* Add ssh certificate support
* Add ssh certificate support to builtin ssh
* Write trusted-user-ca-keys.pem based on configuration
* Update app.example.ini
* Update templates/user/settings/keys_principal.tmpl
Co-authored-by: silverwind <me@silverwind.io>
* Remove unused locale string
* Update options/locale/locale_en-US.ini
Co-authored-by: silverwind <me@silverwind.io>
* Update options/locale/locale_en-US.ini
Co-authored-by: silverwind <me@silverwind.io>
* Update models/ssh_key.go
Co-authored-by: silverwind <me@silverwind.io>
* Add missing creation of SSH.Rootpath
* Update cheatsheet, example and locale strings
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
Co-authored-by: zeripath <art27@cantab.net>
* Update models/ssh_key.go
* Optimizations based on feedback
* Validate CA keys for external sshd
* Add filename option and change default filename
Add a SSH_TRUSTED_USER_CA_KEYS_FILENAME option which default is
RUN_USER/.ssh/gitea-trusted-user-ca-keys.pem
Do not write a file when SSH_TRUSTED_USER_CA_KEYS is empty.
Add some more documentation.
* Remove unneeded principalkey functions
* Add blank line
* Apply suggestions from code review
Co-authored-by: zeripath <art27@cantab.net>
* Add SSH_AUTHORIZED_PRINCIPALS_ALLOW option
This adds a SSH_AUTHORIZED_PRINCIPALS_ALLOW which is default
email,username this means that users only can add the principals
that match their email or username.
To allow anything the admin need to set the option anything.
This allows for a safe default in gitea which protects against malicious
users using other user's prinicipals. (before that user could set it).
This commit also has some small other fixes from the last code review.
* Rewrite principal keys file on user deletion
* Use correct rewrite method
* Set correct AuthorizedPrincipalsBackup default setting
* Rewrite principalsfile when adding principals
* Add update authorized_principals option to admin dashboard
* Handle non-primary emails
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add the command actually to the dashboard template
* Update models/ssh_key.go
Co-authored-by: silverwind <me@silverwind.io>
* By default do not show principal options unless there are CA keys set or they are explicitly set
Signed-off-by: Andrew Thornton <art27@cantab.net>
* allow settings when enabled
* Fix typos in TrustedUserCAKeys path
* Allow every CASignatureAlgorithms algorithm
As this depends on the content of TrustedUserCAKeys we should allow all
signature algorithms as admins can choose the specific algorithm on their
signing CA
* Update models/ssh_key.go
Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix linting issue
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
#11141 broke the appearance of dropzone attachments when editting
comments causing poorly updating lists.
This PR fixes this.
Fix #12583
Signed-off-by: Andrew Thornton art27@cantab.net
`models.getUserRepoPermission(...)` calls `HasOrgVisible` which
uses `models.x` potentially outside of the transaction `e` provided
as an argument to `getUserRepoPermission`.
This PR switches to use `hasOrgVisible(e, ...)`.
Fix #12983
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Change default log configuration
This PR changes the install page and the docker default
logging configuration to match the suggested configuration
that I repeatedly end up suggesting on issues.
It further improves the logging configuration docs to
recommend specific instructions for how to configure logs
for posting to issues.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update docs/content/doc/advanced/logging-documentation.en-us.md
`new-password` prevents annoying autocompletion in some cases, thought
it's not semantically correct to use that for example on all three
fields on the user account page, so some annoyances remain.
Co-authored-by: Lauris BH <lauris@nix.lv>
* Disable DSA ssh keys by default
OpenSSH has disabled DSA keys since version 7.0
As the docker runs openssh > v7.0 we should just disable
DSA keys by default.
Refers to #11417
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Just disable DSA keys by default
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Appears we need to set the minimum key sizes too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Appears we need to set the minimum key sizes too
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Remove DSA type
* Fix Tests
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
* Improve Docker container name
Use a better Docker container name than the default 'server'
* Changing to gitea and use recommended v3 Docker-compose
Use `gitea` as container name. And use version 3 of the docker-compose, which should now be used: https://docs.docker.com/compose/compose-file/compose-versioning/
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Cache last commit when pushing for big repository
* Fix bug
* detect force push
* Refactor cache push
* Finish cache last commit info when push
* Some improvements
* Fix lint
* Remove unused changes
* Move pull request test before cache
* Fix test mysql
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Since the move to common leveldb and common redis the disk queue code (#12385)
will check the connection string before defaulting to the DATADIR.
Therefore we should ensure that the connection string is kept empty
unless it is actually set.
Unforunately the issue indexer was missed in #13025 this PR fixes this omission
Fix #13062
Signed-off-by: Andrew Thornton <art27@cantab.net>
The gitea cmd/serv.go setup function deletes the console logger to
prevent stdout interference with commands. However, the problem is that
it then calls setting.NewContext which may cause an exit with log.Fatal
- which will then not be shown.
Now, log.Fatal is so disastrous that the interference that logging
causes is wanted. However, we can avoid stdout interference by emitting
on stderr.
This PR forces the creation of a console logger on stderr listening on
Fatal for these commands. Most commands have a `--debug` option now that
will print more reasons too - however, defaulting to give the log for
Fatal seems reasonable.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Extend git hook warning in the UI.
Git hooks are a dangerous feature, administrators should be warned before giving
the git hook privilege to users.
* Disable Git hooks by default and add warning.
Git hooks are a dangerous features (see warning text) that should only
be enabled if the administrator was informed about the risk involved.
Co-authored-by: Niklas Goerke <goerke@fzi.de>
(Re)Load issue labels when labels are added or removed
This means that the label state that the webhooks produce accurately matches
the changes that they are reporting.
Fix #10660
Signed-off-by: Andrew Thornton <art27@cantab.net>
* CSS tweaks to warning/error segments and misc fixes
- Adjust styling for warning/error in arc-green
- Change danger boxes from orange to red
- Fix code highlight text color in arc-green
- Fix warning message in arc-green
- Fix border in org member list in arc-green
- Fix disabled checkbox text in arc-green
* use same selector in gitea theme
* fix blame highlight
Co-authored-by: zeripath <art27@cantab.net>
Since the move to common leveldb and common redis the disk queue code
will check the connection string before defaulting to the DATADIR.
Therefore we should ensure that the connection string is kept empty
unless it is actually set.
Fix #13023
Signed-off-by: Andrew Thornton <art27@cantab.net>
Make the bar-groups width 50% with max-width of 90px
Fix #12252
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Update comparison for GitLab CE
Fixes #13018.
* Update docs/content/doc/features/comparison.en-us.md
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
* Update comparison.en-us.md
According to the linked issue it is there and just the documentation is lacking.
* Update docs/content/doc/features/comparison.en-us.md
Co-authored-by: techknowlogick <matti@mdranta.net>
* Update docs/content/doc/features/comparison.en-us.md
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: mrsdizzie <info@mrsdizzie.com>
Co-authored-by: techknowlogick <matti@mdranta.net>
code-view class seems unecessary here as everything needed style wise comes from various diff classes. This allows comments and comment editor to be styled properly and fixes linked bug.
Fixes #13010
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
If a README file is a symlink to a submodule Gitea the view branch page
will return a 500.
The underlying problem is a missed conversion of an
plumbing.ErrObjectNotFound in git/tree_blob.go.
Fix #12599
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
This small PR changes the webhook trigger behaviour to be more in line with what's expected. (When 'repository' events are enabled, of course)
In other words:
For system-wide or default webhooks, repository events will now trigger said webhook. Previously it had to be under an organization for create events to be visible - a tad unexpected!
Deleting a repository will now fire its own defined webhooks, not just organisational and system ones.
In order to enable the latter the webhook has to now be triggered before the actual repo undergoes deletion. I'm willing to tweak this to try and 'grab' the webhook model beforehand and trigger the webhook notifier directly afterwards, but this may make the code more complex for little benefit.
Closes #11766, #9180.
* fix: media links in org files not liked to media files
* fix: write directly to io.Writer r
as suggested by code review
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>