* migrate gplus to google oauth2 provider. this still provides support for old gplus connections.
* Update models/oauth2.go
Co-Authored-By: Antoine GIRARD <sapk@users.noreply.github.com>
* make vendor
* Make repository indexer tokenize by camel case selectable
* Revert "Make repository indexer tokenize by camel case selectable"
This reverts commit a8d4e40af5.
* Remove app.ini setting, permanently remove camel case tokenizer
* Increase repoIndexerLatestVersion to force indexes to be rebuilt
* Changes introduced by the commmand make vendor
resolves git conflicts from #3896 (credit to @belak, in case github doesn't keep original author during squash)
Co-Authored-By: Matti Ranta <techknowlogick@gitea.io>
* workaround broken swagger
only master brach is not working, latest release seems to work
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* make vendor
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* Don't export GO111MODULE
* set go-swagger to fixed release version
mentioned here: https://github.com/go-gitea/gitea/pull/7362#discussion_r300831537
Signed-off-by: Michael Gnehr <michael@gnehr.de>
* Panic don't fatal on create new logger
Fixes#5854
Signed-off-by: Andrew Thornton <art27@cantab.net>
* partial broken
* Update the logging infrastrcture
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Reset the skip levels for Fatal and Error
Signed-off-by: Andrew Thornton <art27@cantab.net>
* broken ncsa
* More log.Error fixes
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove nal
* set log-levels to lowercase
* Make console_test test all levels
* switch to lowercased levels
* OK now working
* Fix vetting issues
* Fix lint
* Fix tests
* change default logging to match current gitea
* Improve log testing
Signed-off-by: Andrew Thornton <art27@cantab.net>
* reset error skip levels to 0
* Update documentation and access logger configuration
* Redirect the router log back to gitea if redirect macaron log but also allow setting the log level - i.e. TRACE
* Fix broken level caching
* Refactor the router log
* Add Router logger
* Add colorizing options
* Adjust router colors
* Only create logger if they will be used
* update app.ini.sample
* rename Attribute ColorAttribute
* Change from white to green for function
* Set fatal/error levels
* Restore initial trace logger
* Fix Trace arguments in modules/auth/auth.go
* Properly handle XORMLogger
* Improve admin/config page
* fix fmt
* Add auto-compression of old logs
* Update error log levels
* Remove the unnecessary skip argument from Error, Fatal and Critical
* Add stacktrace support
* Fix tests
* Remove x/sync from vendors?
* Add stderr option to console logger
* Use filepath.ToSlash to protect against Windows in tests
* Remove prefixed underscores from names in colors.go
* Remove not implemented database logger
This was removed from Gogs on 4 Mar 2016 but left in the configuration
since then.
* Ensure that log paths are relative to ROOT_PATH
* use path.Join
* rename jsonConfig to logConfig
* Rename "config" to "jsonConfig" to make it clearer
* Requested changes
* Requested changes: XormLogger
* Try to color the windows terminal
If successful default to colorizing the console logs
* fixup
* Colorize initially too
* update vendor
* Colorize logs on default and remove if this is not a colorizing logger
* Fix documentation
* fix test
* Use go-isatty to detect if on windows we are on msys or cygwin
* Fix spelling mistake
* Add missing vendors
* More changes
* Rationalise the ANSI writer protection
* Adjust colors on advice from @0x5c
* Make Flags a comma separated list
* Move to use the windows constant for ENABLE_VIRTUAL_TERMINAL_PROCESSING
* Ensure matching is done on the non-colored message - to simpify EXPRESSION
* Migrate to go modules
* make vendor
* Update mvdan.cc/xurls
* make vendor
* Update code.gitea.io/git
* make fmt-check
* Update github.com/go-sql-driver/mysql
* make vendor
* Replace linkRegex with xurls library
Rather than maintaining a complicated regex to match URLs for
autolinking, gitea can use this existing go library that takes care of
the matching with very little code change to gitea itself. After
spending a while trying to find the perfect regex for all cases this library
still works better as it is more flexible than a single regex ever will be.
This will also fix the following issues: #5844#3095#3381
This passes all our current tests and I've added new ones mentioned in
those issues as well.
* Use xurls.StrictMatchingScheme instead of xurls.Strict
This is much faster and we only care about https? links to preserve
existing behavior.
* update bleve to master b17287a86f6cac923a5d886e10618df994eeb54b6724eac2e3b8dde89cfbe3a2
* remove unused pkg from dep file
* change bleve from master to recent revision
* Format boolean values to true/false even when it is returned as byte-slice,
* Fix the sequence generation, the proper sequence name is used (instead of 'table_id_seq'), and fix the next value be max+1 always
* Added test environment for m$sql
* Added template for test environment for m$sql
* Fix password
* Fix password (again)
* Fix password (again again)
* Fix db
* Ci trigger (Looking at you drone....)
* Ci trigger (Looking at you drone....)
* Ci trigger (Looking at you drone....)
* Ci trigger (Looking at you drone....)
* Create master database for mssql integration tests
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Create database only if master do not exist
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix mssql integration tests by using custom database "gitea"
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Moved defer
* bump xorm
* updated xorm
* Fixed build
* Inital routes to git refs api
* Git refs API implementation
* Update swagger
* Fix copyright
* Make swagger happy add basic test
* Fix test
* Fix test again :)
* Update dep github.com/markbates/goth
* Update dep github.com/blevesearch/bleve
* Update dep golang.org/x/oauth2
* Fix github.com/blevesearch/bleve to c74e08f039e56cef576e4336382b2a2d12d9e026
* Update dep golang.org/x/oauth2
* Add LDAP Key Synchronization feature
Signed-off-by: Magnus Lindvall <magnus@dnmgns.com>
* Add migration: add login source id column for public_key table
* Only update keys if needed
* Add function to only list pubkey synchronized from ldap
* Only list pub ssh keys synchronized from ldap. Do not sort strings as ExistsInSlice does it.
* Only get keys belonging to current login source id
* Set default login source id to 0
* Some minor cleanup. Add integration tests (updete dep testify)
* dep: Update github.com/go-macaron/csrf
Update github.com/go-macaron/csrf with dep to revision 503617c6b372
to fix issue of csrf-token security.
This update includes following commits:
- Add support for the Cookie HttpOnly flag
- Support secure mode for csrf cookie
Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
* routers: set csrf-token security depending on COOKIE_SECURE
Signed-off-by: Aleksandr Bulyshchenko <A.Bulyshchenko@globallogic.com>
* Update makefile to use dep
* Migrate to dep
* Fix some deps
* Try to find a better version for golang.org/x/net
* Try to find a better version for golang.org/x/oauth2
* Add support for U2F
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add vendor library
Add missing translations
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Minor improvements
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add U2F support for Firefox, Chrome (Android) by introducing a custom JS library
Add U2F error handling
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add U2F login page to OAuth
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Move U2F user settings to a separate file
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add unit tests for u2f model
Renamed u2f table name
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix problems caused by refactoring
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add U2F documentation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Remove not needed console.log-s
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add default values to app.ini.sample
Add FIDO U2F to comparison
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add support for extra sendmail arguments
* Sendmail args to exec.command should be a list
* Add go-shellquote package
* Use go-shellquote lib for parsing Sendmail args
* Only parse if sendmail is configured
* add init support of orgmode document type on file view and readme
* fix imports
* fix imports and readmeExist
* fix imports order
* fix format
* remove unnecessary convert
* use created & updated instead BeforeInsert & BeforeUpdate
* fix vendor checksum
* only show generated SQL when development mode
* remove extra update column updated_unix
* remove trace config
* Switch to keybase go-crypto (for some elliptic curve key) + test
* Use assert.NoError
and add a little more context to failing test description
* Use assert.(No)Error everywhere 🌈
and assert.Error in place of .Nil/.NotNil
* Show commit status icon in commits table
* Add comments
* Fix icons
* Few more places where commit table is displayed
* Change integration test to use goquery for parsing html
* Add integration tests for commit table and status icons
* Fix status to return lates status correctly on all databases
* Rewrote lates commit status selects
* add google+
* sort signin oauth2 providers based on the name so order is always the same
* update auth tip for google+
* add gitlab provider
* add bitbucket provider (and some go fmt)
* add twitter provider
* add facebook provider
* add dropbox provider
* add openid connect provider incl. new format of tips section in "Add New Source"
* lower the amount of disk storage for each session to prevent issues while building cross platform (and disk overflow)
* imports according to goimport and code style
* make it possible to set custom urls to gitlab and github provider (only these could have a different host)
* split up oauth2 into multiple files
* small typo in comment
* fix indention
* fix indentation
* fix new line before external import
* fix layout of signin part
* update "broken" dependency
* Check if missing deps in vendor
This will catch import from other repos. (maybe by auto-import)
* Remove github.com/smartystreets unused deps
* Remove github.com/boltdb/bolt unused dep
* Fetch github.com/go-xorm/core + sync gopkg.in/ldap.v2/ldap.go
* Auto-install govendor + reinstall github.com/boltdb/bolt needed by vendor/github.com/blevesearch/bleve/index/store/boltdb
* Update go-xorm/xorm to a5cb21 in vendor.json
* Use a custom repo for implementing change to bolt dep.
* Switching bolt to github.com/go-gitea/bolt
* Switching bolt to github.com/go-gitea/bolt (fork version)
* change the drone sign
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)
* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)
* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
Lunny Xiao
techknowlogick
WGH
Antoine GIRARD
guillep2k
Tamal Saha
guillep2k
zeripath
Cherrg
techknowlogick
Rob Watson
Mura Li
mrsdizzie
Lauris BH
Zsombor
techknowlogick
kolaente
Stanislav
Kim "BKC" Carlbäcker
OvermindDL1
techknowlogick
Magnus Lindvall
Aleksandr Bulyshchenko
Jonas Franz
PJ Eby
Ethan Koenig
Jonas Bröms
Andrey Nering
Ethan Koenig
Willem van Dreumel
Damien Gaignon
Sandro Santilli