Compare commits

...

60 Commits

Author SHA1 Message Date
zeripath
8ab107c2dd
Add Changelog for 1.7.3 (#6202)
* Add Changelog for 1.7.3
2019-02-27 20:13:13 +00:00
Lunny Xiao
cbfc7f52b9 fix bug when migrate repository 500 when repo is existed (#6188) (#6197) 2019-02-26 22:32:25 -05:00
John Olheiser
d602ba564f Load Issue attributes for API call (#6122) (#6185)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-02-25 21:05:45 -05:00
Lunny Xiao
55063f2524 fix bug user could change private repository to public when force private enabled. (#6156) (#6165) 2019-02-23 05:53:52 +00:00
Lunny Xiao
585dd13cce fix bug when update owner team then visit team's repo return 404 (#6119) (#6166) 2019-02-22 22:55:32 -05:00
Lauris BH
12d883412f Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137) 2019-02-20 22:11:58 +08:00
Lunny Xiao
597a30b727 Fix prohibit login check on authorization (#6106) (#6115)
* Fix prohibit login check on authorization (#6106)

* fix bug prohibit login not applied on dashboard

* fix tests

* fix bug user status leak

* fix typo

* return after render

* remove unused tests
2019-02-19 11:38:04 +02:00
zeripath
b5ae8945e5
Move to ldap.v3 to fix #5928 (#6105) (#6107)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-18 14:24:25 +00:00
zeripath
5cca840bb8 Fix deadlock in webhook PullRequest (#6102) (#6104)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-17 22:38:26 -05:00
xdch47
f4c7e87fc9 modules/context/auth.go: fix redirect loop (#5965) (#6101)
Closes #5815
2019-02-17 12:51:37 +00:00
zeripath
fe99c9901d Issue 5924 fix compare button (#5929) (#6098)
* Revert #5877

This unfortunately was not the solution.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Change permission check to create pull requests to CanReadIssuesOrPulls

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-16 20:11:07 +02:00
zeripath
2e1540e827 Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
This PR protects against the panic referred to in chaseadmsio/goorgeous#82
by recovering from the panic and just returning the raw bytes if
there is an error.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-16 12:39:52 -05:00
Lauris BH
3b612ce42e
Changelog for release v1.7.2 (#6084) 2019-02-15 10:19:51 +02:00
Lauris BH
1d8e56e6bb
In basic auth check for tokens before call UserSignIn (#5725) (#6083)
* Check first if user/password is a token

* In basic auth check if user/password is a token

* Remove unnecessary else statement

* Changes of fmt
2019-02-15 10:01:53 +02:00
techknowlogick
57ab65d922
1.7.2 changelog (#6079) 2019-02-15 02:14:00 -05:00
techknowlogick
3ac4a7fab8
Switch to more recent build of xgo (#6070) (#6072) 2019-02-14 13:35:27 -05:00
Lanre Adelowo
253efbcb51 Make sure labels are actually returned (#6053) (#6059) 2019-02-13 17:51:18 +00:00
zeripath
c8f061e15b Create repository on organisation by default on its dashboard (#6026) (#6048)
* Create repository on organisation by default on its dashboard
* Only show owners the add new repositories to an organisation button.

Fix #3253

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-12 22:04:48 -05:00
Paul
7f7c451de4 Fix metrics auth token detection (#6006) (#6017)
Backport of #6006 

Signed-off-by: Pauls Barkans <paulsb@gmail.com>
2019-02-09 14:35:51 +00:00
zeripath
b0b574f805 Fix empty ssh key importing in ldap (#5984) (#6009) 2019-02-09 14:44:53 +02:00
Lunny Xiao
d269179523 fix bug when deleting a linked account will removed all (#5989) (#5990) 2019-02-07 07:11:51 +00:00
zeripath
6416f06508
Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
Backport of #5939 

1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix #1357
2019-02-04 21:41:03 +00:00
Lanre Adelowo
1a8ab63dda show user who created the repository instead of the organization in action feed (#5948) (#5956) 2019-02-04 11:20:36 +02:00
Lanre Adelowo
477b4de0d1 handle milestone events for issues and PR (#5947) (#5955)
Backport of #5947
2019-02-04 08:33:56 +00:00
zeripath
849c85a2ec Fix #5866: Silence console logger in gitea serv (#5887) (#5943)
By default, if `setting.NewContext()` prints out any warning logs, these are printed to the stdout breaking `git receive-pack` etc. meaning that even if there is a warning because of a minor problem in your app.ini but gitea starts despite this - you **CANNOT** push or pull over SSH.

This PR disables the console logger whilst in `serv.go`

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-03 13:50:41 -05:00
zeripath
731275247d Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
The gitea prerecieve and postrecieve hooks and the gitea PushUpdate function require that the PusherID and PusherName are real users. Previously, these environment variables were not being set when using a deploy key - the main result being that pushing to empty repositories meant that is_empty status was not changed.

I've also added an integration test to ensure that the is_empty status is updated on pushing with a deploy key.

There is a slight issue in that the deploy key is now considered a proxy for the owner - we don't have a way of separating out the deploy key from the owner at present. This can be fixed in another PR.

Fix #3795 

Signed-off-by: Andrew Thornton art27@cantab.net
2019-02-03 13:04:09 -05:00
John Olheiser
022634aa75 Remove all CommitStatus when a repo is deleted (#5941)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-02-03 00:55:33 -05:00
techknowlogick
dfad569e40
1.7.1 changelog (#5918) 2019-01-31 11:11:25 -05:00
techknowlogick
c3b67ff2f6
Disable redirect for i18n (#5910) (#5916) 2019-01-31 10:07:57 -05:00
Lanre Adelowo
5c30817b5f fix compare button on upstream repo leading to 404 (#5877) (#5914) 2019-01-31 09:55:39 -05:00
Lanre Adelowo
438848a2ca respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915) 2019-01-31 09:38:01 -05:00
Lunny Xiao
9d4aa78113 Fix bug when read public repo lfs file (#5913)
* fix bug when read public repo lfs file

* add comment on lfs permission check
2019-01-31 13:36:10 +00:00
zeripath
e5af93af20 Only allow local login if password is non-empty (#5906) (#5908) 2019-01-30 23:46:19 +02:00
Lauris BH
3f802a2846
Fix go-get URL generation (#5905) (#5907) 2019-01-30 23:29:44 +02:00
zeripath
0190d3c243
Prevent nil dereference in mailIssueCommentToParticipants (#5891, #5895) (#5894)
* Ensure issue.Poster is loaded in mailIssueCommentToParticipants (#5891)

Previous code could potentially dereference nil - this PR ensures
that the poster is loaded before dereferencing it.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Also ensure the repo is loaded

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-29 22:44:00 +00:00
Lauris BH
4fe1a3050e When creating new repository fsck option should be enabled (#5817) (#5885) 2019-01-29 09:42:47 +08:00
zeripath
29799537a7
API: Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
Backport of #5872 to v1.7

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-28 20:26:55 +00:00
Harshit Bansal
d3a334d99a Fix an error while adding a dependency via UI. (Backport #5862) (#5876)
Fixes: #5783.
2019-01-28 12:51:30 +00:00
yasuokav
28d9305ea3 Fix delete correct temp directory (#5840) 2019-01-25 02:33:15 -05:00
kolaente
8a9f5b3b50 Added docs for the tree api (#5835)
* Added docs for the tree api

* Updated swagger docs

* Added missing response definition

* Updated swagger docs

* Fixed swagger docs
2019-01-24 20:40:54 +02:00
Antoine GIRARD
f28e17473c Backport #5830 : Include Go toolchain to --version (#5832)
* Include Go version

* fix import order
2019-01-24 10:33:28 -05:00
Lauris BH
2c26521579
Request for public keys only if LDAP attribute is set (#5816) (#5819)
* Update go-ldap dependency

* Request for public keys only if attribute is set
2019-01-24 12:21:36 +02:00
Joona Hoikkala
f635041c98 Fix TLS errors when using acme/autocert for local connections (#5820) (#5826) 2019-01-24 09:48:02 +02:00
techknowlogick
3fa49f3780 1.7.0 changelog (#5802) 2019-01-22 21:21:46 +02:00
Lanre Adelowo
4577cddd28 Disallow empty titles (#5785) (#5794)
* add util method and tests

* make sure the title of an issue cannot be empty

* wiki title cannot be empty

* pull request title cannot be empty

* update to make use of the new util methof
2019-01-21 17:55:12 +02:00
techknowlogick
8da5237107
1.7.0-rc3 changelog (#5756) 2019-01-18 01:08:41 -05:00
techknowlogick
8006b1bc7a backport 1.6.4 changelog to 1.7 branch (#5741) 2019-01-16 14:43:06 +02:00
Julian Tölle
8d400320c6 fix: use correct value for "MSpan Structures Obtained" #4742 (#5706) (#5716)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2019-01-13 16:32:55 +02:00
zeripath
e9c4609410 Do not display the raw OpenID error in the UI (#5705) (#5712)
* Do not display the raw OpenID error in the UI

If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix #4973

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update auth_openid.go

Place error log within the `err != nil` branch.
2019-01-13 08:05:20 -05:00
Zsombor
176a6048b4 Update xorm to fix issue #5659 and #5651 (#5680) (#5692) 2019-01-10 21:43:29 +02:00
Lunny Xiao
483aa06b07 fix public will not be reused as public key after deleting as deploy key (#5671) (#5684) 2019-01-10 09:23:33 -05:00
zeripath
551dc58a4d When redirecting clean the path to avoid redirecting to //www.othersite.com (#5669) (#5679)
Fix #5627

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-09 17:32:49 -05:00
Julian
41a2bfe3ae Only count users own actions for heatmap contributions (#5647) (#5655)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2019-01-06 22:16:55 +02:00
Julian
652e09fc3e fix commit page showing status for current default branch (#5650) (#5653)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2019-01-06 19:11:49 +01:00
Harshit Bansal
c9b57a5135 Don't close issues via commits on non-default branch. (#5622) (#5643)
Adds a small check to close the issues only if the referencing commits
are on the default branch.

Fixes: #2314.
2019-01-05 22:04:02 +02:00
zeripath
2904d8d6aa Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
* Fix sqlite deadlock when assigning to a PR

Fix 5639

Signed-off-by: Andrew Thornton <art27@cantab.net>

* More possible deadlocks found and fixed

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-05 10:18:17 -05:00
Jonas Franz
109fc7975b
Add changelog for 1.6.3 and 1.7.0-rc2 (#5638)
Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-01-04 19:17:32 +01:00
zeripath
3ee3a4b595 SECURITY: protect DeleteFilePost et al with cleanUploadFileName (#5631) (#5635)
This commit wraps more of the TreePaths with cleanUploadFileName

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-04 17:41:30 +01:00
Lauris BH
14e218cbd1
Backport latest translation changes 2019-01-04 11:26:23 +02:00
0x5c
b5f4911afa
Documentation: Clarity for HTTPS setups (#5626)
[https-setup]
- Made it clearer that HTTP redirection is possible
[config-cheat-sheet]
- Clarified the behavihour of the redirection-related config keys

Signed-off-by: Matti Ranta <matti@mdranta.net>
2019-01-03 18:53:51 -05:00
107 changed files with 2507 additions and 859 deletions

View File

@ -211,7 +211,7 @@ pipeline:
branch: [ master ]
static:
image: karalabe/xgo-latest:latest
image: techknowlogick/xgo:latest
pull: true
environment:
TAGS: bindata sqlite sqlite_unlock_notify

View File

@ -4,7 +4,62 @@ This changelog goes through all the changes that have been made in each release
without substantial changes to our git log; to see the highlights of what has
been added to each release, please refer to the [blog](https://blog.gitea.io).
## [1.7.0-rc1](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-02
## [1.7.3](https://github.com/go-gitea/gitea/releases/tag/v1.7.3) - 2019-02-27
* BUGFIXES
* Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
* Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
* Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
* Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
* Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
* Fix prohibit login check on authorization (#6106) (#6115)
* Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
* Fix deadlock in webhook PullRequest (#6102) (#6104)
* Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
* Fix compare button regression (#5929) (#6098)
* Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
## [1.7.2](https://github.com/go-gitea/gitea/releases/tag/v1.7.2) - 2019-02-14
* BUGFIXES
* Remove all CommitStatus when a repo is deleted (#5940) (#5941)
* Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
* Silence console logger in gitea serv (#5887) (#5943)
* Handle milestone webhook events for issues and PR (#5947) (#5955)
* Show user who created the repository instead of the organization in action feed (#5948) (#5956)
* Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
* Fix bug when deleting a linked account will removed all (#5989) (#5990)
* Fix empty ssh key importing in ldap (#5984) (#6009)
* Fix metrics auth token detection (#6006) (#6017)
* Create repository on organisation by default on its dashboard (#6026) (#6048)
* Make sure labels are actually returned in API (#6053) (#6059)
* Switch to more recent build of xgo (#6070) (#6072)
* In basic auth check for tokens before call UserSignIn (#5725) (#6083)
## [1.7.1](https://github.com/go-gitea/gitea/releases/tag/v1.7.1) - 2019-01-31
* SECURITY
* Disable redirect for i18n (#5910) (#5916)
* Only allow local login if password is non-empty (#5906) (#5908)
* Fix go-get URL generation (#5905) (#5907)
* BUGFIXES
* Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
* Request for public keys only if LDAP attribute is set (#5816) (#5819)
* Fix delete correct temp directory (#5840) (#5839)
* Fix an error while adding a dependency via UI (#5862) (#5876)
* Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
* When creating new repository fsck option should be enabled (#5817) (#5885)
* Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
* Fix bug when read public repo lfs file (#5913) (#5912)
* Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
* Fix compare button on upstream repo leading to 404 (#5877) (#5914)
* DOCS
* Added docs for the tree api (#5835)
* MISC
* Include Go toolchain to --version (#5832) (#5830)
## [1.7.0](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-22
* SECURITY
* Do not display the raw OpenID error in the UI (#5705) (#5712)
* When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
* Prevent DeleteFilePost doing arbitrary deletion (#5631)
* BREAKING
* Restrict permission check on repositories and fix some problems (#5314)
* Show only opened milestones on issues page milestone filter (#5051)
@ -23,6 +78,13 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
* Give user a link to create PR after push (#4716)
* Add rebase with merge commit merge style (#3844) (#4052)
* BUGFIXES
* Disallow empty titles (#5785) (#5794)
* Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
* Don't close issues via commits on non-default branch. (#5622) (#5643)
* Fix commit page showing status for current default branch (#5650) (#5653)
* Only count users own actions for heatmap contributions (#5647) (#5655)
* Update xorm to fix issue postgresql dumping issues (#5680) (#5692)
* Use correct value for "MSpan Structures Obtained" (#5706) (#5716)
* Fix bug on modifying sshd username (#5624)
* Delete tags in mirror which are removed for original repo. (#5609)
* Fix wrong text getting saved on editing second comment on an issue. (#5608)
@ -149,6 +211,18 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
* Git-Trees API (#5403)
* Only chown directories during docker setup if necessary. Fix #4425 (#5064)
## [1.6.4](https://github.com/go-gitea/gitea/releases/tag/v1.6.4) - 2019-01-15
* BUGFIX
* Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
* When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
* Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
## [1.6.3](https://github.com/go-gitea/gitea/releases/tag/v1.6.3) - 2019-01-04
* SECURITY
* Prevent DeleteFilePost doing arbitrary deletion (#5631)
* BUGFIX
* Fix wrong text getting saved on editing second comment on an issue (#5608)
## [1.6.2](https://github.com/go-gitea/gitea/releases/tag/v1.6.2) - 2018-12-21
* SECURITY
* Sanitize uploaded file names (#5571) (#5573)

15
Gopkg.lock generated
View File

@ -406,11 +406,11 @@
version = "v0.6.0"
[[projects]]
digest = "1:931a62a1aacc37a5e4c309a111642ec4da47b4dc453cd4ba5481b12eedb04a5d"
digest = "1:d366480c27ab51b3f7e995f25503063e7a6ebc7feb269df2499c33471f35cd62"
name = "github.com/go-xorm/xorm"
packages = ["."]
pruneopts = "NUT"
revision = "401f4ee8ff8cbc40a4754cb12192fbe4f02f3979"
revision = "1cd2662be938bfee0e34af92fe448513e0560fb1"
[[projects]]
branch = "master"
@ -1005,12 +1005,12 @@
version = "v1.31.1"
[[projects]]
digest = "1:01f4ac37c52bda6f7e1bd73680a99f88733c0408aaa159ecb1ba53a1ade9423c"
name = "gopkg.in/ldap.v2"
digest = "1:8a502dedecf5b6d56e36f0d0e6196392baf616634af2c23108b6e8bb89ec57fc"
name = "gopkg.in/ldap.v3"
packages = ["."]
pruneopts = "NUT"
revision = "d0a5ced67b4dc310b9158d63a2c6f9c5ec13f105"
version = "v2.4.1"
revision = "214f299a0ecb2a6c6f6d2b0f13977032b207dc58"
version = "v3.0.1"
[[projects]]
digest = "1:cfe1730a152ff033ad7d9c115d22e36b19eec6d5928c06146b9119be45d39dc0"
@ -1173,6 +1173,7 @@
"github.com/keybase/go-crypto/openpgp",
"github.com/keybase/go-crypto/openpgp/armor",
"github.com/keybase/go-crypto/openpgp/packet",
"github.com/klauspost/compress/gzip",
"github.com/lafriks/xormstore",
"github.com/lib/pq",
"github.com/lunny/dingtalk_webhook",
@ -1214,7 +1215,7 @@
"gopkg.in/editorconfig/editorconfig-core-go.v1",
"gopkg.in/gomail.v2",
"gopkg.in/ini.v1",
"gopkg.in/ldap.v2",
"gopkg.in/ldap.v3",
"gopkg.in/macaron.v1",
"gopkg.in/testfixtures.v2",
"strk.kbt.io/projects/go/libravatar",

View File

@ -38,7 +38,7 @@ ignored = ["google.golang.org/appengine*"]
[[override]]
name = "github.com/go-xorm/xorm"
revision = "401f4ee8ff8cbc40a4754cb12192fbe4f02f3979"
revision = "1cd2662be938bfee0e34af92fe448513e0560fb1"
[[override]]
name = "github.com/go-xorm/builder"
@ -97,8 +97,8 @@ ignored = ["google.golang.org/appengine*"]
version = "1.31.1"
[[constraint]]
name = "gopkg.in/ldap.v2"
version = "2.4.1"
name = "gopkg.in/ldap.v3"
version = "3.0.1"
[[constraint]]
name = "gopkg.in/macaron.v1"

View File

@ -9,10 +9,11 @@ package cmd
import (
"errors"
"fmt"
"strings"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"github.com/urfave/cli"
)
@ -24,7 +25,7 @@ func argsSet(c *cli.Context, args ...string) error {
return errors.New(a + " is not set")
}
if len(strings.TrimSpace(c.String(a))) == 0 {
if util.IsEmptyString(a) {
return errors.New(a + " is required")
}
}

View File

@ -70,6 +70,7 @@ func checkLFSVersion() {
}
func setup(logPath string) {
log.DelLogger("console")
setting.NewContext()
checkLFSVersion()
log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
@ -233,23 +234,30 @@ func runServ(c *cli.Context) error {
// Check deploy key or user key.
if key.Type == models.KeyTypeDeploy {
if key.Mode < requestedMode {
fail("Key permission denied", "Cannot push with deployment key: %d", key.ID)
}
// Check if this deploy key belongs to current repository.
has, err := private.HasDeployKey(key.ID, repo.ID)
// Now we have to get the deploy key for this repo
deployKey, err := private.GetDeployKey(key.ID, repo.ID)
if err != nil {
fail("Key access denied", "Failed to access internal api: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
}
if !has {
if deployKey == nil {
fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
}
if deployKey.Mode < requestedMode {
fail("Key permission denied", "Cannot push with read-only deployment key: %d to repo_id: %d", key.ID, repo.ID)
}
// Update deploy key activity.
if err = private.UpdateDeployKeyUpdated(key.ID, repo.ID); err != nil {
fail("Internal error", "UpdateDeployKey: %v", err)
}
// FIXME: Deploy keys aren't really the owner of the repo pushing changes
// however we don't have good way of representing deploy keys in hook.go
// so for now use the owner
os.Setenv(models.EnvPusherName, username)
os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", repo.OwnerID))
} else {
user, err = private.GetUserByKeyID(key.ID)
if err != nil {

View File

@ -122,9 +122,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
- `LFS_CONTENT_PATH`: **./data/lfs**: Where to store LFS files.
- `LFS_JWT_SECRET`: **\<empty\>**: LFS authentication secret, change this a unique string.
- `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail.
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, redirects http requests
on another (https) port.
- `PORT_TO_REDIRECT`: **80**: Port used when `REDIRECT_OTHER_PORT` is true.
- `REDIRECT_OTHER_PORT`: **false**: If true and `PROTOCOL` is https, allows redirecting http requests on `PORT_TO_REDIRECT` to the https port Gitea listens on.
- `PORT_TO_REDIRECT`: **80**: Port for the http redirection service to listen on. Used when `REDIRECT_OTHER_PORT` is true.
- `ENABLE_LETSENCRYPT`: **false**: If enabled you must set `DOMAIN` to valid internet facing domain (ensure DNS is set and port 80 is accessible by letsencrypt validation server).
By using Lets Encrypt **you must consent** to their [terms of service](https://letsencrypt.org/documents/LE-SA-v1.2-November-15-2017.pdf).
- `LETSENCRYPT_ACCEPTTOS`: **false**: This is an explicit check that you accept the terms of service for Let's Encrypt.

View File

@ -30,8 +30,22 @@ HTTP_PORT = 3000
CERT_FILE = cert.pem
KEY_FILE = key.pem
```
To learn more about the config values, please checkout the [Config Cheat Sheet](../config-cheat-sheet#server).
### Setting-up HTTP redirection
The Gitea server is only able to listen to one port; to redirect HTTP requests to the HTTPS port, you will need to enable the HTTP redirection service:
```ini
[server]
REDIRECT_OTHER_PORT = true
; Port the redirection service should listen on
PORT_TO_REDIRECT = 3080
```
If you are using Docker, make sure that this port is configured in your `docker-compose.yml` file.
## Using Let's Encrypt
[Let's Encrypt](https://letsencrypt.org/) is a Certificate Authority that allows you to automatically request and renew SSL/TLS certificates. In addition to starting Gitea on your configured port, to request HTTPS certificates Gitea will also need to listed on port 80, and will set up an autoredirect to HTTPS for you. Let's Encrypt will need to be able to access Gitea via the Internet to verify your ownership of the domain.

View File

@ -0,0 +1,152 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"fmt"
"io/ioutil"
"net/http"
"testing"
api "code.gitea.io/sdk/gitea"
"github.com/stretchr/testify/assert"
)
type APITestContext struct {
Reponame string
Session *TestSession
Token string
Username string
ExpectedCode int
}
func NewAPITestContext(t *testing.T, username, reponame string) APITestContext {
session := loginUser(t, username)
token := getTokenForLoggedInUser(t, session)
return APITestContext{
Session: session,
Token: token,
Username: username,
Reponame: reponame,
}
}
func (ctx APITestContext) GitPath() string {
return fmt.Sprintf("%s/%s.git", ctx.Username, ctx.Reponame)
}
func doAPICreateRepository(ctx APITestContext, empty bool, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
return func(t *testing.T) {
createRepoOption := &api.CreateRepoOption{
AutoInit: !empty,
Description: "Temporary repo",
Name: ctx.Reponame,
Private: true,
Gitignores: "",
License: "WTFPL",
Readme: "Default",
}
req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+ctx.Token, createRepoOption)
if ctx.ExpectedCode != 0 {
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
return
}
resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
var repository api.Repository
DecodeJSON(t, resp, &repository)
if len(callback) > 0 {
callback[0](t, repository)
}
}
}
func doAPIGetRepository(ctx APITestContext, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
return func(t *testing.T) {
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
req := NewRequest(t, "GET", urlStr)
if ctx.ExpectedCode != 0 {
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
return
}
resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
var repository api.Repository
DecodeJSON(t, resp, &repository)
if len(callback) > 0 {
callback[0](t, repository)
}
}
}
func doAPIDeleteRepository(ctx APITestContext) func(*testing.T) {
return func(t *testing.T) {
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
req := NewRequest(t, "DELETE", urlStr)
if ctx.ExpectedCode != 0 {
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
return
}
ctx.Session.MakeRequest(t, req, http.StatusNoContent)
}
}
func doAPICreateUserKey(ctx APITestContext, keyname, keyFile string, callback ...func(*testing.T, api.PublicKey)) func(*testing.T) {
return func(t *testing.T) {
urlStr := fmt.Sprintf("/api/v1/user/keys?token=%s", ctx.Token)
dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
assert.NoError(t, err)
req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateKeyOption{
Title: keyname,
Key: string(dataPubKey),
})
if ctx.ExpectedCode != 0 {
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
return
}
resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
var publicKey api.PublicKey
DecodeJSON(t, resp, &publicKey)
if len(callback) > 0 {
callback[0](t, publicKey)
}
}
}
func doAPIDeleteUserKey(ctx APITestContext, keyID int64) func(*testing.T) {
return func(t *testing.T) {
urlStr := fmt.Sprintf("/api/v1/user/keys/%d?token=%s", keyID, ctx.Token)
req := NewRequest(t, "DELETE", urlStr)
if ctx.ExpectedCode != 0 {
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
return
}
ctx.Session.MakeRequest(t, req, http.StatusNoContent)
}
}
func doAPICreateDeployKey(ctx APITestContext, keyname, keyFile string, readOnly bool) func(*testing.T) {
return func(t *testing.T) {
urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
assert.NoError(t, err)
req := NewRequestWithJSON(t, "POST", urlStr, api.CreateKeyOption{
Title: keyname,
Key: string(dataPubKey),
ReadOnly: readOnly,
})
if ctx.ExpectedCode != 0 {
ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
return
}
ctx.Session.MakeRequest(t, req, http.StatusCreated)
}
}

View File

@ -0,0 +1,127 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"context"
"fmt"
"io/ioutil"
"net"
"net/http"
"net/url"
"os"
"os/exec"
"path/filepath"
"testing"
"time"
"code.gitea.io/git"
"code.gitea.io/gitea/modules/setting"
"github.com/Unknwon/com"
"github.com/stretchr/testify/assert"
)
func withKeyFile(t *testing.T, keyname string, callback func(string)) {
keyFile := filepath.Join(setting.AppDataPath, keyname)
err := exec.Command("ssh-keygen", "-f", keyFile, "-t", "rsa", "-N", "").Run()
assert.NoError(t, err)
//Setup ssh wrapper
os.Setenv("GIT_SSH_COMMAND",
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "+
filepath.Join(setting.AppWorkPath, keyFile))
os.Setenv("GIT_SSH_VARIANT", "ssh")
callback(keyFile)
defer os.RemoveAll(keyFile)
defer os.RemoveAll(keyFile + ".pub")
}
func createSSHUrl(gitPath string, u *url.URL) *url.URL {
u2 := *u
u2.Scheme = "ssh"
u2.User = url.User("git")
u2.Host = fmt.Sprintf("%s:%d", setting.SSH.ListenHost, setting.SSH.ListenPort)
u2.Path = gitPath
return &u2
}
func onGiteaRun(t *testing.T, callback func(*testing.T, *url.URL)) {
prepareTestEnv(t)
s := http.Server{
Handler: mac,
}
u, err := url.Parse(setting.AppURL)
assert.NoError(t, err)
listener, err := net.Listen("tcp", u.Host)
assert.NoError(t, err)
defer func() {
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
s.Shutdown(ctx)
cancel()
}()
go s.Serve(listener)
//Started by config go ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
callback(t, u)
}
func doGitClone(dstLocalPath string, u *url.URL) func(*testing.T) {
return func(t *testing.T) {
assert.NoError(t, git.Clone(u.String(), dstLocalPath, git.CloneRepoOptions{}))
assert.True(t, com.IsExist(filepath.Join(dstLocalPath, "README.md")))
}
}
func doGitCloneFail(dstLocalPath string, u *url.URL) func(*testing.T) {
return func(t *testing.T) {
assert.Error(t, git.Clone(u.String(), dstLocalPath, git.CloneRepoOptions{}))
assert.False(t, com.IsExist(filepath.Join(dstLocalPath, "README.md")))
}
}
func doGitInitTestRepository(dstPath string) func(*testing.T) {
return func(t *testing.T) {
// Init repository in dstPath
assert.NoError(t, git.InitRepository(dstPath, false))
assert.NoError(t, ioutil.WriteFile(filepath.Join(dstPath, "README.md"), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s", dstPath)), 0644))
assert.NoError(t, git.AddChanges(dstPath, true))
signature := git.Signature{
Email: "test@example.com",
Name: "test",
When: time.Now(),
}
assert.NoError(t, git.CommitChanges(dstPath, git.CommitChangesOptions{
Committer: &signature,
Author: &signature,
Message: "Initial Commit",
}))
}
}
func doGitAddRemote(dstPath, remoteName string, u *url.URL) func(*testing.T) {
return func(t *testing.T) {
_, err := git.NewCommand("remote", "add", remoteName, u.String()).RunInDir(dstPath)
assert.NoError(t, err)
}
}
func doGitPushTestRepository(dstPath, remoteName, branch string) func(*testing.T) {
return func(t *testing.T) {
_, err := git.NewCommand("push", "-u", remoteName, branch).RunInDir(dstPath)
assert.NoError(t, err)
}
}
func doGitPushTestRepositoryFail(dstPath, remoteName, branch string) func(*testing.T) {
return func(t *testing.T) {
_, err := git.NewCommand("push", "-u", remoteName, branch).RunInDir(dstPath)
assert.Error(t, err)
}
}

View File

@ -5,25 +5,17 @@
package integrations
import (
"context"
"crypto/rand"
"fmt"
"io/ioutil"
"net"
"net/http"
"net/url"
"os"
"os/exec"
"path/filepath"
"testing"
"time"
"code.gitea.io/git"
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/setting"
api "code.gitea.io/sdk/gitea"
"github.com/Unknwon/com"
"github.com/stretchr/testify/assert"
)
@ -32,69 +24,32 @@ const (
bigSize = 128 * 1024 * 1024 //128Mo
)
func onGiteaRun(t *testing.T, callback func(*testing.T, *url.URL)) {
prepareTestEnv(t)
s := http.Server{
Handler: mac,
}
u, err := url.Parse(setting.AppURL)
assert.NoError(t, err)
listener, err := net.Listen("tcp", u.Host)
assert.NoError(t, err)
defer func() {
ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
s.Shutdown(ctx)
cancel()
}()
go s.Serve(listener)
//Started by config go ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
callback(t, u)
func TestGit(t *testing.T) {
onGiteaRun(t, testGit)
}
func TestGit(t *testing.T) {
onGiteaRun(t, func(t *testing.T, u *url.URL) {
u.Path = "user2/repo1.git"
func testGit(t *testing.T, u *url.URL) {
username := "user2"
baseAPITestContext := NewAPITestContext(t, username, "repo1")
u.Path = baseAPITestContext.GitPath()
t.Run("HTTP", func(t *testing.T) {
dstPath, err := ioutil.TempDir("", "repo-tmp-17")
httpContext := baseAPITestContext
httpContext.Reponame = "repo-tmp-17"
dstPath, err := ioutil.TempDir("", httpContext.Reponame)
assert.NoError(t, err)
defer os.RemoveAll(dstPath)
t.Run("Standard", func(t *testing.T) {
t.Run("CloneNoLogin", func(t *testing.T) {
dstLocalPath, err := ioutil.TempDir("", "repo1")
assert.NoError(t, err)
defer os.RemoveAll(dstLocalPath)
err = git.Clone(u.String(), dstLocalPath, git.CloneRepoOptions{})
assert.NoError(t, err)
assert.True(t, com.IsExist(filepath.Join(dstLocalPath, "README.md")))
})
ensureAnonymousClone(t, u)
t.Run("CreateRepo", func(t *testing.T) {
session := loginUser(t, "user2")
token := getTokenForLoggedInUser(t, session)
req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{
AutoInit: true,
Description: "Temporary repo",
Name: "repo-tmp-17",
Private: false,
Gitignores: "",
License: "WTFPL",
Readme: "Default",
})
session.MakeRequest(t, req, http.StatusCreated)
})
t.Run("CreateRepo", doAPICreateRepository(httpContext, false))
u.Path = "user2/repo-tmp-17.git"
u.User = url.UserPassword("user2", userPassword)
t.Run("Clone", func(t *testing.T) {
err = git.Clone(u.String(), dstPath, git.CloneRepoOptions{})
assert.NoError(t, err)
assert.True(t, com.IsExist(filepath.Join(dstPath, "README.md")))
})
u.Path = httpContext.GitPath()
u.User = url.UserPassword(username, userPassword)
t.Run("Clone", doGitClone(dstPath, u))
t.Run("PushCommit", func(t *testing.T) {
t.Run("Little", func(t *testing.T) {
@ -128,64 +83,27 @@ func TestGit(t *testing.T) {
})
})
t.Run("SSH", func(t *testing.T) {
sshContext := baseAPITestContext
sshContext.Reponame = "repo-tmp-18"
keyname := "my-testing-key"
//Setup key the user ssh key
withKeyFile(t, keyname, func(keyFile string) {
t.Run("CreateUserKey", doAPICreateUserKey(sshContext, "test-key", keyFile))
//Setup remote link
u.Scheme = "ssh"
u.User = url.User("git")
u.Host = fmt.Sprintf("%s:%d", setting.SSH.ListenHost, setting.SSH.ListenPort)
u.Path = "user2/repo-tmp-18.git"
//Setup key
keyFile := filepath.Join(setting.AppDataPath, "my-testing-key")
err := exec.Command("ssh-keygen", "-f", keyFile, "-t", "rsa", "-N", "").Run()
assert.NoError(t, err)
defer os.RemoveAll(keyFile)
defer os.RemoveAll(keyFile + ".pub")
session := loginUser(t, "user1")
keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
token := getTokenForLoggedInUser(t, session)
urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)
dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
assert.NoError(t, err)
req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
"key": string(dataPubKey),
"title": "test-key",
})
session.MakeRequest(t, req, http.StatusCreated)
//Setup ssh wrapper
os.Setenv("GIT_SSH_COMMAND",
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "+
filepath.Join(setting.AppWorkPath, keyFile))
os.Setenv("GIT_SSH_VARIANT", "ssh")
sshURL := createSSHUrl(sshContext.GitPath(), u)
//Setup clone folder
dstPath, err := ioutil.TempDir("", "repo-tmp-18")
dstPath, err := ioutil.TempDir("", sshContext.Reponame)
assert.NoError(t, err)
defer os.RemoveAll(dstPath)
t.Run("Standard", func(t *testing.T) {
t.Run("CreateRepo", func(t *testing.T) {
session := loginUser(t, "user2")
token := getTokenForLoggedInUser(t, session)
req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{
AutoInit: true,
Description: "Temporary repo",
Name: "repo-tmp-18",
Private: false,
Gitignores: "",
License: "WTFPL",
Readme: "Default",
})
session.MakeRequest(t, req, http.StatusCreated)
})
t.Run("CreateRepo", doAPICreateRepository(sshContext, false))
//TODO get url from api
t.Run("Clone", func(t *testing.T) {
_, err = git.NewCommand("clone").AddArguments(u.String(), dstPath).Run()
assert.NoError(t, err)
assert.True(t, com.IsExist(filepath.Join(dstPath, "README.md")))
})
t.Run("Clone", doGitClone(dstPath, sshURL))
//time.Sleep(5 * time.Minute)
t.Run("PushCommit", func(t *testing.T) {
t.Run("Little", func(t *testing.T) {
@ -217,10 +135,20 @@ func TestGit(t *testing.T) {
lockTest(t, u.String(), dstPath)
})
})
})
})
}
func ensureAnonymousClone(t *testing.T, u *url.URL) {
dstLocalPath, err := ioutil.TempDir("", "repo1")
assert.NoError(t, err)
defer os.RemoveAll(dstLocalPath)
t.Run("CloneAnonymous", doGitClone(dstLocalPath, u))
}
func lockTest(t *testing.T, remote, repoPath string) {
_, err := git.NewCommand("remote").AddArguments("set-url", "origin", remote).RunInDir(repoPath) //TODO add test ssh git-lfs-creds
assert.NoError(t, err)

View File

@ -112,7 +112,7 @@ func TestCreateReleasePaging(t *testing.T) {
checkLatestReleaseAndCount(t, session, "/user2/repo1", "v0.0.12", i18n.Tr("en", "repo.release.draft"), 10)
// Check that user3 does not see draft and still see 10 latest releases
session2 := loginUser(t, "user3")
// Check that user4 does not see draft and still see 10 latest releases
session2 := loginUser(t, "user4")
checkLatestReleaseAndCount(t, session2, "/user2/repo1", "v0.0.11", i18n.Tr("en", "repo.release.stable"), 10)
}

View File

@ -0,0 +1,217 @@
// Copyright 2019 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package integrations
import (
"fmt"
"io/ioutil"
"net/http"
"net/url"
"os"
"path/filepath"
"testing"
"time"
"code.gitea.io/git"
api "code.gitea.io/sdk/gitea"
"github.com/stretchr/testify/assert"
)
func doCheckRepositoryEmptyStatus(ctx APITestContext, isEmpty bool) func(*testing.T) {
return doAPIGetRepository(ctx, func(t *testing.T, repository api.Repository) {
assert.Equal(t, isEmpty, repository.Empty)
})
}
func doAddChangesToCheckout(dstPath, filename string) func(*testing.T) {
return func(t *testing.T) {
assert.NoError(t, ioutil.WriteFile(filepath.Join(dstPath, filename), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s at time: %v", dstPath, time.Now())), 0644))
assert.NoError(t, git.AddChanges(dstPath, true))
signature := git.Signature{
Email: "test@example.com",
Name: "test",
When: time.Now(),
}
assert.NoError(t, git.CommitChanges(dstPath, git.CommitChangesOptions{
Committer: &signature,
Author: &signature,
Message: "Initial Commit",
}))
}
}
func TestPushDeployKeyOnEmptyRepo(t *testing.T) {
onGiteaRun(t, testPushDeployKeyOnEmptyRepo)
}
func testPushDeployKeyOnEmptyRepo(t *testing.T, u *url.URL) {
// OK login
ctx := NewAPITestContext(t, "user2", "deploy-key-empty-repo-1")
keyname := fmt.Sprintf("%s-push", ctx.Reponame)
u.Path = ctx.GitPath()
t.Run("CreateEmptyRepository", doAPICreateRepository(ctx, true))
t.Run("CheckIsEmpty", doCheckRepositoryEmptyStatus(ctx, true))
withKeyFile(t, keyname, func(keyFile string) {
t.Run("CreatePushDeployKey", doAPICreateDeployKey(ctx, keyname, keyFile, false))
// Setup the testing repository
dstPath, err := ioutil.TempDir("", "repo-tmp-deploy-key-empty-repo-1")
assert.NoError(t, err)
defer os.RemoveAll(dstPath)
t.Run("InitTestRepository", doGitInitTestRepository(dstPath))
//Setup remote link
sshURL := createSSHUrl(ctx.GitPath(), u)
t.Run("AddRemote", doGitAddRemote(dstPath, "origin", sshURL))
t.Run("SSHPushTestRepository", doGitPushTestRepository(dstPath, "origin", "master"))
t.Run("CheckIsNotEmpty", doCheckRepositoryEmptyStatus(ctx, false))
t.Run("DeleteRepository", doAPIDeleteRepository(ctx))
})
}
func TestKeyOnlyOneType(t *testing.T) {
onGiteaRun(t, testKeyOnlyOneType)
}
func testKeyOnlyOneType(t *testing.T, u *url.URL) {
// Once a key is a user key we cannot use it as a deploy key
// If we delete it from the user we should be able to use it as a deploy key
reponame := "ssh-key-test-repo"
username := "user2"
u.Path = fmt.Sprintf("%s/%s.git", username, reponame)
keyname := fmt.Sprintf("%s-push", reponame)
// OK login
ctx := NewAPITestContext(t, username, reponame)
otherCtx := ctx
otherCtx.Reponame = "ssh-key-test-repo-2"
failCtx := ctx
failCtx.ExpectedCode = http.StatusUnprocessableEntity
t.Run("CreateRepository", doAPICreateRepository(ctx, false))
t.Run("CreateOtherRepository", doAPICreateRepository(otherCtx, false))
withKeyFile(t, keyname, func(keyFile string) {
var userKeyPublicKeyID int64
t.Run("KeyCanOnlyBeUser", func(t *testing.T) {
dstPath, err := ioutil.TempDir("", ctx.Reponame)
assert.NoError(t, err)
defer os.RemoveAll(dstPath)
sshURL := createSSHUrl(ctx.GitPath(), u)
t.Run("FailToClone", doGitCloneFail(dstPath, sshURL))
t.Run("CreateUserKey", doAPICreateUserKey(ctx, keyname, keyFile, func(t *testing.T, publicKey api.PublicKey) {
userKeyPublicKeyID = publicKey.ID
}))
t.Run("FailToAddReadOnlyDeployKey", doAPICreateDeployKey(failCtx, keyname, keyFile, true))
t.Run("FailToAddDeployKey", doAPICreateDeployKey(failCtx, keyname, keyFile, false))
t.Run("Clone", doGitClone(dstPath, sshURL))
t.Run("AddChanges", doAddChangesToCheckout(dstPath, "CHANGES1.md"))
t.Run("Push", doGitPushTestRepository(dstPath, "origin", "master"))
t.Run("DeleteUserKey", doAPIDeleteUserKey(ctx, userKeyPublicKeyID))
})
t.Run("KeyCanBeAnyDeployButNotUserAswell", func(t *testing.T) {
dstPath, err := ioutil.TempDir("", ctx.Reponame)
assert.NoError(t, err)
defer os.RemoveAll(dstPath)
sshURL := createSSHUrl(ctx.GitPath(), u)
t.Run("FailToClone", doGitCloneFail(dstPath, sshURL))
// Should now be able to add...
t.Run("AddReadOnlyDeployKey", doAPICreateDeployKey(ctx, keyname, keyFile, true))
t.Run("Clone", doGitClone(dstPath, sshURL))
t.Run("AddChanges", doAddChangesToCheckout(dstPath, "CHANGES2.md"))
t.Run("FailToPush", doGitPushTestRepositoryFail(dstPath, "origin", "master"))
otherSSHURL := createSSHUrl(otherCtx.GitPath(), u)
dstOtherPath, err := ioutil.TempDir("", otherCtx.Reponame)
assert.NoError(t, err)
defer os.RemoveAll(dstOtherPath)
t.Run("AddWriterDeployKeyToOther", doAPICreateDeployKey(otherCtx, keyname, keyFile, false))
t.Run("CloneOther", doGitClone(dstOtherPath, otherSSHURL))
t.Run("AddChangesToOther", doAddChangesToCheckout(dstOtherPath, "CHANGES3.md"))
t.Run("PushToOther", doGitPushTestRepository(dstOtherPath, "origin", "master"))
t.Run("FailToCreateUserKey", doAPICreateUserKey(failCtx, keyname, keyFile))
})
t.Run("DeleteRepositoryShouldReleaseKey", func(t *testing.T) {
otherSSHURL := createSSHUrl(otherCtx.GitPath(), u)
dstOtherPath, err := ioutil.TempDir("", otherCtx.Reponame)
assert.NoError(t, err)
defer os.RemoveAll(dstOtherPath)
t.Run("DeleteRepository", doAPIDeleteRepository(ctx))
t.Run("FailToCreateUserKeyAsStillDeploy", doAPICreateUserKey(failCtx, keyname, keyFile))
t.Run("MakeSureCloneOtherStillWorks", doGitClone(dstOtherPath, otherSSHURL))
t.Run("AddChangesToOther", doAddChangesToCheckout(dstOtherPath, "CHANGES3.md"))
t.Run("PushToOther", doGitPushTestRepository(dstOtherPath, "origin", "master"))
t.Run("DeleteOtherRepository", doAPIDeleteRepository(otherCtx))
t.Run("RecreateRepository", doAPICreateRepository(ctx, false))
t.Run("CreateUserKey", doAPICreateUserKey(ctx, keyname, keyFile, func(t *testing.T, publicKey api.PublicKey) {
userKeyPublicKeyID = publicKey.ID
}))
dstPath, err := ioutil.TempDir("", ctx.Reponame)
assert.NoError(t, err)
defer os.RemoveAll(dstPath)
sshURL := createSSHUrl(ctx.GitPath(), u)
t.Run("Clone", doGitClone(dstPath, sshURL))
t.Run("AddChanges", doAddChangesToCheckout(dstPath, "CHANGES1.md"))
t.Run("Push", doGitPushTestRepository(dstPath, "origin", "master"))
})
t.Run("DeleteUserKeyShouldRemoveAbilityToClone", func(t *testing.T) {
dstPath, err := ioutil.TempDir("", ctx.Reponame)
assert.NoError(t, err)
defer os.RemoveAll(dstPath)
sshURL := createSSHUrl(ctx.GitPath(), u)
t.Run("DeleteUserKey", doAPIDeleteUserKey(ctx, userKeyPublicKeyID))
t.Run("FailToClone", doGitCloneFail(dstPath, sshURL))
})
})
}

View File

@ -8,6 +8,7 @@ package main // import "code.gitea.io/gitea"
import (
"os"
"runtime"
"strings"
"code.gitea.io/gitea/cmd"
@ -61,8 +62,8 @@ arguments - which can alternatively be run by running the subcommand web.`
func formatBuiltWith(Tags string) string {
if len(Tags) == 0 {
return ""
return " built with " + runtime.Version()
}
return " built with: " + strings.Replace(Tags, " ", ", ", -1)
return " built with " + runtime.Version() + " : " + strings.Replace(Tags, " ", ", ", -1)
}

View File

@ -476,8 +476,34 @@ func getIssueFromRef(repo *Repository, ref string) (*Issue, error) {
return issue, nil
}
func changeIssueStatus(repo *Repository, doer *User, ref string, refMarked map[int64]bool, status bool) error {
issue, err := getIssueFromRef(repo, ref)
if err != nil {
return err
}
if issue == nil || refMarked[issue.ID] {
return nil
}
refMarked[issue.ID] = true
if issue.RepoID != repo.ID || issue.IsClosed == status {
return nil
}
issue.Repo = repo
if err = issue.ChangeStatus(doer, status); err != nil {
// Don't return an error when dependencies are open as this would let the push fail
if IsErrDependenciesLeft(err) {
return nil
}
return err
}
return nil
}
// UpdateIssuesCommit checks if issues are manipulated by commit message.
func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) error {
func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit, branchName string) error {
// Commits are appended in the reverse order.
for i := len(commits) - 1; i >= 0; i-- {
c := commits[i]
@ -500,51 +526,21 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) err
}
}
// Change issue status only if the commit has been pushed to the default branch.
if repo.DefaultBranch != branchName {
continue
}
refMarked = make(map[int64]bool)
// FIXME: can merge this one and next one to a common function.
for _, ref := range issueCloseKeywordsPat.FindAllString(c.Message, -1) {
issue, err := getIssueFromRef(repo, ref)
if err != nil {
return err
}
if issue == nil || refMarked[issue.ID] {
continue
}
refMarked[issue.ID] = true
if issue.RepoID != repo.ID || issue.IsClosed {
continue
}
issue.Repo = repo
if err = issue.ChangeStatus(doer, true); err != nil {
// Don't return an error when dependencies are open as this would let the push fail
if IsErrDependenciesLeft(err) {
return nil
}
if err := changeIssueStatus(repo, doer, ref, refMarked, true); err != nil {
return err
}
}
// It is conflict to have close and reopen at same time, so refsMarked doesn't need to reinit here.
for _, ref := range issueReopenKeywordsPat.FindAllString(c.Message, -1) {
issue, err := getIssueFromRef(repo, ref)
if err != nil {
return err
}
if issue == nil || refMarked[issue.ID] {
continue
}
refMarked[issue.ID] = true
if issue.RepoID != repo.ID || !issue.IsClosed {
continue
}
issue.Repo = repo
if err = issue.ChangeStatus(doer, false); err != nil {
if err := changeIssueStatus(repo, doer, ref, refMarked, false); err != nil {
return err
}
}
@ -609,7 +605,7 @@ func CommitRepoAction(opts CommitRepoActionOptions) error {
opts.Commits.CompareURL = repo.ComposeCompareURL(opts.OldCommitID, opts.NewCommitID)
}
if err = UpdateIssuesCommit(pusher, repo, opts.Commits.Commits); err != nil {
if err = UpdateIssuesCommit(pusher, repo, opts.Commits.Commits, refName); err != nil {
log.Error(4, "updateIssuesCommit: %v", err)
}
}

View File

@ -227,10 +227,37 @@ func TestUpdateIssuesCommit(t *testing.T) {
AssertNotExistsBean(t, commentBean)
AssertNotExistsBean(t, &Issue{RepoID: repo.ID, Index: 2}, "is_closed=1")
assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits))
assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits, repo.DefaultBranch))
AssertExistsAndLoadBean(t, commentBean)
AssertExistsAndLoadBean(t, issueBean, "is_closed=1")
CheckConsistencyFor(t, &Action{})
// Test that push to a non-default branch closes no issue.
pushCommits = []*PushCommit{
{
Sha1: "abcdef1",
CommitterEmail: "user2@example.com",
CommitterName: "User Two",
AuthorEmail: "user4@example.com",
AuthorName: "User Four",
Message: "close #1",
},
}
repo = AssertExistsAndLoadBean(t, &Repository{ID: 3}).(*Repository)
commentBean = &Comment{
Type: CommentTypeCommitRef,
CommitSHA: "abcdef1",
PosterID: user.ID,
IssueID: 6,
}
issueBean = &Issue{RepoID: repo.ID, Index: 1}
AssertNotExistsBean(t, commentBean)
AssertNotExistsBean(t, &Issue{RepoID: repo.ID, Index: 1}, "is_closed=1")
assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits, "non-existing-branch"))
AssertExistsAndLoadBean(t, commentBean)
AssertNotExistsBean(t, issueBean, "is_closed=1")
CheckConsistencyFor(t, &Action{})
}
func testCorrectRepoAction(t *testing.T, opts CommitRepoActionOptions, actionBean *Action) {

View File

@ -90,6 +90,38 @@ func (err ErrUserNotExist) Error() string {
return fmt.Sprintf("user does not exist [uid: %d, name: %s, keyid: %d]", err.UID, err.Name, err.KeyID)
}
// ErrUserProhibitLogin represents a "ErrUserProhibitLogin" kind of error.
type ErrUserProhibitLogin struct {
UID int64
Name string
}
// IsErrUserProhibitLogin checks if an error is a ErrUserProhibitLogin
func IsErrUserProhibitLogin(err error) bool {
_, ok := err.(ErrUserProhibitLogin)
return ok
}
func (err ErrUserProhibitLogin) Error() string {
return fmt.Sprintf("user is not allowed login [uid: %d, name: %s]", err.UID, err.Name)
}
// ErrUserInactive represents a "ErrUserInactive" kind of error.
type ErrUserInactive struct {
UID int64
Name string
}
// IsErrUserInactive checks if an error is a ErrUserInactive
func IsErrUserInactive(err error) bool {
_, ok := err.(ErrUserInactive)
return ok
}
func (err ErrUserInactive) Error() string {
return fmt.Sprintf("user is inactive [uid: %d, name: %s]", err.UID, err.Name)
}
// ErrEmailAlreadyUsed represents a "EmailAlreadyUsed" kind of error.
type ErrEmailAlreadyUsed struct {
Email string

View File

@ -1402,7 +1402,7 @@ func UpdateIssueMentions(e Engine, issueID int64, mentions []string) error {
}
memberIDs := make([]int64, 0, user.NumMembers)
orgUsers, err := GetOrgUsersByOrgID(user.ID)
orgUsers, err := getOrgUsersByOrgID(e, user.ID)
if err != nil {
return fmt.Errorf("GetOrgUsersByOrgID [%d]: %v", user.ID, err)
}

View File

@ -44,7 +44,11 @@ func (issue *Issue) loadAssignees(e Engine) (err error) {
// GetAssigneesByIssue returns everyone assigned to that issue
func GetAssigneesByIssue(issue *Issue) (assignees []*User, err error) {
err = issue.loadAssignees(x)
return getAssigneesByIssue(x, issue)
}
func getAssigneesByIssue(e Engine, issue *Issue) (assignees []*User, err error) {
err = issue.loadAssignees(e)
if err != nil {
return assignees, err
}
@ -173,7 +177,7 @@ func (issue *Issue) changeAssignee(sess *xorm.Session, doer *User, assigneeID in
issue.PullRequest.Issue = issue
apiPullRequest := &api.PullRequestPayload{
Index: issue.Index,
PullRequest: issue.PullRequest.APIFormat(),
PullRequest: issue.PullRequest.apiFormat(sess),
Repository: issue.Repo.innerAPIFormat(sess, mode, false),
Sender: doer.APIFormat(),
}

View File

@ -748,6 +748,9 @@ func createIssueDependencyComment(e *xorm.Session, doer *User, issue *Issue, dep
if !add {
cType = CommentTypeRemoveDependency
}
if err = issue.loadRepo(e); err != nil {
return
}
// Make two comments, one in each issue
_, err = createComment(e, &CreateCommentOptions{

View File

@ -19,11 +19,9 @@ func TestCreateIssueDependency(t *testing.T) {
issue1, err := GetIssueByID(1)
assert.NoError(t, err)
issue1.LoadAttributes()
issue2, err := GetIssueByID(2)
assert.NoError(t, err)
issue2.LoadAttributes()
// Create a dependency and check if it was successful
err = CreateIssueDependency(user1, issue1, issue2)

View File

@ -39,16 +39,16 @@ func mailIssueCommentToParticipants(e Engine, issue *Issue, doer *User, content
// In case the issue poster is not watching the repository and is active,
// even if we have duplicated in watchers, can be safely filtered out.
poster, err := getUserByID(e, issue.PosterID)
err = issue.loadPoster(e)
if err != nil {
return fmt.Errorf("GetUserByID [%d]: %v", issue.PosterID, err)
}
if issue.PosterID != doer.ID && poster.IsActive && !poster.ProhibitLogin {
if issue.PosterID != doer.ID && issue.Poster.IsActive && !issue.Poster.ProhibitLogin {
participants = append(participants, issue.Poster)
}
// Assignees must receive any communications
assignees, err := GetAssigneesByIssue(issue)
assignees, err := getAssigneesByIssue(e, issue)
if err != nil {
return err
}
@ -88,6 +88,10 @@ func mailIssueCommentToParticipants(e Engine, issue *Issue, doer *User, content
names = append(names, participants[i].Name)
}
if err := issue.loadRepo(e); err != nil {
return err
}
for _, to := range tos {
SendIssueCommentMail(issue, doer, content, comment, []string{to})
}

View File

@ -54,7 +54,7 @@ func newIssueUsers(e Engine, repo *Repository, issue *Issue) error {
func updateIssueAssignee(e *xorm.Session, issue *Issue, assigneeID int64) (removed bool, err error) {
// Check if the user exists
assignee, err := GetUserByID(assigneeID)
assignee, err := getUserByID(e, assigneeID)
if err != nil {
return false, err
}

View File

@ -600,16 +600,29 @@ func ExternalUserLogin(user *User, login, password string, source *LoginSource,
return nil, ErrLoginSourceNotActived
}
var err error
switch source.Type {
case LoginLDAP, LoginDLDAP:
return LoginViaLDAP(user, login, password, source, autoRegister)
user, err = LoginViaLDAP(user, login, password, source, autoRegister)
case LoginSMTP:
return LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
case LoginPAM:
return LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
default:
return nil, ErrUnsupportedLoginType
}
return nil, ErrUnsupportedLoginType
if err != nil {
return nil, err
}
if !user.IsActive {
return nil, ErrUserInactive{user.ID, user.Name}
} else if user.ProhibitLogin {
return nil, ErrUserProhibitLogin{user.ID, user.Name}
}
return user, nil
}
// UserSignIn validates user name and password.
@ -644,7 +657,13 @@ func UserSignIn(username, password string) (*User, error) {
if hasUser {
switch user.LoginType {
case LoginNoType, LoginPlain, LoginOAuth2:
if user.ValidatePassword(password) {
if user.IsPasswordSet() && user.ValidatePassword(password) {
if !user.IsActive {
return nil, ErrUserInactive{user.ID, user.Name}
} else if user.ProhibitLogin {
return nil, ErrUserProhibitLogin{user.ID, user.Name}
}
return user, nil
}

View File

@ -393,8 +393,12 @@ func GetOrgUsersByUserID(uid int64, all bool) ([]*OrgUser, error) {
// GetOrgUsersByOrgID returns all organization-user relations by organization ID.
func GetOrgUsersByOrgID(orgID int64) ([]*OrgUser, error) {
return getOrgUsersByOrgID(x, orgID)
}
func getOrgUsersByOrgID(e Engine, orgID int64) ([]*OrgUser, error) {
ous := make([]*OrgUser, 0, 10)
err := x.
err := e.
Where("org_id=?", orgID).
Find(&ous)
return ous, err

View File

@ -366,7 +366,7 @@ func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository, mergeStyle
return fmt.Errorf("Failed to create dir %s: %v", tmpBasePath, err)
}
defer os.RemoveAll(path.Dir(tmpBasePath))
defer os.RemoveAll(tmpBasePath)
var stderr string
if _, stderr, err = process.GetManager().ExecTimeout(5*time.Minute,

View File

@ -11,6 +11,7 @@ import (
"fmt"
"html/template"
"io/ioutil"
"net/url"
"os"
"os/exec"
"path"
@ -34,8 +35,8 @@ import (
"github.com/Unknwon/com"
"github.com/go-xorm/builder"
"github.com/go-xorm/xorm"
"github.com/mcuadros/go-version"
"gopkg.in/ini.v1"
version "github.com/mcuadros/go-version"
ini "gopkg.in/ini.v1"
)
var repoWorkingPool = sync.NewExclusivePool()
@ -824,7 +825,7 @@ type CloneLink struct {
// ComposeHTTPSCloneURL returns HTTPS clone URL based on given owner and repository name.
func ComposeHTTPSCloneURL(owner, repo string) string {
return fmt.Sprintf("%s%s/%s.git", setting.AppURL, owner, repo)
return fmt.Sprintf("%s%s/%s.git", setting.AppURL, url.QueryEscape(owner), url.QueryEscape(repo))
}
func (repo *Repository) cloneLink(e Engine, isWiki bool) *CloneLink {
@ -1345,14 +1346,14 @@ func createRepository(e *xorm.Session, doer, u *User, repo *Repository) (err err
if err = watchRepo(e, doer.ID, repo.ID, true); err != nil {
return fmt.Errorf("watchRepo: %v", err)
} else if err = newRepoAction(e, u, repo); err != nil {
} else if err = newRepoAction(e, doer, repo); err != nil {
return fmt.Errorf("newRepoAction: %v", err)
}
return nil
}
// CreateRepository creates a repository for the user/organization u.
// CreateRepository creates a repository for the user/organization.
func CreateRepository(doer, u *User, opts CreateRepoOptions) (_ *Repository, err error) {
if !doer.IsAdmin && !u.CanCreateRepo() {
return nil, ErrReachLimitOfRepo{u.MaxRepoCreation}
@ -1365,6 +1366,7 @@ func CreateRepository(doer, u *User, opts CreateRepoOptions) (_ *Repository, err
LowerName: strings.ToLower(opts.Name),
Description: opts.Description,
IsPrivate: opts.IsPrivate,
IsFsckEnabled: true,
}
sess := x.NewSession()
@ -1741,6 +1743,17 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
return ErrRepoNotExist{repoID, uid, "", ""}
}
// Delete Deploy Keys
deployKeys, err := listDeployKeys(sess, repo.ID)
if err != nil {
return fmt.Errorf("listDeployKeys: %v", err)
}
for _, dKey := range deployKeys {
if err := deleteDeployKey(sess, doer, dKey.ID); err != nil {
return fmt.Errorf("deleteDeployKeys: %v", err)
}
}
if cnt, err := sess.ID(repoID).Delete(&Repository{}); err != nil {
return err
} else if cnt != 1 {
@ -1772,6 +1785,7 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
&Webhook{RepoID: repoID},
&HookTask{RepoID: repoID},
&Notification{RepoID: repoID},
&CommitStatus{RepoID: repoID},
); err != nil {
return fmt.Errorf("deleteBeans: %v", err)
}
@ -1882,6 +1896,12 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
}
if err = sess.Commit(); err != nil {
if len(deployKeys) > 0 {
// We need to rewrite the public keys because the commit failed
if err2 := RewriteAllPublicKeys(); err2 != nil {
return fmt.Errorf("Commit: %v SSH Keys: %v", err, err2)
}
}
return fmt.Errorf("Commit: %v", err)
}

View File

@ -151,6 +151,15 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss
return
}
// if user in an owner team
for _, team := range teams {
if team.Authorize >= AccessModeOwner {
perm.AccessMode = AccessModeOwner
perm.UnitsMode = nil
return
}
}
for _, u := range repo.Units {
var found bool
for _, team := range teams {

View File

@ -219,6 +219,17 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
assert.True(t, perm.CanWrite(unit.Type))
}
// update team information and then check permission
team := AssertExistsAndLoadBean(t, &Team{ID: 5}).(*Team)
err = UpdateTeamUnits(team, nil)
assert.NoError(t, err)
perm, err = GetUserRepoPermission(repo, owner)
assert.NoError(t, err)
for _, unit := range repo.Units {
assert.True(t, perm.CanRead(unit.Type))
assert.True(t, perm.CanWrite(unit.Type))
}
// org member team tester
tester := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
perm, err = GetUserRepoPermission(repo, tester)

View File

@ -113,15 +113,15 @@ func notifyWatchers(e Engine, act *Action) error {
switch act.OpType {
case ActionCommitRepo, ActionPushTag, ActionDeleteTag, ActionDeleteBranch:
if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypeCode) {
if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypeCode) {
continue
}
case ActionCreateIssue, ActionCommentIssue, ActionCloseIssue, ActionReopenIssue:
if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypeIssues) {
if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypeIssues) {
continue
}
case ActionCreatePullRequest, ActionMergePullRequest, ActionClosePullRequest, ActionReopenPullRequest:
if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypePullRequests) {
if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypePullRequests) {
continue
}
}

View File

@ -51,7 +51,7 @@ type PublicKey struct {
ID int64 `xorm:"pk autoincr"`
OwnerID int64 `xorm:"INDEX NOT NULL"`
Name string `xorm:"NOT NULL"`
Fingerprint string `xorm:"NOT NULL"`
Fingerprint string `xorm:"INDEX NOT NULL"`
Content string `xorm:"TEXT NOT NULL"`
Mode AccessMode `xorm:"NOT NULL DEFAULT 2"`
Type KeyType `xorm:"NOT NULL DEFAULT 1"`
@ -350,7 +350,6 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error {
func checkKeyFingerprint(e Engine, fingerprint string) error {
has, err := e.Get(&PublicKey{
Fingerprint: fingerprint,
Type: KeyTypeUser,
})
if err != nil {
return err
@ -401,12 +400,18 @@ func AddPublicKey(ownerID int64, name, content string, LoginSourceID int64) (*Pu
return nil, err
}
if err := checkKeyFingerprint(x, fingerprint); err != nil {
sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {
return nil, err
}
if err := checkKeyFingerprint(sess, fingerprint); err != nil {
return nil, err
}
// Key name of same user cannot be duplicated.
has, err := x.
has, err := sess.
Where("owner_id = ? AND name = ?", ownerID, name).
Get(new(PublicKey))
if err != nil {
@ -415,12 +420,6 @@ func AddPublicKey(ownerID int64, name, content string, LoginSourceID int64) (*Pu
return nil, ErrKeyNameAlreadyUsed{ownerID, name}
}
sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {
return nil, err
}
key := &PublicKey{
OwnerID: ownerID,
Name: name,
@ -519,7 +518,7 @@ func UpdatePublicKeyUpdated(id int64) error {
}
// deletePublicKeys does the actual key deletion but does not update authorized_keys file.
func deletePublicKeys(e *xorm.Session, keyIDs ...int64) error {
func deletePublicKeys(e Engine, keyIDs ...int64) error {
if len(keyIDs) == 0 {
return nil
}
@ -728,24 +727,28 @@ func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey
accessMode = AccessModeWrite
}
pkey := &PublicKey{
Fingerprint: fingerprint,
Mode: accessMode,
Type: KeyTypeDeploy,
}
has, err := x.Get(pkey)
if err != nil {
return nil, err
}
sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {
return nil, err
}
pkey := &PublicKey{
Fingerprint: fingerprint,
}
has, err := sess.Get(pkey)
if err != nil {
return nil, err
}
if has {
if pkey.Type != KeyTypeDeploy {
return nil, ErrKeyAlreadyExist{0, fingerprint, ""}
}
} else {
// First time use this deploy key.
if !has {
pkey.Mode = accessMode
pkey.Type = KeyTypeDeploy
pkey.Content = content
pkey.Name = name
if err = addKey(sess, pkey); err != nil {
@ -763,8 +766,12 @@ func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey
// GetDeployKeyByID returns deploy key by given ID.
func GetDeployKeyByID(id int64) (*DeployKey, error) {
return getDeployKeyByID(x, id)
}
func getDeployKeyByID(e Engine, id int64) (*DeployKey, error) {
key := new(DeployKey)
has, err := x.ID(id).Get(key)
has, err := e.ID(id).Get(key)
if err != nil {
return nil, err
} else if !has {
@ -775,11 +782,15 @@ func GetDeployKeyByID(id int64) (*DeployKey, error) {
// GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.
func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {
return getDeployKeyByRepo(x, keyID, repoID)
}
func getDeployKeyByRepo(e Engine, keyID, repoID int64) (*DeployKey, error) {
key := &DeployKey{
KeyID: keyID,
RepoID: repoID,
}
has, err := x.Get(key)
has, err := e.Get(key)
if err != nil {
return nil, err
} else if !has {
@ -802,7 +813,19 @@ func UpdateDeployKey(key *DeployKey) error {
// DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
func DeleteDeployKey(doer *User, id int64) error {
key, err := GetDeployKeyByID(id)
sess := x.NewSession()
defer sess.Close()
if err := sess.Begin(); err != nil {
return err
}
if err := deleteDeployKey(sess, doer, id); err != nil {
return err
}
return sess.Commit()
}
func deleteDeployKey(sess Engine, doer *User, id int64) error {
key, err := getDeployKeyByID(sess, id)
if err != nil {
if IsErrDeployKeyNotExist(err) {
return nil
@ -812,11 +835,11 @@ func DeleteDeployKey(doer *User, id int64) error {
// Check if user has access to delete this key.
if !doer.IsAdmin {
repo, err := GetRepositoryByID(key.RepoID)
repo, err := getRepositoryByID(sess, key.RepoID)
if err != nil {
return fmt.Errorf("GetRepositoryByID: %v", err)
}
has, err := IsUserRepoAdmin(repo, doer)
has, err := isUserRepoAdmin(sess, repo, doer)
if err != nil {
return fmt.Errorf("GetUserRepoPermission: %v", err)
} else if !has {
@ -824,12 +847,6 @@ func DeleteDeployKey(doer *User, id int64) error {
}
}
sess := x.NewSession()
defer sess.Close()
if err = sess.Begin(); err != nil {
return err
}
if _, err = sess.ID(key.ID).Delete(new(DeployKey)); err != nil {
return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)
}
@ -844,15 +861,24 @@ func DeleteDeployKey(doer *User, id int64) error {
if err = deletePublicKeys(sess, key.KeyID); err != nil {
return err
}
// after deleted the public keys, should rewrite the public keys file
if err = rewriteAllPublicKeys(sess); err != nil {
return err
}
}
return sess.Commit()
return nil
}
// ListDeployKeys returns all deploy keys by given repository ID.
func ListDeployKeys(repoID int64) ([]*DeployKey, error) {
return listDeployKeys(x, repoID)
}
func listDeployKeys(e Engine, repoID int64) ([]*DeployKey, error) {
keys := make([]*DeployKey, 0, 5)
return keys, x.
return keys, e.
Where("repo_id = ?", repoID).
Find(&keys)
}

View File

@ -1461,11 +1461,14 @@ func synchronizeLdapSSHPublicKeys(usr *User, s *LoginSource, SSHPublicKeys []str
// Get Public Keys from LDAP and skip duplicate keys
var ldapKeys []string
for _, v := range SSHPublicKeys {
ldapKey := strings.Join(strings.Split(v, " ")[:2], " ")
sshKeySplit := strings.Split(v, " ")
if len(sshKeySplit) > 1 {
ldapKey := strings.Join(sshKeySplit[:2], " ")
if !util.ExistsInSlice(ldapKey, ldapKeys) {
ldapKeys = append(ldapKeys, ldapKey)
}
}
}
// Check if Public Key sync is needed
if util.IsEqualSlice(giteaKeys, ldapKeys) {

View File

@ -32,12 +32,22 @@ func GetUserHeatmapDataByUser(user *User) ([]*UserHeatmapData, error) {
groupByName = groupBy
}
err := x.Select(groupBy+" AS timestamp, count(user_id) as contributions").
sess := x.Select(groupBy+" AS timestamp, count(user_id) as contributions").
Table("action").
Where("user_id = ?", user.ID).
And("created_unix > ?", (util.TimeStampNow() - 31536000)).
GroupBy(groupByName).
And("created_unix > ?", (util.TimeStampNow() - 31536000))
// * Heatmaps for individual users only include actions that the user themself
// did.
// * For organizations actions by all users that were made in owned
// repositories are counted.
if user.Type == UserTypeIndividual {
sess = sess.And("act_user_id = ?", user.ID)
}
err := sess.GroupBy(groupByName).
OrderBy("timestamp").
Find(&hdata)
return hdata, err
}

View File

@ -230,12 +230,13 @@ func getDingtalkPullRequestPayload(p *api.PullRequestPayload) (*DingtalkPayload,
title = fmt.Sprintf("[%s] Pull request edited: #%d %s", p.Repository.FullName, p.Index, p.PullRequest.Title)
text = p.PullRequest.Body
case api.HookIssueAssigned:
list, err := MakeAssigneeList(&Issue{ID: p.PullRequest.ID})
if err != nil {
return &DingtalkPayload{}, err
list := make([]string, len(p.PullRequest.Assignees))
for i, user := range p.PullRequest.Assignees {
list[i] = user.UserName
}
title = fmt.Sprintf("[%s] Pull request assigned to %s: #%d %s", p.Repository.FullName,
list, p.Index, p.PullRequest.Title)
strings.Join(list, ", "),
p.Index, p.PullRequest.Title)
text = p.PullRequest.Body
case api.HookIssueUnassigned:
title = fmt.Sprintf("[%s] Pull request unassigned: #%d %s", p.Repository.FullName, p.Index, p.PullRequest.Title)

View File

@ -347,12 +347,13 @@ func getDiscordPullRequestPayload(p *api.PullRequestPayload, meta *DiscordMeta)
text = p.PullRequest.Body
color = warnColor
case api.HookIssueAssigned:
list, err := MakeAssigneeList(&Issue{ID: p.PullRequest.ID})
if err != nil {
return &DiscordPayload{}, err
list := make([]string, len(p.PullRequest.Assignees))
for i, user := range p.PullRequest.Assignees {
list[i] = user.UserName
}
title = fmt.Sprintf("[%s] Pull request assigned to %s: #%d %s", p.Repository.FullName,
list, p.Index, p.PullRequest.Title)
title = fmt.Sprintf("[%s] Pull request assigned to %s: #%d by %s", p.Repository.FullName,
strings.Join(list, ", "),
p.Index, p.PullRequest.Title)
text = p.PullRequest.Body
color = successColor
case api.HookIssueUnassigned:

View File

@ -160,6 +160,10 @@ func getSlackIssuesPayload(p *api.IssuePayload, slack *SlackMeta) (*SlackPayload
text = fmt.Sprintf("[%s] Issue labels cleared: %s by %s", p.Repository.FullName, titleLink, senderLink)
case api.HookIssueSynchronized:
text = fmt.Sprintf("[%s] Issue synchronized: %s by %s", p.Repository.FullName, titleLink, senderLink)
case api.HookIssueMilestoned:
text = fmt.Sprintf("[%s] Issue milestoned: #%s %s", p.Repository.FullName, titleLink, senderLink)
case api.HookIssueDemilestoned:
text = fmt.Sprintf("[%s] Issue milestone cleared: #%s %s", p.Repository.FullName, titleLink, senderLink)
}
return &SlackPayload{
@ -297,12 +301,12 @@ func getSlackPullRequestPayload(p *api.PullRequestPayload, slack *SlackMeta) (*S
text = fmt.Sprintf("[%s] Pull request edited: %s by %s", p.Repository.FullName, titleLink, senderLink)
attachmentText = SlackTextFormatter(p.PullRequest.Body)
case api.HookIssueAssigned:
list, err := MakeAssigneeList(&Issue{ID: p.PullRequest.ID})
if err != nil {
return &SlackPayload{}, err
list := make([]string, len(p.PullRequest.Assignees))
for i, user := range p.PullRequest.Assignees {
list[i] = SlackLinkFormatter(setting.AppURL+user.UserName, user.UserName)
}
text = fmt.Sprintf("[%s] Pull request assigned to %s: %s by %s", p.Repository.FullName,
SlackLinkFormatter(setting.AppURL+list, list),
strings.Join(list, ", "),
titleLink, senderLink)
case api.HookIssueUnassigned:
text = fmt.Sprintf("[%s] Pull request unassigned: %s by %s", p.Repository.FullName, titleLink, senderLink)
@ -312,6 +316,10 @@ func getSlackPullRequestPayload(p *api.PullRequestPayload, slack *SlackMeta) (*S
text = fmt.Sprintf("[%s] Pull request labels cleared: %s by %s", p.Repository.FullName, titleLink, senderLink)
case api.HookIssueSynchronized:
text = fmt.Sprintf("[%s] Pull request synchronized: %s by %s", p.Repository.FullName, titleLink, senderLink)
case api.HookIssueMilestoned:
text = fmt.Sprintf("[%s] Pull request milestoned: #%s %s", p.Repository.FullName, titleLink, senderLink)
case api.HookIssueDemilestoned:
text = fmt.Sprintf("[%s] Pull request milestone cleared: #%s %s", p.Repository.FullName, titleLink, senderLink)
}
return &SlackPayload{

View File

@ -135,15 +135,56 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
if len(baHead) > 0 {
auths := strings.Fields(baHead)
if len(auths) == 2 && auths[0] == "Basic" {
var u *models.User
uname, passwd, _ := base.BasicAuthDecode(auths[1])
u, err := models.UserSignIn(uname, passwd)
// Check if username or password is a token
isUsernameToken := len(passwd) == 0 || passwd == "x-oauth-basic"
// Assume username is token
authToken := uname
if !isUsernameToken {
// Assume password is token
authToken = passwd
}
token, err := models.GetAccessTokenBySHA(authToken)
if err == nil {
if isUsernameToken {
u, err = models.GetUserByID(token.UID)
if err != nil {
log.Error(4, "GetUserByID: %v", err)
return nil, false
}
} else {
u, err = models.GetUserByName(uname)
if err != nil {
log.Error(4, "GetUserByID: %v", err)
return nil, false
}
if u.ID != token.UID {
return nil, false
}
}
token.UpdatedUnix = util.TimeStampNow()
if err = models.UpdateAccessToken(token); err != nil {
log.Error(4, "UpdateAccessToken: %v", err)
}
} else {
if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
log.Error(4, "GetAccessTokenBySha: %v", err)
}
}
if u == nil {
u, err = models.UserSignIn(uname, passwd)
if err != nil {
if !models.IsErrUserNotExist(err) {
log.Error(4, "UserSignIn: %v", err)
}
return nil, false
}
}
ctx.Data["IsApiToken"] = true
return u, true
}

View File

@ -11,9 +11,9 @@ import (
"fmt"
"strings"
"gopkg.in/ldap.v2"
"code.gitea.io/gitea/modules/log"
ldap "gopkg.in/ldap.v3"
)
// SecurityProtocol protocol type
@ -247,11 +247,17 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
return nil
}
var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
if isAttributeSSHPublicKeySet {
attribs = append(attribs, ls.AttributeSSHPublicKey)
}
log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, userDN)
search := ldap.NewSearchRequest(
userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey},
nil)
attribs, nil)
sr, err := l.Search(search)
if err != nil {
@ -267,11 +273,15 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
return nil
}
var sshPublicKey []string
username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName)
surname := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
sshPublicKey := sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey)
if isAttributeSSHPublicKeySet {
sshPublicKey = sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey)
}
isAdmin := checkAdmin(l, ls, userDN)
if !directBind && ls.AttributesInBind {
@ -320,11 +330,17 @@ func (ls *Source) SearchEntries() []*SearchResult {
userFilter := fmt.Sprintf(ls.Filter, "*")
var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
if isAttributeSSHPublicKeySet {
attribs = append(attribs, ls.AttributeSSHPublicKey)
}
log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, ls.UserBase)
search := ldap.NewSearchRequest(
ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey},
nil)
attribs, nil)
var sr *ldap.SearchResult
if ls.UsePagedSearch() {
@ -345,9 +361,11 @@ func (ls *Source) SearchEntries() []*SearchResult {
Name: v.GetAttributeValue(ls.AttributeName),
Surname: v.GetAttributeValue(ls.AttributeSurname),
Mail: v.GetAttributeValue(ls.AttributeMail),
SSHPublicKey: v.GetAttributeValues(ls.AttributeSSHPublicKey),
IsAdmin: checkAdmin(l, ls, v.DN),
}
if isAttributeSSHPublicKeySet {
result[i].SSHPublicKey = v.GetAttributeValues(ls.AttributeSSHPublicKey)
}
}
return result

View File

@ -8,6 +8,7 @@ import (
"net/url"
"code.gitea.io/gitea/modules/auth"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/setting"
"github.com/go-macaron/csrf"
macaron "gopkg.in/macaron.v1"
@ -32,8 +33,12 @@ func Toggle(options *ToggleOptions) macaron.Handler {
// Check prohibit login users.
if ctx.IsSigned {
if ctx.User.ProhibitLogin {
if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
ctx.HTML(200, "user/auth/activate")
return
} else if !ctx.User.IsActive || ctx.User.ProhibitLogin {
log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
ctx.HTML(200, "user/auth/prohibit_login")
return
@ -42,7 +47,7 @@ func Toggle(options *ToggleOptions) macaron.Handler {
// prevent infinite redirection
// also make sure that the form cannot be accessed by
// users who don't need this
if ctx.Req.URL.Path == setting.AppSubURL+"/user/settings/change_password" {
if ctx.Req.URL.Path == "/user/settings/change_password" {
if !ctx.User.MustChangePassword {
ctx.Redirect(setting.AppSubURL + "/")
}

View File

@ -209,7 +209,7 @@ func Contexter() macaron.Handler {
if err == nil && len(repo.DefaultBranch) > 0 {
branchName = repo.DefaultBranch
}
prefix := setting.AppURL + path.Join(ownerName, repoName, "src", "branch", branchName)
prefix := setting.AppURL + path.Join(url.QueryEscape(ownerName), url.QueryEscape(repoName), "src", "branch", branchName)
c.Header().Set("Content-Type", "text/html")
c.WriteHeader(http.StatusOK)
c.Write([]byte(com.Expand(`<!doctype html>

View File

@ -8,6 +8,7 @@ package context
import (
"fmt"
"io/ioutil"
"net/url"
"path"
"strings"
@ -162,7 +163,7 @@ func RetrieveBaseRepo(ctx *Context, repo *models.Repository) {
// ComposeGoGetImport returns go-get-import meta content.
func ComposeGoGetImport(owner, repo string) string {
return path.Join(setting.Domain, setting.AppSubURL, owner, repo)
return path.Join(setting.Domain, setting.AppSubURL, url.QueryEscape(owner), url.QueryEscape(repo))
}
// EarlyResponseForGoGetMeta responses appropriate go-get meta with status 200

View File

@ -497,12 +497,15 @@ func authenticate(ctx *context.Context, repository *models.Repository, authoriza
accessMode = models.AccessModeWrite
}
// ctx.IsSigned is unnecessary here, this will be checked in perm.CanAccess
perm, err := models.GetUserRepoPermission(repository, ctx.User)
if err != nil {
return false
}
if ctx.IsSigned {
return perm.CanAccess(accessMode, models.UnitTypeCode)
canRead := perm.CanAccess(accessMode, models.UnitTypeCode)
if canRead {
return true
}
user, repo, opStr, err := parseToken(authorization)
@ -582,7 +585,7 @@ func parseToken(authorization string) (*models.User, *models.Repository, string,
if err != nil {
return nil, nil, "basic", err
}
if !u.ValidatePassword(password) {
if !u.IsPasswordSet() || !u.ValidatePassword(password) {
return nil, nil, "basic", fmt.Errorf("Basic auth failed")
}
return u, nil, "basic", nil

View File

@ -5,6 +5,7 @@
package markup
import (
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/markup"
"code.gitea.io/gitea/modules/markup/markdown"
@ -31,7 +32,13 @@ func (Parser) Extensions() []string {
}
// Render renders orgmode rawbytes to HTML
func Render(rawBytes []byte, urlPrefix string, metas map[string]string, isWiki bool) []byte {
func Render(rawBytes []byte, urlPrefix string, metas map[string]string, isWiki bool) (result []byte) {
defer func() {
if err := recover(); err != nil {
log.Error(4, "Panic in orgmode.Render: %v Just returning the rawBytes", err)
result = rawBytes
}
}()
htmlFlags := blackfriday.HTML_USE_XHTML
htmlFlags |= blackfriday.HTML_SKIP_STYLE
htmlFlags |= blackfriday.HTML_OMIT_CONTENTS
@ -40,9 +47,8 @@ func Render(rawBytes []byte, urlPrefix string, metas map[string]string, isWiki b
URLPrefix: urlPrefix,
IsWiki: isWiki,
}
result := goorgeous.Org(rawBytes, renderer)
return result
result = goorgeous.Org(rawBytes, renderer)
return
}
// RenderString reners orgmode string to HTML string

View File

@ -39,6 +39,7 @@ func decodeJSONError(resp *http.Response) *Response {
func newInternalRequest(url, method string) *httplib.Request {
req := newRequest(url, method).SetTLSClientConfig(&tls.Config{
InsecureSkipVerify: true,
ServerName: setting.Domain,
})
if setting.Protocol == setting.UnixSocket {
req.SetTransport(&http.Transport{

View File

@ -32,6 +32,31 @@ func UpdateDeployKeyUpdated(keyID int64, repoID int64) error {
return nil
}
// GetDeployKey check if repo has deploy key
func GetDeployKey(keyID, repoID int64) (*models.DeployKey, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/keys/%d", repoID, keyID)
log.GitLogger.Trace("GetDeployKey: %s", reqURL)
resp, err := newInternalRequest(reqURL, "GET").Response()
if err != nil {
return nil, err
}
defer resp.Body.Close()
switch resp.StatusCode {
case 404:
return nil, nil
case 200:
var dKey models.DeployKey
if err := json.NewDecoder(resp.Body).Decode(&dKey); err != nil {
return nil, err
}
return &dKey, nil
default:
return nil, fmt.Errorf("Failed to get deploy key: %s", decodeJSONError(resp).Err)
}
}
// HasDeployKey check if repo has deploy key
func HasDeployKey(keyID, repoID int64) (bool, error) {
reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/has-keys/%d", repoID, keyID)

View File

@ -117,7 +117,7 @@ func (opts *Options) handle(ctx *macaron.Context, log *log.Logger, opt *Options)
if fi.IsDir() {
// Redirect if missing trailing slash.
if !strings.HasSuffix(ctx.Req.URL.Path, "/") {
http.Redirect(ctx.Resp, ctx.Req.Request, ctx.Req.URL.Path+"/", http.StatusFound)
http.Redirect(ctx.Resp, ctx.Req.Request, path.Clean(ctx.Req.URL.Path+"/"), http.StatusFound)
return true
}

View File

@ -98,3 +98,8 @@ func Min(a, b int) int {
}
return a
}
// IsEmptyString checks if the provided string is empty
func IsEmptyString(s string) bool {
return len(strings.TrimSpace(s)) == 0
}

View File

@ -77,3 +77,20 @@ func TestIsExternalURL(t *testing.T) {
assert.Equal(t, test.Expected, IsExternalURL(test.RawURL))
}
}
func TestIsEmptyString(t *testing.T) {
cases := []struct {
s string
expected bool
}{
{"", true},
{" ", true},
{" ", true},
{" a", false},
}
for _, v := range cases {
assert.Equal(t, v.expected, IsEmptyString(v.s))
}
}

View File

@ -413,7 +413,7 @@ ssh_helper = <strong>Need help?</strong> Have a look at GitHub's guide to <a hre
gpg_helper = <strong>Need help?</strong> Have a look at GitHub's guide <a href="%s">about GPG</a>.
add_new_key = Add SSH Key
add_new_gpg_key = Add GPG Key
ssh_key_been_used = This SSH key is already added to your account.
ssh_key_been_used = This SSH key has already been added to the server.
ssh_key_name_used = An SSH key with same name is already added to your account.
gpg_key_id_used = A public GPG key with same ID already exists.
gpg_no_key_email_found = This GPG key is not usable with any email address associated with your account.
@ -655,6 +655,7 @@ ext_issues.desc = Link to an external issue tracker.
issues.desc = Organize bug reports, tasks and milestones.
issues.new = New Issue
issues.new.title_empty = Title cannot be empty
issues.new.labels = Labels
issues.new.no_label = No Label
issues.new.clear_labels = Clear labels

View File

@ -859,6 +859,7 @@ pulls.title_wip_desc=`<a href="#">Sāciet virsrakstu ar <strong>%s</strong></a>,
pulls.cannot_merge_work_in_progress=Šis izmaiņu pieprasījums ir atzīmēts, ka pie tā vēl notiek izstrāde. Noņemiet <strong>%s</strong> no virsraksta sākuma, kad tas ir pabeigts.
pulls.data_broken=Izmaiņu pieprasījums ir bojāts, jo dzēsta informācija no atdalītā repozitorija.
pulls.is_checking=Notiek konfliktu pārbaude, mirkli uzgaidiet un atjaunojiet lapu.
pulls.blocked_by_approvals=Šim izmaiņu pieprasījumam nav nepieciešamais apstiprinājumu daudzums. %d no %d apstiprinājumi piešķirti.
pulls.can_auto_merge_desc=Šo izmaiņu pieprasījumu var automātiski sapludināt.
pulls.cannot_auto_merge_desc=Šis izmaiņu pieprasījums nevar tikt automātiski sapludināts konfliktu dēļ.
pulls.cannot_auto_merge_helper=Sapludiniet manuāli, lai atrisinātu konfliktus.
@ -867,6 +868,7 @@ pulls.no_merge_helper=Lai sapludinātu šo izmaiņu pieprasījumu, iespējojiet
pulls.no_merge_wip=Šo izmaiņu pieprasījumu nav iespējams sapludināt, jo tas ir atzīmēts, ka darbs pie tā vēl nav pabeigts.
pulls.merge_pull_request=Izmaiņu pieprasījuma sapludināšana
pulls.rebase_merge_pull_request=Pārbāzēt un sapludināt
pulls.rebase_merge_commit_pull_request=Pārbāzēt un sapludināt (--no-ff)
pulls.squash_merge_pull_request=Saspiest un sapludināt
pulls.invalid_merge_option=Nav iespējams izmantot šādu sapludināšanas veidu šim izmaiņu pieprasījumam.
pulls.open_unmerged_pull_exists=`Jūs nevarat veikt atkārtotas atvēršanas darbību, jo jau eksistē izmaiņu pieprasījums (#%d) ar šādu sapludināšanas informāciju.`
@ -1012,6 +1014,7 @@ settings.pulls_desc=Iespējot repozitorija izmaiņu pieprasījumus
settings.pulls.ignore_whitespace=Pārbaudot konfliktus, ignorēt izmaiņas atstarpēs
settings.pulls.allow_merge_commits=Iespējot revīziju sapludināšanu
settings.pulls.allow_rebase_merge=Iespējot pārbāzēšanu sapludinot revīzijas
settings.pulls.allow_rebase_merge_commit=Iespējot pārbāzēšanu sapludinot revīzijas (--no-ff)
settings.pulls.allow_squash_commits=Iespējot saspiešanu sapludinot revīzijas
settings.admin_settings=Administratora iestatījumi
settings.admin_enable_health_check=Iespējot veselības pārbaudi (git fsck) šim repozitorijam
@ -1098,6 +1101,7 @@ settings.event_issue_comment_desc=Problēmas komentārs pievienots, labots vai d
settings.event_release=Laidiens
settings.event_release_desc=Publicēts, atjaunots vai dzēsts laidiens repozitorijā.
settings.event_pull_request=Izmaiņu pieprasījums
settings.event_pull_request_desc=Izmaiņu pieprasījums izveidots, slēgts, atkārtoti atvērts, labots, apstiprināts, noraidīts, recenzēts, piešķirts, pievienots vai noņemts atbildīgais, pievienota etiķete, noņemta etiķete, pievienots vai noņemts atskaites punkts.
settings.event_push=Izmaiņu nosūtīšana
settings.event_push_desc=Git izmaiņu nosūtīšana uz repozitoriju.
settings.event_repository=Repozitorijs
@ -1148,6 +1152,10 @@ settings.protect_merge_whitelist_committers=Iespējot sapludināšanas ierobežo
settings.protect_merge_whitelist_committers_desc=Atļaut tikai noteiktiem lietotājiem vai komandām sapludināt izmaiņu pieprasījumus šajā atzarā.
settings.protect_merge_whitelist_users=Lietotāji, kas var veikt izmaiņu sapludināšanu:
settings.protect_merge_whitelist_teams=Komandas, kas var veikt izmaiņu sapludināšanu:
settings.protect_required_approvals=Vajadzīgi apstiprinājumi:
settings.protect_required_approvals_desc=Atļaut tikai noteiktiem lietotājiem vai komandām sapludināt izmaiņu pieprasījumu, kam veikts noteikts daudzums pozitīvu recenziju.
settings.protect_approvals_whitelist_users=Lietotāji, kas var veikt recenzijas:
settings.protect_approvals_whitelist_teams=Komandas, kas var veikt recenzijas:
settings.add_protected_branch=Iespējot aizsargāšanu
settings.delete_protected_branch=Atspējot aizsargāšanu
settings.update_protect_branch_success=Atzara aizsardzība atzaram '%s' tika saglabāta.
@ -1158,6 +1166,7 @@ settings.default_branch_desc=Norādiet noklusēto repozitorija atzaru izmaiņu p
settings.choose_branch=Izvēlieties atzaru…
settings.no_protected_branch=Nav neviena aizsargātā atzara.
settings.edit_protected_branch=Labot
settings.protected_branch_required_approvals_min=Pieprasīto recenziju skaits nevar būt negatīvs.
diff.browse_source=Pārlūkot izejas kodu
diff.parent=vecāks

View File

@ -7,6 +7,115 @@ function htmlEncode(text) {
var csrf;
var suburl;
// Polyfill for IE9+ support (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/from)
if (!Array.from) {
Array.from = (function () {
var toStr = Object.prototype.toString;
var isCallable = function (fn) {
return typeof fn === 'function' || toStr.call(fn) === '[object Function]';
};
var toInteger = function (value) {
var number = Number(value);
if (isNaN(number)) { return 0; }
if (number === 0 || !isFinite(number)) { return number; }
return (number > 0 ? 1 : -1) * Math.floor(Math.abs(number));
};
var maxSafeInteger = Math.pow(2, 53) - 1;
var toLength = function (value) {
var len = toInteger(value);
return Math.min(Math.max(len, 0), maxSafeInteger);
};
// The length property of the from method is 1.
return function from(arrayLike/*, mapFn, thisArg */) {
// 1. Let C be the this value.
var C = this;
// 2. Let items be ToObject(arrayLike).
var items = Object(arrayLike);
// 3. ReturnIfAbrupt(items).
if (arrayLike == null) {
throw new TypeError("Array.from requires an array-like object - not null or undefined");
}
// 4. If mapfn is undefined, then let mapping be false.
var mapFn = arguments.length > 1 ? arguments[1] : void undefined;
var T;
if (typeof mapFn !== 'undefined') {
// 5. else
// 5. a If IsCallable(mapfn) is false, throw a TypeError exception.
if (!isCallable(mapFn)) {
throw new TypeError('Array.from: when provided, the second argument must be a function');
}
// 5. b. If thisArg was supplied, let T be thisArg; else let T be undefined.
if (arguments.length > 2) {
T = arguments[2];
}
}
// 10. Let lenValue be Get(items, "length").
// 11. Let len be ToLength(lenValue).
var len = toLength(items.length);
// 13. If IsConstructor(C) is true, then
// 13. a. Let A be the result of calling the [[Construct]] internal method of C with an argument list containing the single item len.
// 14. a. Else, Let A be ArrayCreate(len).
var A = isCallable(C) ? Object(new C(len)) : new Array(len);
// 16. Let k be 0.
var k = 0;
// 17. Repeat, while k < len… (also steps a - h)
var kValue;
while (k < len) {
kValue = items[k];
if (mapFn) {
A[k] = typeof T === 'undefined' ? mapFn(kValue, k) : mapFn.call(T, kValue, k);
} else {
A[k] = kValue;
}
k += 1;
}
// 18. Let putStatus be Put(A, "length", len, true).
A.length = len;
// 20. Return A.
return A;
};
}());
}
// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/assign
if (typeof Object.assign != 'function') {
// Must be writable: true, enumerable: false, configurable: true
Object.defineProperty(Object, "assign", {
value: function assign(target, varArgs) { // .length of function is 2
'use strict';
if (target == null) { // TypeError if undefined or null
throw new TypeError('Cannot convert undefined or null to object');
}
var to = Object(target);
for (var index = 1; index < arguments.length; index++) {
var nextSource = arguments[index];
if (nextSource != null) { // Skip over if undefined or null
for (var nextKey in nextSource) {
// Avoid bugs when hasOwnProperty is shadowed
if (Object.prototype.hasOwnProperty.call(nextSource, nextKey)) {
to[nextKey] = nextSource[nextKey];
}
}
}
}
return to;
},
writable: true,
configurable: true
});
}
function initCommentPreviewTab($form) {
var $tabMenu = $form.find('.tabular.menu');
$tabMenu.find('.item').tab();
@ -2348,7 +2457,6 @@ function initHeatmap(appElementId, heatmapUser, locale) {
this.getColor(4),
this.getColor(5)
];
console.log(this.colorRange);
this.endDate = new Date();
this.loadHeatmap(this.user);
},

View File

@ -48,7 +48,7 @@
<tr>
<td><a href="./plugins/vue/vue.min.js">vue.min.js</a></td>
<td><a href="https://github.com/vuejs/vue/blob/dev/LICENSE">Expat</a></td>
<td><a href="https://github.com/vuejs/vue/archive/v2.1.10.tar.gz">vue.js-v2.1.10.tar.gz</a></td>
<td><a href="https://github.com/vuejs/vue/archive/v2.6.6.tar.gz">vue.js-v2.6.6.tar.gz</a></td>
</tr>
<tr>
<td><a href="./plugins/emojify/emojify.min.js">emojify.min.js</a></td>
@ -136,7 +136,7 @@
<td><a href="https://github.com/swagger-api/swagger-ui/archive/v3.0.4.tar.gz">swagger-ui-v3.0.4.tar.gz</a></td>
</tr>
<tr>
<td><a href="./plugins/vue-calendar-heatmap">vue-calendar-heatmap</a></td>
<td><a href="./plugins/vue-calendar-heatmap/">vue-calendar-heatmap</a></td>
<td><a href="https://github.com/WildCodeSchool/vue-calendar-heatmap/blob/master/README.md">MIT</a></td>
<td><a href="https://github.com/WildCodeSchool/vue-calendar-heatmap/archive/master.zip">7f48b20.zip</a></td>
</tr>
@ -145,6 +145,11 @@
<td><a href="https://github.com/moment/moment/blob/develop/LICENSE">MIT</a></td>
<td><a href="https://github.com/moment/moment/archive/2.22.2.tar.gz">0.4.1.tar.gz</a></td>
</tr>
<tr>
<td><a href="./plugins/es6-promise/">es6-promise</a></td>
<td><a href="https://github.com/stefanpenner/es6-promise/blob/master/LICENSE">MIT</a></td>
<td><a href="https://github.com/stefanpenner/es6-promise/archive/v4.2.6.tar.gz">4.2.6.tar.gz</a></td>
</tr>
</tbody>
</table>
</body>

File diff suppressed because one or more lines are too long

File diff suppressed because one or more lines are too long

View File

@ -85,7 +85,7 @@ func sudo() macaron.Handler {
}
if len(sudo) > 0 {
if ctx.User.IsAdmin {
if ctx.IsSigned && ctx.User.IsAdmin {
user, err := models.GetUserByName(sudo)
if err != nil {
if models.IsErrUserNotExist(err) {

View File

@ -129,7 +129,7 @@ func GetIssue(ctx *context.APIContext) {
// responses:
// "200":
// "$ref": "#/responses/Issue"
issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, ctx.ParamsInt64(":index"))
issue, err := models.GetIssueWithAttrsByIndex(ctx.Repo.Repository.ID, ctx.ParamsInt64(":index"))
if err != nil {
if models.IsErrIssueNotExist(err) {
ctx.Status(404)

View File

@ -51,6 +51,11 @@ func ListIssueLabels(ctx *context.APIContext) {
return
}
if err := issue.LoadAttributes(); err != nil {
ctx.Error(500, "LoadAttributes", err)
return
}
apiLabels := make([]*api.Label, len(issue.Labels))
for i := range issue.Labels {
apiLabels[i] = issue.Labels[i].APIFormat()

View File

@ -159,6 +159,8 @@ func HandleCheckKeyStringError(ctx *context.APIContext, err error) {
// HandleAddKeyError handle add key error
func HandleAddKeyError(ctx *context.APIContext, err error) {
switch {
case models.IsErrDeployKeyAlreadyExist(err):
ctx.Error(422, "", "This key has already been added to this repository")
case models.IsErrKeyAlreadyExist(err):
ctx.Error(422, "", "Key content has been used as non-deploy key")
case models.IsErrKeyNameAlreadyUsed(err):

View File

@ -668,8 +668,8 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption)
ctx.ServerError("GetUserRepoPermission", err)
return nil, nil, nil, nil, "", ""
}
if !perm.CanWrite(models.UnitTypeCode) {
log.Trace("ParseCompareInfo[%d]: does not have write access or site admin", baseRepo.ID)
if !perm.CanReadIssuesOrPulls(true) {
log.Trace("ParseCompareInfo[%d]: cannot create/read pull requests", baseRepo.ID)
ctx.Status(404)
return nil, nil, nil, nil, "", ""
}

View File

@ -400,6 +400,11 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) {
RemoteAddr: remoteAddr,
})
if err != nil {
if models.IsErrRepoAlreadyExist(err) {
ctx.Error(409, "", "The repository with the same name already exists.")
return
}
err = util.URLSanitizedError(err, remoteAddr)
if repo != nil {
if errDelete := models.DeleteRepository(ctx.User, ctxUser.ID, repo.ID); errDelete != nil {

View File

@ -16,6 +16,30 @@ import (
// GetTree get the tree of a repository.
func GetTree(ctx *context.APIContext) {
// swagger:operation GET /repos/{owner}/{repo}/git/trees/{sha} repository GetTree
// ---
// summary: Gets the tree of a repository.
// produces:
// - application/json
// parameters:
// - name: owner
// in: path
// description: owner of the repo
// type: string
// required: true
// - name: repo
// in: path
// description: name of the repo
// type: string
// required: true
// - name: sha
// in: path
// description: sha of the commit
// type: string
// required: true
// responses:
// "200":
// "$ref": "#/responses/GitTreeResponse"
sha := ctx.Params("sha")
if len(sha) == 0 {
ctx.Error(400, "sha not provided", nil)

View File

@ -133,3 +133,10 @@ type swaggerResponseAttachment struct {
//in: body
Body api.Attachment `json:"body"`
}
// GitTreeResponse
// swagger:response GitTreeResponse
type swaggerGitTreeResponse struct {
//in: body
Body api.GitTreeResponse `json:"body"`
}

View File

@ -11,6 +11,7 @@ import (
"code.gitea.io/gitea/models"
"code.gitea.io/gitea/modules/base"
"code.gitea.io/gitea/modules/context"
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/search"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
@ -38,6 +39,10 @@ func Home(ctx *context.Context) {
if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
ctx.HTML(200, user.TplActivate)
} else if !ctx.User.IsActive || ctx.User.ProhibitLogin {
log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
ctx.HTML(200, "user/auth/prohibit_login")
} else {
user.Dashboard(ctx)
}

View File

@ -17,7 +17,7 @@ func Metrics(ctx *context.Context) {
promhttp.Handler().ServeHTTP(ctx.Resp, ctx.Req.Request)
return
}
header := ctx.Header().Get("Authorization")
header := ctx.Req.Header.Get("Authorization")
if header == "" {
ctx.Error(401)
return

View File

@ -288,8 +288,6 @@ func EditTeamPost(ctx *context.Context, form auth.CreateTeamForm) {
})
}
models.UpdateTeamUnits(t, units)
} else {
models.UpdateTeamUnits(t, nil)
}
if ctx.HasError() {

View File

@ -82,6 +82,7 @@ func RegisterRoutes(m *macaron.Macaron) {
m.Post("/repositories/:repoid/keys/:keyid/update", UpdateDeployKey)
m.Get("/repositories/:repoid/user/:userid/checkunituser", CheckUnitUser)
m.Get("/repositories/:repoid/has-keys/:keyid", HasDeployKey)
m.Get("/repositories/:repoid/keys/:keyid", GetDeployKey)
m.Get("/repositories/:repoid/wiki/init", InitWiki)
m.Post("/push/update", PushUpdate)
m.Get("/protectedbranch/:pbid/:userid", CanUserPush)

View File

@ -72,6 +72,24 @@ func GetUserByKeyID(ctx *macaron.Context) {
ctx.JSON(200, user)
}
//GetDeployKey chainload to models.GetDeployKey
func GetDeployKey(ctx *macaron.Context) {
repoID := ctx.ParamsInt64(":repoid")
keyID := ctx.ParamsInt64(":keyid")
dKey, err := models.GetDeployKeyByRepo(keyID, repoID)
if err != nil {
if models.IsErrDeployKeyNotExist(err) {
ctx.JSON(404, []byte("not found"))
return
}
ctx.JSON(500, map[string]interface{}{
"err": err.Error(),
})
return
}
ctx.JSON(200, dKey)
}
//HasDeployKey chainload to models.HasDeployKey
func HasDeployKey(ctx *macaron.Context) {
repoID := ctx.ParamsInt64(":repoid")

View File

@ -201,7 +201,7 @@ func Diff(ctx *context.Context) {
commitID = commit.ID.String()
}
statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository, ctx.Repo.Commit.ID.String(), 0)
statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository, commitID, 0)
if err != nil {
log.Error(3, "GetLatestCommitStatus: %v", err)
}

View File

@ -163,7 +163,11 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
branchName = form.NewBranchName
}
form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
form.TreePath = cleanUploadFileName(form.TreePath)
if len(form.TreePath) == 0 {
ctx.Error(500, "Upload file name is invalid")
return
}
treeNames, treePaths := getParentTreeFields(form.TreePath)
ctx.Data["TreePath"] = form.TreePath
@ -373,6 +377,13 @@ func DeleteFile(ctx *context.Context) {
func DeleteFilePost(ctx *context.Context, form auth.DeleteRepoFileForm) {
ctx.Data["PageIsDelete"] = true
ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
ctx.Repo.TreePath = cleanUploadFileName(ctx.Repo.TreePath)
if len(ctx.Repo.TreePath) == 0 {
ctx.Error(500, "Delete file name is invalid")
return
}
ctx.Data["TreePath"] = ctx.Repo.TreePath
canCommit := renderCommitRights(ctx)
@ -477,7 +488,12 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
branchName = form.NewBranchName
}
form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
form.TreePath = cleanUploadFileName(form.TreePath)
if len(form.TreePath) == 0 {
ctx.Error(500, "Upload file name is invalid")
return
}
treeNames, treePaths := getParentTreeFields(form.TreePath)
if len(treeNames) == 0 {
// We must at least have one element for user to input.

View File

@ -113,24 +113,24 @@ func HTTP(ctx *context.Context) {
return
}
authUser, err = models.UserSignIn(authUsername, authPasswd)
if err != nil {
if !models.IsErrUserNotExist(err) {
ctx.ServerError("UserSignIn error: %v", err)
return
}
}
if authUser == nil {
// Check if username or password is a token
isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic"
// Assume username is token
authToken := authUsername
if !isUsernameToken {
// Assume password is token
authToken = authPasswd
}
// Assume password is a token.
token, err := models.GetAccessTokenBySHA(authToken)
if err == nil {
if isUsernameToken {
authUser, err = models.GetUserByID(token.UID)
if err != nil {
ctx.ServerError("GetUserByID", err)
return
}
} else {
authUser, err = models.GetUserByName(authUsername)
if err != nil {
if models.IsErrUserNotExist(err) {
@ -140,37 +140,37 @@ func HTTP(ctx *context.Context) {
}
return
}
}
// Assume password is a token.
token, err := models.GetAccessTokenBySHA(authToken)
if err != nil {
if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {
ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
} else {
ctx.ServerError("GetAccessTokenBySha", err)
}
return
}
if isUsernameToken {
authUser, err = models.GetUserByID(token.UID)
if err != nil {
ctx.ServerError("GetUserByID", err)
return
}
} else if authUser.ID != token.UID {
if authUser.ID != token.UID {
ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
return
}
}
token.UpdatedUnix = util.TimeStampNow()
if err = models.UpdateAccessToken(token); err != nil {
ctx.ServerError("UpdateAccessToken", err)
}
} else {
_, err = models.GetTwoFactorByUID(authUser.ID)
if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
log.Error(4, "GetAccessTokenBySha: %v", err)
}
}
if authUser == nil {
// Check username and password
authUser, err = models.UserSignIn(authUsername, authPasswd)
if err != nil {
if !models.IsErrUserNotExist(err) {
ctx.ServerError("UserSignIn error: %v", err)
return
}
}
if authUser == nil {
ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
return
}
_, err = models.GetTwoFactorByUID(authUser.ID)
if err == nil {
// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
ctx.HandleText(http.StatusUnauthorized, "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page")

View File

@ -355,7 +355,7 @@ func setTemplateIfExists(ctx *context.Context, ctxDataKey string, possibleFiles
}
}
// NewIssue render createing issue page
// NewIssue render creating issue page
func NewIssue(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("repo.issues.new")
ctx.Data["PageIsIssueList"] = true
@ -494,6 +494,11 @@ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) {
return
}
if util.IsEmptyString(form.Title) {
ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplIssueNew, form)
return
}
issue := &models.Issue{
RepoID: repo.ID,
Title: form.Title,

View File

@ -22,6 +22,7 @@ import (
"code.gitea.io/gitea/modules/log"
"code.gitea.io/gitea/modules/notification"
"code.gitea.io/gitea/modules/setting"
"code.gitea.io/gitea/modules/util"
"github.com/Unknwon/com"
)
@ -683,8 +684,8 @@ func ParseCompareInfo(ctx *context.Context) (*models.User, *models.Repository, *
ctx.ServerError("GetUserRepoPermission", err)
return nil, nil, nil, nil, "", ""
}
if !perm.CanWrite(models.UnitTypeCode) {
log.Trace("ParseCompareInfo[%d]: does not have write access or site admin", baseRepo.ID)
if !perm.CanReadIssuesOrPulls(true) {
log.Trace("ParseCompareInfo[%d]: cannot create/read pull requests", baseRepo.ID)
ctx.NotFound("ParseCompareInfo", nil)
return nil, nil, nil, nil, "", ""
}
@ -860,6 +861,16 @@ func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm)
return
}
if util.IsEmptyString(form.Title) {
PrepareCompareDiff(ctx, headUser, headRepo, headGitRepo, prInfo, baseBranch, headBranch)
if ctx.Written() {
return
}
ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplComparePull, form)
return
}
patch, err := headGitRepo.GetPatch(prInfo.MergeBase, headBranch)
if err != nil {
ctx.ServerError("GetPatch", err)

View File

@ -256,6 +256,11 @@ func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) {
return
}
if models.IsErrRepoAlreadyExist(err) {
ctx.RenderWithErr(ctx.Tr("form.repo_name_been_taken"), tplMigrate, &form)
return
}
// remoteAddr may contain credentials, so we sanitize it
err = util.URLSanitizedError(err, remoteAddr)

View File

@ -6,6 +6,7 @@
package repo
import (
"errors"
"strings"
"time"
@ -36,6 +37,7 @@ const (
func Settings(ctx *context.Context) {
ctx.Data["Title"] = ctx.Tr("repo.settings")
ctx.Data["PageIsSettingsOptions"] = true
ctx.Data["ForcePrivate"] = setting.Repository.ForcePrivate
ctx.HTML(200, tplSettingsOptions)
}
@ -94,6 +96,12 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
}
visibilityChanged := repo.IsPrivate != form.Private
// when ForcePrivate enabled, you could change public repo to private, but could not change private to public
if visibilityChanged && setting.Repository.ForcePrivate && !form.Private {
ctx.ServerError("Force Private enabled", errors.New("cannot change private repository to public"))
return
}
repo.IsPrivate = form.Private
if err := models.UpdateRepository(repo, visibilityChanged); err != nil {
ctx.ServerError("UpdateRepository", err)
@ -581,6 +589,9 @@ func DeployKeysPost(ctx *context.Context, form auth.AddKeyForm) {
case models.IsErrDeployKeyAlreadyExist(err):
ctx.Data["Err_Content"] = true
ctx.RenderWithErr(ctx.Tr("repo.settings.key_been_used"), tplDeployKeys, &form)
case models.IsErrKeyAlreadyExist(err):
ctx.Data["Err_Content"] = true
ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplDeployKeys, &form)
case models.IsErrKeyNameAlreadyUsed(err):
ctx.Data["Err_Title"] = true
ctx.RenderWithErr(ctx.Tr("repo.settings.key_name_used"), tplDeployKeys, &form)

View File

@ -341,6 +341,11 @@ func NewWikiPost(ctx *context.Context, form auth.NewWikiForm) {
return
}
if util.IsEmptyString(form.Title) {
ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplWikiNew, form)
return
}
wikiName := models.NormalizeWikiName(form.Title)
if err := ctx.Repo.Repository.AddWikiPage(ctx.User, wikiName, form.Content, form.Message); err != nil {
if models.IsErrWikiReservedName(err) {

View File

@ -106,7 +106,7 @@ func NewMacaron() *macaron.Macaron {
Langs: setting.Langs,
Names: setting.Names,
DefaultLang: "en-US",
Redirect: true,
Redirect: false,
}))
m.Use(cache.Cacher(cache.Options{
Adapter: setting.CacheService.Adapter,
@ -643,7 +643,7 @@ func RegisterRoutes(m *macaron.Macaron) {
}
ctx.Data["CommitsCount"] = ctx.Repo.CommitsCount
})
}, context.RepoAssignment(), context.UnitTypes(), reqRepoReleaseReader)
}, ignSignIn, context.RepoAssignment(), context.UnitTypes(), reqRepoReleaseReader)
m.Group("/:username/:reponame", func() {
m.Post("/topics", repo.TopicsPost)

View File

@ -161,6 +161,19 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
} else if models.IsErrEmailAlreadyUsed(err) {
ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSignIn, &form)
log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
} else if models.IsErrUserProhibitLogin(err) {
log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
ctx.HTML(200, "user/auth/prohibit_login")
} else if models.IsErrUserInactive(err) {
if setting.Service.RegisterEmailConfirm {
ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
ctx.HTML(200, TplActivate)
} else {
log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
ctx.HTML(200, "user/auth/prohibit_login")
}
} else {
ctx.ServerError("UserSignIn", err)
}

View File

@ -115,7 +115,8 @@ func SignInOpenIDPost(ctx *context.Context, form auth.SignInOpenIDForm) {
redirectTo := setting.AppURL + "user/login/openid"
url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)
if err != nil {
ctx.RenderWithErr(err.Error(), tplSignInOpenID, &form)
log.Error(1, "Error in OpenID redirect URL: %s, %v", redirectTo, err.Error())
ctx.RenderWithErr(fmt.Sprintf("Unable to find OpenID provider in %s", redirectTo), tplSignInOpenID, &form)
return
}

View File

@ -34,11 +34,16 @@ func Security(ctx *context.Context) {
// DeleteAccountLink delete a single account link
func DeleteAccountLink(ctx *context.Context) {
if _, err := models.RemoveAccountLink(ctx.User, ctx.QueryInt64("loginSourceID")); err != nil {
id := ctx.QueryInt64("id")
if id <= 0 {
ctx.Flash.Error("Account link id is not given")
} else {
if _, err := models.RemoveAccountLink(ctx.User, id); err != nil {
ctx.Flash.Error("RemoveAccountLink: " + err.Error())
} else {
ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
}
}
ctx.JSON(200, map[string]interface{}{
"redirect": setting.AppSubURL + "/user/settings/security",

View File

@ -100,7 +100,7 @@
<dt>{{.i18n.Tr "admin.dashboard.mspan_structures_usage"}}</dt>
<dd>{{.SysStatus.MSpanInuse}}</dd>
<dt>{{.i18n.Tr "admin.dashboard.mspan_structures_obtained"}}</dt>
<dd>{{.SysStatus.HeapSys}}</dd>
<dd>{{.SysStatus.MSpanSys}}</dd>
<dt>{{.i18n.Tr "admin.dashboard.mcache_structures_usage"}}</dt>
<dd>{{.SysStatus.MCacheInuse}}</dd>
<dt>{{.i18n.Tr "admin.dashboard.mcache_structures_obtained"}}</dt>

View File

@ -112,6 +112,7 @@
<script src="{{AppSubUrl}}/vendor/plugins/semantic/semantic.min.js"></script>
<script src="{{AppSubUrl}}/js/index.js?v={{MD5 AppVer}}"></script>
{{if .EnableHeatmap}}
<script src="{{AppSubUrl}}/vendor/plugins/es6-promise/es6-promise.auto.min.js" charset="utf-8"></script>
<script src="{{AppSubUrl}}/vendor/plugins/moment/moment.min.js" charset="utf-8"></script>
<script src="{{AppSubUrl}}/vendor/plugins/vue-calendar-heatmap/vue-calendar-heatmap.browser.js" charset="utf-8"></script>
<script type="text/javascript">

View File

@ -54,7 +54,7 @@
<div class="ui stackable secondary menu mobile--margin-between-items mobile--no-negative-margins">
{{if and .PullRequestCtx.Allowed .IsViewBranch}}
<div class="fitted item">
<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{.Repository.Owner.Name}}:{{.BranchName | EscapePound}}">
<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{if ne .Repository.Owner.Name .BaseRepo.Owner.Name}}{{.Repository.Owner.Name}}:{{end}}{{.BranchName | EscapePound}}">
<button class="ui green tiny compact button"><i class="octicon octicon-git-compare"></i></button>
</a>
</div>

View File

@ -19,7 +19,7 @@
<div class="inline field">
<label>{{.i18n.Tr "repo.visibility"}}</label>
<div class="ui checkbox">
<input name="private" type="checkbox" {{if .Repository.IsPrivate}}checked{{end}}>
<input name="private" type="checkbox" {{if .Repository.IsPrivate}}checked{{end}}{{if and $.ForcePrivate .Repository.IsPrivate}} readonly{{end}}>
<label>{{.i18n.Tr "repo.visibility_helper" | Safe}} {{if .Repository.NumForks}}<span class="text red">{{.i18n.Tr "repo.visibility_fork_helper"}}</span>{{end}}</label>
</div>
</div>

View File

@ -1663,6 +1663,46 @@
}
}
},
"/repos/{owner}/{repo}/git/trees/{sha}": {
"get": {
"produces": [
"application/json"
],
"tags": [
"repository"
],
"summary": "Gets the tree of a repository.",
"operationId": "GetTree",
"parameters": [
{
"type": "string",
"description": "owner of the repo",
"name": "owner",
"in": "path",
"required": true
},
{
"type": "string",
"description": "name of the repo",
"name": "repo",
"in": "path",
"required": true
},
{
"type": "string",
"description": "sha of the commit",
"name": "sha",
"in": "path",
"required": true
}
],
"responses": {
"200": {
"$ref": "#/responses/GitTreeResponse"
}
}
}
},
"/repos/{owner}/{repo}/hooks": {
"get": {
"produces": [
@ -7040,6 +7080,38 @@
},
"x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
},
"GitEntry": {
"description": "GitEntry represents a git tree",
"type": "object",
"properties": {
"mode": {
"type": "string",
"x-go-name": "Mode"
},
"path": {
"type": "string",
"x-go-name": "Path"
},
"sha": {
"type": "string",
"x-go-name": "SHA"
},
"size": {
"type": "integer",
"format": "int64",
"x-go-name": "Size"
},
"type": {
"type": "string",
"x-go-name": "Type"
},
"url": {
"type": "string",
"x-go-name": "URL"
}
},
"x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
},
"GitObject": {
"type": "object",
"title": "GitObject represents a Git object.",
@ -7059,6 +7131,32 @@
},
"x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
},
"GitTreeResponse": {
"description": "GitTreeResponse returns a git tree",
"type": "object",
"properties": {
"sha": {
"type": "string",
"x-go-name": "SHA"
},
"tree": {
"type": "array",
"items": {
"$ref": "#/definitions/GitEntry"
},
"x-go-name": "Entries"
},
"truncated": {
"type": "boolean",
"x-go-name": "Truncated"
},
"url": {
"type": "string",
"x-go-name": "URL"
}
},
"x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
},
"Issue": {
"description": "Issue represents an issue in a repository",
"type": "object",
@ -8200,6 +8298,12 @@
}
}
},
"GitTreeResponse": {
"description": "GitTreeResponse",
"schema": {
"$ref": "#/definitions/GitTreeResponse"
}
},
"Hook": {
"description": "Hook",
"schema": {

View File

@ -44,12 +44,14 @@
<div v-show="tab === 'repos'" class="ui tab active list dashboard-repos">
<h4 class="ui top attached header">
{{.i18n.Tr "home.my_repos"}} <span class="ui grey label">${reposTotalCount}</span>
{{if or (not .ContextUser.IsOrganization) .IsOrganizationOwner}}
<div class="ui right">
<a class="poping up" :href="suburl + '/repo/create'" data-content="{{.i18n.Tr "new_repo"}}" data-variation="tiny inverted" data-position="left center">
<a class="poping up" :href="suburl + '/repo/create{{if .ContextUser.IsOrganization}}?org={{.ContextUser.ID}}{{end}}'" data-content="{{.i18n.Tr "new_repo"}}" data-variation="tiny inverted" data-position="left center">
<i class="plus icon"></i>
<span class="sr-only">{{.i18n.Tr "new_repo"}}</span>
</a>
</div>
{{end}}
</h4>
<div class="ui attached secondary segment repos-search">
<div class="ui fluid icon input" :class="{loading: isLoading}">

View File

@ -822,7 +822,7 @@ func (db *postgres) SqlType(c *core.Column) string {
case core.NVarchar:
res = core.Varchar
case core.Uuid:
res = core.Uuid
return core.Uuid
case core.Blob, core.TinyBlob, core.MediumBlob, core.LongBlob:
return core.Bytea
case core.Double:
@ -834,6 +834,10 @@ func (db *postgres) SqlType(c *core.Column) string {
res = t
}
if strings.EqualFold(res, "bool") {
// for bool, we don't need length information
return res
}
hasLen1 := (c.Length > 0)
hasLen2 := (c.Length2 > 0)

View File

@ -481,7 +481,8 @@ func (engine *Engine) dumpTables(tables []*core.Table, w io.Writer, tp ...core.D
}
cols := table.ColumnsSeq()
colNames := dialect.Quote(strings.Join(cols, dialect.Quote(", ")))
colNames := engine.dialect.Quote(strings.Join(cols, engine.dialect.Quote(", ")))
destColNames := dialect.Quote(strings.Join(cols, dialect.Quote(", ")))
rows, err := engine.DB().Query("SELECT " + colNames + " FROM " + engine.Quote(table.Name))
if err != nil {
@ -496,7 +497,7 @@ func (engine *Engine) dumpTables(tables []*core.Table, w io.Writer, tp ...core.D
return err
}
_, err = io.WriteString(w, "INSERT INTO "+dialect.Quote(table.Name)+" ("+colNames+") VALUES (")
_, err = io.WriteString(w, "INSERT INTO "+dialect.Quote(table.Name)+" ("+destColNames+") VALUES (")
if err != nil {
return err
}

27
vendor/gopkg.in/ldap.v2/LICENSE generated vendored
View File

@ -1,27 +0,0 @@
Copyright (c) 2012 The Go Authors. All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

148
vendor/gopkg.in/ldap.v2/error.go generated vendored
View File

@ -1,148 +0,0 @@
package ldap
import (
"fmt"
"gopkg.in/asn1-ber.v1"
)
// LDAP Result Codes
const (
LDAPResultSuccess = 0
LDAPResultOperationsError = 1
LDAPResultProtocolError = 2
LDAPResultTimeLimitExceeded = 3
LDAPResultSizeLimitExceeded = 4
LDAPResultCompareFalse = 5
LDAPResultCompareTrue = 6
LDAPResultAuthMethodNotSupported = 7
LDAPResultStrongAuthRequired = 8
LDAPResultReferral = 10
LDAPResultAdminLimitExceeded = 11
LDAPResultUnavailableCriticalExtension = 12
LDAPResultConfidentialityRequired = 13
LDAPResultSaslBindInProgress = 14
LDAPResultNoSuchAttribute = 16
LDAPResultUndefinedAttributeType = 17
LDAPResultInappropriateMatching = 18
LDAPResultConstraintViolation = 19
LDAPResultAttributeOrValueExists = 20
LDAPResultInvalidAttributeSyntax = 21
LDAPResultNoSuchObject = 32
LDAPResultAliasProblem = 33
LDAPResultInvalidDNSyntax = 34
LDAPResultAliasDereferencingProblem = 36
LDAPResultInappropriateAuthentication = 48
LDAPResultInvalidCredentials = 49
LDAPResultInsufficientAccessRights = 50
LDAPResultBusy = 51
LDAPResultUnavailable = 52
LDAPResultUnwillingToPerform = 53
LDAPResultLoopDetect = 54
LDAPResultNamingViolation = 64
LDAPResultObjectClassViolation = 65
LDAPResultNotAllowedOnNonLeaf = 66
LDAPResultNotAllowedOnRDN = 67
LDAPResultEntryAlreadyExists = 68
LDAPResultObjectClassModsProhibited = 69
LDAPResultAffectsMultipleDSAs = 71
LDAPResultOther = 80
ErrorNetwork = 200
ErrorFilterCompile = 201
ErrorFilterDecompile = 202
ErrorDebugging = 203
ErrorUnexpectedMessage = 204
ErrorUnexpectedResponse = 205
)
// LDAPResultCodeMap contains string descriptions for LDAP error codes
var LDAPResultCodeMap = map[uint8]string{
LDAPResultSuccess: "Success",
LDAPResultOperationsError: "Operations Error",
LDAPResultProtocolError: "Protocol Error",
LDAPResultTimeLimitExceeded: "Time Limit Exceeded",
LDAPResultSizeLimitExceeded: "Size Limit Exceeded",
LDAPResultCompareFalse: "Compare False",
LDAPResultCompareTrue: "Compare True",
LDAPResultAuthMethodNotSupported: "Auth Method Not Supported",
LDAPResultStrongAuthRequired: "Strong Auth Required",
LDAPResultReferral: "Referral",
LDAPResultAdminLimitExceeded: "Admin Limit Exceeded",
LDAPResultUnavailableCriticalExtension: "Unavailable Critical Extension",
LDAPResultConfidentialityRequired: "Confidentiality Required",
LDAPResultSaslBindInProgress: "Sasl Bind In Progress",
LDAPResultNoSuchAttribute: "No Such Attribute",
LDAPResultUndefinedAttributeType: "Undefined Attribute Type",
LDAPResultInappropriateMatching: "Inappropriate Matching",
LDAPResultConstraintViolation: "Constraint Violation",
LDAPResultAttributeOrValueExists: "Attribute Or Value Exists",
LDAPResultInvalidAttributeSyntax: "Invalid Attribute Syntax",
LDAPResultNoSuchObject: "No Such Object",
LDAPResultAliasProblem: "Alias Problem",
LDAPResultInvalidDNSyntax: "Invalid DN Syntax",
LDAPResultAliasDereferencingProblem: "Alias Dereferencing Problem",
LDAPResultInappropriateAuthentication: "Inappropriate Authentication",
LDAPResultInvalidCredentials: "Invalid Credentials",
LDAPResultInsufficientAccessRights: "Insufficient Access Rights",
LDAPResultBusy: "Busy",
LDAPResultUnavailable: "Unavailable",
LDAPResultUnwillingToPerform: "Unwilling To Perform",
LDAPResultLoopDetect: "Loop Detect",
LDAPResultNamingViolation: "Naming Violation",
LDAPResultObjectClassViolation: "Object Class Violation",
LDAPResultNotAllowedOnNonLeaf: "Not Allowed On Non Leaf",
LDAPResultNotAllowedOnRDN: "Not Allowed On RDN",
LDAPResultEntryAlreadyExists: "Entry Already Exists",
LDAPResultObjectClassModsProhibited: "Object Class Mods Prohibited",
LDAPResultAffectsMultipleDSAs: "Affects Multiple DSAs",
LDAPResultOther: "Other",
}
func getLDAPResultCode(packet *ber.Packet) (code uint8, description string) {
if packet == nil {
return ErrorUnexpectedResponse, "Empty packet"
} else if len(packet.Children) >= 2 {
response := packet.Children[1]
if response == nil {
return ErrorUnexpectedResponse, "Empty response in packet"
}
if response.ClassType == ber.ClassApplication && response.TagType == ber.TypeConstructed && len(response.Children) >= 3 {
// Children[1].Children[2] is the diagnosticMessage which is guaranteed to exist as seen here: https://tools.ietf.org/html/rfc4511#section-4.1.9
return uint8(response.Children[0].Value.(int64)), response.Children[2].Value.(string)
}
}
return ErrorNetwork, "Invalid packet format"
}
// Error holds LDAP error information
type Error struct {
// Err is the underlying error
Err error
// ResultCode is the LDAP error code
ResultCode uint8
}
func (e *Error) Error() string {
return fmt.Sprintf("LDAP Result Code %d %q: %s", e.ResultCode, LDAPResultCodeMap[e.ResultCode], e.Err.Error())
}
// NewError creates an LDAP error with the given code and underlying error
func NewError(resultCode uint8, err error) error {
return &Error{ResultCode: resultCode, Err: err}
}
// IsErrorWithCode returns true if the given error is an LDAP error with the given result code
func IsErrorWithCode(err error, desiredResultCode uint8) bool {
if err == nil {
return false
}
serverError, ok := err.(*Error)
if !ok {
return false
}
return serverError.ResultCode == desiredResultCode
}

22
vendor/gopkg.in/ldap.v3/LICENSE generated vendored Normal file
View File

@ -0,0 +1,22 @@
The MIT License (MIT)
Copyright (c) 2011-2015 Michael Mitton (mmitton@gmail.com)
Portions copyright (c) 2015-2016 go-ldap Authors
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

View File

@ -41,6 +41,8 @@ type AddRequest struct {
DN string
// Attributes list the attributes of the new entry
Attributes []Attribute
// Controls hold optional controls to send with the request
Controls []Control
}
func (a AddRequest) encode() *ber.Packet {
@ -60,9 +62,10 @@ func (a *AddRequest) Attribute(attrType string, attrVals []string) {
}
// NewAddRequest returns an AddRequest for the given DN, with no attributes
func NewAddRequest(dn string) *AddRequest {
func NewAddRequest(dn string, controls []Control) *AddRequest {
return &AddRequest{
DN: dn,
Controls: controls,
}
}
@ -72,6 +75,9 @@ func (l *Conn) Add(addRequest *AddRequest) error {
packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")
packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID"))
packet.AppendChild(addRequest.encode())
if len(addRequest.Controls) > 0 {
packet.AppendChild(encodeControls(addRequest.Controls))
}
l.Debug.PrintPacket(packet)
@ -100,9 +106,9 @@ func (l *Conn) Add(addRequest *AddRequest) error {
}
if packet.Children[1].Tag == ApplicationAddResponse {
resultCode, resultDescription := getLDAPResultCode(packet)
if resultCode != 0 {
return NewError(resultCode, errors.New(resultDescription))
err := GetLDAPError(packet)
if err != nil {
return err
}
} else {
log.Printf("Unexpected Response: %d", packet.Children[1].Tag)

View File

@ -1,11 +1,8 @@
// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package ldap
import (
"errors"
"fmt"
"gopkg.in/asn1-ber.v1"
)
@ -18,6 +15,9 @@ type SimpleBindRequest struct {
Password string
// Controls are optional controls to send with the bind request
Controls []Control
// AllowEmptyPassword sets whether the client allows binding with an empty password
// (normally used for unauthenticated bind).
AllowEmptyPassword bool
}
// SimpleBindResult contains the response from the server
@ -31,6 +31,7 @@ func NewSimpleBindRequest(username string, password string, controls []Control)
Username: username,
Password: password,
Controls: controls,
AllowEmptyPassword: false,
}
}
@ -40,17 +41,22 @@ func (bindRequest *SimpleBindRequest) encode() *ber.Packet {
request.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, bindRequest.Username, "User Name"))
request.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, bindRequest.Password, "Password"))
request.AppendChild(encodeControls(bindRequest.Controls))
return request
}
// SimpleBind performs the simple bind operation defined in the given request
func (l *Conn) SimpleBind(simpleBindRequest *SimpleBindRequest) (*SimpleBindResult, error) {
if simpleBindRequest.Password == "" && !simpleBindRequest.AllowEmptyPassword {
return nil, NewError(ErrorEmptyPassword, errors.New("ldap: empty password not allowed by the client"))
}
packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")
packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID"))
encodedBindRequest := simpleBindRequest.encode()
packet.AppendChild(encodedBindRequest)
if len(simpleBindRequest.Controls) > 0 {
packet.AppendChild(encodeControls(simpleBindRequest.Controls))
}
if l.Debug {
ber.PrintPacket(packet)
@ -73,7 +79,7 @@ func (l *Conn) SimpleBind(simpleBindRequest *SimpleBindRequest) (*SimpleBindResu
}
if l.Debug {
if err := addLDAPDescriptions(packet); err != nil {
if err = addLDAPDescriptions(packet); err != nil {
return nil, err
}
ber.PrintPacket(packet)
@ -85,59 +91,45 @@ func (l *Conn) SimpleBind(simpleBindRequest *SimpleBindRequest) (*SimpleBindResu
if len(packet.Children) == 3 {
for _, child := range packet.Children[2].Children {
result.Controls = append(result.Controls, DecodeControl(child))
decodedChild, decodeErr := DecodeControl(child)
if decodeErr != nil {
return nil, fmt.Errorf("failed to decode child control: %s", decodeErr)
}
result.Controls = append(result.Controls, decodedChild)
}
}
resultCode, resultDescription := getLDAPResultCode(packet)
if resultCode != 0 {
return result, NewError(resultCode, errors.New(resultDescription))
}
return result, nil
err = GetLDAPError(packet)
return result, err
}
// Bind performs a bind with the given username and password
// Bind performs a bind with the given username and password.
//
// It does not allow unauthenticated bind (i.e. empty password). Use the UnauthenticatedBind method
// for that.
func (l *Conn) Bind(username, password string) error {
packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")
packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID"))
bindRequest := ber.Encode(ber.ClassApplication, ber.TypeConstructed, ApplicationBindRequest, nil, "Bind Request")
bindRequest.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, 3, "Version"))
bindRequest.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, username, "User Name"))
bindRequest.AppendChild(ber.NewString(ber.ClassContext, ber.TypePrimitive, 0, password, "Password"))
packet.AppendChild(bindRequest)
if l.Debug {
ber.PrintPacket(packet)
req := &SimpleBindRequest{
Username: username,
Password: password,
AllowEmptyPassword: false,
}
msgCtx, err := l.sendMessage(packet)
if err != nil {
_, err := l.SimpleBind(req)
return err
}
// UnauthenticatedBind performs an unauthenticated bind.
//
// A username may be provided for trace (e.g. logging) purpose only, but it is normally not
// authenticated or otherwise validated by the LDAP server.
//
// See https://tools.ietf.org/html/rfc4513#section-5.1.2 .
// See https://tools.ietf.org/html/rfc4513#section-6.3.1 .
func (l *Conn) UnauthenticatedBind(username string) error {
req := &SimpleBindRequest{
Username: username,
Password: "",
AllowEmptyPassword: true,
}
_, err := l.SimpleBind(req)
return err
}
defer l.finishMessage(msgCtx)
packetResponse, ok := <-msgCtx.responses
if !ok {
return NewError(ErrorNetwork, errors.New("ldap: response channel closed"))
}
packet, err = packetResponse.ReadPacket()
l.Debug.Printf("%d: got response %p", msgCtx.id, packet)
if err != nil {
return err
}
if l.Debug {
if err := addLDAPDescriptions(packet); err != nil {
return err
}
ber.PrintPacket(packet)
}
resultCode, resultDescription := getLDAPResultCode(packet)
if resultCode != 0 {
return NewError(resultCode, errors.New(resultDescription))
}
return nil
}

View File

@ -18,6 +18,7 @@ type Client interface {
Add(addRequest *AddRequest) error
Del(delRequest *DelRequest) error
Modify(modifyRequest *ModifyRequest) error
ModifyDN(modifyDNRequest *ModifyDNRequest) error
Compare(dn, attribute, value string) (bool, error)
PasswordModify(passwordModifyRequest *PasswordModifyRequest) (*PasswordModifyResult, error)

View File

@ -1,7 +1,3 @@
// Copyright 2014 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//
// File contains Compare functionality
//
// https://tools.ietf.org/html/rfc4511
@ -41,7 +37,7 @@ func (l *Conn) Compare(dn, attribute, value string) (bool, error) {
ava := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "AttributeValueAssertion")
ava.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, attribute, "AttributeDesc"))
ava.AppendChild(ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagOctetString, value, "AssertionValue"))
ava.AppendChild(ber.Encode(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, value, "AssertionValue"))
request.AppendChild(ava)
packet.AppendChild(request)
@ -72,14 +68,16 @@ func (l *Conn) Compare(dn, attribute, value string) (bool, error) {
}
if packet.Children[1].Tag == ApplicationCompareResponse {
resultCode, resultDescription := getLDAPResultCode(packet)
if resultCode == LDAPResultCompareTrue {
err := GetLDAPError(packet)
switch {
case IsErrorWithCode(err, LDAPResultCompareTrue):
return true, nil
} else if resultCode == LDAPResultCompareFalse {
case IsErrorWithCode(err, LDAPResultCompareFalse):
return false, nil
} else {
return false, NewError(resultCode, errors.New(resultDescription))
default:
return false, err
}
}
return false, fmt.Errorf("Unexpected Response: %d", packet.Children[1].Tag)
return false, fmt.Errorf("unexpected Response: %d", packet.Children[1].Tag)
}

View File

@ -1,7 +1,3 @@
// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package ldap
import (
@ -10,7 +6,9 @@ import (
"fmt"
"log"
"net"
"net/url"
"sync"
"sync/atomic"
"time"
"gopkg.in/asn1-ber.v1"
@ -29,6 +27,13 @@ const (
MessageTimeout = 4
)
const (
// DefaultLdapPort default ldap port for pure TCP connection
DefaultLdapPort = "389"
// DefaultLdapsPort default ldap port for SSL connection
DefaultLdapsPort = "636"
)
// PacketResponse contains the packet or error encountered reading a response
type PacketResponse struct {
// Packet is the packet read from the server
@ -80,22 +85,22 @@ const (
// Conn represents an LDAP Connection
type Conn struct {
// requestTimeout is loaded atomically
// so we need to ensure 64-bit alignment on 32-bit platforms.
requestTimeout int64
conn net.Conn
isTLS bool
isClosing bool
closeErr error
closing uint32
closeErr atomic.Value
isStartingTLS bool
Debug debugging
chanConfirm chan bool
chanConfirm chan struct{}
messageContexts map[int64]*messageContext
chanMessage chan *messagePacket
chanMessageID chan int64
wgSender sync.WaitGroup
wgClose sync.WaitGroup
once sync.Once
outstandingRequests uint
messageMutex sync.Mutex
requestTimeout time.Duration
}
var _ Client = &Conn{}
@ -122,27 +127,56 @@ func Dial(network, addr string) (*Conn, error) {
// DialTLS connects to the given address on the given network using tls.Dial
// and then returns a new Conn for the connection.
func DialTLS(network, addr string, config *tls.Config) (*Conn, error) {
dc, err := net.DialTimeout(network, addr, DefaultTimeout)
c, err := tls.DialWithDialer(&net.Dialer{Timeout: DefaultTimeout}, network, addr, config)
if err != nil {
return nil, NewError(ErrorNetwork, err)
}
c := tls.Client(dc, config)
err = c.Handshake()
if err != nil {
// Handshake error, close the established connection before we return an error
dc.Close()
return nil, NewError(ErrorNetwork, err)
}
conn := NewConn(c, true)
conn.Start()
return conn, nil
}
// DialURL connects to the given ldap URL vie TCP using tls.Dial or net.Dial if ldaps://
// or ldap:// specified as protocol. On success a new Conn for the connection
// is returned.
func DialURL(addr string) (*Conn, error) {
lurl, err := url.Parse(addr)
if err != nil {
return nil, NewError(ErrorNetwork, err)
}
host, port, err := net.SplitHostPort(lurl.Host)
if err != nil {
// we asume that error is due to missing port
host = lurl.Host
port = ""
}
switch lurl.Scheme {
case "ldap":
if port == "" {
port = DefaultLdapPort
}
return Dial("tcp", net.JoinHostPort(host, port))
case "ldaps":
if port == "" {
port = DefaultLdapsPort
}
tlsConf := &tls.Config{
ServerName: host,
}
return DialTLS("tcp", net.JoinHostPort(host, port), tlsConf)
}
return nil, NewError(ErrorNetwork, fmt.Errorf("Unknown scheme '%s'", lurl.Scheme))
}
// NewConn returns a new Conn using conn for network I/O.
func NewConn(conn net.Conn, isTLS bool) *Conn {
return &Conn{
conn: conn,
chanConfirm: make(chan bool),
chanConfirm: make(chan struct{}),
chanMessageID: make(chan int64),
chanMessage: make(chan *messagePacket, 10),
messageContexts: map[int64]*messageContext{},
@ -158,12 +192,22 @@ func (l *Conn) Start() {
l.wgClose.Add(1)
}
// IsClosing returns whether or not we're currently closing.
func (l *Conn) IsClosing() bool {
return atomic.LoadUint32(&l.closing) == 1
}
// setClosing sets the closing value to true
func (l *Conn) setClosing() bool {
return atomic.CompareAndSwapUint32(&l.closing, 0, 1)
}
// Close closes the connection.
func (l *Conn) Close() {
l.once.Do(func() {
l.isClosing = true
l.wgSender.Wait()
l.messageMutex.Lock()
defer l.messageMutex.Unlock()
if l.setClosing() {
l.Debug.Printf("Sending quit message and waiting for confirmation")
l.chanMessage <- &messagePacket{Op: MessageQuit}
<-l.chanConfirm
@ -171,28 +215,26 @@ func (l *Conn) Close() {
l.Debug.Printf("Closing network connection")
if err := l.conn.Close(); err != nil {
log.Print(err)
log.Println(err)
}
l.wgClose.Done()
})
}
l.wgClose.Wait()
}
// SetTimeout sets the time after a request is sent that a MessageTimeout triggers
func (l *Conn) SetTimeout(timeout time.Duration) {
if timeout > 0 {
l.requestTimeout = timeout
atomic.StoreInt64(&l.requestTimeout, int64(timeout))
}
}
// Returns the next available messageID
func (l *Conn) nextMessageID() int64 {
if l.chanMessageID != nil {
if messageID, ok := <-l.chanMessageID; ok {
return messageID
}
}
return 0
}
@ -235,30 +277,41 @@ func (l *Conn) StartTLS(config *tls.Config) error {
ber.PrintPacket(packet)
}
if resultCode, message := getLDAPResultCode(packet); resultCode == LDAPResultSuccess {
if err := GetLDAPError(packet); err == nil {
conn := tls.Client(l.conn, config)
if err := conn.Handshake(); err != nil {
if connErr := conn.Handshake(); connErr != nil {
l.Close()
return NewError(ErrorNetwork, fmt.Errorf("TLS handshake failed (%v)", err))
return NewError(ErrorNetwork, fmt.Errorf("TLS handshake failed (%v)", connErr))
}
l.isTLS = true
l.conn = conn
} else {
return NewError(resultCode, fmt.Errorf("ldap: cannot StartTLS (%s)", message))
return err
}
go l.reader()
return nil
}
// TLSConnectionState returns the client's TLS connection state.
// The return values are their zero values if StartTLS did
// not succeed.
func (l *Conn) TLSConnectionState() (state tls.ConnectionState, ok bool) {
tc, ok := l.conn.(*tls.Conn)
if !ok {
return
}
return tc.ConnectionState(), true
}
func (l *Conn) sendMessage(packet *ber.Packet) (*messageContext, error) {
return l.sendMessageWithFlags(packet, 0)
}
func (l *Conn) sendMessageWithFlags(packet *ber.Packet, flags sendMessageFlags) (*messageContext, error) {
if l.isClosing {
if l.IsClosing() {
return nil, NewError(ErrorNetwork, errors.New("ldap: connection closed"))
}
l.messageMutex.Lock()
@ -297,7 +350,7 @@ func (l *Conn) sendMessageWithFlags(packet *ber.Packet, flags sendMessageFlags)
func (l *Conn) finishMessage(msgCtx *messageContext) {
close(msgCtx.done)
if l.isClosing {
if l.IsClosing() {
return
}
@ -316,12 +369,12 @@ func (l *Conn) finishMessage(msgCtx *messageContext) {
}
func (l *Conn) sendProcessMessage(message *messagePacket) bool {
if l.isClosing {
l.messageMutex.Lock()
defer l.messageMutex.Unlock()
if l.IsClosing() {
return false
}
l.wgSender.Add(1)
l.chanMessage <- message
l.wgSender.Done()
return true
}
@ -333,15 +386,14 @@ func (l *Conn) processMessages() {
for messageID, msgCtx := range l.messageContexts {
// If we are closing due to an error, inform anyone who
// is waiting about the error.
if l.isClosing && l.closeErr != nil {
msgCtx.sendResponse(&PacketResponse{Error: l.closeErr})
if l.IsClosing() && l.closeErr.Load() != nil {
msgCtx.sendResponse(&PacketResponse{Error: l.closeErr.Load().(error)})
}
l.Debug.Printf("Closing channel for MessageID %d", messageID)
close(msgCtx.responses)
delete(l.messageContexts, messageID)
}
close(l.chanMessageID)
l.chanConfirm <- true
close(l.chanConfirm)
}()
@ -350,11 +402,7 @@ func (l *Conn) processMessages() {
select {
case l.chanMessageID <- messageID:
messageID++
case message, ok := <-l.chanMessage:
if !ok {
l.Debug.Printf("Shutting down - message channel is closed")
return
}
case message := <-l.chanMessage:
switch message.Op {
case MessageQuit:
l.Debug.Printf("Shutting down - quit message received")
@ -377,14 +425,15 @@ func (l *Conn) processMessages() {
l.messageContexts[message.MessageID] = message.Context
// Add timeout if defined
if l.requestTimeout > 0 {
requestTimeout := time.Duration(atomic.LoadInt64(&l.requestTimeout))
if requestTimeout > 0 {
go func() {
defer func() {
if err := recover(); err != nil {
log.Printf("ldap: recovered panic in RequestTimeout: %v", err)
}
}()
time.Sleep(l.requestTimeout)
time.Sleep(requestTimeout)
timeoutMessage := &messagePacket{
Op: MessageTimeout,
MessageID: message.MessageID,
@ -397,7 +446,7 @@ func (l *Conn) processMessages() {
if msgCtx, ok := l.messageContexts[message.MessageID]; ok {
msgCtx.sendResponse(&PacketResponse{message.Packet, nil})
} else {
log.Printf("Received unexpected message %d, %v", message.MessageID, l.isClosing)
log.Printf("Received unexpected message %d, %v", message.MessageID, l.IsClosing())
ber.PrintPacket(message.Packet)
}
case MessageTimeout:
@ -439,8 +488,8 @@ func (l *Conn) reader() {
packet, err := ber.ReadPacket(l.conn)
if err != nil {
// A read error is expected here if we are closing the connection...
if !l.isClosing {
l.closeErr = fmt.Errorf("unable to read LDAP response packet: %s", err)
if !l.IsClosing() {
l.closeErr.Store(fmt.Errorf("unable to read LDAP response packet: %s", err))
l.Debug.Printf("reader error: %s", err.Error())
}
return

View File

@ -1,7 +1,3 @@
// Copyright 2011 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
package ldap
import (
@ -22,6 +18,11 @@ const (
ControlTypeVChuPasswordWarning = "2.16.840.1.113730.3.4.5"
// ControlTypeManageDsaIT - https://tools.ietf.org/html/rfc3296
ControlTypeManageDsaIT = "2.16.840.1.113730.3.4.2"
// ControlTypeMicrosoftNotification - https://msdn.microsoft.com/en-us/library/aa366983(v=vs.85).aspx
ControlTypeMicrosoftNotification = "1.2.840.113556.1.4.528"
// ControlTypeMicrosoftShowDeleted - https://msdn.microsoft.com/en-us/library/aa366989(v=vs.85).aspx
ControlTypeMicrosoftShowDeleted = "1.2.840.113556.1.4.417"
)
// ControlTypeMap maps controls to text descriptions
@ -29,6 +30,8 @@ var ControlTypeMap = map[string]string{
ControlTypePaging: "Paging",
ControlTypeBeheraPasswordPolicy: "Password Policy - Behera Draft",
ControlTypeManageDsaIT: "Manage DSA IT",
ControlTypeMicrosoftNotification: "Change Notification - Microsoft",
ControlTypeMicrosoftShowDeleted: "Show Deleted Objects - Microsoft",
}
// Control defines an interface controls provide to encode and describe themselves
@ -242,6 +245,64 @@ func NewControlManageDsaIT(Criticality bool) *ControlManageDsaIT {
return &ControlManageDsaIT{Criticality: Criticality}
}
// ControlMicrosoftNotification implements the control described in https://msdn.microsoft.com/en-us/library/aa366983(v=vs.85).aspx
type ControlMicrosoftNotification struct{}
// GetControlType returns the OID
func (c *ControlMicrosoftNotification) GetControlType() string {
return ControlTypeMicrosoftNotification
}
// Encode returns the ber packet representation
func (c *ControlMicrosoftNotification) Encode() *ber.Packet {
packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "Control")
packet.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, ControlTypeMicrosoftNotification, "Control Type ("+ControlTypeMap[ControlTypeMicrosoftNotification]+")"))
return packet
}
// String returns a human-readable description
func (c *ControlMicrosoftNotification) String() string {
return fmt.Sprintf(
"Control Type: %s (%q)",
ControlTypeMap[ControlTypeMicrosoftNotification],
ControlTypeMicrosoftNotification)
}
// NewControlMicrosoftNotification returns a ControlMicrosoftNotification control
func NewControlMicrosoftNotification() *ControlMicrosoftNotification {
return &ControlMicrosoftNotification{}
}
// ControlMicrosoftShowDeleted implements the control described in https://msdn.microsoft.com/en-us/library/aa366989(v=vs.85).aspx
type ControlMicrosoftShowDeleted struct{}
// GetControlType returns the OID
func (c *ControlMicrosoftShowDeleted) GetControlType() string {
return ControlTypeMicrosoftShowDeleted
}
// Encode returns the ber packet representation
func (c *ControlMicrosoftShowDeleted) Encode() *ber.Packet {
packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "Control")
packet.AppendChild(ber.NewString(ber.ClassUniversal, ber.TypePrimitive, ber.TagOctetString, ControlTypeMicrosoftShowDeleted, "Control Type ("+ControlTypeMap[ControlTypeMicrosoftShowDeleted]+")"))
return packet
}
// String returns a human-readable description
func (c *ControlMicrosoftShowDeleted) String() string {
return fmt.Sprintf(
"Control Type: %s (%q)",
ControlTypeMap[ControlTypeMicrosoftShowDeleted],
ControlTypeMicrosoftShowDeleted)
}
// NewControlMicrosoftShowDeleted returns a ControlMicrosoftShowDeleted control
func NewControlMicrosoftShowDeleted() *ControlMicrosoftShowDeleted {
return &ControlMicrosoftShowDeleted{}
}
// FindControl returns the first control of the given type in the list, or nil
func FindControl(controls []Control, controlType string) Control {
for _, c := range controls {
@ -253,7 +314,7 @@ func FindControl(controls []Control, controlType string) Control {
}
// DecodeControl returns a control read from the given packet, or nil if no recognized control can be made
func DecodeControl(packet *ber.Packet) Control {
func DecodeControl(packet *ber.Packet) (Control, error) {
var (
ControlType = ""
Criticality = false
@ -263,7 +324,7 @@ func DecodeControl(packet *ber.Packet) Control {
switch len(packet.Children) {
case 0:
// at least one child is required for control type
return nil
return nil, fmt.Errorf("at least one child is required for control type")
case 1:
// just type, no criticality or value
@ -296,17 +357,20 @@ func DecodeControl(packet *ber.Packet) Control {
default:
// more than 3 children is invalid
return nil
return nil, fmt.Errorf("more than 3 children is invalid for controls")
}
switch ControlType {
case ControlTypeManageDsaIT:
return NewControlManageDsaIT(Criticality)
return NewControlManageDsaIT(Criticality), nil
case ControlTypePaging:
value.Description += " (Paging)"
c := new(ControlPaging)
if value.Value != nil {
valueChildren := ber.DecodePacket(value.Data.Bytes())
valueChildren, err := ber.DecodePacketErr(value.Data.Bytes())
if err != nil {
return nil, fmt.Errorf("failed to decode data bytes: %s", err)
}
value.Data.Truncate(0)
value.Value = nil
value.AppendChild(valueChildren)
@ -318,12 +382,15 @@ func DecodeControl(packet *ber.Packet) Control {
c.PagingSize = uint32(value.Children[0].Value.(int64))
c.Cookie = value.Children[1].Data.Bytes()
value.Children[1].Value = c.Cookie
return c
return c, nil
case ControlTypeBeheraPasswordPolicy:
value.Description += " (Password Policy - Behera)"
c := NewControlBeheraPasswordPolicy()
if value.Value != nil {
valueChildren := ber.DecodePacket(value.Data.Bytes())
valueChildren, err := ber.DecodePacketErr(value.Data.Bytes())
if err != nil {
return nil, fmt.Errorf("failed to decode data bytes: %s", err)
}
value.Data.Truncate(0)
value.Value = nil
value.AppendChild(valueChildren)
@ -334,23 +401,29 @@ func DecodeControl(packet *ber.Packet) Control {
for _, child := range sequence.Children {
if child.Tag == 0 {
//Warning
child := child.Children[0]
packet := ber.DecodePacket(child.Data.Bytes())
warningPacket := child.Children[0]
packet, err := ber.DecodePacketErr(warningPacket.Data.Bytes())
if err != nil {
return nil, fmt.Errorf("failed to decode data bytes: %s", err)
}
val, ok := packet.Value.(int64)
if ok {
if child.Tag == 0 {
if warningPacket.Tag == 0 {
//timeBeforeExpiration
c.Expire = val
child.Value = c.Expire
} else if child.Tag == 1 {
warningPacket.Value = c.Expire
} else if warningPacket.Tag == 1 {
//graceAuthNsRemaining
c.Grace = val
child.Value = c.Grace
warningPacket.Value = c.Grace
}
}
} else if child.Tag == 1 {
// Error
packet := ber.DecodePacket(child.Data.Bytes())
packet, err := ber.DecodePacketErr(child.Data.Bytes())
if err != nil {
return nil, fmt.Errorf("failed to decode data bytes: %s", err)
}
val, ok := packet.Value.(int8)
if !ok {
// what to do?
@ -361,22 +434,26 @@ func DecodeControl(packet *ber.Packet) Control {
c.ErrorString = BeheraPasswordPolicyErrorMap[c.Error]
}
}
return c
return c, nil
case ControlTypeVChuPasswordMustChange:
c := &ControlVChuPasswordMustChange{MustChange: true}
return c
return c, nil
case ControlTypeVChuPasswordWarning:
c := &ControlVChuPasswordWarning{Expire: -1}
expireStr := ber.DecodeString(value.Data.Bytes())
expire, err := strconv.ParseInt(expireStr, 10, 64)
if err != nil {
return nil
return nil, fmt.Errorf("failed to parse value as int: %s", err)
}
c.Expire = expire
value.Value = c.Expire
return c
return c, nil
case ControlTypeMicrosoftNotification:
return NewControlMicrosoftNotification(), nil
case ControlTypeMicrosoftShowDeleted:
return NewControlMicrosoftShowDeleted(), nil
default:
c := new(ControlString)
c.ControlType = ControlType
@ -384,7 +461,7 @@ func DecodeControl(packet *ber.Packet) Control {
if value != nil {
c.ControlValue = value.Value.(string)
}
return c
return c, nil
}
}

View File

@ -6,7 +6,7 @@ import (
"gopkg.in/asn1-ber.v1"
)
// debbuging type
// debugging type
// - has a Printf method to write the debug output
type debugging bool

View File

@ -40,7 +40,7 @@ func (l *Conn) Del(delRequest *DelRequest) error {
packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")
packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID"))
packet.AppendChild(delRequest.encode())
if delRequest.Controls != nil {
if len(delRequest.Controls) > 0 {
packet.AppendChild(encodeControls(delRequest.Controls))
}
@ -71,9 +71,9 @@ func (l *Conn) Del(delRequest *DelRequest) error {
}
if packet.Children[1].Tag == ApplicationDelResponse {
resultCode, resultDescription := getLDAPResultCode(packet)
if resultCode != 0 {
return NewError(resultCode, errors.New(resultDescription))
err := GetLDAPError(packet)
if err != nil {
return err
}
} else {
log.Printf("Unexpected Response: %d", packet.Children[1].Tag)

View File

@ -1,8 +1,4 @@
// Copyright 2015 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//
// File contains DN parsing functionallity
// File contains DN parsing functionality
//
// https://tools.ietf.org/html/rfc4514
//
@ -52,7 +48,7 @@ import (
"fmt"
"strings"
ber "gopkg.in/asn1-ber.v1"
"gopkg.in/asn1-ber.v1"
)
// AttributeTypeAndValue represents an attributeTypeAndValue from https://tools.ietf.org/html/rfc4514
@ -83,9 +79,20 @@ func ParseDN(str string) (*DN, error) {
attribute := new(AttributeTypeAndValue)
escaping := false
unescapedTrailingSpaces := 0
stringFromBuffer := func() string {
s := buffer.String()
s = s[0 : len(s)-unescapedTrailingSpaces]
buffer.Reset()
unescapedTrailingSpaces = 0
return s
}
for i := 0; i < len(str); i++ {
char := str[i]
if escaping {
switch {
case escaping:
unescapedTrailingSpaces = 0
escaping = false
switch char {
case ' ', '"', '#', '+', ',', ';', '<', '=', '>', '\\':
@ -94,23 +101,23 @@ func ParseDN(str string) (*DN, error) {
}
// Not a special character, assume hex encoded octet
if len(str) == i+1 {
return nil, errors.New("Got corrupted escaped character")
return nil, errors.New("got corrupted escaped character")
}
dst := []byte{0}
n, err := enchex.Decode([]byte(dst), []byte(str[i:i+2]))
if err != nil {
return nil, fmt.Errorf("Failed to decode escaped character: %s", err)
return nil, fmt.Errorf("failed to decode escaped character: %s", err)
} else if n != 1 {
return nil, fmt.Errorf("Expected 1 byte when un-escaping, got %d", n)
return nil, fmt.Errorf("expected 1 byte when un-escaping, got %d", n)
}
buffer.WriteByte(dst[0])
i++
} else if char == '\\' {
case char == '\\':
unescapedTrailingSpaces = 0
escaping = true
} else if char == '=' {
attribute.Type = buffer.String()
buffer.Reset()
case char == '=':
attribute.Type = stringFromBuffer()
// Special case: If the first character in the value is # the
// following data is BER encoded so we can just fast forward
// and decode.
@ -125,15 +132,21 @@ func ParseDN(str string) (*DN, error) {
}
rawBER, err := enchex.DecodeString(data)
if err != nil {
return nil, fmt.Errorf("Failed to decode BER encoding: %s", err)
return nil, fmt.Errorf("failed to decode BER encoding: %s", err)
}
packet, err := ber.DecodePacketErr(rawBER)
if err != nil {
return nil, fmt.Errorf("failed to decode BER packet: %s", err)
}
packet := ber.DecodePacket(rawBER)
buffer.WriteString(packet.Data.String())
i += len(data) - 1
}
} else if char == ',' || char == '+' {
case char == ',' || char == '+':
// We're done with this RDN or value, push it
attribute.Value = buffer.String()
if len(attribute.Type) == 0 {
return nil, errors.New("incomplete type, value pair")
}
attribute.Value = stringFromBuffer()
rdn.Attributes = append(rdn.Attributes, attribute)
attribute = new(AttributeTypeAndValue)
if char == ',' {
@ -141,8 +154,17 @@ func ParseDN(str string) (*DN, error) {
rdn = new(RelativeDN)
rdn.Attributes = make([]*AttributeTypeAndValue, 0)
}
buffer.Reset()
case char == ' ' && buffer.Len() == 0:
// ignore unescaped leading spaces
continue
default:
if char == ' ' {
// Track unescaped spaces in case they are trailing and we need to remove them
unescapedTrailingSpaces++
} else {
// Reset if we see a non-space char
unescapedTrailingSpaces = 0
}
buffer.WriteByte(char)
}
}
@ -150,9 +172,76 @@ func ParseDN(str string) (*DN, error) {
if len(attribute.Type) == 0 {
return nil, errors.New("DN ended with incomplete type, value pair")
}
attribute.Value = buffer.String()
attribute.Value = stringFromBuffer()
rdn.Attributes = append(rdn.Attributes, attribute)
dn.RDNs = append(dn.RDNs, rdn)
}
return dn, nil
}
// Equal returns true if the DNs are equal as defined by rfc4517 4.2.15 (distinguishedNameMatch).
// Returns true if they have the same number of relative distinguished names
// and corresponding relative distinguished names (by position) are the same.
func (d *DN) Equal(other *DN) bool {
if len(d.RDNs) != len(other.RDNs) {
return false
}
for i := range d.RDNs {
if !d.RDNs[i].Equal(other.RDNs[i]) {
return false
}
}
return true
}
// AncestorOf returns true if the other DN consists of at least one RDN followed by all the RDNs of the current DN.
// "ou=widgets,o=acme.com" is an ancestor of "ou=sprockets,ou=widgets,o=acme.com"
// "ou=widgets,o=acme.com" is not an ancestor of "ou=sprockets,ou=widgets,o=foo.com"
// "ou=widgets,o=acme.com" is not an ancestor of "ou=widgets,o=acme.com"
func (d *DN) AncestorOf(other *DN) bool {
if len(d.RDNs) >= len(other.RDNs) {
return false
}
// Take the last `len(d.RDNs)` RDNs from the other DN to compare against
otherRDNs := other.RDNs[len(other.RDNs)-len(d.RDNs):]
for i := range d.RDNs {
if !d.RDNs[i].Equal(otherRDNs[i]) {
return false
}
}
return true
}
// Equal returns true if the RelativeDNs are equal as defined by rfc4517 4.2.15 (distinguishedNameMatch).
// Relative distinguished names are the same if and only if they have the same number of AttributeTypeAndValues
// and each attribute of the first RDN is the same as the attribute of the second RDN with the same attribute type.
// The order of attributes is not significant.
// Case of attribute types is not significant.
func (r *RelativeDN) Equal(other *RelativeDN) bool {
if len(r.Attributes) != len(other.Attributes) {
return false
}
return r.hasAllAttributes(other.Attributes) && other.hasAllAttributes(r.Attributes)
}
func (r *RelativeDN) hasAllAttributes(attrs []*AttributeTypeAndValue) bool {
for _, attr := range attrs {
found := false
for _, myattr := range r.Attributes {
if myattr.Equal(attr) {
found = true
break
}
}
if !found {
return false
}
}
return true
}
// Equal returns true if the AttributeTypeAndValue is equivalent to the specified AttributeTypeAndValue
// Case of the attribute type is not significant
func (a *AttributeTypeAndValue) Equal(other *AttributeTypeAndValue) bool {
return strings.EqualFold(a.Type, other.Type) && a.Value == other.Value
}

Some files were not shown because too many files have changed in this diff Show More