Skip to content

Commit

Permalink
Merge branch 'main' of https://github.com/go-gitea/gitea
Browse files Browse the repository at this point in the history
* 'main' of https://github.com/go-gitea/gitea:
  show pull link for agit pull request also (go-gitea#18235)
  [skip ci] Updated translations via Crowdin
  Add some .ignore entries (go-gitea#18296)
  Remove unneeded debug messages to stdout. (go-gitea#18298)
  Handle missing default branch better in owner/repo/branches page (go-gitea#18290)
  Revert "Prevent possible XSS when using jQuery (go-gitea#18289)" (go-gitea#18293)
  not show double error response in git hook (go-gitea#18292)
  Remove accidental debugging in blob_excerpt.tmpl (go-gitea#18287)
  Prevent possible XSS when using jQuery (go-gitea#18289)
  Return nicer error if trying to pull from non-existent user (go-gitea#18288)
  [skip ci] Updated translations via Crowdin
  docs: mention client_max_body_size affects LFS (go-gitea#18291)
  Add lockfile-check (go-gitea#18285)
  Webauthn nits (go-gitea#18284)
  • Loading branch information
zjjhot committed Jan 17, 2022
2 parents 6a2d9b0 + 43a22c6 commit 0fae813
Show file tree
Hide file tree
Showing 48 changed files with 247 additions and 576 deletions.
7 changes: 5 additions & 2 deletions .ignore
Original file line number Diff line number Diff line change
@@ -1,5 +1,8 @@
/vendor
/public/vendor/plugins
*.min.css
*.min.js
/modules/options/bindata.go
/modules/public/bindata.go
/modules/templates/bindata.go
/public/vendor/plugins
/vendor
node_modules
13 changes: 12 additions & 1 deletion Makefile
Original file line number Diff line number Diff line change
Expand Up @@ -292,7 +292,7 @@ fmt-check:
checks: checks-frontend checks-backend

.PHONY: checks-frontend
checks-frontend: svg-check
checks-frontend: lockfile-check svg-check

.PHONY: checks-backend
checks-backend: swagger-check swagger-validate
Expand Down Expand Up @@ -700,6 +700,17 @@ svg-check: svg
exit 1; \
fi

.PHONY: lockfile-check
lockfile-check:
npm install --package-lock-only
@diff=$$(git diff package-lock.json); \
if [ -n "$$diff" ]; then \
echo "package-lock.json is inconsistent with package.json"; \
echo "Please run 'npm install --package-lock-only' and commit the result:"; \
echo "$${diff}"; \
exit 1; \
fi

.PHONY: update-translations
update-translations:
mkdir -p ./translations
Expand Down
2 changes: 1 addition & 1 deletion cmd/serv.go
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ func fail(userMessage, logMessage string, args ...interface{}) error {
if len(logMessage) > 0 {
_ = private.SSHLog(ctx, true, fmt.Sprintf(logMessage+": ", args...))
}
return cli.NewExitError(fmt.Sprintf("Gitea: %s", userMessage), 1)
return cli.NewExitError("", 1)
}

func runServ(c *cli.Context) error {
Expand Down
1 change: 1 addition & 0 deletions docs/content/doc/usage/reverse-proxies.en-us.md
Original file line number Diff line number Diff line change
Expand Up @@ -128,6 +128,7 @@ This error indicates nginx is configured to restrict the file upload size.

In your nginx config file containing your Gitea proxy directive, find the `location { ... }` block for Gitea and add the line
`client_max_body_size 16M;` to set this limit to 16 megabytes or any other number of choice.
If you use Git LFS, this will also limit the size of the largest file you will be able to push.


## Apache HTTPD
Expand Down
14 changes: 7 additions & 7 deletions models/auth/webauthn.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ package auth

import (
"context"
"encoding/base64"
"encoding/base32"
"fmt"
"strings"

Expand Down Expand Up @@ -94,7 +94,7 @@ type WebAuthnCredentialList []*WebAuthnCredential
func (list WebAuthnCredentialList) ToCredentials() []webauthn.Credential {
creds := make([]webauthn.Credential, 0, len(list))
for _, cred := range list {
credID, _ := base64.RawStdEncoding.DecodeString(cred.CredentialID)
credID, _ := base32.HexEncoding.DecodeString(cred.CredentialID)
creds = append(creds, webauthn.Credential{
ID: credID,
PublicKey: cred.PublicKey,
Expand Down Expand Up @@ -164,13 +164,13 @@ func HasWebAuthnRegistrationsByUID(uid int64) (bool, error) {
}

// GetWebAuthnCredentialByCredID returns WebAuthn credential by credential ID
func GetWebAuthnCredentialByCredID(credID string) (*WebAuthnCredential, error) {
return getWebAuthnCredentialByCredID(db.DefaultContext, credID)
func GetWebAuthnCredentialByCredID(userID int64, credID string) (*WebAuthnCredential, error) {
return getWebAuthnCredentialByCredID(db.DefaultContext, userID, credID)
}

func getWebAuthnCredentialByCredID(ctx context.Context, credID string) (*WebAuthnCredential, error) {
func getWebAuthnCredentialByCredID(ctx context.Context, userID int64, credID string) (*WebAuthnCredential, error) {
cred := new(WebAuthnCredential)
if found, err := db.GetEngine(ctx).Where("credential_id = ?", credID).Get(cred); err != nil {
if found, err := db.GetEngine(ctx).Where("user_id = ? AND credential_id = ?", userID, credID).Get(cred); err != nil {
return nil, err
} else if !found {
return nil, ErrWebAuthnCredentialNotExist{CredentialID: credID}
Expand All @@ -187,7 +187,7 @@ func createCredential(ctx context.Context, userID int64, name string, cred *weba
c := &WebAuthnCredential{
UserID: userID,
Name: name,
CredentialID: base64.RawStdEncoding.EncodeToString(cred.ID),
CredentialID: base32.HexEncoding.EncodeToString(cred.ID),
PublicKey: cred.PublicKey,
AttestationType: cred.AttestationType,
AAGUID: cred.Authenticator.AAGUID,
Expand Down
4 changes: 2 additions & 2 deletions models/auth/webauthn_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
package auth

import (
"encoding/base64"
"encoding/base32"
"testing"

"code.gitea.io/gitea/models/unittest"
Expand Down Expand Up @@ -61,7 +61,7 @@ func TestCreateCredential(t *testing.T) {
res, err := CreateCredential(1, "WebAuthn Created Credential", &webauthn.Credential{ID: []byte("Test")})
assert.NoError(t, err)
assert.Equal(t, "WebAuthn Created Credential", res.Name)
bs, err := base64.RawStdEncoding.DecodeString(res.CredentialID)
bs, err := base32.HexEncoding.DecodeString(res.CredentialID)
assert.NoError(t, err)
assert.Equal(t, []byte("Test"), bs)

Expand Down
2 changes: 2 additions & 0 deletions models/migrations/migrations.go
Original file line number Diff line number Diff line change
Expand Up @@ -368,6 +368,8 @@ var migrations = []Migration{
NewMigration("Add authorize column to team_unit table", addAuthorizeColForTeamUnit),
// v207 -> v208
NewMigration("Add webauthn table and migrate u2f data to webauthn", addWebAuthnCred),
// v208 -> v209
NewMigration("Use base32.HexEncoding instead of base64 encoding for cred ID as it is case insensitive", useBase32HexForCredIDInWebAuthnCredential),
}

// GetCurrentDBVersion returns the current db version
Expand Down
51 changes: 51 additions & 0 deletions models/migrations/v208.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
// Copyright 2021 The Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.

package migrations

import (
"encoding/base32"
"encoding/base64"

"xorm.io/xorm"
)

func useBase32HexForCredIDInWebAuthnCredential(x *xorm.Engine) error {

// Create webauthnCredential table
type webauthnCredential struct {
ID int64 `xorm:"pk autoincr"`
CredentialID string `xorm:"INDEX"`
}
if err := x.Sync2(&webauthnCredential{}); err != nil {
return err
}

var start int
regs := make([]*webauthnCredential, 0, 50)
for {
err := x.OrderBy("id").Limit(50, start).Find(&regs)
if err != nil {
return err
}

for _, reg := range regs {
credID, _ := base64.RawStdEncoding.DecodeString(reg.CredentialID)
reg.CredentialID = base32.HexEncoding.EncodeToString(credID)

_, err := x.Update(reg)
if err != nil {
return err
}
}

if len(regs) < 50 {
break
}
start += 50
regs = regs[:0]
}

return nil
}
4 changes: 0 additions & 4 deletions modules/markup/common/footnote.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ package common
import (
"bytes"
"fmt"
"os"
"strconv"
"unicode"

Expand Down Expand Up @@ -415,7 +414,6 @@ func (r *FootnoteHTMLRenderer) RegisterFuncs(reg renderer.NodeRendererFuncRegist
func (r *FootnoteHTMLRenderer) renderFootnoteLink(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
if entering {
n := node.(*FootnoteLink)
n.Dump(source, 0)
is := strconv.Itoa(n.Index)
_, _ = w.WriteString(`<sup id="fnref:`)
_, _ = w.Write(n.Name)
Expand All @@ -431,7 +429,6 @@ func (r *FootnoteHTMLRenderer) renderFootnoteLink(w util.BufWriter, source []byt
func (r *FootnoteHTMLRenderer) renderFootnoteBackLink(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
if entering {
n := node.(*FootnoteBackLink)
fmt.Fprintf(os.Stdout, "source:\n%s\n", string(n.Text(source)))
_, _ = w.WriteString(` <a href="#fnref:`)
_, _ = w.Write(n.Name)
_, _ = w.WriteString(`" class="footnote-backref" role="doc-backlink">`)
Expand All @@ -444,7 +441,6 @@ func (r *FootnoteHTMLRenderer) renderFootnoteBackLink(w util.BufWriter, source [
func (r *FootnoteHTMLRenderer) renderFootnote(w util.BufWriter, source []byte, node ast.Node, entering bool) (ast.WalkStatus, error) {
n := node.(*Footnote)
if entering {
fmt.Fprintf(os.Stdout, "source:\n%s\n", string(n.Text(source)))
_, _ = w.WriteString(`<li id="fn:`)
_, _ = w.Write(n.Name)
_, _ = w.WriteString(`" role="doc-endnote"`)
Expand Down
15 changes: 0 additions & 15 deletions options/locale/locale_bg-BG.ini
Original file line number Diff line number Diff line change
Expand Up @@ -29,18 +29,6 @@ twofa=Двуфакторно удостоверяване
twofa_scratch=Двуфакторен скреч код
passcode=Секретен код

u2f_insert_key=Въведете защитен ключ
u2f_sign_in=Натиснете бутона на вашия ключ за сигурност. Ако вашият ключ няма бутон, го изключете и включете отново.
u2f_press_button=Моля, натиснете бутона на вашия ключ…
u2f_use_twofa=Използвате двуфакторен код от телефона си
u2f_error=Вашият ключ за сигурност не може да бъде разпознат.
u2f_unsupported_browser=Вашият браузър не поддържа U2F ключове за сигурност.
u2f_error_1=Възникна грешка. Моля опитайте отново.
u2f_error_2=Моля, уверете се че използвате правилен, шифрован (https://) URL.
u2f_error_3=Сървърът не може да обработи заявката ви.
u2f_error_4=Ключът за сигурност не е одобрен за тази заявка. Моля, уверете се, че ключът не е вече регистриран.
u2f_error_5=Изтекло е вречето за разпознаване на ключа. Презаредете страницата и опитайте отново.
u2f_reload=Презареди

repository=Хранилище
organization=Организация
Expand Down Expand Up @@ -376,7 +364,6 @@ twofa=Двуфакторно удостоверяване
account_link=Свързани акаунти
organization=Организации
uid=UID
u2f=Ключове за сигурност

public_profile=Публичен профил
profile_desc=Вашият имейл адрес ще се използва за изпращане на уведомления и други операции.
Expand Down Expand Up @@ -477,8 +464,6 @@ or_enter_secret=Или въведете този ключ: %s
then_enter_passcode=И въведете кодът, показан в приложението:
passcode_invalid=Този код е невалиден. Опитайте отново.

u2f_register_key=Добавяне на ключ за сигурност
u2f_nickname=Псевдоним



Expand Down
19 changes: 0 additions & 19 deletions options/locale/locale_cs-CZ.ini
Original file line number Diff line number Diff line change
Expand Up @@ -34,18 +34,6 @@ twofa=Dvoufaktorové ověřování
twofa_scratch=Dvoufaktorový pomocný kód
passcode=Přístupový kód

u2f_insert_key=Vložte bezpečnostní klíč
u2f_sign_in=Stiskněte tlačítko na svém zabezpečovacím klíči. Pokud zabezpečovací klíč nemá žádné tlačítko, vložte jej znovu.
u2f_press_button=Stiskněte prosím tlačítko na zabezpečovacím klíči…
u2f_use_twofa=Použít dvoufaktorový kód z vašeho telefonu
u2f_error=Nepodařilo se přečíst váš zabezpečovací klíč.
u2f_unsupported_browser=Váš prohlížeč nepodporuje U2F zabezpečovací klíče.
u2f_error_1=Došlo k neznámé chybě. Opakujte akci.
u2f_error_2=Přesvědčte se, zda používáte správné šifrované (https://) URL.
u2f_error_3=Server nemohl zpracovat váš požadavek.
u2f_error_4=Zabezpečovací klíč není pro tento požadavek povolen. Prosím ujistěte se, zda klíč není již registrován.
u2f_error_5=Požadavek vypršel dříve, než se podařilo přečíst váš klíč. Znovu načtěte tuto stránku a akci opakujte.
u2f_reload=Znovu načíst

repository=Repozitář
organization=Organizace
Expand Down Expand Up @@ -481,7 +469,6 @@ twofa=Dvoufaktorové ověřování
account_link=Propojené účty
organization=Organizace
uid=UID
u2f=Bezpečnostní klíče

public_profile=Veřejný profil
biography_placeholder=Řekněte nám něco o sobě
Expand Down Expand Up @@ -684,12 +671,6 @@ passcode_invalid=Přístupový kód není platný. Zkuste to znovu.
twofa_enrolled=Ve vašem účtu bylo povoleno dvoufaktorové ověřování. Uložte si pomocný token (%s) na bezpečném místě, protože bude zobrazen pouze jednou!
twofa_failed_get_secret=Nepodařilo se získat tajemství.

u2f_desc=Bezpečnostní klíče jsou hardwarová zařízení obsahující kryptografické klíče. Mohou být použity pro dvoufaktorové ověřování. Bezpečnostní klíče musí podporovat <a rel="noreferrer" href="https://fidoalliance.org/">FIDO U2F</a> standard.
u2f_register_key=Přidat bezpečnostní klíč
u2f_nickname=Přezdívka
u2f_press_button=Stiskněte tlačítko na vašem bezpečnostním klíči pro jeho registraci.
u2f_delete_key=Odebrat bezpečnostní klíč
u2f_delete_key_desc=Pokud odstraníte bezpečnostní klíč, již se s ním nebudete moci přihlásit. Pokračovat?

manage_account_links=Správa propojených účtů
manage_account_links_desc=Tyto externí účty jsou propojeny s vaším Gitea účtem.
Expand Down
19 changes: 0 additions & 19 deletions options/locale/locale_de-DE.ini
Original file line number Diff line number Diff line change
Expand Up @@ -34,18 +34,6 @@ twofa=Zwei-Faktor-Authentifizierung
twofa_scratch=Zwei-Faktor-Einmalpasswort
passcode=PIN

u2f_insert_key=Hardware-Sicherheitsschlüssel einstecken
u2f_sign_in=Drücke den Knopf auf deinem Sicherheitsschlüssel. Wenn dein Sicherheitsschlüssel keinen Knopf hat, stecke ihn erneut ein.
u2f_press_button=Drücke den Knopf auf deinem Sicherheitsschlüssel…
u2f_use_twofa=Zwei-Faktor-Authentifizierung via Handy verwenden
u2f_error=Dein Sicherheitsschlüssel konnte nicht gelesen werden.
u2f_unsupported_browser=Dein Browser unterstützt keine U2F-Sicherheitsschlüssel.
u2f_error_1=Ein unbekannter Fehler ist aufgetreten. Bitte versuche es erneut.
u2f_error_2=Bitte stell sicher, dass die korrekte verschlüsselte URL benutzt wird (https://).
u2f_error_3=Der Server konnte deine Anfrage nicht bearbeiten.
u2f_error_4=Für diese Anfrage ist der Sicherheitsschlüssel nicht erlaubt. Bitte stell sicher, dass er nicht bereits registriert ist.
u2f_error_5=Das Zeitlimit wurde erreicht, bevor dein Schlüssel gelesen werden konnte. Bitte lade die Seite erneut.
u2f_reload=Neu laden

repository=Repository
organization=Organisation
Expand Down Expand Up @@ -506,7 +494,6 @@ twofa=Zwei-Faktor-Authentifizierung
account_link=Verknüpfte Benutzerkonten
organization=Organisationen
uid=Uid
u2f=Hardware-Sicherheitsschlüssel

public_profile=Öffentliches Profil
biography_placeholder=Erzähle uns noch ein bisschen über dich
Expand Down Expand Up @@ -715,12 +702,6 @@ passcode_invalid=Die PIN ist falsch. Probiere es erneut.
twofa_enrolled=Die Zwei-Faktor-Authentifizierung wurde für dein Konto aktiviert. Bewahre dein Einmalpasswort (%s) an einem sicheren Ort auf, da es nicht wieder angezeigt werden wird.
twofa_failed_get_secret=Fehler beim Abrufen des Secrets.
u2f_desc=Sicherheitsschlüssel sind Geräte, die kryptografische Schlüssel beeinhalten. Diese können für die Zwei-Faktor-Authentifizierung verwendet werden. Der Sicherheitsschlüssel muss den Standard „<a href="https://fidoalliance.org/">FIDO U2F</a>“ unterstützen.
u2f_register_key=Sicherheitsschlüssel hinzufügen
u2f_nickname=Nickname
u2f_press_button=Drücke den Knopf auf deinem Sicherheitsschlüssel, um diesen zu registrieren.
u2f_delete_key=Sicherheitsschlüssel entfernen
u2f_delete_key_desc=Wenn du einen Sicherheitsschlüssel entfernst, kannst du dich nicht mehr mit ihm anmelden. Fortfahren?
manage_account_links=Verknüpfte Accounts verwalten
manage_account_links_desc=Diese externen Accounts sind mit deinem Gitea-Account verknüpft.
Expand Down
19 changes: 0 additions & 19 deletions options/locale/locale_el-GR.ini
Original file line number Diff line number Diff line change
Expand Up @@ -34,18 +34,6 @@ twofa=Έλεγχος Ταυτότητας Δύο Παραγόντων
twofa_scratch=Κωδικός Μίας Χρήσης Δύο Παραγόντων
passcode=Κωδικός

u2f_insert_key=Εισάγετε το κλειδί ασφαλείας σας
u2f_sign_in=Πατήστε το κουμπί στο κλειδί ασφαλείας. Αν το κλειδί ασφαλείας σας δεν έχει κουμπί, τοποθετήστε το ξανά.
u2f_press_button=Πατήστε το κουμπί στο κλειδί ασφαλείας…
u2f_use_twofa=Χρήση ενός κωδικού δύο παραγόντων από το τηλέφωνό σας
u2f_error=Αδυναμία ανάγνωσης του κλειδιού ασφαλείας.
u2f_unsupported_browser=Ο περιηγητής (browser) σας δεν υποστηρίζει κλειδιά ασφαλείας U2F.
u2f_error_1=Συνέβη ένα άγνωστο σφάλμα. Παρακαλώ προσπαθήστε ξανά.
u2f_error_2=Βεβαιωθείτε ότι χρησιμοποιείτε το σωστό, κρυπτογραφημένο (https://) URL.
u2f_error_3=Ο διακομιστής δεν μπόρεσε να επεξεργαστεί το αίτημά σας.
u2f_error_4=Το κλειδί ασφαλείας δεν επιτρέπεται για αυτό το αίτημα. Βεβαιωθείτε ότι το κλειδί δεν έχει ήδη καταχωρηθεί.
u2f_error_5=Λήξη χρόνου πριν το κλειδί να μπορεί να διαβαστεί. Παρακαλώ ξαναφορτώστε τη σελίδα και προσπαθήστε ξανά.
u2f_reload=Επαναφόρτωση

repository=Αποθετήριο
organization=Οργανισμός
Expand Down Expand Up @@ -522,7 +510,6 @@ twofa=Έλεγχος Ταυτότητας Δύο Παραγόντων
account_link=Συνδεδεμένοι Λογαριασμοί
organization=Οργανισμοί
uid=Uid
u2f=Κλειδιά Ασφαλείας

public_profile=Δημόσιο Προφίλ
biography_placeholder=Πείτε μας λίγο για τον εαυτό σας
Expand Down Expand Up @@ -743,12 +730,6 @@ passcode_invalid=Ο κωδικός είναι λάθος. Δοκιμάστε ξ
twofa_enrolled=Ο λογαριασμός σας έχει εγγραφεί σε ταυτοποίηση δύο παραγόντων. Αποθηκεύστε το διακριτικό μιας χρήσης (%s) σε ασφαλές μέρος καθώς εμφανίζεται μόνο μία φορά!
twofa_failed_get_secret=Αποτυχία λήψης μυστικού.
u2f_desc=Τα κλειδιά ασφαλείας είναι συσκευές που περιέχουν κρυπτογραφικά κλειδιά. Μπορούν να χρησιμοποιηθούν για ταυτοποίηση δύο παραγόντων. Τα κλειδιά ασφαλείας πρέπει να υποστηρίζουν το πρότυπο <a rel="noreferrer" href="https://fidoalliance.org/">FIDO U2F</a>.
u2f_register_key=Προσθήκη Κλειδιού Ασφαλείας
u2f_nickname=Ψευδώνυμο
u2f_press_button=Πίεσε το κουμπί στο κλειδί ασφαλείας για να το καταχωρήσεις.
u2f_delete_key=Αφαίρεση Κλειδιού Ασφαλείας
u2f_delete_key_desc=Αν αφαιρέσετε ένα κλειδί ασφαλείας δεν μπορείτε πλέον να συνδεθείτε με αυτό. Συνέχεια;
manage_account_links=Διαχείριση Συνδεδεμένων Λογαριασμών
manage_account_links_desc=Αυτοί οι εξωτερικοί λογαριασμοί είναι συνδεδεμένοι στον Gitea λογαριασμό σας.
Expand Down
3 changes: 1 addition & 2 deletions options/locale/locale_en-US.ini
Original file line number Diff line number Diff line change
Expand Up @@ -748,10 +748,9 @@ passcode_invalid = The passcode is incorrect. Try again.
twofa_enrolled = Your account has been enrolled into two-factor authentication. Store your scratch token (%s) in a safe place as it is only shown once!
twofa_failed_get_secret = Failed to get secret.

webauthn_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standard.
webauthn_desc = Security keys are hardware devices containing cryptographic keys. They can be used for two-factor authentication. Security keys must support the <a rel="noreferrer" target="_blank" href="https://w3c.github.io/webauthn/#webauthn-authenticator">WebAuthn Authenticator</a> standard.
webauthn_register_key = Add Security Key
webauthn_nickname = Nickname
webauthn_press_button = Press the button on your security key to register it.
webauthn_delete_key = Remove Security Key
webauthn_delete_key_desc = If you remove a security key you can no longer sign in with it. Continue?

Expand Down
Loading

0 comments on commit 0fae813

Please sign in to comment.