182 Commits

Author	SHA1	Message	Date
KN4CK3R	df789d962b	Add Cargo package registry (#21888) ... This PR implements a [Cargo registry](https://doc.rust-lang.org/cargo/) to manage Rust packages. This package type was a little bit more complicated because Cargo needs an additional Git repository to store its package index. Screenshots:    --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-02-05 18:12:31 +08:00
Felipe Leopoldo Sologuren Gutiérrez	15c035775a	Add main landmark to templates and adjust titles (#22670) ... * Add main aria landmark to templates * Adjust some titles to improve understanding of location in navigation Contributed by @Forgejo	2023-02-01 22:56:10 +00:00
KN4CK3R	5882e179a9	Add user secrets (#22191) ... Fixes #22183 Replaces #22187 This PR adds secrets for users. I refactored the files for organizations and repos to use the same logic and templates. I splitted the secrets from deploy keys again and reverted the fix from #22187. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2023-02-01 20:53:04 +08:00
John Olheiser	642db3c8f7	Fix `delete_repo` in template (#22606) ... Currently the value doesn't match the model, so selecting it results in a 500. e8ac6a9aea/models/auth/token_scope.go (L42) Signed-off-by: jolheiser <john.olheiser@gmail.com>	2023-01-26 14:36:15 -06:00
John Olheiser	46d024428f	fix: read:org scope (#22556) ... Hard to see in the diff, but this was duplicated in the wrong section. 	2023-01-20 13:42:54 -05:00
Lunny Xiao	0c048e554b	Fix template bug of access scope (#22540) ... Fix https://github.com/go-gitea/gitea/pull/20908#discussion_r1082075526 Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2023-01-20 15:43:43 +08:00
Chongyi Zheng	de484e86bc	Support scoped access tokens (#20908) ... This PR adds the support for scopes of access tokens, mimicking the design of GitHub OAuth scopes. The changes of the core logic are in `models/auth` that `AccessToken` struct will have a `Scope` field. The normalized (no duplication of scope), comma-separated scope string will be stored in `access_token` table in the database. In `services/auth`, the scope will be stored in context, which will be used by `reqToken` middleware in API calls. Only OAuth2 tokens will have granular token scopes, while others like BasicAuth will default to scope `all`. A large amount of work happens in `routers/api/v1/api.go` and the corresponding `tests/integration` tests, that is adding necessary scopes to each of the API calls as they fit. - [x] Add `Scope` field to `AccessToken` - [x] Add access control to all API endpoints - [x] Update frontend & backend for when creating tokens - [x] Add a database migration for `scope` column (enable 'all' access to past tokens) I'm aiming to complete it before Gitea 1.19 release. Fixes #4300	2023-01-17 15:46:03 -06:00
Gusted	b76970f2e4	Fix key signature error page (#22229) ... - When the GPG key contains an error, such as an invalid signature or an email address that does not match the user.A page will be shown that says you must provide a signature for the token. - This page had two errors: one had the wrong translation key and the other tried to use an undefined variable [`.PaddedKeyID`](e81ccc406b/models/asymkey/gpg_key.go (L65-L72)), which is a function implemented on the `GPGKey` struct, given that we don't have that, we use [`KeyID`](e81ccc406b/routers/web/user/setting/keys.go (L102)) which is [the fingerprint of the publickey](https://pkg.go.dev/golang.org/x/crypto/openpgp/packet#PublicKey.KeyIdString) and is a valid way for opengpg to refer to a key. Before:  After:  Co-authored-by: zeripath <art27@cantab.net>	2022-12-30 12:53:05 +08:00
Jason Song	2779d47ad3	Optimize html templates (#22080) ... Replace `active{{end}} item` with `active{{end}} item`.	2022-12-09 21:34:51 +08:00
花墨	7020c4afb7	Fix leaving organization bug on user settings -> orgs (#21983) ... Fix #21772 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-11-30 17:00:00 +08:00
KN4CK3R	32db62515f	Add package registry cleanup rules (#21658) ... Fixes #20514 Fixes #20766 Fixes #20631 This PR adds Cleanup Rules for the package registry. This allows to delete unneeded packages automatically. Cleanup rules can be set up from the user or org settings. Please have a look at the documentation because I'm not a native english speaker. Rule Form  Rule List  Rule Preview  Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-11-20 16:08:38 +02:00
M Hickford	191a74d622	Record OAuth client type at registration (#21316) ... The OAuth spec [defines two types of client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1), confidential and public. Previously Gitea assumed all clients to be confidential. > OAuth defines two client types, based on their ability to authenticate securely with the authorization server (i.e., ability to > maintain the confidentiality of their client credentials): > > confidential > Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with > restricted access to the client credentials), or capable of secure client authentication using other means. > > **public > Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.** > > The client type designation is based on the authorization server's definition of secure authentication and its acceptable exposure levels of client credentials. The authorization server SHOULD NOT make assumptions about the client type. https://datatracker.ietf.org/doc/html/rfc8252#section-8.4 > Authorization servers MUST record the client type in the client registration details in order to identify and process requests accordingly. Require PKCE for public clients: https://datatracker.ietf.org/doc/html/rfc8252#section-8.1 > Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message Fixes #21299 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-10-24 15:59:24 +08:00
Yarden Shoham	acdb92ad42	Localize all timestamps (#21440) ... Following * #21410 We are now able to localize all timestamps. Some examples: `short-date` format, French, user profile page:  `date-time` format, Portuguese, mirror repository settings page:  Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Signed-off-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>	2022-10-17 12:08:21 +08:00
qwerty287	a813c9d8f3	Allow creation of OAuth2 applications for orgs (#18084) ... Adds the settings pages to create OAuth2 apps also to the org settings and allows to create apps for orgs. Refactoring: the oauth2 related templates are shared for instance-wide/org/user, and the backend code uses `OAuth2CommonHandlers` to share code for instance-wide/org/user. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-10-09 20:07:41 +08:00
John Olheiser	2d2cf589f7	Fix linked account translation (#21331) ... fix key used for translation	2022-10-04 07:51:07 -05:00
silverwind	647b2649b1	Make sure fmt catches all templates (#20979) ... * Make sure fmt catches all templates Make's `wildcard` is not recursive so it missed many template files, fix that by using `find`. * Update Makefile	2022-08-31 23:58:54 +08:00
zeripath	11bae50484	Pad GPG Key ID with preceding zeroes (#20878)	2022-08-21 02:50:15 -04:00
silverwind	802c5313e1	Replace some icons with SVG (#20741) ... - Replace some icons with SVG - Create teams help page - Application and SSH keys icons - Add new icon for app token - Use fontawesom-send	2022-08-10 18:30:40 +02:00
silverwind	1b2cd4c4e1	Replace fomantic popup module with tippy.js (#20428) ... - replace fomantic popup module with tippy.js - fix chaining and add comment - add 100ms delay to tooltips - stopwatch improvments, raise default maxWidth - update web_src/js/features/common-global.js - use type=submit instead of js	2022-08-09 14:37:34 +02:00
wxiaoguang	2c108d20ba	Fix i18n for email notifications (#20518)	2022-07-28 17:28:46 +02:00
Tyrone Yeh	3bd8f50af8	Added email notification option to receive all own messages (#20179) ... Sometimes users want to receive email notifications of messages they create or reply to, Added an option to personal preferences to allow users to choose Closes #20149	2022-07-28 16:30:12 +08:00
Baoshuo Ren	175705356c	Fix icon margin in user/settings/repos (#20281)	2022-07-14 11:03:31 +08:00
Gusted	d55a0b7238	Refactor `i18n` to `locale` (#20153) ... * Refactor `i18n` to `locale` - Currently we're using the `i18n` variable naming for the `locale` struct. This contains locale's specific information and cannot be used for general i18n purpose, therefore refactoring it to `locale` makes more sense. - Ref: https://github.com/go-gitea/gitea/pull/20096#discussion_r906699200 * Update routers/install/install.go	2022-06-27 15:58:46 -05:00
Lunny Xiao	85d960d2a1	Hide notify mail setting ui if not enabled (#20138)	2022-06-28 00:59:47 +08:00
Gusted	5d3f99c7c6	Make better use of i18n (#20096) ... * Prototyping * Start work on creating offsets * Modify tests * Start prototyping with actual MPH * Twiddle around * Twiddle around comments * Convert templates * Fix external languages * Fix latest translation * Fix some test * Tidy up code * Use simple map * go mod tidy * Move back to data structure - Uses less memory by creating for each language a map. * Apply suggestions from code review Co-authored-by: delvh <dev.lh@web.de> * Add some comments * Fix tests * Try to fix tests * Use en-US as defacto fallback * Use correct slices * refactor (#4) * Remove TryTr, add log for missing translation key * Refactor i18n - Separate dev and production locale stores. - Allow for live-reloading in dev mode. Co-authored-by: zeripath <art27@cantab.net> * Fix live-reloading & check for errors * Make linter happy * live-reload with periodic check (#5) * Fix tests Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net>	2022-06-26 22:19:22 +08:00
Robert Lützner	afea63f4e5	Replace pubkey with privkey in keys_ssh.tmpl (#20112) ... If a user wants to verify an SSH public key from their account they have to sign the randomly generated token with their private key. Prior to this change the example command prompted to sign the token with their public key instead. Signed-off-by: Robert Lützner <robert.luetzner@pm.me>	2022-06-24 12:11:13 +02:00
wxiaoguang	cdb81f32ac	Remove out-dated comments (#19921)	2022-06-08 18:17:44 +01:00
André Jaenisch	c1c07e533c	Improve wording on delete access token modal (#19909) ... This PR highlights the nature of the destructive action. It also rewords the action buttons to remove ambiguity. Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de> Co-authored-by: Lauris BH <lauris@nix.lv>	2022-06-07 20:28:10 -04:00
André Jaenisch	81cf006863	Improve UX on modal for deleting an access token (#19894) ... * Improve UX on modal for deleting an access token Before, both action buttons where coloured on hover. Otherwise they appeared as ghost buttons. UX tells us, that call to action must not be displayed as ghost button. Using red is perceived as warning colour in Western cultures. It was used for the non-destructive action before. This PR swaps the colour and turns the cancel button into a filled one, so it is saver to do nothing then to accidentally delete an access button. We want the person to do this consciously. In another iteration the wording here could be improved. See the associated issue for further details. Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de> * Use tabs instead of spaces. Linter does not complain anymore. I was expecting the formatter to pick this up but it didn't. Signed-off-by: André Jaenisch <andre.jaenisch@posteo.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2022-06-07 12:25:40 -04:00
wxiaoguang	e0273bad72	Fix i18n for Link Account button, re-format tmpl (#19835)	2022-05-29 16:19:56 +08:00
Mai-Lapyst	4698a1ec47	Adding button to link accounts from user settings (#19792) ... * Adding button to link accounts from user settings * Only display button to link user accounts when at least one OAuth2 provider is active	2022-05-29 02:03:17 +02:00
wxiaoguang	cc7236e852	Make Ctrl+Enter (quick submit) work for issue comment and wiki editor (#19729) ... * Make Ctrl+Enter (quick submit) work for issue comment and wiki editor * Remove the required `SubmitReviewForm.Type`, empty type (triggered by quick submit) means "comment" * Merge duplicate code	2022-05-20 04:26:04 +02:00
silverwind	9da3d78e74	Replace blue button and label classes with primary (#19763) ... * make blue really blue * replace blue button and label classes with primary * add --color-blue-dark * add light color variants, tweak a few colors * fix colors * add comment Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-05-20 00:08:08 +02:00
原俊杰	184302665f	Show ssh command directly in template instead of i18n translation (#19335) ... * add missing space for generate ssh token command Signed-off-by: Junjie Yuan <yuan@junjie.pro> * Do not use i18n for ssh command * Remove unnecessary settings.ssh_token_code * Revert locale_zh-CN.ini Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-04-06 19:35:04 +08:00
silverwind	1eb0da58c3	Update JS dependencies (#19281) ... - Upgrade all JS dependencies minus vue and vue-loader - Adapt to breaking change of octicons - Update eslint rules - Tested Swagger UI, sortablejs and prod build	2022-04-01 02:15:46 +02:00
wxiaoguang	a60e8be8d1	Refactor i18n, use Locale to provide i18n/translation related functions (#18648) ... * remove unnecessary web context data fields, and unify the i18n/translation related functions to `Locale` * in development, show an error if a translation key is missing * remove the unnecessary loops `for _, lang := range translation.AllLangs()` for every request, which improves the performance slightly * use `ctx.Locale.Language()` instead of `ctx.Data["Lang"].(string)` * add more comments about how the Locale/LangType fields are used	2022-02-08 11:02:30 +08:00
qwerty287	1f40933d38	Add config options to hide issue events (#17414) ... * Add config option to hide issue events Adds a config option `HIDE_ISSUE_EVENTS` to hide most issue events (changed labels, milestones, projects...) on the issue detail page. If this is true, only the following events (comment types) are shown: * plain comments * closed/reopned/merged * reviews * Make configurable using a list * Add docs * Add missing newline * Fix merge issues * Allow changes per user settings * Fix lint * Rm old docs * Apply suggestions from code review * Use bitsets * Rm comment * fmt * Fix lint * Use variable/constant to provide key * fmt * fix lint * refactor * Add a prefix for user setting key * Add license comment * Add license comment * Update services/forms/user_form_hidden_comments.go Co-authored-by: Gusted <williamzijl7@hotmail.com> * check len == 0 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: 6543 <6543@obermui.de>	2022-01-21 18:59:26 +01:00
zeripath	d7c2a2951c	Webauthn nits (#18284) ... This contains some additional fixes and small nits related to #17957 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-01-15 17:52:56 +01:00
Lunny Xiao	35c3553870	Support webauthn (#17957) ... Migrate from U2F to Webauthn Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2022-01-14 16:03:31 +01:00
Lunny Xiao	de8e3948a5	Refactor auth package (#17962)	2022-01-02 21:12:35 +08:00
Lunny Xiao	ce840bb177	Fix delete u2f keys modal (#18040)	2021-12-20 14:49:06 +00:00
Wim	6fe756dc93	Add support for ssh commit signing (#17743) ... * Add support for ssh commit signing * Split out ssh verification to separate file * Show ssh key fingerprint on commit page * Update sshsig lib * Make sure we verify against correct namespace * Add ssh public key verification via ssh signatures When adding a public ssh key also validate that this user actually owns the key by signing a token with the private key. * Remove some gpg references and make verify key optional * Fix spaces indentation * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update templates/user/settings/keys_ssh.tmpl Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update options/locale/locale_en-US.ini Co-authored-by: Gusted <williamzijl7@hotmail.com> * Update models/ssh_key_commit_verification.go Co-authored-by: Gusted <williamzijl7@hotmail.com> * Reword ssh/gpg_key_success message * Change Badsignature to NoKeyFound * Add sign/verify tests * Fix upstream api changes to user_model User * Match exact on SSH signature * Fix code review remarks Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>	2021-12-19 00:37:18 -05:00
KN4CK3R	6ceef87671	Removed SizeFmt. (#17890) ... Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2021-12-03 11:33:34 +08:00
Lunny Xiao	c2ab19888f	Support pagination of organizations on user settings pages (#16083) ... * Add pagination for user setting orgs * Use FindOrgs instead of GetOrgsByUserID * Remove unnecessary functions and fix test * remove unnecessary code	2021-11-22 21:51:45 +08:00
silverwind	6874fe90e5	Cleanup and use global style on popups (#17674) ... * Cleanup and use global style on popups - Fix typo 'poping' to 'popping' - Remove most inline 'data-variation' attributes - Initialize all popups with 'inverted tiny' variation * misc tweaks * rename to .tooltip, use jQuery Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2021-11-18 11:26:50 +08:00
zeripath	bbffcc3aec	Multiple Escaping Improvements (#17551) ... There are multiple places where Gitea does not properly escape URLs that it is building and there are multiple places where it builds urls when there is already a simpler function available to use this. This is an extensive PR attempting to fix these issues. 1. The first commit in this PR looks through all href, src and links in the Gitea codebase and has attempted to catch all the places where there is potentially incomplete escaping. 2. Whilst doing this we will prefer to use functions that create URLs over recreating them by hand. 3. All uses of strings should be directly escaped - even if they are not currently expected to contain escaping characters. The main benefit to doing this will be that we can consider relaxing the constraints on user names and reponames in future. 4. The next commit looks at escaping in the wiki and re-considers the urls that are used there. Using the improved escaping here wiki files containing '/'. (This implementation will currently still place all of the wiki files the root directory of the repo but this would not be difficult to change.) 5. The title generation in feeds is now properly escaped. 6. EscapePound is no longer needed - urls should be PathEscaped / QueryEscaped as necessary but then re-escaped with Escape when creating html with locales Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>	2021-11-16 18:18:25 +00:00
Kamil Domański	021df29623	Allow U2F 2FA without TOTP (#11573) ... This change enables the usage of U2F without being forced to enroll an TOTP authenticator. The `/user/auth/u2f` has been changed to hide the "use TOTP instead" bar if TOTP is not enrolled. Fixes #5410 Fixes #17495	2021-11-08 23:47:19 +01:00
qwerty287	f46e67b519	Move key forms before list and add cancel button (#17432) ... * Move GPG form before list and add cancel button * Move SSH form before list and add cancel button Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>	2021-10-28 18:55:48 +08:00
qwerty287	01fc24c78c	Add appearance section in settings (#17433) ... * Add appearance section in settings * Fix lint * Fix lint * Apply suggestions from code review Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lauris BH <lauris@nix.lv>	2021-10-27 23:40:08 +08:00
wxiaoguang	4822eed99d	Disable form autofill (#17291) ... ]* fix aria-hidden and tabindex * use {{template "base/disable_form_autofill"}} instead of {{DisableFormAutofill}} Co-authored-by: zeripath <art27@cantab.net>	2021-10-19 01:08:41 +03:00