off-by: Andrew Thornton art27@cantab.net
2019-02-03 13:04:09 -05:00
John Olheiser
022634aa75 Remove all CommitStatus when a repo is deleted (#5941)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-02-03 00:55:33 -05:00
techknowlogick
dfad569e40
1.7.1 changelog (#5918) 2019-01-31 11:11:25 -05:00
techknowlogick
c3b67ff2f6
Disable redirect for i18n (#5910) (#5916) 2019-01-31 10:07:57 -05:00
Lanre Adelowo
5c30817b5f fix compare button on upstream repo leading to 404 (#5877) (#5914) 2019-01-31 09:55:39 -05:00
Lanre Adelowo
438848a2ca respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915) 2019-01-31 09:38:01 -05:00
Lunny Xiao
9d4aa78113 Fix bug when read public repo lfs file (#5913)
* fix bug when read public repo lfs file

* add comment on lfs permission check
2019-01-31 13:36:10 +00:00
zeripath
e5af93af20 Only allow local login if password is non-empty (#5906) (#5908) 2019-01-30 23:46:19 +02:00
Lauris BH
3f802a2846
Fix go-get URL generation (#5905) (#5907) 2019-01-30 23:29:44 +02:00
zeripath
0190d3c243
Prevent nil dereference in mailIssueCommentToParticipants (#5891, #5895) (#5894)
* Ensure issue.Poster is loaded in mailIssueCommentToParticipants (#5891)

Previous code could potentially dereference nil - this PR ensures
that the poster is loaded before dereferencing it.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Also ensure the repo is loaded

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-29 22:44:00 +00:00
Lauris BH
4fe1a3050e When creating new repository fsck option should be enabled (#5817) (#5885) 2019-01-29 09:42:47 +08:00
zeripath
29799537a7
API: Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
Backport of #5872 to v1.7

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-28 20:26:55 +00:00
Harshit Bansal
d3a334d99a Fix an error while adding a dependency via UI. (Backport #5862) (#5876)
Fixes: #5783.
2019-01-28 12:51:30 +00:00
yasuokav
28d9305ea3 Fix delete correct temp directory (#5840) 2019-01-25 02:33:15 -05:00
kolaente
8a9f5b3b50 Added docs for the tree api (#5835)
* Added docs for the tree api

* Updated swagger docs

* Added missing response definition

* Updated swagger docs

* Fixed swagger docs
2019-01-24 20:40:54 +02:00
Antoine GIRARD
f28e17473c Backport #5830 : Include Go toolchain to --version (#5832)
* Include Go version

* fix import order
2019-01-24 10:33:28 -05:00
Lauris BH
2c26521579
Request for public keys only if LDAP attribute is set (#5816) (#5819)
* Update go-ldap dependency

* Request for public keys only if attribute is set
2019-01-24 12:21:36 +02:00
Joona Hoikkala
f635041c98 Fix TLS errors when using acme/autocert for local connections (#5820) (#5826) 2019-01-24 09:48:02 +02:00
techknowlogick
3fa49f3780 1.7.0 changelog (#5802) 2019-01-22 21:21:46 +02:00
Lanre Adelowo
4577cddd28 Disallow empty titles (#5785) (#5794)
* add util method and tests

* make sure the title of an issue cannot be empty

* wiki title cannot be empty

* pull request title cannot be empty

* update to make use of the new util methof
2019-01-21 17:55:12 +02:00
techknowlogick
8da5237107
1.7.0-rc3 changelog (#5756) 2019-01-18 01:08:41 -05:00
techknowlogick
8006b1bc7a backport 1.6.4 changelog to 1.7 branch (#5741) 2019-01-16 14:43:06 +02:00
Julian Tölle
8d400320c6 fix: use correct value for "MSpan Structures Obtained" #4742 (#5706) (#5716)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2019-01-13 16:32:55 +02:00
zeripath
e9c4609410 Do not display the raw OpenID error in the UI (#5705) (#5712)
* Do not display the raw OpenID error in the UI

If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix #4973

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update auth_openid.go

Place error log within the `err != nil` branch.
2019-01-13 08:05:20 -05:00
Zsombor
176a6048b4 Update xorm to fix issue #5659 and #5651 (#5680) (#5692) 2019-01-10 21:43:29 +02:00
Lunny Xiao
483aa06b07 fix public will not be reused as public key after deleting as deploy key (#5671) (#5684) 2019-01-10 09:23:33 -05:00