Merge branch 'main' into main

Author: lunny

.drone.yml

@@ -537,7 +537,7 @@ steps:
 
   - name: static
     pull: always
-    image: techknowlogick/xgo:go-1.16.x
+    image: techknowlogick/xgo:go-1.17.x
     commands:
       - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
       - export PATH=$PATH:$GOPATH/bin
@@ -633,7 +633,7 @@ steps:
 
   - name: static
     pull: always
-    image: techknowlogick/xgo:go-1.16.x
+    image: techknowlogick/xgo:go-1.17.x
     commands:
       - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs
       - export PATH=$PATH:$GOPATH/bin

.eslintrc

@@ -6,7 +6,7 @@ ignorePatterns:
 
 parserOptions:
   sourceType: module
-  ecmaVersion: 2021
+  ecmaVersion: latest
 
 plugins:
   - eslint-plugin-unicorn
@@ -109,7 +109,7 @@ rules:
   github/no-implicit-buggy-globals: [0]
   github/no-inner-html: [0]
   github/no-innerText: [2]
-  github/no-then: [2]
+  github/no-then: [0]
   github/no-useless-passive: [2]
   github/prefer-observers: [0]
   github/require-passive-events: [2]
@@ -384,6 +384,7 @@ rules:
   unicorn/no-array-instanceof: [0]
   unicorn/no-array-method-this-argument: [2]
   unicorn/no-array-push-push: [2]
+  unicorn/no-await-expression-member: [0]
   unicorn/no-console-spaces: [0]
   unicorn/no-document-cookie: [2]
   unicorn/no-empty-file: [2]
@@ -419,6 +420,7 @@ rules:
   unicorn/prefer-array-index-of: [2]
   unicorn/prefer-array-some: [2]
   unicorn/prefer-at: [0]
+  unicorn/prefer-code-point: [2]
   unicorn/prefer-dataset: [2]
   unicorn/prefer-date-now: [2]
   unicorn/prefer-default-parameters: [0]

CHANGELOG.md

@@ -4,6 +4,37 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.15.7](https://github.com/go-gitea/gitea/releases/tag/v1.15.7) - 2021-12-01
+
+* ENHANCEMENTS
+  * Only allow webhook to send requests to allowed hosts (#17482) (#17510)
+  * Fix login redirection links (#17451) (#17473)
+* BUGFIXES
+  * Fix database inconsistent when admin change user email (#17549) (#17840)
+  * Use correct user on releases (#17806) (#17818)
+  * Fix commit count in tag view (#17698) (#17790)
+  * Fix close issue but time watcher still running (#17643) (#17761)
+  * Fix Migrate Description (#17692) (#17727)
+  * Fix bug when project board get open issue number (#17703) (#17726)
+  * Return 400 but not 500 when request archive with wrong format (#17691) (#17700)
+  * Fix bug when read mysql database max lifetime (#17682) (#17690)
+  * Fix database deadlock when update issue labels (#17649) (#17665)
+  * Fix bug on detect issue/comment writer (#17592)
+  * Remove appSubUrl from pasted images (#17572) (#17588)
+  * Make `ParsePatch` more robust (#17573) (#17580)
+  * Fix stats upon searching issues (#17566) (#17578)
+  * Escape issue titles in comments list (#17555) (#17556)
+  * Fix zero created time bug on commit api (#17546) (#17547)
+  * Fix database keyword quote problem on migration v161 (#17522) (#17523)
+  * Fix email with + when active (#17518) (#17520)
+  * Stop double encoding blame commit messages (#17498) (#17500)
+  * Quote the table name in CountOrphanedObjects (#17487) (#17488)
+  * Run Migrate in Install rather than just SyncTables (#17475) (#17486)
+* BUILD
+  * Fix golangci-lint warnings (#17598 et al) (#17668)
+* MISC
+  * Preserve color when inverting emojis (#17797) (#17799)
+
 ## [1.15.6](https://github.com/go-gitea/gitea/releases/tag/v1.15.6) - 2021-10-28
 
 * BUGFIXES

Dockerfile

@@ -66,6 +66,5 @@ CMD ["/bin/s6-svscan", "/etc/s6"]
 COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/environment-to-ini
+RUN chmod 755 /usr/bin/entrypoint /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
 RUN chmod 755 /etc/s6/gitea/* /etc/s6/openssh/* /etc/s6/.s6-svscan/*
-RUN ln -s /app/gitea/gitea /usr/local/bin/gitea

Dockerfile.rootless

@@ -53,9 +53,9 @@ RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea
 
 COPY docker/rootless /
-COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea
+COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/environment-to-ini /usr/local/bin/environment-to-ini
-RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /usr/local/bin/gitea /usr/local/bin/environment-to-ini
+RUN chmod 755 /usr/local/bin/docker-entrypoint.sh /usr/local/bin/docker-setup.sh /app/gitea/gitea /usr/local/bin/gitea /usr/local/bin/environment-to-ini
 
 #git:git
 USER 1000:1000

build/code-batch-process.go

@@ -267,10 +267,10 @@ func main() {
 		logVerbose("batch cmd: %s %v", subCmd, substArgs)
 		switch subCmd {
 		case "gitea-fmt":
-			cmdErrors = append(cmdErrors, passThroughCmd("gofmt", substArgs))
 			if containsString(subArgs, "-w") {
 				cmdErrors = append(cmdErrors, giteaFormatGoImports(files))
 			}
+			cmdErrors = append(cmdErrors, passThroughCmd("gofmt", substArgs))
 		case "misspell":
 			cmdErrors = append(cmdErrors, passThroughCmd("misspell", substArgs))
 		default:

build/generate-images.js

@@ -80,5 +80,5 @@ async function main() {
   ]);
 }
 
-main().then(exit).catch(exit); // eslint-disable-line github/no-then
+main().then(exit).catch(exit);
 

build/generate-svg.js

@@ -54,5 +54,5 @@ async function main() {
   ]);
 }
 
-main().then(exit).catch(exit); // eslint-disable-line github/no-then
+main().then(exit).catch(exit);
 

cmd/admin.go

@@ -14,8 +14,10 @@ import (
 	"text/tabwriter"
 
 	"code.gitea.io/gitea/models"
+	asymkey_model "code.gitea.io/gitea/models/asymkey"
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/models/login"
+	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/graceful"
 	"code.gitea.io/gitea/modules/log"
@@ -297,6 +299,36 @@ var (
 			Name:  "skip-local-2fa",
 			Usage: "Set to true to skip local 2fa for users authenticated by this source",
 		},
+		cli.StringSliceFlag{
+			Name:  "scopes",
+			Value: nil,
+			Usage: "Scopes to request when to authenticate against this OAuth2 source",
+		},
+		cli.StringFlag{
+			Name:  "required-claim-name",
+			Value: "",
+			Usage: "Claim name that has to be set to allow users to login with this source",
+		},
+		cli.StringFlag{
+			Name:  "required-claim-value",
+			Value: "",
+			Usage: "Claim value that has to be set to allow users to login with this source",
+		},
+		cli.StringFlag{
+			Name:  "group-claim-name",
+			Value: "",
+			Usage: "Claim name providing group names for this source",
+		},
+		cli.StringFlag{
+			Name:  "admin-group",
+			Value: "",
+			Usage: "Group Claim value for administrator users",
+		},
+		cli.StringFlag{
+			Name:  "restricted-group",
+			Value: "",
+			Usage: "Group Claim value for restricted users",
+		},
 	}
 
 	microcmdAuthUpdateOauth = cli.Command{
@@ -358,15 +390,15 @@ func runChangePassword(c *cli.Context) error {
 		return errors.New("The password you chose is on a list of stolen passwords previously exposed in public data breaches. Please try again with a different password.\nFor more details, see https://haveibeenpwned.com/Passwords")
 	}
 	uname := c.String("username")
-	user, err := models.GetUserByName(uname)
+	user, err := user_model.GetUserByName(uname)
 	if err != nil {
 		return err
 	}
 	if err = user.SetPassword(c.String("password")); err != nil {
 		return err
 	}
 
-	if err = models.UpdateUserCols(user, "passwd", "passwd_hash_algo", "salt"); err != nil {
+	if err = user_model.UpdateUserCols(db.DefaultContext, user, "passwd", "passwd_hash_algo", "salt"); err != nil {
 		return err
 	}
 
@@ -424,15 +456,15 @@ func runCreateUser(c *cli.Context) error {
 
 	// If this is the first user being created.
 	// Take it as the admin and don't force a password update.
-	if n := models.CountUsers(); n == 0 {
+	if n := user_model.CountUsers(); n == 0 {
 		changePassword = false
 	}
 
 	if c.IsSet("must-change-password") {
 		changePassword = c.Bool("must-change-password")
 	}
 
-	u := &models.User{
+	u := &user_model.User{
 		Name:               username,
 		Email:              c.String("email"),
 		Passwd:             password,
@@ -442,7 +474,7 @@ func runCreateUser(c *cli.Context) error {
 		Theme:              setting.UI.DefaultTheme,
 	}
 
-	if err := models.CreateUser(u); err != nil {
+	if err := user_model.CreateUser(u); err != nil {
 		return fmt.Errorf("CreateUser: %v", err)
 	}
 
@@ -471,7 +503,7 @@ func runListUsers(c *cli.Context) error {
 		return err
 	}
 
-	users, err := models.GetAllUsers()
+	users, err := user_model.GetAllUsers()
 
 	if err != nil {
 		return err
@@ -516,13 +548,13 @@ func runDeleteUser(c *cli.Context) error {
 	}
 
 	var err error
-	var user *models.User
+	var user *user_model.User
 	if c.IsSet("email") {
-		user, err = models.GetUserByEmail(c.String("email"))
+		user, err = user_model.GetUserByEmail(c.String("email"))
 	} else if c.IsSet("username") {
-		user, err = models.GetUserByName(c.String("username"))
+		user, err = user_model.GetUserByName(c.String("username"))
 	} else {
-		user, err = models.GetUserByID(c.Int64("id"))
+		user, err = user_model.GetUserByID(c.Int64("id"))
 	}
 	if err != nil {
 		return err
@@ -624,7 +656,7 @@ func runRegenerateKeys(_ *cli.Context) error {
 	if err := initDB(ctx); err != nil {
 		return err
 	}
-	return models.RewriteAllPublicKeys()
+	return asymkey_model.RewriteAllPublicKeys()
 }
 
 func parseOAuth2Config(c *cli.Context) *oauth2.Source {
@@ -647,6 +679,12 @@ func parseOAuth2Config(c *cli.Context) *oauth2.Source {
 		CustomURLMapping:              customURLMapping,
 		IconURL:                       c.String("icon-url"),
 		SkipLocalTwoFA:                c.Bool("skip-local-2fa"),
+		Scopes:                        c.StringSlice("scopes"),
+		RequiredClaimName:             c.String("required-claim-name"),
+		RequiredClaimValue:            c.String("required-claim-value"),
+		GroupClaimName:                c.String("group-claim-name"),
+		AdminGroup:                    c.String("admin-group"),
+		RestrictedGroup:               c.String("restricted-group"),
 	}
 }
 
@@ -709,6 +747,28 @@ func runUpdateOauth(c *cli.Context) error {
 		oAuth2Config.IconURL = c.String("icon-url")
 	}
 
+	if c.IsSet("scopes") {
+		oAuth2Config.Scopes = c.StringSlice("scopes")
+	}
+
+	if c.IsSet("required-claim-name") {
+		oAuth2Config.RequiredClaimName = c.String("required-claim-name")
+
+	}
+	if c.IsSet("required-claim-value") {
+		oAuth2Config.RequiredClaimValue = c.String("required-claim-value")
+	}
+
+	if c.IsSet("group-claim-name") {
+		oAuth2Config.GroupClaimName = c.String("group-claim-name")
+	}
+	if c.IsSet("admin-group") {
+		oAuth2Config.AdminGroup = c.String("admin-group")
+	}
+	if c.IsSet("restricted-group") {
+		oAuth2Config.RestrictedGroup = c.String("restricted-group")
+	}
+
 	// update custom URL mapping
 	var customURLMapping = &oauth2.CustomURLMapping{}
 

cmd/cmd.go

@@ -16,6 +16,7 @@ import (
 	"syscall"
 
 	"code.gitea.io/gitea/models/db"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
 
@@ -57,15 +58,17 @@ func confirm() (bool, error) {
 }
 
 func initDB(ctx context.Context) error {
-	return initDBDisableConsole(ctx, false)
-}
-
-func initDBDisableConsole(ctx context.Context, disableConsole bool) error {
-	setting.NewContext()
+	setting.LoadFromExisting()
 	setting.InitDBConfig()
-	setting.NewXORMLogService(disableConsole)
+	setting.NewXORMLogService(false)
+
+	if setting.Database.Type == "" {
+		log.Fatal(`Database settings are missing from the configuration file: %q.
+Ensure you are running in the correct environment or set the correct configuration file with -c.
+If this is the intended configuration file complete the [database] section.`, setting.CustomConf)
+	}
 	if err := db.InitEngine(ctx); err != nil {
-		return fmt.Errorf("models.SetEngine: %v", err)
+		return fmt.Errorf("unable to initialise the database using the configuration in %q. Error: %v", setting.CustomConf, err)
 	}
 	return nil
 }

cmd/convert.go

@@ -35,7 +35,6 @@ func runConvert(ctx *cli.Context) error {
 	log.Info("Custom path: %s", setting.CustomPath)
 	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
-	setting.InitDBConfig()
 
 	if !setting.Database.UseMySQL {
 		fmt.Println("This command can only be used with a MySQL database")

cmd/doctor.go

@@ -87,7 +87,7 @@ func runRecreateTable(ctx *cli.Context) error {
 	golog.SetPrefix("")
 	golog.SetOutput(log.NewLoggerAsWriter("INFO", log.GetLogger(log.DEFAULT)))
 
-	setting.NewContext()
+	setting.LoadFromExisting()
 	setting.InitDBConfig()
 
 	setting.EnableXORMLog = ctx.Bool("debug")

cmd/dump.go

@@ -159,7 +159,8 @@ func runDump(ctx *cli.Context) error {
 			fatal("Deleting default logger failed. Can not write to stdout: %v", err)
 		}
 	}
-	setting.NewContext()
+	setting.LoadFromExisting()
+
 	// make sure we are logging to the console no matter what the configuration tells us do to
 	if _, err := setting.Cfg.Section("log").NewKey("MODE", "console"); err != nil {
 		fatal("Setting logging mode to console failed: %v", err)

cmd/dump_repo.go

@@ -88,7 +88,6 @@ func runDumpRepository(ctx *cli.Context) error {
 	log.Info("Custom path: %s", setting.CustomPath)
 	log.Info("Log path: %s", setting.LogRootPath)
 	log.Info("Configuration file: %s", setting.CustomConf)
-	setting.InitDBConfig()
 
 	var (
 		serviceType structs.GitServiceType

cmd/embedded.go

@@ -115,7 +115,7 @@ func initEmbeddedExtractor(c *cli.Context) error {
 	log.DelNamedLogger(log.DEFAULT)
 
 	// Read configuration file
-	setting.NewContext()
+	setting.LoadAllowEmpty()
 
 	pats, err := getPatterns(c.Args())
 	if err != nil {

cmd/hook.go

@@ -309,7 +309,7 @@ func runHookPostReceive(c *cli.Context) error {
 	defer cancel()
 
 	// First of all run update-server-info no matter what
-	if _, err := git.NewCommand("update-server-info").SetParentContext(ctx).Run(); err != nil {
+	if _, err := git.NewCommandContext(ctx, "update-server-info").Run(); err != nil {
 		return fmt.Errorf("Failed to call 'git update-server-info': %v", err)
 	}