Commit Graph

6986 Commits

Author SHA1 Message Date
Lunny Xiao
d269179523 fix bug when deleting a linked account will removed all (#5989) (#5990) 2019-02-07 07:11:51 +00:00
zeripath
6416f06508
Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
Backport of #5939 

1. A key can either be an ssh user key or a deploy key. It cannot be both.
2. If a key is a user key - it can only be associated with one user.
3. If a key is a deploy key - it can be used in multiple repositories and the permissions it has on those repositories can be different.
4. If a repository is deleted, its deploy keys must be deleted too.

We currently don't enforce any of this and multiple repositories access with different permissions doesn't work at all. This PR enforces the following constraints:

- [x] You should not be able to add the same user key as another user
- [x] You should not be able to add a ssh user key which is being used as a deploy key
- [x] You should not be able to add a ssh deploy key which is being used as a user key
- [x] If you add an ssh deploy key to another repository you should be able to use it in different modes without losing the ability to use it in the other mode.
- [x] If you delete a repository you must delete all its deploy keys.

Fix #1357
2019-02-04 21:41:03 +00:00
Lanre Adelowo
1a8ab63dda show user who created the repository instead of the organization in action feed (#5948) (#5956) 2019-02-04 11:20:36 +02:00
Lanre Adelowo
477b4de0d1 handle milestone events for issues and PR (#5947) (#5955)
Backport of #5947
2019-02-04 08:33:56 +00:00
zeripath
849c85a2ec Fix #5866: Silence console logger in gitea serv (#5887) (#5943)
By default, if `setting.NewContext()` prints out any warning logs, these are printed to the stdout breaking `git receive-pack` etc. meaning that even if there is a warning because of a minor problem in your app.ini but gitea starts despite this - you **CANNOT** push or pull over SSH.

This PR disables the console logger whilst in `serv.go`

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-02-03 13:50:41 -05:00
zeripath
731275247d Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
The gitea prerecieve and postrecieve hooks and the gitea PushUpdate function require that the PusherID and PusherName are real users. Previously, these environment variables were not being set when using a deploy key - the main result being that pushing to empty repositories meant that is_empty status was not changed.

I've also added an integration test to ensure that the is_empty status is updated on pushing with a deploy key.

There is a slight issue in that the deploy key is now considered a proxy for the owner - we don't have a way of separating out the deploy key from the owner at present. This can be fixed in another PR.

Fix #3795 

Signed-off-by: Andrew Thornton art27@cantab.net
2019-02-03 13:04:09 -05:00
John Olheiser
022634aa75 Remove all CommitStatus when a repo is deleted (#5941)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2019-02-03 00:55:33 -05:00
techknowlogick
dfad569e40
1.7.1 changelog (#5918) 2019-01-31 11:11:25 -05:00
techknowlogick
c3b67ff2f6
Disable redirect for i18n (#5910) (#5916) 2019-01-31 10:07:57 -05:00
Lanre Adelowo
5c30817b5f fix compare button on upstream repo leading to 404 (#5877) (#5914) 2019-01-31 09:55:39 -05:00
Lanre Adelowo
438848a2ca respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915) 2019-01-31 09:38:01 -05:00
Lunny Xiao
9d4aa78113 Fix bug when read public repo lfs file (#5913)
* fix bug when read public repo lfs file

* add comment on lfs permission check
2019-01-31 13:36:10 +00:00
zeripath
e5af93af20 Only allow local login if password is non-empty (#5906) (#5908) 2019-01-30 23:46:19 +02:00
Lauris BH
3f802a2846
Fix go-get URL generation (#5905) (#5907) 2019-01-30 23:29:44 +02:00
zeripath
0190d3c243
Prevent nil dereference in mailIssueCommentToParticipants (#5891, #5895) (#5894)
* Ensure issue.Poster is loaded in mailIssueCommentToParticipants (#5891)

Previous code could potentially dereference nil - this PR ensures
that the poster is loaded before dereferencing it.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Also ensure the repo is loaded

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-29 22:44:00 +00:00
Lauris BH
4fe1a3050e When creating new repository fsck option should be enabled (#5817) (#5885) 2019-01-29 09:42:47 +08:00
zeripath
29799537a7
API: Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
Backport of #5872 to v1.7

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-28 20:26:55 +00:00
Harshit Bansal
d3a334d99a Fix an error while adding a dependency via UI. (Backport #5862) (#5876)
Fixes: #5783.
2019-01-28 12:51:30 +00:00
yasuokav
28d9305ea3 Fix delete correct temp directory (#5840) 2019-01-25 02:33:15 -05:00
kolaente
8a9f5b3b50 Added docs for the tree api (#5835)
* Added docs for the tree api

* Updated swagger docs

* Added missing response definition

* Updated swagger docs

* Fixed swagger docs
2019-01-24 20:40:54 +02:00
Antoine GIRARD
f28e17473c Backport #5830 : Include Go toolchain to --version (#5832)
* Include Go version

* fix import order
2019-01-24 10:33:28 -05:00
Lauris BH
2c26521579
Request for public keys only if LDAP attribute is set (#5816) (#5819)
* Update go-ldap dependency

* Request for public keys only if attribute is set
2019-01-24 12:21:36 +02:00
Joona Hoikkala
f635041c98 Fix TLS errors when using acme/autocert for local connections (#5820) (#5826) 2019-01-24 09:48:02 +02:00
techknowlogick
3fa49f3780 1.7.0 changelog (#5802) 2019-01-22 21:21:46 +02:00
Lanre Adelowo
4577cddd28 Disallow empty titles (#5785) (#5794)
* add util method and tests

* make sure the title of an issue cannot be empty

* wiki title cannot be empty

* pull request title cannot be empty

* update to make use of the new util methof
2019-01-21 17:55:12 +02:00
techknowlogick
8da5237107
1.7.0-rc3 changelog (#5756) 2019-01-18 01:08:41 -05:00
techknowlogick
8006b1bc7a backport 1.6.4 changelog to 1.7 branch (#5741) 2019-01-16 14:43:06 +02:00
Julian Tölle
8d400320c6 fix: use correct value for "MSpan Structures Obtained" #4742 (#5706) (#5716)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2019-01-13 16:32:55 +02:00
zeripath
e9c4609410 Do not display the raw OpenID error in the UI (#5705) (#5712)
* Do not display the raw OpenID error in the UI

If there are no `WHITELIST_URIS` or `BLACKLIST_URIS` set in the openid
section of the app.ini, it is possible that gitea can leak sensitive
information about the local network through the error provided by the
UI. This PR hides the error information and logs it.

Fix #4973

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Update auth_openid.go

Place error log within the `err != nil` branch.
2019-01-13 08:05:20 -05:00
Zsombor
176a6048b4 Update xorm to fix issue #5659 and #5651 (#5680) (#5692) 2019-01-10 21:43:29 +02:00
Lunny Xiao
483aa06b07 fix public will not be reused as public key after deleting as deploy key (#5671) (#5684) 2019-01-10 09:23:33 -05:00
zeripath
551dc58a4d When redirecting clean the path to avoid redirecting to //www.othersite.com (#5669) (#5679)
Fix #5627

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-09 17:32:49 -05:00
Julian
41a2bfe3ae Only count users own actions for heatmap contributions (#5647) (#5655)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2019-01-06 22:16:55 +02:00
Julian
652e09fc3e fix commit page showing status for current default branch (#5650) (#5653)
Signed-off-by: Julian Tölle <julian.toelle97@gmail.com>
2019-01-06 19:11:49 +01:00
Harshit Bansal
c9b57a5135 Don't close issues via commits on non-default branch. (#5622) (#5643)
Adds a small check to close the issues only if the referencing commits
are on the default branch.

Fixes: #2314.
2019-01-05 22:04:02 +02:00
zeripath
2904d8d6aa Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
* Fix sqlite deadlock when assigning to a PR

Fix 5639

Signed-off-by: Andrew Thornton <art27@cantab.net>

* More possible deadlocks found and fixed

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-05 10:18:17 -05:00
Jonas Franz
109fc7975b
Add changelog for 1.6.3 and 1.7.0-rc2 (#5638)
Signed-off-by: Jonas Franz <info@jonasfranz.software>
2019-01-04 19:17:32 +01:00
zeripath
3ee3a4b595 SECURITY: protect DeleteFilePost et al with cleanUploadFileName (#5631) (#5635)
This commit wraps more of the TreePaths with cleanUploadFileName

Signed-off-by: Andrew Thornton <art27@cantab.net>
2019-01-04 17:41:30 +01:00
Lauris BH
14e218cbd1
Backport latest translation changes 2019-01-04 11:26:23 +02:00
0x5c
b5f4911afa
Documentation: Clarity for HTTPS setups (#5626)
[https-setup]
- Made it clearer that HTTP redirection is possible
[config-cheat-sheet]
- Clarified the behavihour of the redirection-related config keys

Signed-off-by: Matti Ranta <matti@mdranta.net>
2019-01-03 18:53:51 -05:00
GiteaBot
9863591dca [skip ci] Updated translations via Crowdin 2019-01-03 10:19:43 +00:00
Jonas Franz
121da08730
Add changelog for 1.7.0-rc1 (#5616)
* Add changelog for 1.7.0-rc1

* Change position of refactoring of heatmap

* Refactoring some items in changelog

* Fix wrong PR title in changelog

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Remove backported PRs

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Fix wrong date

Signed-off-by: Jonas Franz <info@jonasfranz.software>

* Add new PR to list

* Security fixes have been backported
2019-01-03 11:17:28 +01:00
Moshi Binyamini
76060613ef Fix bug on modifying sshd username (#5624)
Should fix #5623
2019-01-02 17:42:33 -05:00
techknowlogick
74b9a13f84
Update @jonasfranz's username (#5619)
* Update @jonasfranz's username

* lowercase'd username
2019-01-02 13:35:18 -05:00
techknowlogick
7c3722b366
Update owners & Date in contributing (#5620) 2019-01-02 13:00:19 -05:00
GiteaBot
f5be13efb6 [skip ci] Updated translations via Crowdin 2019-01-02 12:59:14 +00:00
Harshit Bansal
8764f1512d branch: Trigger update when deleting branch via UI. (#5617)
Fixes: #5309.
2019-01-02 20:56:58 +08:00
Rodrigo Villablanca Vásquez
4c52858c39 Issue is not overdue when it is on the same date #5566 (#5568)
* Due date time of issues and milestones is set to 23:59:59

* Add docs

* make gen swagger

* fix swagger gen
2019-01-01 18:56:47 +01:00
Harshit Bansal
63bd1b9203 mirror: Delete tags in mirror which are removed for original repo. (#5609)
This bug was being caused by an error in the logic in `release.go`.
Credit to @yasuokav for tracing the root of the issue.

Fixes: #5192.
2018-12-31 18:00:54 -05:00
Daniel Wolf
b46c279587 update v71.go to resolve #5595 (#5613) 2018-12-31 21:23:03 +08:00