From b73e4216463632ead1b5bcf8b12ae50e0bcfe6c5 Mon Sep 17 00:00:00 2001 From: GiteaBot Date: Sun, 1 Aug 2021 00:07:51 +0000 Subject: [PATCH 01/11] [skip ci] Updated translations via Crowdin --- options/locale/locale_pt-PT.ini | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/options/locale/locale_pt-PT.ini b/options/locale/locale_pt-PT.ini index 5039f004f81ee..393072566f110 100644 --- a/options/locale/locale_pt-PT.ini +++ b/options/locale/locale_pt-PT.ini @@ -1040,6 +1040,7 @@ editor.require_signed_commit=O ramo requer um cometimento assinado commits.desc=Navegar pelo histórico de modificações no código fonte. commits.commits=Cometimentos commits.no_commits=Não há cometimentos em comum. '%s' e '%s' têm históricos completamente diferentes. +commits.nothing_to_compare=Estes ramos são iguais. commits.search=Procurar cometimentos… commits.search.tooltip=Pode prefixar palavras-chave com "author:", "committer:", "after:", ou "before:". Por exemplo: "revert author:Alice before:2019-04-01". commits.find=Procurar @@ -1828,8 +1829,8 @@ settings.event_pull_request_review=Pedido de integração revisto settings.event_pull_request_review_desc=Pedido de integração aprovado, rejeitado ou comentado na revisão. settings.event_pull_request_sync=Pedido de integração sincronizado settings.event_pull_request_sync_desc=Pedido de integração sincronizado. -settings.branch_filter=Filtro por ramo -settings.branch_filter_desc=Lista de permissões do ramo para eventos de envio e de criação e eliminação de ramos, especificada como um padrão glob. Se estiver em branco ou for *, serão reportados eventos para todos os ramos. Veja a documentação github.com/gobwas/glob para ver os detalhes da sintaxe. Exemplos: trunk, {trunk,release*}. +settings.branch_filter=Filtro de ramos +settings.branch_filter_desc=Lista dos ramos a serem considerados nos eventos de envio e de criação e eliminação de ramos, especificada como um padrão glob. Se estiver em branco ou for *, serão reportados eventos para todos os ramos. Veja a documentação github.com/gobwas/glob para ver os detalhes da sintaxe. Exemplos: trunk, {trunk,release*}. settings.active=Em funcionamento settings.active_helper=Informação sobre eventos despoletados será enviada para o URL deste automatismo web. settings.add_hook_success=O automatismo web foi adicionado. From e3b6526922367db57698025f4e11066f3ecff32c Mon Sep 17 00:00:00 2001 From: zeripath Date: Sun, 1 Aug 2021 15:33:02 +0100 Subject: [PATCH 02/11] Use node:16.5 for frontend instead of node:16 (#16591) * Disable frontend testing Jest does not appear to work on the latest node 16.6.0 and fails with an inscrutable message. I have been unable to work out what the problem is. This PR simply disables the test-frontend part in the makefile. Another alternative would be to drop node to node 14 - which is the LTS for node. Signed-off-by: Andrew Thornton * actually just tell on 16.5 instead Signed-off-by: Andrew Thornton * Use node 16.5 instead of 16 Signed-off-by: Andrew Thornton --- .drone.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.drone.yml b/.drone.yml index c12138989bd9a..65b239fb6f720 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,12 +15,12 @@ trigger: steps: - name: deps-frontend pull: always - image: node:16 + image: node:16.5 commands: - make node_modules - name: lint-frontend - image: node:16 + image: node:16.5 commands: - make lint-frontend depends_on: [deps-frontend] @@ -58,7 +58,7 @@ steps: TAGS: bindata gogit sqlite sqlite_unlock_notify - name: checks-frontend - image: node:16 + image: node:16.5 commands: - make checks-frontend depends_on: [deps-frontend] @@ -71,13 +71,13 @@ steps: depends_on: [lint-backend] - name: test-frontend - image: node:16 + image: node:16.5 commands: - make test-frontend depends_on: [lint-frontend] - name: build-frontend - image: node:16 + image: node:16.5 commands: - make frontend depends_on: [test-frontend] From d686d7b05231ee43d6901317208c1dd851dacfa9 Mon Sep 17 00:00:00 2001 From: Lars Hvam Date: Sun, 1 Aug 2021 18:28:05 +0200 Subject: [PATCH 03/11] =?UTF-8?q?Fix=20swagger=20doc=20by=20rename=20repoA?= =?UTF-8?q?ddTop=C3=ADc=20to=20repoAddTopic=20(#16580)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Swagger API: rename repoAddTopíc to repoAddTopic This changes the operationId to only contain 7 bit ascii, note "í" instead of "i" --- routers/api/v1/repo/topic.go | 2 +- templates/swagger/v1_json.tmpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/routers/api/v1/repo/topic.go b/routers/api/v1/repo/topic.go index 14712f536f8f7..7646eaf82e33a 100644 --- a/routers/api/v1/repo/topic.go +++ b/routers/api/v1/repo/topic.go @@ -126,7 +126,7 @@ func UpdateTopics(ctx *context.APIContext) { // AddTopic adds a topic name to a repo func AddTopic(ctx *context.APIContext) { - // swagger:operation PUT /repos/{owner}/{repo}/topics/{topic} repository repoAddTopíc + // swagger:operation PUT /repos/{owner}/{repo}/topics/{topic} repository repoAddTopic // --- // summary: Add a topic to a repository // produces: diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 238265fd7e0d6..d97ec5ff2d7be 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -9651,7 +9651,7 @@ "repository" ], "summary": "Add a topic to a repository", - "operationId": "repoAddTopíc", + "operationId": "repoAddTopic", "parameters": [ { "type": "string", From e51c73ae5c03c83256d48cdcd0ca9cbdbf7a5222 Mon Sep 17 00:00:00 2001 From: zeripath Date: Sun, 1 Aug 2021 18:04:32 +0100 Subject: [PATCH 04/11] Fix 500 on first wiki page (#16586) * Fix 500 on first wiki page There is a mistake in #16319 and #16487 which means that the first time a wiki page is created a 500 is reported because the `master` branch is not in existence in that wiki yet. This PR simply checks for this error and returns not found. Fix #16584 Signed-off-by: Andrew Thornton --- services/wiki/wiki.go | 3 +++ services/wiki/wiki_test.go | 29 +++++++++++++++++++++++++++++ 2 files changed, 32 insertions(+) diff --git a/services/wiki/wiki.go b/services/wiki/wiki.go index f1632c6bf7aac..e1590f461ef23 100644 --- a/services/wiki/wiki.go +++ b/services/wiki/wiki.go @@ -90,6 +90,9 @@ func prepareWikiFileName(gitRepo *git.Repository, wikiName string) (bool, string // Look for both files filesInIndex, err := gitRepo.LsTree("master", unescaped, escaped) if err != nil { + if strings.Contains(err.Error(), "Not a valid object name master") { + return false, escaped, nil + } log.Error("%v", err) return false, escaped, err } diff --git a/services/wiki/wiki_test.go b/services/wiki/wiki_test.go index a1614b509c2bc..6c861d556a7f5 100644 --- a/services/wiki/wiki_test.go +++ b/services/wiki/wiki_test.go @@ -5,11 +5,15 @@ package wiki import ( + "io/ioutil" + "os" "path/filepath" "testing" "code.gitea.io/gitea/models" "code.gitea.io/gitea/modules/git" + "code.gitea.io/gitea/modules/util" + "github.com/stretchr/testify/assert" ) @@ -261,3 +265,28 @@ func TestPrepareWikiFileName(t *testing.T) { }) } } + +func TestPrepareWikiFileName_FirstPage(t *testing.T) { + models.PrepareTestEnv(t) + + // Now create a temporaryDirectory + tmpDir, err := ioutil.TempDir("", "empty-wiki") + assert.NoError(t, err) + defer func() { + if _, err := os.Stat(tmpDir); !os.IsNotExist(err) { + _ = util.RemoveAll(tmpDir) + } + }() + + err = git.InitRepository(tmpDir, true) + assert.NoError(t, err) + + gitRepo, err := git.OpenRepository(tmpDir) + defer gitRepo.Close() + assert.NoError(t, err) + + existence, newWikiPath, err := prepareWikiFileName(gitRepo, "Home") + assert.False(t, existence) + assert.NoError(t, err) + assert.Equal(t, "Home.md", newWikiPath) +} From 48c7c880b8fcf8e5d8495e66392e787bd7209b8c Mon Sep 17 00:00:00 2001 From: zeripath Date: Sun, 1 Aug 2021 21:44:15 +0100 Subject: [PATCH 05/11] Swagger AccessToken fixes (#16574) There is a subtle problem with the Swagger definition for AccessTokens which causes autogeneration of APIs for these endpoints to fail. This PR corrects these errors. Ref: https://github.com/zeripath/java-gitea-api/issues/4 Signed-off-by: Andrew Thornton Co-authored-by: techknowlogick --- routers/api/v1/swagger/app.go | 7 ++++++ routers/api/v1/swagger/options.go | 3 +++ routers/api/v1/user/app.go | 9 ++----- templates/swagger/v1_json.tmpl | 39 ++++++++++++------------------- 4 files changed, 27 insertions(+), 31 deletions(-) diff --git a/routers/api/v1/swagger/app.go b/routers/api/v1/swagger/app.go index 8be2c855749a3..9783abe1a082f 100644 --- a/routers/api/v1/swagger/app.go +++ b/routers/api/v1/swagger/app.go @@ -14,3 +14,10 @@ type swaggerResponseOAuth2Application struct { // in:body Body api.OAuth2Application `json:"body"` } + +// AccessToken represents an API access token. +// swagger:response AccessToken +type swaggerResponseAccessToken struct { + // in:body + Body api.AccessToken `json:"body"` +} diff --git a/routers/api/v1/swagger/options.go b/routers/api/v1/swagger/options.go index 0ae96a9203543..3f0c6e2d524c4 100644 --- a/routers/api/v1/swagger/options.go +++ b/routers/api/v1/swagger/options.go @@ -164,6 +164,9 @@ type swaggerParameterBodies struct { // in:body CreateTagOption api.CreateTagOption + // in:body + CreateAccessTokenOption api.CreateAccessTokenOption + // in:body UserSettingsOptions api.UserSettingsOptions } diff --git a/routers/api/v1/user/app.go b/routers/api/v1/user/app.go index 9f355a8289506..afd209f2f0791 100644 --- a/routers/api/v1/user/app.go +++ b/routers/api/v1/user/app.go @@ -76,15 +76,10 @@ func CreateAccessToken(ctx *context.APIContext) { // description: username of user // type: string // required: true - // - name: accessToken + // - name: userCreateToken // in: body // schema: - // type: object - // required: - // - name - // properties: - // name: - // type: string + // "$ref": "#/definitions/CreateAccessTokenOption" // responses: // "201": // "$ref": "#/responses/AccessToken" diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index d97ec5ff2d7be..a1d92abec7a86 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -11917,18 +11917,10 @@ "required": true }, { - "name": "accessToken", + "name": "userCreateToken", "in": "body", "schema": { - "type": "object", - "required": [ - "name" - ], - "properties": { - "name": { - "type": "string" - } - } + "$ref": "#/definitions/CreateAccessTokenOption" } } ], @@ -12654,6 +12646,17 @@ }, "x-go-package": "code.gitea.io/gitea/modules/structs" }, + "CreateAccessTokenOption": { + "description": "CreateAccessTokenOption options when create access token", + "type": "object", + "properties": { + "name": { + "type": "string", + "x-go-name": "Name" + } + }, + "x-go-package": "code.gitea.io/gitea/modules/structs" + }, "CreateBranchProtectionOption": { "description": "CreateBranchProtectionOption options for creating a branch protection", "type": "object", @@ -17045,20 +17048,8 @@ "responses": { "AccessToken": { "description": "AccessToken represents an API access token.", - "headers": { - "id": { - "type": "integer", - "format": "int64" - }, - "name": { - "type": "string" - }, - "sha1": { - "type": "string" - }, - "token_last_eight": { - "type": "string" - } + "schema": { + "$ref": "#/definitions/AccessToken" } }, "AccessTokenList": { From 3375e7658e00fe8764a8b7fa7016d85753686739 Mon Sep 17 00:00:00 2001 From: GiteaBot Date: Mon, 2 Aug 2021 00:07:40 +0000 Subject: [PATCH 06/11] [skip ci] Updated translations via Crowdin --- options/locale/locale_ja-JP.ini | 1 + 1 file changed, 1 insertion(+) diff --git a/options/locale/locale_ja-JP.ini b/options/locale/locale_ja-JP.ini index 8f4bab2e677ad..651093ed23bab 100644 --- a/options/locale/locale_ja-JP.ini +++ b/options/locale/locale_ja-JP.ini @@ -1040,6 +1040,7 @@ editor.require_signed_commit=ブランチでは署名されたコミットが必 commits.desc=ソースコードの変更履歴を参照します。 commits.commits=コミット commits.no_commits=共通のコミットはありません。 '%s' と '%s' の履歴はすべて異なっています。 +commits.nothing_to_compare=二つのブランチは同じ内容です。 commits.search=コミットの検索… commits.search.tooltip=キーワード "author:"、"committer:"、"after:"、"before:" を付けて指定できます。 例 "revert author:Alice before:2019-04-01" commits.find=検索 From 24366eddec0915d92165f1a45c01ed2a5bdeac8e Mon Sep 17 00:00:00 2001 From: 6543 <6543@obermui.de> Date: Mon, 2 Aug 2021 03:47:29 +0200 Subject: [PATCH 07/11] [CI] Use node v14 instead of node v16 untill it will pass again (#16595) * for CI release: use node 14 (lts) to build until 16 do fail * all in for node v14.x --- .drone.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.drone.yml b/.drone.yml index 65b239fb6f720..f4a6d31625faa 100644 --- a/.drone.yml +++ b/.drone.yml @@ -15,12 +15,12 @@ trigger: steps: - name: deps-frontend pull: always - image: node:16.5 + image: node:14 commands: - make node_modules - name: lint-frontend - image: node:16.5 + image: node:14 commands: - make lint-frontend depends_on: [deps-frontend] @@ -58,7 +58,7 @@ steps: TAGS: bindata gogit sqlite sqlite_unlock_notify - name: checks-frontend - image: node:16.5 + image: node:14 commands: - make checks-frontend depends_on: [deps-frontend] @@ -71,13 +71,13 @@ steps: depends_on: [lint-backend] - name: test-frontend - image: node:16.5 + image: node:14 commands: - make test-frontend depends_on: [lint-frontend] - name: build-frontend - image: node:16.5 + image: node:14 commands: - make frontend depends_on: [test-frontend] @@ -514,7 +514,7 @@ steps: pull: always image: techknowlogick/xgo:go-1.16.x commands: - - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs + - curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs - export PATH=$PATH:$GOPATH/bin - make release environment: @@ -610,7 +610,7 @@ steps: pull: always image: techknowlogick/xgo:go-1.16.x commands: - - curl -sL https://deb.nodesource.com/setup_16.x | bash - && apt-get install -y nodejs + - curl -sL https://deb.nodesource.com/setup_14.x | bash - && apt-get install -y nodejs - export PATH=$PATH:$GOPATH/bin - make release environment: From 1fc7d6d6ad2fe85a28aff6dd14e41da8ee769f31 Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 2 Aug 2021 17:11:18 +0100 Subject: [PATCH 08/11] Fix table alignment in markdown (#16596) Set the TableOptions in markdown to allow alignment of the tables to work correctly Fix #15959 Signed-off-by: Andrew Thornton --- modules/markup/markdown/markdown.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/markup/markdown/markdown.go b/modules/markup/markdown/markdown.go index cac2a180faeef..ab026dd1b8503 100644 --- a/modules/markup/markdown/markdown.go +++ b/modules/markup/markdown/markdown.go @@ -87,7 +87,9 @@ func newParserContext(ctx *markup.RenderContext) parser.Context { func actualRender(ctx *markup.RenderContext, input io.Reader, output io.Writer) error { once.Do(func() { converter = goldmark.New( - goldmark.WithExtensions(extension.Table, + goldmark.WithExtensions( + extension.NewTable( + extension.WithTableCellAlignMethod(extension.TableCellAlignAttribute)), extension.Strikethrough, extension.TaskList, extension.DefinitionList, From a51cb3d4cbb1ff5072979cf84edd9b6d361adefd Mon Sep 17 00:00:00 2001 From: Albert ARIBAUD Date: Mon, 2 Aug 2021 21:23:57 +0200 Subject: [PATCH 09/11] Make PR merge options more intuitive (#5863) (#16582) Reword options making clear whether the PRed branch is rebased or not, and which type of commit will be created if any. --- options/locale/locale_en-US.ini | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini index 96fda97dda98b..23d7b2387871a 100644 --- a/options/locale/locale_en-US.ini +++ b/options/locale/locale_en-US.ini @@ -1437,10 +1437,10 @@ pulls.no_merge_helper = Enable merge options in the repository settings or merge pulls.no_merge_wip = This pull request can not be merged because it is marked as being a work in progress. pulls.no_merge_not_ready = This pull request is not ready to be merged, check review status and status checks. pulls.no_merge_access = You are not authorized to merge this pull request. -pulls.merge_pull_request = Merge Pull Request -pulls.rebase_merge_pull_request = Rebase and Merge -pulls.rebase_merge_commit_pull_request = Rebase and Merge (--no-ff) -pulls.squash_merge_pull_request = Squash and Merge +pulls.merge_pull_request = Create merge commit +pulls.rebase_merge_pull_request = Rebase then fast-forward +pulls.rebase_merge_commit_pull_request = Rebase then create merge commit +pulls.squash_merge_pull_request = Create squash commit pulls.merge_manually = Manually merged pulls.merge_commit_id = The merge commit ID pulls.require_signed_wont_sign = The branch requires signed commits but this merge will not be signed From 80b7889fee833d4d80c5581dc182b4a499b4bad4 Mon Sep 17 00:00:00 2001 From: Clar Fon Date: Tue, 3 Aug 2021 04:03:04 -0400 Subject: [PATCH 10/11] Clarify where server.LFS_CONTENT_PATH was moved to (#16601) Signed-off-by: ltdk --- docs/content/doc/advanced/config-cheat-sheet.en-us.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/content/doc/advanced/config-cheat-sheet.en-us.md b/docs/content/doc/advanced/config-cheat-sheet.en-us.md index 41dd0b702eb0b..9c7bddc8eb7eb 100644 --- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md +++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md @@ -300,7 +300,7 @@ The following configuration set `Content-Type: application/vnd.android.package-a - `LANDING_PAGE`: **home**: Landing page for unauthenticated users \[home, explore, organizations, login\]. - `LFS_START_SERVER`: **false**: Enables git-lfs support. -- `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)/lfs**: DEPRECATED: Default LFS content path. (if it is on local storage.) +- `LFS_CONTENT_PATH`: **%(APP_DATA_PATH)/lfs**: Default LFS content path. (if it is on local storage.) **DEPRECATED** use settings in `[lfs]`. - `LFS_JWT_SECRET`: **\**: LFS authentication secret, change this a unique string. - `LFS_HTTP_AUTH_EXPIRY`: **20m**: LFS authentication validity period in time.Duration, pushes taking longer than this may fail. - `LFS_MAX_FILE_SIZE`: **0**: Maximum allowed LFS file size in bytes (Set to 0 for no limit). From 35735bbef982fa2268dd90c7ca709f9e9ff00efc Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 3 Aug 2021 19:32:01 +0100 Subject: [PATCH 11/11] Upgrade to golang-jwt 3.2.2 (#16590) * Upgrade to golang-jwt 3.2.2 Upgrade to the latest version of golang-jwt Signed-off-by: Andrew Thornton * Forcibly replace the 3.2.1 version of golang-jwt/jwt and increase minimum Go version Using go.mod we can forcibly replace the 3.2.1 version used by goth to 3.2.2. Further given golang-jwt/jwts stated policy of only supporting supported go versions we should just raise our minimal version of go to 1.16 for 1.16 as by time of release 1.15 will be out of support. Signed-off-by: Andrew Thornton * update minimal go required Signed-off-by: Andrew Thornton * update config.yaml Signed-off-by: Andrew Thornton Co-authored-by: 6543 <6543@obermui.de> --- .drone.yml | 2 +- Makefile | 4 +- docs/config.yaml | 2 +- go.mod | 4 +- go.sum | 6 +- vendor/github.com/golang-jwt/jwt/.travis.yml | 11 --- vendor/github.com/golang-jwt/jwt/README.md | 9 ++- .../golang-jwt/jwt/VERSION_HISTORY.md | 7 ++ vendor/github.com/golang-jwt/jwt/ecdsa.go | 18 ++--- vendor/github.com/golang-jwt/jwt/ed25519.go | 81 +++++++++++++++++++ .../golang-jwt/jwt/ed25519_utils.go | 64 +++++++++++++++ .../github.com/golang-jwt/jwt/map_claims.go | 36 ++++++--- vendor/github.com/golang-jwt/jwt/token.go | 8 +- vendor/modules.txt | 3 +- 14 files changed, 203 insertions(+), 52 deletions(-) delete mode 100644 vendor/github.com/golang-jwt/jwt/.travis.yml create mode 100644 vendor/github.com/golang-jwt/jwt/ed25519.go create mode 100644 vendor/github.com/golang-jwt/jwt/ed25519_utils.go diff --git a/.drone.yml b/.drone.yml index f4a6d31625faa..faef676083c32 100644 --- a/.drone.yml +++ b/.drone.yml @@ -84,7 +84,7 @@ steps: - name: build-backend-no-gcc pull: always - image: golang:1.14 # this step is kept as the lowest version of golang that we support + image: golang:1.16 # this step is kept as the lowest version of golang that we support environment: GO111MODULE: on GOPROXY: off diff --git a/Makefile b/Makefile index a0f5fdab308d3..2fbd840c8701f 100644 --- a/Makefile +++ b/Makefile @@ -25,7 +25,7 @@ HAS_GO = $(shell hash $(GO) > /dev/null 2>&1 && echo "GO" || echo "NOGO" ) COMMA := , XGO_VERSION := go-1.16.x -MIN_GO_VERSION := 001014000 +MIN_GO_VERSION := 001016000 MIN_NODE_VERSION := 012017000 DOCKER_IMAGE ?= gitea/gitea @@ -200,7 +200,7 @@ help: go-check: $(eval GO_VERSION := $(shell printf "%03d%03d%03d" $(shell $(GO) version | grep -Eo '[0-9]+\.[0-9.]+' | tr '.' ' ');)) @if [ "$(GO_VERSION)" -lt "$(MIN_GO_VERSION)" ]; then \ - echo "Gitea requires Go 1.14 or greater to build. You can get it at https://golang.org/dl/"; \ + echo "Gitea requires Go 1.16 or greater to build. You can get it at https://golang.org/dl/"; \ exit 1; \ fi diff --git a/docs/config.yaml b/docs/config.yaml index e6657e3c3f626..4534089f4fba9 100644 --- a/docs/config.yaml +++ b/docs/config.yaml @@ -19,7 +19,7 @@ params: author: The Gitea Authors website: https://docs.gitea.io version: 1.14.5 - minGoVersion: 1.14 + minGoVersion: 1.16 goVersion: 1.16 minNodeVersion: 12.17 diff --git a/go.mod b/go.mod index 8bb369f3b776a..ea97bc548e9e9 100644 --- a/go.mod +++ b/go.mod @@ -50,7 +50,7 @@ require ( github.com/gogs/chardet v0.0.0-20191104214054-4b6791f73a28 github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14 github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85 - github.com/golang-jwt/jwt v3.2.1+incompatible + github.com/golang-jwt/jwt v3.2.2+incompatible github.com/golang/snappy v0.0.4 // indirect github.com/google/go-github/v32 v32.1.0 github.com/google/go-querystring v1.1.0 // indirect @@ -143,3 +143,5 @@ require ( ) replace github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1 + +replace github.com/golang-jwt/jwt v3.2.1+incompatible => github.com/golang-jwt/jwt v3.2.2+incompatible diff --git a/go.sum b/go.sum index b8815e4136199..b1e5a1f96bc2a 100644 --- a/go.sum +++ b/go.sum @@ -49,8 +49,6 @@ gitea.com/go-chi/captcha v0.0.0-20210110083842-e7696c336a1e h1:YjaQU6XFicdhPN+Ml gitea.com/go-chi/captcha v0.0.0-20210110083842-e7696c336a1e/go.mod h1:nfA7JaGv3hbGQ1ktdhAsZhdS84qKffI8NMlHr+Opsog= gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee h1:9U6HuKUBt/cGK6T/64dEuz0r7Yp97WAAEJvXHDlY3ws= gitea.com/go-chi/session v0.0.0-20210108030337-0cb48c5ba8ee/go.mod h1:Ozg8IchVNb/Udg+ui39iHRYqVHSvf3C99ixdpLR8Vu0= -gitea.com/lunny/levelqueue v0.3.0 h1:MHn1GuSZkxvVEDMyAPqlc7A3cOW+q8RcGhRgH/xtm6I= -gitea.com/lunny/levelqueue v0.3.0/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU= gitea.com/lunny/levelqueue v0.4.0 h1:v+bCR1lwLTBpZMshguWNhGIFLkUj+R04pgaU3TcJFS8= gitea.com/lunny/levelqueue v0.4.0/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU= gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s= @@ -477,8 +475,8 @@ github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14 h1:yXtpJr/LV6PFu4nTLgfjQ github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14/go.mod h1:jPoNZLWDAqA5N3G5amEoiNbhVrmM+ZQEcnQvNQ2KaZk= github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85 h1:UjoPNDAQ5JPCjlxoJd6K8ALZqSDDhk2ymieAZOVaDg0= github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85/go.mod h1:fR6z1Ie6rtF7kl/vBYMfgD5/G5B1blui7z426/sj2DU= -github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c= -github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= +github.com/golang-jwt/jwt v3.2.2+incompatible h1:IfV12K8xAKAnZqdXVzCZ+TOjboZ2keLg81eXfW3O+oY= +github.com/golang-jwt/jwt v3.2.2+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY= github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= diff --git a/vendor/github.com/golang-jwt/jwt/.travis.yml b/vendor/github.com/golang-jwt/jwt/.travis.yml deleted file mode 100644 index 036a862f87f98..0000000000000 --- a/vendor/github.com/golang-jwt/jwt/.travis.yml +++ /dev/null @@ -1,11 +0,0 @@ -language: go - -script: - - go vet ./... - - go test -v ./... - -go: - - 1.7 - - 1.8 - - 1.9 - - 1.10 diff --git a/vendor/github.com/golang-jwt/jwt/README.md b/vendor/github.com/golang-jwt/jwt/README.md index 13c31c09b6fb5..9b653e46b0136 100644 --- a/vendor/github.com/golang-jwt/jwt/README.md +++ b/vendor/github.com/golang-jwt/jwt/README.md @@ -9,10 +9,17 @@ A [go](http://www.golang.org) (or 'golang' for search engine friendliness) imple Future releases will be using the `github.com/golang-jwt/jwt` import path and continue the existing versioning scheme of `v3.x.x+incompatible`. Backwards-compatible patches and fixes will be done on the `v3` release branch, where as new build-breaking features will be developed in a `v4` release, possibly including a SIV-style import path. -**SECURITY NOTICE:** Some older versions of Go have a security issue in the crypto/elliptic. Recommendation is to upgrade to at least 1.8.3. See issue [dgrijalva/jwt-go#216](https://github.com/dgrijalva/jwt-go/issues/216) for more detail. +**SECURITY NOTICE:** Some older versions of Go have a security issue in the crypto/elliptic. Recommendation is to upgrade to at least 1.15 See issue [dgrijalva/jwt-go#216](https://github.com/dgrijalva/jwt-go/issues/216) for more detail. **SECURITY NOTICE:** It's important that you [validate the `alg` presented is what you expect](https://auth0.com/blog/critical-vulnerabilities-in-json-web-token-libraries/). This library attempts to make it easy to do the right thing by requiring key types match the expected alg, but you should take the extra step to verify it in your usage. See the examples provided. +### Supported Go versions + +Our support of Go versions is aligned with Go's [version release policy](https://golang.org/doc/devel/release#policy). +So we will support a major version of Go until there are two newer major releases. +We no longer support building jwt-go with unsupported Go versions, as these contain security vulnerabilities +which will not be fixed. + ## What the heck is a JWT? JWT.io has [a great introduction](https://jwt.io/introduction) to JSON Web Tokens. diff --git a/vendor/github.com/golang-jwt/jwt/VERSION_HISTORY.md b/vendor/github.com/golang-jwt/jwt/VERSION_HISTORY.md index dac737bcaa48f..637f2ba616a8e 100644 --- a/vendor/github.com/golang-jwt/jwt/VERSION_HISTORY.md +++ b/vendor/github.com/golang-jwt/jwt/VERSION_HISTORY.md @@ -1,5 +1,12 @@ ## `jwt-go` Version History +#### 3.2.2 + +* Starting from this release, we are adopting the policy to support the most 2 recent versions of Go currently available. By the time of this release, this is Go 1.15 and 1.16 ([#28](https://github.com/golang-jwt/jwt/pull/28)). +* Fixed a potential issue that could occur when the verification of `exp`, `iat` or `nbf` was not required and contained invalid contents, i.e. non-numeric/date. Thanks for @thaJeztah for making us aware of that and @giorgos-f3 for originally reporting it to the formtech fork ([#40](https://github.com/golang-jwt/jwt/pull/40)). +* Added support for EdDSA / ED25519 ([#36](https://github.com/golang-jwt/jwt/pull/36)). +* Optimized allocations ([#33](https://github.com/golang-jwt/jwt/pull/33)). + #### 3.2.1 * **Import Path Change**: See MIGRATION_GUIDE.md for tips on updating your code diff --git a/vendor/github.com/golang-jwt/jwt/ecdsa.go b/vendor/github.com/golang-jwt/jwt/ecdsa.go index d310af1c7c063..15e23435df6bb 100644 --- a/vendor/github.com/golang-jwt/jwt/ecdsa.go +++ b/vendor/github.com/golang-jwt/jwt/ecdsa.go @@ -128,18 +128,12 @@ func (m *SigningMethodECDSA) Sign(signingString string, key interface{}) (string keyBytes += 1 } - // We serialize the outpus (r and s) into big-endian byte arrays and pad - // them with zeros on the left to make sure the sizes work out. Both arrays - // must be keyBytes long, and the output must be 2*keyBytes long. - rBytes := r.Bytes() - rBytesPadded := make([]byte, keyBytes) - copy(rBytesPadded[keyBytes-len(rBytes):], rBytes) - - sBytes := s.Bytes() - sBytesPadded := make([]byte, keyBytes) - copy(sBytesPadded[keyBytes-len(sBytes):], sBytes) - - out := append(rBytesPadded, sBytesPadded...) + // We serialize the outputs (r and s) into big-endian byte arrays + // padded with zeros on the left to make sure the sizes work out. + // Output must be 2*keyBytes long. + out := make([]byte, 2*keyBytes) + r.FillBytes(out[0:keyBytes]) // r is assigned to the first half of output. + s.FillBytes(out[keyBytes:]) // s is assigned to the second half of output. return EncodeSegment(out), nil } else { diff --git a/vendor/github.com/golang-jwt/jwt/ed25519.go b/vendor/github.com/golang-jwt/jwt/ed25519.go new file mode 100644 index 0000000000000..a2f8ddbe9bb3a --- /dev/null +++ b/vendor/github.com/golang-jwt/jwt/ed25519.go @@ -0,0 +1,81 @@ +package jwt + +import ( + "errors" + + "crypto/ed25519" +) + +var ( + ErrEd25519Verification = errors.New("ed25519: verification error") +) + +// Implements the EdDSA family +// Expects ed25519.PrivateKey for signing and ed25519.PublicKey for verification +type SigningMethodEd25519 struct{} + +// Specific instance for EdDSA +var ( + SigningMethodEdDSA *SigningMethodEd25519 +) + +func init() { + SigningMethodEdDSA = &SigningMethodEd25519{} + RegisterSigningMethod(SigningMethodEdDSA.Alg(), func() SigningMethod { + return SigningMethodEdDSA + }) +} + +func (m *SigningMethodEd25519) Alg() string { + return "EdDSA" +} + +// Implements the Verify method from SigningMethod +// For this verify method, key must be an ed25519.PublicKey +func (m *SigningMethodEd25519) Verify(signingString, signature string, key interface{}) error { + var err error + var ed25519Key ed25519.PublicKey + var ok bool + + if ed25519Key, ok = key.(ed25519.PublicKey); !ok { + return ErrInvalidKeyType + } + + if len(ed25519Key) != ed25519.PublicKeySize { + return ErrInvalidKey + } + + // Decode the signature + var sig []byte + if sig, err = DecodeSegment(signature); err != nil { + return err + } + + // Verify the signature + if !ed25519.Verify(ed25519Key, []byte(signingString), sig) { + return ErrEd25519Verification + } + + return nil +} + +// Implements the Sign method from SigningMethod +// For this signing method, key must be an ed25519.PrivateKey +func (m *SigningMethodEd25519) Sign(signingString string, key interface{}) (string, error) { + var ed25519Key ed25519.PrivateKey + var ok bool + + if ed25519Key, ok = key.(ed25519.PrivateKey); !ok { + return "", ErrInvalidKeyType + } + + // ed25519.Sign panics if private key not equal to ed25519.PrivateKeySize + // this allows to avoid recover usage + if len(ed25519Key) != ed25519.PrivateKeySize { + return "", ErrInvalidKey + } + + // Sign the string and return the encoded result + sig := ed25519.Sign(ed25519Key, []byte(signingString)) + return EncodeSegment(sig), nil +} diff --git a/vendor/github.com/golang-jwt/jwt/ed25519_utils.go b/vendor/github.com/golang-jwt/jwt/ed25519_utils.go new file mode 100644 index 0000000000000..c6357275efc0a --- /dev/null +++ b/vendor/github.com/golang-jwt/jwt/ed25519_utils.go @@ -0,0 +1,64 @@ +package jwt + +import ( + "crypto" + "crypto/ed25519" + "crypto/x509" + "encoding/pem" + "errors" +) + +var ( + ErrNotEdPrivateKey = errors.New("Key is not a valid Ed25519 private key") + ErrNotEdPublicKey = errors.New("Key is not a valid Ed25519 public key") +) + +// Parse PEM-encoded Edwards curve private key +func ParseEdPrivateKeyFromPEM(key []byte) (crypto.PrivateKey, error) { + var err error + + // Parse PEM block + var block *pem.Block + if block, _ = pem.Decode(key); block == nil { + return nil, ErrKeyMustBePEMEncoded + } + + // Parse the key + var parsedKey interface{} + if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil { + return nil, err + } + + var pkey ed25519.PrivateKey + var ok bool + if pkey, ok = parsedKey.(ed25519.PrivateKey); !ok { + return nil, ErrNotEdPrivateKey + } + + return pkey, nil +} + +// Parse PEM-encoded Edwards curve public key +func ParseEdPublicKeyFromPEM(key []byte) (crypto.PublicKey, error) { + var err error + + // Parse PEM block + var block *pem.Block + if block, _ = pem.Decode(key); block == nil { + return nil, ErrKeyMustBePEMEncoded + } + + // Parse the key + var parsedKey interface{} + if parsedKey, err = x509.ParsePKIXPublicKey(block.Bytes); err != nil { + return nil, err + } + + var pkey ed25519.PublicKey + var ok bool + if pkey, ok = parsedKey.(ed25519.PublicKey); !ok { + return nil, ErrNotEdPublicKey + } + + return pkey, nil +} diff --git a/vendor/github.com/golang-jwt/jwt/map_claims.go b/vendor/github.com/golang-jwt/jwt/map_claims.go index ba290f429afdb..72c79f92e55ad 100644 --- a/vendor/github.com/golang-jwt/jwt/map_claims.go +++ b/vendor/github.com/golang-jwt/jwt/map_claims.go @@ -34,27 +34,35 @@ func (m MapClaims) VerifyAudience(cmp string, req bool) bool { // Compares the exp claim against cmp. // If required is false, this method will return true if the value matches or is unset func (m MapClaims) VerifyExpiresAt(cmp int64, req bool) bool { - switch exp := m["exp"].(type) { + exp, ok := m["exp"] + if !ok { + return !req + } + switch expType := exp.(type) { case float64: - return verifyExp(int64(exp), cmp, req) + return verifyExp(int64(expType), cmp, req) case json.Number: - v, _ := exp.Int64() + v, _ := expType.Int64() return verifyExp(v, cmp, req) } - return !req + return false } // Compares the iat claim against cmp. // If required is false, this method will return true if the value matches or is unset func (m MapClaims) VerifyIssuedAt(cmp int64, req bool) bool { - switch iat := m["iat"].(type) { + iat, ok := m["iat"] + if !ok { + return !req + } + switch iatType := iat.(type) { case float64: - return verifyIat(int64(iat), cmp, req) + return verifyIat(int64(iatType), cmp, req) case json.Number: - v, _ := iat.Int64() + v, _ := iatType.Int64() return verifyIat(v, cmp, req) } - return !req + return false } // Compares the iss claim against cmp. @@ -67,14 +75,18 @@ func (m MapClaims) VerifyIssuer(cmp string, req bool) bool { // Compares the nbf claim against cmp. // If required is false, this method will return true if the value matches or is unset func (m MapClaims) VerifyNotBefore(cmp int64, req bool) bool { - switch nbf := m["nbf"].(type) { + nbf, ok := m["nbf"] + if !ok { + return !req + } + switch nbfType := nbf.(type) { case float64: - return verifyNbf(int64(nbf), cmp, req) + return verifyNbf(int64(nbfType), cmp, req) case json.Number: - v, _ := nbf.Int64() + v, _ := nbfType.Int64() return verifyNbf(v, cmp, req) } - return !req + return false } // Validates time based claims "exp, iat, nbf". diff --git a/vendor/github.com/golang-jwt/jwt/token.go b/vendor/github.com/golang-jwt/jwt/token.go index 99868d29b9fd4..6b30ced1200cb 100644 --- a/vendor/github.com/golang-jwt/jwt/token.go +++ b/vendor/github.com/golang-jwt/jwt/token.go @@ -95,14 +95,10 @@ func ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc) (*Token // Encode JWT specific base64url encoding with padding stripped func EncodeSegment(seg []byte) string { - return strings.TrimRight(base64.URLEncoding.EncodeToString(seg), "=") + return base64.RawURLEncoding.EncodeToString(seg) } // Decode JWT specific base64url encoding with padding stripped func DecodeSegment(seg string) ([]byte, error) { - if l := len(seg) % 4; l > 0 { - seg += strings.Repeat("=", 4-l) - } - - return base64.URLEncoding.DecodeString(seg) + return base64.RawURLEncoding.DecodeString(seg) } diff --git a/vendor/modules.txt b/vendor/modules.txt index 32251f41e010b..2a616ad9cdd5a 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -428,7 +428,7 @@ github.com/gogs/cron # github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85 ## explicit github.com/gogs/go-gogs-client -# github.com/golang-jwt/jwt v3.2.1+incompatible +# github.com/golang-jwt/jwt v3.2.2+incompatible ## explicit github.com/golang-jwt/jwt # github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe @@ -1053,3 +1053,4 @@ xorm.io/xorm/names xorm.io/xorm/schemas xorm.io/xorm/tags # github.com/hashicorp/go-version => github.com/6543/go-version v1.3.1 +# github.com/golang-jwt/jwt v3.2.1+incompatible => github.com/golang-jwt/jwt v3.2.2+incompatible