Merge branch 'master' into docs-format

go-gitea · Dec 9, 2020 · 6783dd8 · 6783dd8
2 parents 602e164 + 97ab820
commit 6783dd8
Show file tree

Hide file tree

Showing 21 changed files with 123 additions and 89 deletions.
diff --git a/docs/content/doc/usage/fail2ban-setup.en-us.md b/docs/content/doc/usage/fail2ban-setup.en-us.md
@@ -20,18 +20,24 @@ sure to test this before relying on it so you don't lock yourself out.**
 
 Gitea returns an HTTP 200 for bad logins in the web logs, but if you have logging options on in
 `app.ini`, then you should be able to go off of `log/gitea.log`, which gives you something like this
-on a bad authentication:
+on a bad authentication from the web or CLI using SSH or HTTP respectively:
 
 ```log
 2018/04/26 18:15:54 [I] Failed authentication attempt for user from xxx.xxx.xxx.xxx
 ```
+```log
+2020/10/15 16:05:09 modules/ssh/ssh.go:188:publicKeyHandler() [E] SearchPublicKeyByContent: public key does not exist [id: 0] Failed authentication attempt from xxx.xxx.xxx.xxx
+```
+```log
+2020/10/15 16:08:44 ...s/context/context.go:204:HandleText() [E] invalid credentials from xxx.xxx.xxx.xxx
+```
 
 Add our filter in `/etc/fail2ban/filter.d/gitea.conf`:
 
 ```ini
 # gitea.conf
 [Definition]
-failregex =  .*Failed authentication attempt for .* from <HOST>
+failregex =  .*(Failed authentication attempt|invalid credentials|Attempted access of unknown user).* from <HOST>
 ignoreregex =
 ```
 

diff --git a/models/action.go b/models/action.go
@@ -77,7 +77,8 @@ func (a *Action) GetOpType() ActionType {
 	return a.OpType
 }
 
-func (a *Action) loadActUser() {
+// LoadActUser loads a.ActUser
+func (a *Action) LoadActUser() {
 	if a.ActUser != nil {
 		return
 	}
@@ -105,13 +106,13 @@ func (a *Action) loadRepo() {
 
 // GetActFullName gets the action's user full name.
 func (a *Action) GetActFullName() string {
-	a.loadActUser()
+	a.LoadActUser()
 	return a.ActUser.FullName
 }
 
 // GetActUserName gets the action's user name.
 func (a *Action) GetActUserName() string {
-	a.loadActUser()
+	a.LoadActUser()
 	return a.ActUser.Name
 }
 

diff --git a/models/avatar.go b/models/avatar.go
@@ -40,6 +40,12 @@ func DefaultAvatarLink() string {
 // determined by the avatar-hosting service.
 const DefaultAvatarSize = -1
 
+// DefaultAvatarPixelSize is the default size in pixels of a rendered avatar
+const DefaultAvatarPixelSize = 28
+
+// AvatarRenderedSizeFactor is the factor by which the default size is increased for finer rendering
+const AvatarRenderedSizeFactor = 2
+
 // HashEmail hashes email address to MD5 string.
 // https://en.gravatar.com/site/implement/hash/
 func HashEmail(email string) string {

diff --git a/models/migrations/migrations.go b/models/migrations/migrations.go
@@ -134,10 +134,10 @@ var migrations = []Migration{
 	// v100 -> v101
 	NewMigration("update migration repositories' service type", updateMigrationServiceTypes),
 	// v101 -> v102
+	NewMigration("change length of some external login users columns", changeSomeColumnsLengthOfExternalLoginUser),
 
 	// Gitea 1.10.0 ends at v102
 
-	NewMigration("change length of some external login users columns", changeSomeColumnsLengthOfExternalLoginUser),
 	// v102 -> v103
 	NewMigration("update migration repositories' service type", dropColumnHeadUserNameOnPullRequest),
 	// v103 -> v104
@@ -167,10 +167,10 @@ var migrations = []Migration{
 	// v115 -> v116
 	NewMigration("add user_id prefix to existing user avatar name", renameExistingUserAvatarName),
 	// v116 -> v117
+	NewMigration("Extend TrackedTimes", extendTrackedTimes),
 
 	// Gitea 1.11.0 ends at v117
 
-	NewMigration("Extend TrackedTimes", extendTrackedTimes),
 	// v117 -> v118
 	NewMigration("Add block on rejected reviews branch protection", addBlockOnRejectedReviews),
 	// v118 -> v119
@@ -216,10 +216,10 @@ var migrations = []Migration{
 	// v138 -> v139
 	NewMigration("Add ResolveDoerID to Comment table", addResolveDoerIDCommentColumn),
 	// v139 -> v140
+	NewMigration("prepend refs/heads/ to issue refs", prependRefsHeadsToIssueRefs),
 
 	// Gitea 1.12.0 ends at v140
 
-	NewMigration("prepend refs/heads/ to issue refs", prependRefsHeadsToIssueRefs),
 	// v140 -> v141
 	NewMigration("Save detected language file size to database instead of percent", fixLanguageStatsToSaveSize),
 	// v141 -> v142
@@ -249,10 +249,10 @@ var migrations = []Migration{
 	// v153 > v154
 	NewMigration("add Team review request support", addTeamReviewRequestSupport),
 	// v154 > v155
+	NewMigration("add timestamps to Star, Label, Follow, Watch and Collaboration", addTimeStamps),
 
 	// Gitea 1.13.0 ends at v155
 
-	NewMigration("add timestamps to Star, Label, Follow, Watch and Collaboration", addTimeStamps),
 	// v155 -> v156
 	NewMigration("add changed_protected_files column for pull_request table", addChangedProtectedFilesPullRequestColumn),
 	// v156 -> v157

diff --git a/modules/repository/commits.go b/modules/repository/commits.go
@@ -118,12 +118,14 @@ func (pc *PushCommits) AvatarLink(email string) string {
 		return avatar
 	}
 
+	size := models.DefaultAvatarPixelSize * models.AvatarRenderedSizeFactor
+
 	u, ok := pc.emailUsers[email]
 	if !ok {
 		var err error
 		u, err = models.GetUserByEmail(email)
 		if err != nil {
-			pc.avatars[email] = models.HashedAvatarLink(email)
+			pc.avatars[email] = models.SizedAvatarLink(email, size)
 			if !models.IsErrUserNotExist(err) {
 				log.Error("GetUserByEmail: %v", err)
 				return ""
@@ -133,7 +135,7 @@ func (pc *PushCommits) AvatarLink(email string) string {
 		}
 	}
 	if u != nil {
-		pc.avatars[email] = u.RelAvatarLink()
+		pc.avatars[email] = u.RealSizedAvatarLink(size)
 	}
 
 	return pc.avatars[email]

diff --git a/modules/repository/commits_test.go b/modules/repository/commits_test.go
@@ -112,11 +112,13 @@ func TestPushCommits_AvatarLink(t *testing.T) {
 	pushCommits.Len = len(pushCommits.Commits)
 
 	assert.Equal(t,
-		"/user/avatar/user2/-1",
+		"https://secure.gravatar.com/avatar/ab53a2911ddf9b4817ac01ddcd3d975f?d=identicon&s=56",
 		pushCommits.AvatarLink("user2@example.com"))
 
 	assert.Equal(t,
-		"/avatar/"+fmt.Sprintf("%x", md5.Sum([]byte("nonexistent@example.com"))),
+		"https://secure.gravatar.com/avatar/"+
+			fmt.Sprintf("%x", md5.Sum([]byte("nonexistent@example.com")))+
+			"?d=identicon&s=56",
 		pushCommits.AvatarLink("nonexistent@example.com"))
 }
 

diff --git a/modules/ssh/ssh.go b/modules/ssh/ssh.go
@@ -186,7 +186,7 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
 
 	pkey, err := models.SearchPublicKeyByContent(strings.TrimSpace(string(gossh.MarshalAuthorizedKey(key))))
 	if err != nil {
-		log.Error("SearchPublicKeyByContent: %v", err)
+		log.Error("SearchPublicKeyByContent: %v Failed authentication attempt from %s", err, ctx.RemoteAddr())
 		return false
 	}
 

diff --git a/modules/templates/helper.go b/modules/templates/helper.go
@@ -338,10 +338,12 @@ func NewFuncMap() []template.FuncMap {
 			}
 			return false
 		},
-		"svg":           SVG,
-		"avatar":        Avatar,
-		"avatarByEmail": AvatarByEmail,
-		"repoAvatar":    RepoAvatar,
+		"svg":            SVG,
+		"avatar":         Avatar,
+		"avatarHTML":     AvatarHTML,
+		"avatarByAction": AvatarByAction,
+		"avatarByEmail":  AvatarByEmail,
+		"repoAvatar":     RepoAvatar,
 		"SortArrow": func(normSort, revSort, urlSort string, isDefault bool) template.HTML {
 			// if needed
 			if len(normSort) == 0 || len(urlSort) == 0 {
@@ -519,7 +521,8 @@ func parseOthers(defaultSize int, defaultClass string, others ...interface{}) (i
 	return size, class
 }
 
-func avatarHTML(src string, size int, class string, name string) template.HTML {
+// AvatarHTML creates the HTML for an avatar
+func AvatarHTML(src string, size int, class string, name string) template.HTML {
 	sizeStr := fmt.Sprintf(`%d`, size)
 
 	if name == "" {
@@ -548,33 +551,39 @@ func SVG(icon string, others ...interface{}) template.HTML {
 
 // Avatar renders user avatars. args: user, size (int), class (string)
 func Avatar(user *models.User, others ...interface{}) template.HTML {
-	size, class := parseOthers(28, "ui avatar image", others...)
+	size, class := parseOthers(models.DefaultAvatarPixelSize, "ui avatar image", others...)
 
-	src := user.RealSizedAvatarLink(size * 2) // request double size for finer rendering
+	src := user.RealSizedAvatarLink(size * models.AvatarRenderedSizeFactor)
 	if src != "" {
-		return avatarHTML(src, size, class, user.DisplayName())
+		return AvatarHTML(src, size, class, user.DisplayName())
 	}
 	return template.HTML("")
 }
 
+// AvatarByAction renders user avatars from action. args: action, size (int), class (string)
+func AvatarByAction(action *models.Action, others ...interface{}) template.HTML {
+	action.LoadActUser()
+	return Avatar(action.ActUser, others...)
+}
+
 // RepoAvatar renders repo avatars. args: repo, size(int), class (string)
 func RepoAvatar(repo *models.Repository, others ...interface{}) template.HTML {
-	size, class := parseOthers(28, "ui avatar image", others...)
+	size, class := parseOthers(models.DefaultAvatarPixelSize, "ui avatar image", others...)
 
 	src := repo.RelAvatarLink()
 	if src != "" {
-		return avatarHTML(src, size, class, repo.FullName())
+		return AvatarHTML(src, size, class, repo.FullName())
 	}
 	return template.HTML("")
 }
 
 // AvatarByEmail renders avatars by email address. args: email, name, size (int), class (string)
 func AvatarByEmail(email string, name string, others ...interface{}) template.HTML {
-	size, class := parseOthers(28, "ui avatar image", others...)
-	src := models.SizedAvatarLink(email, size*2) // request double size for finer rendering
+	size, class := parseOthers(models.DefaultAvatarPixelSize, "ui avatar image", others...)
+	src := models.SizedAvatarLink(email, size*models.AvatarRenderedSizeFactor)
 
 	if src != "" {
-		return avatarHTML(src, size, class, name)
+		return AvatarHTML(src, size, class, name)
 	}
 
 	return template.HTML("")

diff --git a/routers/private/serv.go b/routers/private/serv.go
@@ -132,6 +132,7 @@ func ServCommand(ctx *macaron.Context) {
 			for _, verb := range ctx.QueryStrings("verb") {
 				if "git-upload-pack" == verb {
 					// User is fetching/cloning a non-existent repository
+					log.Error("Failed authentication attempt (cannot find repository: %s/%s) from %s", results.OwnerName, results.RepoName, ctx.RemoteAddr())
 					ctx.JSON(http.StatusNotFound, map[string]interface{}{
 						"results": results,
 						"type":    "ErrRepoNotExist",
@@ -317,6 +318,7 @@ func ServCommand(ctx *macaron.Context) {
 			userMode := perm.UnitAccessMode(unitType)
 
 			if userMode < mode {
+				log.Error("Failed authentication attempt for %s with key %s (not authorized to %s %s/%s) from %s", user.Name, key.Name, modeString, ownerName, repoName, ctx.RemoteAddr())
 				ctx.JSON(http.StatusUnauthorized, map[string]interface{}{
 					"results": results,
 					"type":    "ErrUnauthorized",

diff --git a/routers/repo/http.go b/routers/repo/http.go
@@ -102,6 +102,7 @@ func HTTP(ctx *context.Context) {
 
 	owner, err := models.GetUserByName(username)
 	if err != nil {
+		log.Error("Attempted access of unknown user from %s", ctx.RemoteAddr())
 		ctx.NotFoundOrServerError("GetUserByName", models.IsErrUserNotExist, err)
 		return
 	}

diff --git a/routers/user/auth.go b/routers/user/auth.go
@@ -174,20 +174,20 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
 	if err != nil {
 		if models.IsErrUserNotExist(err) {
 			ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form)
-			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+			log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 		} else if models.IsErrEmailAlreadyUsed(err) {
 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSignIn, &form)
-			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+			log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 		} else if models.IsErrUserProhibitLogin(err) {
-			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+			log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 			ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
 			ctx.HTML(200, "user/auth/prohibit_login")
 		} else if models.IsErrUserInactive(err) {
 			if setting.Service.RegisterEmailConfirm {
 				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
 				ctx.HTML(200, TplActivate)
 			} else {
-				log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
+				log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
 				ctx.HTML(200, "user/auth/prohibit_login")
 			}

diff --git a/templates/admin/hook_new.tmpl b/templates/admin/hook_new.tmpl
@@ -11,23 +11,23 @@
 			{{end}}
 			<div class="ui right">
 				{{if eq .HookType "gitea"}}
-					<img class="img-13" src="{{StaticUrlPrefix}}/img/gitea-sm.png">
+					<img width="26" height="26" src="{{StaticUrlPrefix}}/img/gitea-sm.png">
 				{{else if eq .HookType "gogs"}}
-					<img class="img-13" src="{{StaticUrlPrefix}}/img/gogs.ico">
+					<img width="26" height="26" src="{{StaticUrlPrefix}}/img/gogs.ico">
 				{{else if eq .HookType "slack"}}
-					<img class="img-13" src="{{StaticUrlPrefix}}/img/slack.png">
+					<img width="26" height="26" src="{{StaticUrlPrefix}}/img/slack.png">
 				{{else if eq .HookType "discord"}}
-					<img class="img-13" src="{{StaticUrlPrefix}}/img/discord.png">
+					<img width="26" height="26" src="{{StaticUrlPrefix}}/img/discord.png">
 				{{else if eq .HookType "dingtalk"}}
-					<img class="img-13" src="{{StaticUrlPrefix}}/img/dingtalk.ico">
+					<img width="26" height="26" src="{{StaticUrlPrefix}}/img/dingtalk.ico">
 				{{else if eq .HookType "telegram"}}
-					<img class="img-13" src="{{StaticUrlPrefix}}/img/telegram.png">
+					<img width="26" height="26" src="{{StaticUrlPrefix}}/img/telegram.png">
 				{{else if eq .HookType "msteams"}}
-					<img class="img-13" src="{{StaticUrlPrefix}}/img/msteams.png">
+					<img width="26" height="26" src="{{StaticUrlPrefix}}/img/msteams.png">
 				{{else if eq .HookType "feishu"}}
-					<img class="img-13" src="{{StaticUrlPrefix}}/img/feishu.png">
+					<img width="26" height="26" src="{{StaticUrlPrefix}}/img/feishu.png">
 				{{else if eq .HookType "matrix"}}
-					<img class="img-13" src="{{StaticUrlPrefix}}/img/matrix.svg">
+					<img width="26" height="26" src="{{StaticUrlPrefix}}/img/matrix.svg">
 				{{end}}
 			</div>
 		</h4>

diff --git a/templates/org/settings/hook_new.tmpl b/templates/org/settings/hook_new.tmpl
@@ -10,23 +10,23 @@
 					{{if .PageIsSettingsHooksNew}}{{.i18n.Tr "repo.settings.add_webhook"}}{{else}}{{.i18n.Tr "repo.settings.update_webhook"}}{{end}}
 					<div class="ui right">
 						{{if eq .HookType "gitea"}}
-							<img class="img-13" src="{{StaticUrlPrefix}}/img/gitea-sm.png">
+							<img width="26" height="26" src="{{StaticUrlPrefix}}/img/gitea-sm.png">
 						{{else if eq .HookType "gogs"}}
-							<img class="img-13" src="{{StaticUrlPrefix}}/img/gogs.ico">
+							<img width="26" height="26" src="{{StaticUrlPrefix}}/img/gogs.ico">
 						{{else if eq .HookType "slack"}}
-							<img class="img-13" src="{{StaticUrlPrefix}}/img/slack.png">
+							<img width="26" height="26" src="{{StaticUrlPrefix}}/img/slack.png">
 						{{else if eq .HookType "discord"}}
-							<img class="img-13" src="{{StaticUrlPrefix}}/img/discord.png">
+							<img width="26" height="26" src="{{StaticUrlPrefix}}/img/discord.png">
 						{{else if eq .HookType "dingtalk"}}
-							<img class="img-13" src="{{StaticUrlPrefix}}/img/dingtalk.png">
+							<img width="26" height="26" src="{{StaticUrlPrefix}}/img/dingtalk.png">
 						{{else if eq .HookType "telegram"}}
-							<img class="img-13" src="{{StaticUrlPrefix}}/img/telegram.png">
+							<img width="26" height="26" src="{{StaticUrlPrefix}}/img/telegram.png">
 						{{else if eq .HookType "msteams"}}
-							<img class="img-13" src="{{StaticUrlPrefix}}/img/msteams.png">
+							<img width="26" height="26" src="{{StaticUrlPrefix}}/img/msteams.png">
 						{{else if eq .HookType "feishu"}}
-							<img class="img-13" src="{{StaticUrlPrefix}}/img/feishu.png">
+							<img width="26" height="26" src="{{StaticUrlPrefix}}/img/feishu.png">
 						{{else if eq .HookType "matrix"}}
-							<img class="img-13" src="{{StaticUrlPrefix}}/img/matrix.svg">
+							<img width="26" height="26" src="{{StaticUrlPrefix}}/img/matrix.svg">
 						{{end}}
 					</div>
 				</h4>

diff --git a/templates/repo/release/list.tmpl b/templates/repo/release/list.tmpl
@@ -90,7 +90,7 @@
 							<p class="text grey">
 								{{ if gt .Publisher.ID 0 }}
 								<span class="author">
-									{{avatar .Publisher 28 "img-10"}}
+									{{avatar .Publisher 20}}
 									<a href="{{AppSubUrl}}/{{.Publisher.Name}}">{{.Publisher.Name}}</a>
 								</span>
 								{{ end }}
@@ -117,7 +117,7 @@
 								{{if .OriginalAuthor}}
 									{{svg "octicon-mark-github" 16 "mr-2"}}{{.OriginalAuthor}}
 								{{else if .Publisher}}
-									{{avatar .Publisher 28 "img-10"}}
+									{{avatar .Publisher 20}}
 									<a href="{{AppSubUrl}}/{{.Publisher.Name}}">{{.Publisher.GetDisplayName}}</a>
 								{{else}}
 									Ghost