This PR extends #16594 to allow LDAP to be able to be set to skip local 2FA too. The technique used here would be extensible to PAM and SMTP sources.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Clean-up HookPreReceive and restore functionality for pushing non-standard refs
There was an inadvertent breaking change in #15629 meaning that notes refs and other
git extension refs will be automatically rejected.
Further following #14295 and #15629 the pre-recieve hook code is untenably long and
too complex.
This PR refactors the hook code and removes the incorrect forced rejection of
non-standard refs.
Fix#16688
Signed-off-by: Andrew Thornton <art27@cantab.net>
When converting repositories from forks to normal the root NumFork needs to be
decremented too.
Fix#17026
Signed-off-by: Andrew Thornton <art27@cantab.net>
Often when handling problems it is not clear which configuration file Gitea is
using. This PR simply ensures that the configuration file is emitted.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Use common sessioner for API and Web
Instead of creating separate sessioner and doubly initialising the provider just
use the same sessioner for the API and Web routes.
Signed-off-by: Andrew Thornton <art27@cantab.net>
Fixes#16381
Note that changes to unprotected files via the web editor still cannot be pushed directly to the protected branch. I could easily add such support for edits and deletes if needed. But for adding, uploading or renaming unprotected files, it is not trivial.
* Extract & Move GetAffectedFiles to modules/git
This PR adds a setting to OAuth and OpenID login sources to allow the source to
skip local 2FA authentication.
Fix#13939
Signed-off-by: Andrew Thornton <art27@cantab.net>
When create a new issue or comment and paste/upload an attachment/image, it will not assign an issue id before submit. So if user give up the creating, the attachments will lost key feature and become dirty content. We don't know if we need to delete the attachment even if the repository deleted.
This PR add a repo_id in attachment table so that even if a new upload attachment with no issue_id or release_id but should have repo_id. When deleting a repository, they could also be deleted.
Co-authored-by: 6543 <6543@obermui.de>
Rename`[repository]` `DISABLE_MIRRORS` to `[mirror]` `DISABLE_NEW_PULL` and add `ENABLED` and `DISABLE_NEW_PUSH` with the below meanings:
- `ENABLED`: **true**: Enables the mirror functionality. Set to **false** to disable all mirrors.
- `DISABLE_NEW_PULL`: **false**: Disable the creation of **new** mirrors. Pre-existing mirrors remain valid.
- `DISABLE_NEW_PUSH`: **false**: Disable the creation of **new** push mirrors. Pre-existing mirrors remain valid.
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
* Add Cache-Control to avatar redirects
This does seem to do the trick to make the Avatar redirects cachable
in Chrome.
In Firefox, it does not seem to work, thought and I found no way to
suppress the requests to the original URLs, I even tried setting an
Etag to no avail.
Related discussion in https://github.com/go-gitea/gitea/issues/16964.
Co-authored-by: zeripath <art27@cantab.net>
PR #16125 did not update the error handlers to handle conflict errors relating
to rebases. This PR adds them.
Fix#16922
Signed-off-by: Andrew Thornton <art27@cantab.net>
Calculate and return the number of Repositories on the dashboard
Organization list.
This PR restores some of the logic that was removed in #14032 to
calculate the number of repos on the dashboard orgs list.
Fix#16648
Replaces #16799
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* make sure headGitRepo is closed on err too
* refactor
* Fix git.Blob.DataAsync(): exec cancel since we already read all bytes (close pipe since we return a NopCloser)
There are multiple places where wiki git repositories are not properly closed.
This PR ensures they are closed.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* In Render tolerate not being passed a context
It is possible for RenderString to be passed to an external renderer if markdown
is set to be rendered by an external renderer. No context is currently sent to these
meaning that this will error out.
Fix#16835
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add Context to Repo calls for RenderString
All calls from routers can easily add the context - so add it.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Refactor the fork service slightly to take ForkRepoOptions
This reduces the number of places we need to change if we want to add other
options during fork time.
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
* Fix integrations and tests after ForkRepository refactor
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
* Update OldRepo -> BaseRepo
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
* gofmt pass
Signed-off-by: Kyle Evans <kevans@FreeBSD.org>
Fix#16801
Even if default branch is removed from the current page, but the total branches number should be still kept. So that the pagination calculation will be correct.
There is a missing return in handleSettingRemoteAddrError which means
that the error page for repo settings is duplicately rendered.
Fix#16771
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Add info about list endpoints to CONTRIBUTING.md
* Let all list endpoints return X-Total-Count header
* Add TODOs for GetCombinedCommitStatusByRef
* Fix models/issue_stopwatch.go
* Rrefactor models.ListDeployKeys
* Introduce helper func and use them for SetLinkHeader related func
* Improve SMTP authentication, Fix user creation bugs and add LDAP cert/key options
This PR has two parts:
Improvements for SMTP authentication:
* Default to use SMTPS if port is 465, and allow setting of force SMTPS.
* Always use STARTTLS if available
* Provide CRAM-MD5 mechanism
* Add options for HELO hostname disabling
* Add options for providing certificates and keys
* Handle application specific password response as a failed user login
instead of as a 500.
Close#16104
Fix creation of new users:
* A bug was introduced when allowing users to change usernames which
prevents the creation of external users.
* The LoginSource refactor also broke this page.
Close#16104
Signed-off-by: Andrew Thornton <art27@cantab.net>
Followup from #16562 prepare for #16567
* Rename ctx.Form() to ctx.FormString()
* Reimplement FormX func to need less code and cpu cycles
* Move code into own file
* Allow setting X-FRAME-OPTIONS
This PR provides a mechanism to set the X-FRAME-OPTIONS header.
Fix#7951
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update docs/content/doc/advanced/config-cheat-sheet.en-us.md
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Set AllowedHeaders on API CORS handler and add missing Access-Control-Expose-Headers
to pull API.
Fix#16100
Signed-off-by: Andrew Thornton <art27@cantab.net>
