Merge branch 'release/v1.10' of git://github.com/go-gitea/gitea into wild/v1.10

Author: aswild

integrations/signup_test.go

@@ -19,8 +19,8 @@ func TestSignup(t *testing.T) {
 	req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
 		"user_name": "exampleUser",
 		"email":     "[email protected]",
-		"password":  "examplePassword",
-		"retype":    "examplePassword",
+		"password":  "examplePassword!1",
+		"retype":    "examplePassword!1",
 	})
 	MakeRequest(t, req, http.StatusFound)
 

models/ssh_key.go

@@ -107,7 +107,7 @@ func parseKeyString(content string) (string, error) {
 
 	var keyType, keyContent, keyComment string
 
-	if content[:len(ssh2keyStart)] == ssh2keyStart {
+	if strings.HasPrefix(content, ssh2keyStart) {
 		// Parse SSH2 file format.
 
 		// Transform all legal line endings to a single "\n".

models/ssh_key_test.go

@@ -131,6 +131,19 @@ AAAAC3NzaC1lZDI1NTE5AAAAICV0MGX/W9IvLA4FXpIuUcdDcbj5KX4syHgsTy7soVgf
 		_, err := CheckPublicKeyString(test.content)
 		assert.NoError(t, err)
 	}
+
+	for _, invalidKeys := range []struct {
+		content string
+	}{
+		{"test"},
+		{"---- NOT A REAL KEY ----"},
+		{"bad\nkey"},
+		{"\t\t:)\t\r\n"},
+		{"\r\ntest \r\ngitea\r\n\r\n"},
+	} {
+		_, err := CheckPublicKeyString(invalidKeys.content)
+		assert.Error(t, err)
+	}
 }
 
 func Test_calcFingerprint(t *testing.T) {

modules/migrations/gitea.go

@@ -252,27 +252,30 @@ func (g *GiteaLocalUploader) CreateReleases(releases ...*base.Release) error {
 			}
 
 			// download attachment
-			resp, err := http.Get(asset.URL)
-			if err != nil {
-				return err
-			}
-			defer resp.Body.Close()
+			err = func() error {
+				resp, err := http.Get(asset.URL)
+				if err != nil {
+					return err
+				}
+				defer resp.Body.Close()
 
-			localPath := attach.LocalPath()
-			if err = os.MkdirAll(path.Dir(localPath), os.ModePerm); err != nil {
-				return fmt.Errorf("MkdirAll: %v", err)
-			}
+				localPath := attach.LocalPath()
+				if err = os.MkdirAll(path.Dir(localPath), os.ModePerm); err != nil {
+					return fmt.Errorf("MkdirAll: %v", err)
+				}
 
-			fw, err := os.Create(localPath)
-			if err != nil {
-				return fmt.Errorf("Create: %v", err)
-			}
-			defer fw.Close()
+				fw, err := os.Create(localPath)
+				if err != nil {
+					return fmt.Errorf("Create: %v", err)
+				}
+				defer fw.Close()
 
-			if _, err := io.Copy(fw, resp.Body); err != nil {
+				_, err = io.Copy(fw, resp.Body)
+				return err
+			}()
+			if err != nil {
 				return err
 			}
-
 			rel.Attachments = append(rel.Attachments, &attach)
 		}
 
@@ -468,21 +471,24 @@ func (g *GiteaLocalUploader) newPullRequest(pr *base.PullRequest) (*models.PullR
 	}
 
 	// download patch file
-	resp, err := http.Get(pr.PatchURL)
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-	pullDir := filepath.Join(g.repo.RepoPath(), "pulls")
-	if err = os.MkdirAll(pullDir, os.ModePerm); err != nil {
-		return nil, err
-	}
-	f, err := os.Create(filepath.Join(pullDir, fmt.Sprintf("%d.patch", pr.Number)))
-	if err != nil {
-		return nil, err
-	}
-	defer f.Close()
-	_, err = io.Copy(f, resp.Body)
+	err := func() error {
+		resp, err := http.Get(pr.PatchURL)
+		if err != nil {
+			return err
+		}
+		defer resp.Body.Close()
+		pullDir := filepath.Join(g.repo.RepoPath(), "pulls")
+		if err = os.MkdirAll(pullDir, os.ModePerm); err != nil {
+			return err
+		}
+		f, err := os.Create(filepath.Join(pullDir, fmt.Sprintf("%d.patch", pr.Number)))
+		if err != nil {
+			return err
+		}
+		defer f.Close()
+		_, err = io.Copy(f, resp.Body)
+		return err
+	}()
 	if err != nil {
 		return nil, err
 	}
@@ -496,8 +502,8 @@ func (g *GiteaLocalUploader) newPullRequest(pr *base.PullRequest) (*models.PullR
 	if err != nil {
 		return nil, err
 	}
-	defer p.Close()
 	_, err = p.WriteString(pr.Head.SHA)
+	p.Close()
 	if err != nil {
 		return nil, err
 	}
@@ -531,8 +537,8 @@ func (g *GiteaLocalUploader) newPullRequest(pr *base.PullRequest) (*models.PullR
 					if err != nil {
 						return nil, err
 					}
-					defer b.Close()
 					_, err = b.WriteString(pr.Head.SHA)
+					b.Close()
 					if err != nil {
 						return nil, err
 					}

modules/templates/helper.go

@@ -19,6 +19,7 @@ import (
 	"runtime"
 	"strings"
 	"time"
+	"unicode"
 
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
@@ -331,34 +332,46 @@ func RenderCommitMessageLink(msg, urlPrefix, urlDefault string, metas map[string
 // RenderCommitMessageLinkSubject renders commit message as a XXS-safe link to
 // the provided default url, handling for special links without email to links.
 func RenderCommitMessageLinkSubject(msg, urlPrefix, urlDefault string, metas map[string]string) template.HTML {
-	cleanMsg := template.HTMLEscapeString(msg)
+	msgLine := strings.TrimLeftFunc(msg, unicode.IsSpace)
+	lineEnd := strings.IndexByte(msgLine, '\n')
+	if lineEnd > 0 {
+		msgLine = msgLine[:lineEnd]
+	}
+	msgLine = strings.TrimRightFunc(msgLine, unicode.IsSpace)
+	if len(msgLine) == 0 {
+		return template.HTML("")
+	}
+
 	// we can safely assume that it will not return any error, since there
 	// shouldn't be any special HTML.
-	fullMessage, err := markup.RenderCommitMessageSubject([]byte(cleanMsg), urlPrefix, urlDefault, metas)
+	renderedMessage, err := markup.RenderCommitMessageSubject([]byte(template.HTMLEscapeString(msgLine)), urlPrefix, urlDefault, metas)
 	if err != nil {
 		log.Error("RenderCommitMessageSubject: %v", err)
-		return ""
-	}
-	msgLines := strings.Split(strings.TrimSpace(string(fullMessage)), "\n")
-	if len(msgLines) == 0 {
 		return template.HTML("")
 	}
-	return template.HTML(msgLines[0])
+	return template.HTML(renderedMessage)
 }
 
 // RenderCommitBody extracts the body of a commit message without its title.
 func RenderCommitBody(msg, urlPrefix string, metas map[string]string) template.HTML {
-	cleanMsg := template.HTMLEscapeString(msg)
-	fullMessage, err := markup.RenderCommitMessage([]byte(cleanMsg), urlPrefix, "", metas)
+	msgLine := strings.TrimRightFunc(msg, unicode.IsSpace)
+	lineEnd := strings.IndexByte(msgLine, '\n')
+	if lineEnd > 0 {
+		msgLine = msgLine[lineEnd+1:]
+	} else {
+		return template.HTML("")
+	}
+	msgLine = strings.TrimLeftFunc(msgLine, unicode.IsSpace)
+	if len(msgLine) == 0 {
+		return template.HTML("")
+	}
+
+	renderedMessage, err := markup.RenderCommitMessage([]byte(template.HTMLEscapeString(msgLine)), urlPrefix, "", metas)
 	if err != nil {
 		log.Error("RenderCommitMessage: %v", err)
 		return ""
 	}
-	body := strings.Split(strings.TrimSpace(string(fullMessage)), "\n")
-	if len(body) == 0 {
-		return template.HTML("")
-	}
-	return template.HTML(strings.Join(body[1:], "\n"))
+	return template.HTML(renderedMessage)
 }
 
 // RenderNote renders the contents of a git-notes file as a commit message.

public/js/index.js

@@ -2875,7 +2875,8 @@ function initFilterBranchTagDropdown(selector) {
     });
 }
 
-$(".commit-button").click(function() {
+$(".commit-button").click(function(e) {
+    e.preventDefault();
     $(this).parent().find('.commit-body').toggle();
 });
 

routers/admin/users.go

@@ -79,12 +79,11 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) {
 	}
 
 	u := &models.User{
-		Name:               form.UserName,
-		Email:              form.Email,
-		Passwd:             form.Password,
-		IsActive:           true,
-		LoginType:          models.LoginPlain,
-		MustChangePassword: form.MustChangePassword,
+		Name:      form.UserName,
+		Email:     form.Email,
+		Passwd:    form.Password,
+		IsActive:  true,
+		LoginType: models.LoginPlain,
 	}
 
 	if len(form.LoginType) > 0 {
@@ -95,9 +94,12 @@ func NewUserPost(ctx *context.Context, form auth.AdminCreateUserForm) {
 			u.LoginName = form.LoginName
 		}
 	}
-	if !password.IsComplexEnough(form.Password) {
-		ctx.RenderWithErr(ctx.Tr("form.password_complexity"), tplUserNew, &form)
-		return
+	if u.LoginType == models.LoginPlain {
+		if !password.IsComplexEnough(form.Password) {
+			ctx.RenderWithErr(ctx.Tr("form.password_complexity"), tplUserNew, &form)
+			return
+		}
+		u.MustChangePassword = form.MustChangePassword
 	}
 	if err := models.CreateUser(u); err != nil {
 		switch {

routers/user/auth.go

@@ -707,7 +707,7 @@ func oAuth2UserLoginCallback(loginSource *models.LoginSource, request *http.Requ
 
 // LinkAccount shows the page where the user can decide to login or create a new account
 func LinkAccount(ctx *context.Context) {
-	ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationCaptcha || setting.Service.AllowOnlyExternalRegistration
+	ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationPassword || setting.Service.AllowOnlyExternalRegistration
 	ctx.Data["Title"] = ctx.Tr("link_account")
 	ctx.Data["LinkAccountMode"] = true
 	ctx.Data["EnableCaptcha"] = setting.Service.EnableCaptcha && setting.Service.RequireExternalRegistrationCaptcha
@@ -757,7 +757,7 @@ func LinkAccount(ctx *context.Context) {
 
 // LinkAccountPostSignIn handle the coupling of external account with another account using signIn
 func LinkAccountPostSignIn(ctx *context.Context, signInForm auth.SignInForm) {
-	ctx.Data["DisablePassword"] = setting.Service.AllowOnlyExternalRegistration
+	ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationPassword || setting.Service.AllowOnlyExternalRegistration
 	ctx.Data["Title"] = ctx.Tr("link_account")
 	ctx.Data["LinkAccountMode"] = true
 	ctx.Data["LinkAccountModeSignIn"] = true
@@ -840,7 +840,7 @@ func LinkAccountPostSignIn(ctx *context.Context, signInForm auth.SignInForm) {
 func LinkAccountPostRegister(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterForm) {
 	// TODO Make insecure passwords optional for local accounts also,
 	//      once email-based Second-Factor Auth is available
-	ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationCaptcha || setting.Service.AllowOnlyExternalRegistration
+	ctx.Data["DisablePassword"] = !setting.Service.RequireExternalRegistrationPassword || setting.Service.AllowOnlyExternalRegistration
 	ctx.Data["Title"] = ctx.Tr("link_account")
 	ctx.Data["LinkAccountMode"] = true
 	ctx.Data["LinkAccountModeRegister"] = true
@@ -1070,6 +1070,11 @@ func SignUpPost(ctx *context.Context, cpt *captcha.Captcha, form auth.RegisterFo
 		ctx.RenderWithErr(ctx.Tr("auth.password_too_short", setting.MinPasswordLength), tplSignUp, &form)
 		return
 	}
+	if !password.IsComplexEnough(form.Password) {
+		ctx.Data["Err_Password"] = true
+		ctx.RenderWithErr(ctx.Tr("form.password_complexity"), tplSignUp, &form)
+		return
+	}
 
 	u := &models.User{
 		Name:     form.UserName,

templates/admin/user/new.tmpl

@@ -42,7 +42,7 @@
 					<input id="password" name="password" type="password" value="{{.password}}" {{if eq .login_type "0-0"}}required{{end}}>
 				</div>
 
-				<div class="inline field">
+				<div class="inline field local{{if ne .login_type "0-0"}} hide{{end}}">
 					<div class="ui checkbox">
 						<label><strong>{{.i18n.Tr "auth.allow_password_change" }}</strong></label>
 						<input name="must_change_password" type="checkbox" checked>

templates/repo/issue/view_content.tmpl

@@ -22,7 +22,7 @@
 				<div class="content">
 					<div class="ui top attached header">
 					{{if .Issue.OriginalAuthor }}
-						<span class="text black"><i class="fa {{MigrationIcon .Repository.GetOriginalURLHostname}}" aria-hidden="true"></i> {{ .Issue.OriginalAuthor }}</span><span class="text grey"> {{.i18n.Tr "repo.issues.commented_at" .Issue.HashTag $createdStr | Safe}}<span> <span class="text migrate">{{if .Repository.OriginalURL}} ({{$.i18n.Tr "repo.migrated_from" .Repository.OriginalURL .Repository.GetOriginalURLHostname | Safe }}){{end}}</span>
+						<span class="text black"><i class="fa {{MigrationIcon .Repository.GetOriginalURLHostname}}" aria-hidden="true"></i> {{ .Issue.OriginalAuthor }}</span><span class="text grey"> {{.i18n.Tr "repo.issues.commented_at" .Issue.HashTag $createdStr | Safe}}</span> <span class="text migrate">{{if .Repository.OriginalURL}} ({{$.i18n.Tr "repo.migrated_from" .Repository.OriginalURL .Repository.GetOriginalURLHostname | Safe }}){{end}}</span>
 					{{else}}
 						<span class="text grey"><a {{if gt .Issue.Poster.ID 0}}href="{{.Issue.Poster.HomeLink}}"{{end}}>{{.Issue.Poster.GetDisplayName}}</a> {{.i18n.Tr "repo.issues.commented_at" .Issue.HashTag $createdStr | Safe}}</span>
 					{{end}}