Commit Graph

2373 Commits

Author SHA1 Message Date
Cirno the Strongest 95af6096fb
Fix missing authorization check on pull for public repos of private/limited org (#11656) (#11683)
Fixes #11651

(cherry picked from commit 02fa329a7c)
2020-05-29 22:12:21 +01:00
silverwind b52e8de7de
Fix commit page js error (1.11 backport) (#11527)
Partial backport of fd094eea95 to 1.11.

Fixes: https://github.com/go-gitea/gitea/issues/11518
2020-05-20 22:01:01 -04:00
zeripath 04e480d477
Whenever the ctx.Session is updated, release it to save it before sending the redirect (#11456) (#11457)
Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-05-18 00:30:31 +08:00
zeripath de9a96c4de
Forcibly clean and destroy the session on logout (#11447) (#11451)
Backport #11447

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2020-05-17 14:32:33 +03:00
6543 d78be7ddf9
Fix /api/v1/orgs/* endpoints by changing parameter to :org from :orgname (#11381) 2020-05-12 08:46:44 +03:00
guillep2k 0b216f40fd
Fix tracked time issues (#11349) (#11354)
Backport #11349 

* Fix tracked time issues (#11349)

* Fix nil exeption: #11313

* fix 500

* activate test 😆

* move logic

* Add missing import

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Guillermo Prandi <guillep2k@users.noreply.github.com>
2020-05-09 18:08:41 +01:00
6543 79868d7096
When delete tracked time through the API return 404 not 500 (#11319) (#11326) 2020-05-07 22:42:33 +03:00
guillep2k ff7eaa1eb4
Show pull request selection even when unrelated branches (#11239) (#11283)
Fix #10525

Signed-off-by: Andrew Thornton <art27@cantab.net>

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-05-04 12:38:26 +01:00
Kyle Evans 5131206aad
repo: milestone: make /milestone/:id endpoint accessible (#11264) (#11282)
Previously, this required authentication, but there's not actually
any privileged information on this page.  Move the endpoint out of
the group that requires sign-in.  It still requires the ability to
read issues and pull requests, so private repositories (for instance)
will not be exposed.

Fixes #10312 
Fixes #11233

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-05-04 04:12:36 +03:00
zeripath dca8ef9407
Prevent clones and pushes to disabled wiki (#11131) (#11134)
Backport #11131

Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-04-19 16:40:40 +01:00
6543 cc2a6c1d30
Fix merge dialog on protected branch with missing required statuses (#11074) (#11084)
It is possible for misconfigured protected branches to have required status checks that are not in any of the current statuses: Pending, Success, Error, Failure, or Warning - presumably because the CI has not contacted us as yet.

Fix #10636 by adding case: missing StatusChecks when these are missing
2020-04-16 10:45:34 +03:00
Lunny Xiao 139fc7cfee
Fix milestones too many SQL variables bug (#10880) (#10904)
* Fix milestones too many SQL variables bug

* Fix test

* Don't display repositories with no milestone and fix tests

* Remove unused code and add some comments
2020-03-31 08:40:37 -05:00
zeripath 596eebb2b6
Protect against NPEs in notifications list (#10879) (#10883)
* Protect against NPEs in notifications list (#10879)

Unfortunately there appears to be potential race with notifications
being set before the associated issue has been committed.

This PR adds protection in to the notifications list to log any failures
and remove these notifications from the display.

References #10815 - and prevents the panic but does not completely fix
this.

Signed-off-by: Andrew Thornton <art27@cantab.net>

* add log import

* Update models/notification.go

Co-Authored-By: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-03-30 15:23:02 +08:00
zeripath 3dabfd4933
Convert plumbing.ErrReferenceNotFound to git.ErrNotExist in GetRefCommitID (#10676) (#10797)
* Fix panic in API pulls when headbranch does not exist (#10676)

Backport #10676

* Fix panic in API pulls when headbranch does not exist
* refix other reference to plumbing.ErrReferenceNotFound

Signed-off-by: Andrew Thornton <art27@cantab.net>

* Apply suggestions from code review

Co-Authored-By: Lauris BH <lauris@nix.lv>
2020-03-23 15:01:25 +02:00
Lunny Xiao 602fe45936
Fix bug on branch API (#10767) (#10775)
* Fix bug on branch API (#10767)

* Fix branch api canPush and canMerge
2020-03-20 23:31:01 +02:00
Lauris BH c0b917b7eb
Migrate to go-git/go-git v5.0.0 (#10735) (#10753) 2020-03-18 22:36:31 -04:00
zeripath 66b31786d3
Prevent panic in stopwatch (#10670) (#10673)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-03-08 21:14:27 +02:00
John Olheiser 21eaeb8418
Issue writers perms can modify issues (#10623) (#10626)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-03-06 04:42:20 +00:00
Lauris BH 9a929ad17f
Handle deleted base branch in PR (#10618) (#10619)
Signed-off-by: Andrew Thornton <art27@cantab.net>
2020-03-05 22:23:34 +02:00
John Olheiser 6f5656ab0e
Logout POST action (#10582) (#10585)
* Change logout to POST

* Update for redirect

* Revert octicon to font

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-03-03 13:54:15 +08:00
guillep2k e4a876cee1
Admin page for managing user e-mail activation (#10557) (#10579)
* Admin page for managing user e-mail activation (#10557)

* Implement mail activation admin panel

* Apply suggestions by @lunny

* Add UI for user activated emails

* Prevent admin from self-deactivate; add modal

Co-authored-by: zeripath <art27@cantab.net>

* Fix pagination options downgrade

Co-authored-by: zeripath <art27@cantab.net>
2020-03-02 17:09:37 -03:00
James Lakin 65dceb6a40
Fix redirection path if Slack webhook channel is invalid (#10566)
The path to the hook config is already defined by orgRepoCtx
2020-03-02 13:54:07 +02:00
Andreas Shimokawa 76878fd69b
Fix 404 after activating secondary email (backport of #10547) (#10553) 2020-03-01 13:27:13 +01:00
zeripath caa2aeaa52
Show Signer in commit lists and add basic trust (#10425) (#10524)
Backport #10425
Backport #10511

* Show Signer in commit lists and add basic trust (#10425)

Show the avatar of the signer in the commit list pages as we do not
enforce that the signer is an author or committer. This makes it
clearer who has signed the commit.

Also display commits signed by non-members differently from
members and in particular make it clear when a non-member signer
is different from the committer to help reduce the risk of
spoofing.

Signed-off-by: Andrew Thornton <art27@cantab.net>

Fix the signing icon in the  view_list.tmpl page (#10511)

Co-Authored-By: silverwind <me@silverwind.io>
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-28 14:18:02 -03:00
6543 11300ee582
Fix potential bugs (#10513) (#10518)
* use e if it is an option
* potential nil so check err first
* check err first
* m == nil already checked
2020-02-28 00:12:23 -03:00
zeripath 5d11ccc9e1
Handle push rejection message in Merge & Web Editor (#10373) (#10497)
Backport #10373

* Handle push rejection message in Merge

* Fix sanitize, adjust message handling

* Handle push-rejection in webeditor CRUD too

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-02-27 15:37:11 +02:00
John Olheiser 1fbdd9335f
Fix double PR notification from API (#10482) (#10486)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-02-26 22:39:39 +02:00
John Olheiser e9061a537c
Fix admin notices (#10480) (#10483)
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-02-26 11:14:37 -06:00
John Olheiser ed664a9e1d
Change admin dashboard to POST (#10465) (#10466)
* Change admin dashboard to POST (#10465)

* Add form and convert to POST

* Redirect for flash

* Convert octicons back to fa for 1.11

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-02-25 17:42:43 -06:00
John Olheiser 4cb18601ff
Change action GETs to POST (#10462) (#10464)
* Change action GETs to POST

* submite = submit + smite

* No more # href

* Fix test

* Match other tests

* Explicit csrf

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-25 15:08:21 -06:00
6543 9e6ad64d48
Trigger webhooks on issue label-change via API too (#10421) (#10439)
* trigger webhooks with api too

* fix comment

* notify report old too

* CI restart

* restart CI again

* remove duplicated code
2020-02-24 14:30:59 +00:00
zeripath d3b6f001fe
Various fixes in login sources (#10428) (#10429)
Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2020-02-23 22:46:17 +02:00
Lauris BH 80eb50655a Fix followers and following tabs in profile (#10202) (#10203) 2020-02-09 21:00:24 +00:00
John Olheiser 2cd2614eaa
Fix push-create SSH bugs (#10145) (#10151)
* Attempt to fix push-create SSH bugs

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Fix binding

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Invalid ctx

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2020-02-05 15:50:06 +01:00
6543 0129e76ef5
Prevent DeleteUser API abuse (#10125) (#10128)
* fix & co

* word suggestions from @jolheiser
2020-02-03 19:44:06 +02:00
6543 6896dad675
working part of #9998 (#10114) (#10115)
Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2020-02-03 11:19:04 +08:00
Lunny Xiao 049af0d3d0
Fix branch page pull request title and link error (#10092) (#10097)
* Fix branch page pull request title and link error (#10092)
2020-02-01 15:14:56 +00:00
Lunny Xiao 491cbeca67
Fix milestone API state parameter unhandled (#10049) (#10052)
* Fix milestone API state parameter unhandled

* Fix test
2020-01-29 18:01:44 +02:00
zeripath 895d92ffe5 Ensure that feeds are appropriately restricted (#10018) (#10019)
* Ensure that feeds are appropriately restricted

* Placate golangci-lint
2020-01-28 23:54:09 +02:00
Lunny Xiao 1e73dd2446 Fix wiki raw view on sub path (#10002) (#10040)
* Fix wiki raw view on sub path

* Add test for subpath wiki raw file

* Fix bug
2020-01-28 15:10:25 +00:00
Lunny Xiao 0dced15c1a Fix wrong hint when status checking is running on pull request view (#9886) (#9928)
* Fix wrong hint when status checking is running on pull request view

* fix lint

* fix test

* fix test

* fix wrong tmpl

* fix import

* rename function name
2020-01-22 08:06:11 +02:00
zeripath ff508c9c9b Add option to prevent LDAP from deactivating everything on empty search (#9879) (#9896)
* Add option to prevent LDAP from deactivating everything on empty search

* Update options/locale/locale_en-US.ini

Co-Authored-By: guillep2k <18600385+guillep2k@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2020-01-20 21:18:23 +02:00
Lunny Xiao f96c1a2c79 Fix wrong permissions check when issues/prs shared operations (#9885) (#9889)
* Fix wrong permissions check when issues/prs shared operations

* move redirect to the last of the function

* fix swagger

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2020-01-20 17:59:33 +02:00
zeripath e878d743f4
Ensure that 2fa is checked on reset-password (#9857) (#9876)
* Ensure that 2fa is checked on reset-password

* Apply suggestions from code review

Co-Authored-By: Lauris BH <lauris@nix.lv>

* Properly manage scratch_code regeneration

Co-authored-by: Lauris BH <lauris@nix.lv>

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-01-19 23:21:21 +00:00
Lunny Xiao 8add1dfacc Fix issues/pulls dependencies problems (#9842) (#9864)
* Fix issues/pulls dependencies problems

* fix swagger and api param name

* fix js
2020-01-19 12:56:57 -05:00
6543 95cb921097 fix (#9837) 2020-01-17 23:31:46 -05:00
Lunny Xiao fe46185407 Fix download file wrong content-type (#9825) (#9834)
* Fix download file wrong content-type

* change the error text to be more precise

* fix test

Co-authored-by: Lauris BH <lauris@nix.lv>
2020-01-17 15:11:20 +01:00
Lunny Xiao 69a2a29c33 Fix wrong identify poster on a migrated pull request when submi… (#9827) (#9830) 2020-01-17 13:38:11 +01:00
Lunny Xiao e2ddc42377
Fix compare (#9808) (#9814)
Co-authored-by: techknowlogick <matti@mdranta.net>

Co-authored-by: techknowlogick <matti@mdranta.net>
2020-01-17 10:08:28 +08:00
John Olheiser 3521177a34 Fix push-to-create (#9772) (#9797)
* Fix push-to-create

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Check URL path and service

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Send dummy payload on receive-pack GET

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* The space was actually a NUL byte

Signed-off-by: jolheiser <john.olheiser@gmail.com>

* Use real bare repo instead of manufactured payload

Signed-off-by: jolheiser <john.olheiser@gmail.com>

Co-authored-by: zeripath <art27@cantab.net>
2020-01-16 07:40:37 +02:00