Commit Graph

296 Commits

Author SHA1 Message Date
Willem van Dreumel
01d957677f Oauth2 consumer (#679)
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)

* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)

* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
2017-02-22 08:14:37 +01:00
Lunny Xiao
847527fd6d Fix all the bugs in issues and pulls on dashboard (#943)
* fix all the bugs in issues and pulls on dashboard

* small fix and refactor

* add method getRepoIDs for IssueList
2017-02-17 08:58:19 +08:00
Bo-Yi Wu
d67b278a0d feat: Able to disable non-admin to create new organization (#927) 2017-02-14 20:16:00 +08:00
Andrew
3f67676059 Implement basic Open Graph support. (#901) 2017-02-11 20:57:33 +08:00
Bo-Yi Wu
a90a215662 feat: Add search bar on user profile page. (#787) 2017-02-04 20:20:20 +08:00
Gabriel Jackson
bf6f61cc69 Cleanup log messaging
This change corrects a few logging issues:

 * Standardized formatting errors with '%v'.
 * Standardized failure warning word usage.
 * Corrected an instance of using the standard log library when
   the gitea log library should be used instead.
2017-02-02 15:24:18 +01:00
Bo-Yi Wu
d7d094bd8a fix: ignore email notifications if user is not active. (#820) 2017-02-02 20:33:36 +08:00
Bwko
74ed6dc3ad Add option to app.ini to enable local import paths (#724) 2017-01-23 09:19:50 +08:00
Ethan Koenig
74bbec3bf9 Fix permission bugs in team API (#647) 2017-01-20 13:16:10 +08:00
Ethan Koenig
fcf02e4961 API Endpoints for organization members (#645) 2017-01-20 10:31:46 +08:00
derSuessmann
51d578ff33 Add Keep email private (see issue #571). (#571)
- Add site-wide option DEFAULT_KEEP_EMAIL_PRIVATE.
- Add the new option to the install and admin/config pages.
- Add the new option to app.ini in the service section.
- Add the new option to the settings struct.
- Add English text strings to i18n.
- Add field KeepEmailPrivate to user struct.
- Add field KeepEmailPrivate to user form.
- Add option to UI.
- Add using noreply email address if user has "Keep Email Private".
An email address <LowerName>@<NO_REPLY_ADDRESS> is now used in commit
messages (and hopefully all other git log relevant places). The
change relies on the fact that git commands should use
user.NetGitSig().
- Add hiding of email address in UI, if user has set "Keep Email Private".
- Add condition to show email address only on explore/users and user
pages, if user has not set "Keep Email Private".
- Add noreply email in API if set "Keep Email Private".
- Add a new service setting NO_REPLY_ADDRESS. The value of this
setting is used as the domain part for the user's email address in
git log, iff he decides to keep his email address private.
If the user decides to keep his email address private and this
option is not set 'noreply.example.org' is used, which no MTA
should send email to.

Add NO_REPLY_ADDRESS to conf/app.ini.
2017-01-08 11:12:03 +08:00
Andrey Nering
84b7d29d34 Create missing database indexes (#596) 2017-01-06 23:14:33 +08:00
Berk Demirkır
bdad3b259a Check primary email address fields on CreateUser (#556)
* Check primary email address fields on CreateUser

As this check wasn't available, uid=1 (and possibly guests too, if registration is open) is able to register new users with existing email addresses. This leads to numerous 500 errors.

* Update user.go

* Lower the email first. Then check
2017-01-05 08:52:20 +08:00
Ethan Koenig
1207bda94b Fix typos in models/ (#576) 2017-01-05 08:50:34 +08:00
Schwobaland
c0904f1942 Restrict creating organisations by user (#193)
* restrict creating organizations based on right on user

* revert bindata.go

* reverse vendor lib

* revert goimports change

* set AllowCreateOrganization default value to true

* revert locale

* added default value for AllowCreateOrganization

* fix typo in migration-comment

* fix comment

* add coments in migration
2016-12-31 10:33:30 +08:00
Lunny Xiao
ba134bd27a fix 500 when delete orgnization and resolved #486 2016-12-27 12:00:12 +01:00
Bwko
fa3abc22c0 Added sorting to organizations, repos & users page (#222) 2016-12-24 22:42:26 +08:00
Ethan Koenig
8a4161c723 API Endpoint for watching (#191) 2016-12-24 09:53:11 +08:00
Denis Denisov
380e32e129 Fix random string generator (#384)
* Remove unused custom-alphabet feature of random string generator

Fix random string generator

Random string generator should return error if it fails to read random data via crypto/rand

* Fixes variable (un)initialization mixed assign
Update test GetRandomString
2016-12-20 13:32:02 +01:00
Lunny Xiao
d771e978a1 Don't use custom PBKDF2 function (#382) 2016-12-15 09:24:27 +08:00
Denis Denisov
c8f300b2cd Safe compare password (timing attack) (#338) 2016-12-03 13:49:17 +08:00
Bwko
4ff0db0246 Catch os... errors 2016-12-02 07:41:19 +01:00
Kim "BKC" Carlbäcker
42ec5ce740 Fix breakage from vendor-update 2016-11-29 11:50:22 +01:00
Bwko
9963d61233 Lint models/user.go 2016-11-28 17:47:46 +01:00
Bwko
a4ece1f223 Fixes typos 2016-11-27 12:59:12 +01:00
Lunny Xiao
94da472717 Golint fixed for modules/setting (#262)
* golint fixed for modules/setting

* typo fixed and renamed UNIXSOCKET to UnixSocket
2016-11-27 18:14:25 +08:00
Lunny Xiao
3c87c57d96 golint fixed for modules/avatar 2016-11-25 16:37:04 +08:00
Ethan Koenig
0834e492c0 API endpoints for stars 2016-11-16 22:51:54 -05:00
Andrey Nering
739f07c98e Remember diff view style (#163) 2016-11-13 10:54:04 +08:00
LefsFlare
3ef022b071 Fixes possible vulnerabilities with keyword hijacking (#20)
- Added public entries to reserved keywords list
- Rename variables
- Derped comment
2016-11-12 13:26:45 +01:00
Lunny Xiao
0baaa7728a bug fixed caused by #153 (#154) 2016-11-12 09:30:46 +01:00
Lunny Xiao
555d8b16cb fixed bug #151 caused Find should be Get (#153) 2016-11-12 00:01:09 +01:00
Sandro Santilli
a1c5f02444 Fix import path of go-sdk (#141)
From code.gitea.io/go-sdk/gitea
  To code.gitea.io/sdk/gitea
2016-11-11 17:39:44 +08:00
Thibault Meyer
b0ddced2b5
Merge remote-tracking branch 'upstream/master' into feature/rewrite-xorm-queries
# Conflicts:
#	models/git_diff.go
#	models/issue.go
#	models/org.go
#	models/pull.go
#	models/repo.go
2016-11-10 21:05:52 +01:00
Thibault Meyer
a4454f5d0f
Rewrite XORM queries 2016-11-10 20:59:51 +01:00
Sandro Santilli
4247304f5a Update import paths from github.com/go-gitea to code.gitea.io (#135)
- Update import paths from github.com/go-gitea to code.gitea.io
- Fix import path for travis

See https://docs.travis-ci.com/user/languages/go#Go-Import-Path
2016-11-10 17:24:48 +01:00
Lunny Xiao
1b238fe4d5 Merge pull request #121 from joubertredrat/feature-last-login
Last Login for admin manage your users
2016-11-10 17:20:55 +08:00
Lunny Xiao
c6c840faf7 Merge pull request #129 from lunny/lunny/SQL_instead_Sql
use x.SQL instead of x.Sql
2016-11-10 17:12:14 +08:00
Thibault Meyer
3a10a0c1ca
Ordering organizations and users by name 2016-11-10 09:18:54 +01:00
Lunny Xiao
7dcc3bc3d7 use x.SQL instead of x.Sql 2016-11-10 15:20:48 +08:00
Joubert RedRat
f91cbf0fed Support to last login feature 2016-11-09 08:53:45 -02:00
Sandro Santilli
aadd7dcdc3 And others 2016-11-07 17:53:22 +01:00
Sandro Santilli
60c82a8780 More... 2016-11-07 17:30:04 +01:00
Sandro Santilli
f388661bda ACCESS_MODE_* -> AccessMode* 2016-11-07 17:20:37 +01:00
Thomas Boerger
4c6c16f358
Replaced go-gogs-client with go-sdk imports 2016-11-07 16:10:32 +01:00
Sandro Santilli
6e4252dad4 Replace gogits/git-module dependency with go-gitea/git (#94)
* Replace gogits/git-module dependency with go-gitea/git

Fixes #92

* Remove git alias for git module import (not needed)
2016-11-06 11:18:34 -02:00
Rémy Boulanouar
2d68bd1ef9 Change import reference to match gitea instead of gogs (#37) 2016-11-03 10:29:56 -02:00
Unknwon
c50d59874d
#3577 incorrect URL produced by AvatarLink 2016-09-01 12:36:26 -04:00
Unknwon
99c2ae7b35 #3515 use alert instead 500 for duplicated login source name 2016-08-31 00:56:10 -07:00
Unknwon
c30b856d14 #3505 use user’s info for committer and author 2016-08-27 13:37:55 -07:00