Merge branch 'master' into empty_pr

* master:
  Changelog v1.13.2 (go-gitea#14535) (go-gitea#14543)
  [skip ci] Updated translations via Crowdin
  [API] List, Check, Add & delete endpoints for repository teams (go-gitea#13630)
  [skip ci] Updated translations via Crowdin
  rm redirect (go-gitea#14534)
  Upgrade 'css-minimizer-webpack-plugin' to the latest version (go-gitea#14527)
  Set the name Mapper in migrations (go-gitea#14526)

Author: a1012112796

CHANGELOG.md

@@ -4,6 +4,38 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.13.2](https://github.com/go-gitea/gitea/releases/tag/v1.13.2) - 2021-01-31
+
+* SECURITY
+  * Prevent panic on fuzzer provided string (#14405) (#14409)
+  * Add secure/httpOnly attributes to the lang cookie (#14279) (#14280)
+* API
+  * If release publisher is deleted use ghost user (#14375)
+* BUGFIXES
+  * Internal ssh server respect Ciphers, MACs and KeyExchanges settings (#14523) (#14530)
+  * Set the name Mapper in migrations (#14526) (#14529)
+  * Fix wiki preview (#14515)
+  * Update code.gitea.io/sdk/gitea v0.13.1 -> v0.13.2 (#14497)
+  * ChangeUserName: rename user files back on DB issue (#14447)
+  * Fix lfs preview bug (#14428) (#14433)
+  * Ensure timeout error is shown on u2f timeout (#14417) (#14431)
+  * Fix Deadlock & Delete affected reactions on comment deletion (#14392) (#14425)
+  * Use path not filepath in routers/editor (#14390) (#14396)
+  * Check if label template exist first (#14384) (#14389)
+  * Fix migration v141 (#14387) (#14388)
+  * Use Request.URL.RequestURI() for fcgi (#14347)
+  * Use ServerError provided by Context (#14333) (#14345)
+  * Fix edit-label form init (#14337)
+  * Fix mailIssueCommentBatch for pull request (#14252) (#14296)
+  * Render links for commit hashes followed by comma (#14224) (#14227)
+  * Send notifications for mentions in pulls, issues, (code-)comments (#14218) (#14221)
+  * Fix avatar bugs (#14217) (#14220)
+  * Ensure that schema search path is set with every connection on postgres (#14131) (#14216)
+  * Fix dashboard issues labels filter bug (#14210) (#14214)
+  * When visit /favicon.ico but the static file is not exist return 404 but not continue to handle the route (#14211) (#14213)
+  * Fix branch selector on new issue page (#14194) (#14207)
+  * Check for notExist on profile repository page (#14197) (#14203)
+
 ## [1.13.1](https://github.com/go-gitea/gitea/releases/tag/v1.13.1) - 2020-12-29
 
 * SECURITY

go.mod

@@ -42,7 +42,7 @@ require (
 	github.com/gobwas/glob v0.2.3
 	github.com/gogs/chardet v0.0.0-20191104214054-4b6791f73a28
 	github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14
-	github.com/gogs/go-gogs-client v0.0.0-20200905025246-8bb8a50cb355
+	github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85
 	github.com/google/go-github/v32 v32.1.0
 	github.com/google/uuid v1.2.0
 	github.com/gorilla/context v1.1.1
@@ -125,5 +125,3 @@ require (
 replace github.com/hashicorp/go-version => github.com/6543/go-version v1.2.4
 
 replace github.com/microcosm-cc/bluemonday => github.com/lunny/bluemonday v1.0.5-0.20201227154428-ca34796141e8
-
-replace github.com/gogs/go-gogs-client => github.com/6543-forks/go-gogs-client v0.0.0-20210116182316-f2f8bc0ea9cc

go.sum

@@ -52,8 +52,6 @@ gitea.com/lunny/levelqueue v0.3.0 h1:MHn1GuSZkxvVEDMyAPqlc7A3cOW+q8RcGhRgH/xtm6I
 gitea.com/lunny/levelqueue v0.3.0/go.mod h1:HBqmLbz56JWpfEGG0prskAV97ATNRoj5LDmPicD22hU=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:lSA0F4e9A2NcQSqGqTOXqu2aRi/XEQxDCBwM8yJtE6s=
 gitea.com/xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:EXuID2Zs0pAQhH8yz+DNjUbjppKQzKFAn28TMYPB6IU=
-github.com/6543-forks/go-gogs-client v0.0.0-20210116182316-f2f8bc0ea9cc h1:FLylYVXDwK+YtrmXYnv2Q1Y5lQ9TU1Xp5F2vndIOTb4=
-github.com/6543-forks/go-gogs-client v0.0.0-20210116182316-f2f8bc0ea9cc/go.mod h1:1Jj2LLcHcL+RHIT1IOaEsnoawRw+sjZYoiAjFWKJN/o=
 github.com/6543/go-version v1.2.4 h1:MPsSnqNrM0HwA9tnmWNnsMdQMg4/u4fflARjwomoof4=
 github.com/6543/go-version v1.2.4/go.mod h1:oqFAHCwtLVUTLdhQmVZWYvaHXTdsbB4SY85at64SQEo=
 github.com/Azure/go-ntlmssp v0.0.0-20200615164410-66371956d46c h1:/IBSNwUN8+eKzUzbJPqhK839ygXJ82sde8x3ogr6R28=
@@ -485,6 +483,8 @@ github.com/gogs/chardet v0.0.0-20191104214054-4b6791f73a28 h1:gBeyun7mySAKWg7Fb0
 github.com/gogs/chardet v0.0.0-20191104214054-4b6791f73a28/go.mod h1:Pcatq5tYkCW2Q6yrR2VRHlbHpZ/R4/7qyL1TCF7vl14=
 github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14 h1:yXtpJr/LV6PFu4nTLgfjQdcMdzjbqqXMEnHfq0Or6p8=
 github.com/gogs/cron v0.0.0-20171120032916-9f6c956d3e14/go.mod h1:jPoNZLWDAqA5N3G5amEoiNbhVrmM+ZQEcnQvNQ2KaZk=
+github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85 h1:UjoPNDAQ5JPCjlxoJd6K8ALZqSDDhk2ymieAZOVaDg0=
+github.com/gogs/go-gogs-client v0.0.0-20210131175652-1d7215cd8d85/go.mod h1:fR6z1Ie6rtF7kl/vBYMfgD5/G5B1blui7z426/sj2DU=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe h1:lXe2qZdvpiX5WZkZR4hgp4KJVfY3nMkvmwbVkpv1rVY=
 github.com/golang-sql/civil v0.0.0-20190719163853-cb61b32ac6fe/go.mod h1:8vg3r2VgvsThLBIFL93Qb5yWzgyZWhEmBwUJWevAkK0=
 github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q=

integrations/api_repo_teams_test.go

@@ -0,0 +1,77 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPIRepoTeams(t *testing.T) {
+	defer prepareTestEnv(t)()
+
+	// publicOrgRepo = user3/repo21
+	publicOrgRepo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 32}).(*models.Repository)
+	// user4
+	user := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)
+	session := loginUser(t, user.Name)
+	token := getTokenForLoggedInUser(t, session)
+
+	// ListTeams
+	url := fmt.Sprintf("/api/v1/repos/%s/teams?token=%s", publicOrgRepo.FullName(), token)
+	req := NewRequest(t, "GET", url)
+	res := session.MakeRequest(t, req, http.StatusOK)
+	var teams []*api.Team
+	DecodeJSON(t, res, &teams)
+	if assert.Len(t, teams, 2) {
+		assert.EqualValues(t, "Owners", teams[0].Name)
+		assert.EqualValues(t, false, teams[0].CanCreateOrgRepo)
+		assert.EqualValues(t, []string{"repo.code", "repo.issues", "repo.pulls", "repo.releases", "repo.wiki", "repo.ext_wiki", "repo.ext_issues"}, teams[0].Units)
+		assert.EqualValues(t, "owner", teams[0].Permission)
+
+		assert.EqualValues(t, "test_team", teams[1].Name)
+		assert.EqualValues(t, false, teams[1].CanCreateOrgRepo)
+		assert.EqualValues(t, []string{"repo.issues"}, teams[1].Units)
+		assert.EqualValues(t, "write", teams[1].Permission)
+	}
+
+	// IsTeam
+	url = fmt.Sprintf("/api/v1/repos/%s/teams/%s?token=%s", publicOrgRepo.FullName(), "Test_Team", token)
+	req = NewRequest(t, "GET", url)
+	res = session.MakeRequest(t, req, http.StatusOK)
+	var team *api.Team
+	DecodeJSON(t, res, &team)
+	assert.EqualValues(t, teams[1], team)
+
+	url = fmt.Sprintf("/api/v1/repos/%s/teams/%s?token=%s", publicOrgRepo.FullName(), "NonExistingTeam", token)
+	req = NewRequest(t, "GET", url)
+	res = session.MakeRequest(t, req, http.StatusNotFound)
+
+	// AddTeam with user4
+	url = fmt.Sprintf("/api/v1/repos/%s/teams/%s?token=%s", publicOrgRepo.FullName(), "team1", token)
+	req = NewRequest(t, "PUT", url)
+	res = session.MakeRequest(t, req, http.StatusForbidden)
+
+	// AddTeam with user2
+	user = models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	session = loginUser(t, user.Name)
+	token = getTokenForLoggedInUser(t, session)
+	url = fmt.Sprintf("/api/v1/repos/%s/teams/%s?token=%s", publicOrgRepo.FullName(), "team1", token)
+	req = NewRequest(t, "PUT", url)
+	res = session.MakeRequest(t, req, http.StatusNoContent)
+	res = session.MakeRequest(t, req, http.StatusUnprocessableEntity) // test duplicate request
+
+	// DeleteTeam
+	url = fmt.Sprintf("/api/v1/repos/%s/teams/%s?token=%s", publicOrgRepo.FullName(), "team1", token)
+	req = NewRequest(t, "DELETE", url)
+	res = session.MakeRequest(t, req, http.StatusNoContent)
+	res = session.MakeRequest(t, req, http.StatusUnprocessableEntity) // test duplicate request
+}

models/migrations/migrations.go

@@ -17,6 +17,7 @@ import (
 	"code.gitea.io/gitea/modules/setting"
 
 	"xorm.io/xorm"
+	"xorm.io/xorm/names"
 	"xorm.io/xorm/schemas"
 )
 
@@ -333,6 +334,8 @@ func EnsureUpToDate(x *xorm.Engine) error {
 
 // Migrate database to current version
 func Migrate(x *xorm.Engine) error {
+	// Set a new clean the default mapper to GonicMapper as that is the default for Gitea.
+	x.SetMapper(names.GonicMapper{})
 	if err := x.Sync(new(Version)); err != nil {
 		return fmt.Errorf("sync: %v", err)
 	}
@@ -371,6 +374,8 @@ Please try upgrading to a lower version first (suggested v1.6.4), then upgrade t
 	// Migrate
 	for i, m := range migrations[v-minDBVersion:] {
 		log.Info("Migration[%d]: %s", v+int64(i), m.Description())
+		// Reset the mapper between each migration - migrations are not supposed to depend on each other
+		x.SetMapper(names.GonicMapper{})
 		if err = m.Migrate(x); err != nil {
 			return fmt.Errorf("do migrate: %v", err)
 		}

options/locale/locale_cs-CZ.ini

@@ -237,6 +237,8 @@ users=Uživatelé
 organizations=Organizace
 search=Vyhledat
 code=Zdrojový kód
+search.fuzzy=Fuzzy
+search.match=Shoda
 repo_no_results=Nebyly nalezeny žádné odpovídající repozitáře.
 user_no_results=Nebyly nalezeni žádní odpovídající uživatelé.
 org_no_results=Nebyly nalezeny žádné odpovídající organizace.
@@ -871,6 +873,7 @@ editor.add=Přidat „%s“
 editor.update=Aktualizovat „%s“
 editor.delete=Smazat „%s“
 editor.commit_message_desc=Přidat volitelný rozšířený popis…
+editor.signoff_desc=Přidat Signed-off-by podpis tvůrce revize na konec zprávy o revizi.
 editor.commit_directly_to_this_branch=Uložte změny revize přímo do větve <strong class="branch-name">%s</strong>.
 editor.create_new_branch=Vytvořit <strong>novou větev</strong> pro tuto revizi a spustit požadavek na natažení.
 editor.create_new_branch_np=Vytvořte <strong>novou větev</strong> z této revize.
@@ -926,6 +929,7 @@ ext_issues=Ext. úkoly
 ext_issues.desc=Odkaz na externí systém úkolů.
 
 projects=Projekty
+projects.desc=Spravovat úkoly a požadavky na natažení na projektových nástěnkách.
 projects.description=Popis (volitelné)
 projects.description_placeholder=Popis
 projects.create=Vytvořit projekt
@@ -1461,6 +1465,8 @@ activity.git_stats_deletion_n=%d odebrání
 
 search=Vyhledat
 search.search_repo=Hledat repozitář
+search.fuzzy=Fuzzy
+search.match=Shoda
 search.results=Výsledky hledání „%s“ v <a href="%s">%s</a>
 
 settings=Nastavení
@@ -2064,6 +2070,7 @@ dashboard.resync_all_sshprincipals.desc=(Není potřeba pro vestavěný SSH serv
 dashboard.resync_all_hooks=Znovu synchronizovat háčky před přijetím, aktualizace a po přijetí všech repozitářů.
 dashboard.reinit_missing_repos=Znovu inicializovat všechny chybějící repozitáře, pro které existují záznamy
 dashboard.sync_external_users=Synchronizovat externí uživatelská data
+dashboard.cleanup_hook_task_table=Vyčistit tabulku hook_task
 dashboard.server_uptime=Doba provozu serveru
 dashboard.current_goroutine=Aktuální Goroutines
 dashboard.current_memory_usage=Aktuální využití paměti

options/locale/locale_ja-JP.ini

@@ -237,6 +237,8 @@ users=ユーザー
 organizations=組織
 search=検索
 code=コード
+search.fuzzy=あいまい
+search.match=一致
 repo_no_results=一致するリポジトリが見つかりません。
 user_no_results=一致するユーザーが見つかりません。
 org_no_results=一致する組織が見つかりません。
@@ -871,6 +873,7 @@ editor.add='%s' を追加
 editor.update='%s' を更新
 editor.delete='%s' を削除
 editor.commit_message_desc=詳細な説明を追加…
+editor.signoff_desc=コミットログメッセージの最後にコミッターの Signed-off-by 行を追加
 editor.commit_directly_to_this_branch=ブランチ<strong class="branch-name">%s</strong>へ直接コミットする。
 editor.create_new_branch=<strong>新しいブランチ</strong>にコミットしてプルリクエストを作成する。
 editor.create_new_branch_np=<strong>新しいブランチ</strong>にコミットする。
@@ -926,6 +929,7 @@ ext_issues=外部課題
 ext_issues.desc=外部の課題管理システムへのリンク。
 
 projects=プロジェクト
+projects.desc=プロジェクトボードで課題とプルを管理します。
 projects.description=説明 (オプション)
 projects.description_placeholder=説明
 projects.create=プロジェクトを作成
@@ -1461,6 +1465,8 @@ activity.git_stats_deletion_n=%d行削除
 
 search=検索
 search.search_repo=リポジトリを検索
+search.fuzzy=あいまい
+search.match=一致
 search.results=<a href="%[2]s">%[3]s</a> 内での "%[1]s" の検索結果
 
 settings=設定
@@ -2064,6 +2070,7 @@ dashboard.resync_all_sshprincipals.desc=(ビルトインSSHサーバーでは不
 dashboard.resync_all_hooks=すべてのリポジトリの pre-receive, update, post-receive フックを更新する。
 dashboard.reinit_missing_repos=レコードが存在するが見当たらないすべてのGitリポジトリを再初期化する
 dashboard.sync_external_users=外部ユーザーデータの同期
+dashboard.cleanup_hook_task_table=hook_taskテーブルのクリーンアップ
 dashboard.server_uptime=サーバーの稼働時間
 dashboard.current_goroutine=現在のGoroutine数
 dashboard.current_memory_usage=現在のメモリ使用量

options/locale/locale_zh-TW.ini

@@ -236,6 +236,8 @@ users=使用者
 organizations=組織
 search=搜尋
 code=程式碼
+search.fuzzy=模糊
+search.match=符合
 repo_no_results=沒有找到符合的儲存庫。
 user_no_results=沒有找到符合的使用者。
 org_no_results=沒有找到符合的組織。
@@ -447,7 +449,8 @@ update_profile=更新個人資料
 update_language_not_found=無法使用語言「%s」。
 update_profile_success=已更新您的個人資料。
 change_username=您的帳號已更改。
-change_username_prompt=注意：帳號更改也會更改您的帳戶的 URL。
+change_username_prompt=注意：修改帳號也會更改您的帳戶的 URL。
+change_username_redirect_prompt=舊的帳號被領用前，會重新導向您的新帳號。
 continue=繼續操作
 cancel=取消操作
 language=語言
@@ -869,6 +872,7 @@ editor.add=新增 '%s'
 editor.update=更新 '%s'
 editor.delete=刪除 '%s'
 editor.commit_message_desc=（選填）加入詳細說明...
+editor.signoff_desc=在提交訊息底部加入提交者的「Signed-off-by」資訊。
 editor.commit_directly_to_this_branch=直接提交到 <strong class="branch-name">%s</strong> 分支。
 editor.create_new_branch=為此提交建立<strong>新分支</strong>並提出合併請求。
 editor.create_new_branch_np=為本次提交建立一個 <strong>新分支</strong>。
@@ -924,6 +928,7 @@ ext_issues=外部問題
 ext_issues.desc=連結到外部問題追蹤器。
 
 projects=專案
+projects.desc=在專案看板中管理問題與合併請求。
 projects.description=描述（非必要） 
 projects.description_placeholder=描述
 projects.create=建立專案
@@ -1459,6 +1464,8 @@ activity.git_stats_deletion_n=刪除 %d 行
 
 search=搜尋
 search.search_repo=搜尋儲存庫
+search.fuzzy=模糊
+search.match=符合
 search.results=在 <a href="%s"> %s </a> 中搜尋 "%s" 的结果
 
 settings=設定
@@ -1939,6 +1946,7 @@ settings.visibility.private_shortname=私有
 settings.update_settings=更新設定
 settings.update_setting_success=組織設定已更新。
 settings.change_orgname_prompt=注意：修改組織名稱將會同時修改對應的 URL。
+settings.change_orgname_redirect_prompt=舊的名稱被領用前，會重新導向新名稱。
 settings.update_avatar_success=已更新組織的大頭貼。
 settings.delete=刪除組織
 settings.delete_account=刪除這個組織
@@ -2061,6 +2069,7 @@ dashboard.resync_all_sshprincipals.desc=(內建 SSH 伺服器無需使用。)
 dashboard.resync_all_hooks=重新同步所有儲存庫的 pre-receive、update 和 post-receive Hook。
 dashboard.reinit_missing_repos=重新初始化所有記錄存在但遺失的 Git 儲存庫
 dashboard.sync_external_users=同步外部使用者資料
+dashboard.cleanup_hook_task_table=清理 hook_task 資料表
 dashboard.server_uptime=服務執行時間
 dashboard.current_goroutine=目前的 Goroutines 數量
 dashboard.current_memory_usage=目前記憶體使用量

package.json

@@ -17,7 +17,7 @@
     "codemirror": "5.59.0",
     "core-js": "3.8.1",
     "css-loader": "5.0.1",
-    "css-minimizer-webpack-plugin": "1.1.5",
+    "css-minimizer-webpack-plugin": "1.2.0",
     "dropzone": "5.7.2",
     "easymde": "2.13.0",
     "escape-goat": "3.0.0",

routers/api/v1/api.go

@@ -727,6 +727,12 @@ func Routes() *web.Route {
 						Put(reqAdmin(), bind(api.AddCollaboratorOption{}), repo.AddCollaborator).
 						Delete(reqAdmin(), repo.DeleteCollaborator)
 				}, reqToken())
+				m.Group("/teams", func() {
+					m.Get("", reqAnyRepoReader(), repo.ListTeams)
+					m.Combo("/{team}").Get(reqAnyRepoReader(), repo.IsTeam).
+						Put(reqAdmin(), repo.AddTeam).
+						Delete(reqAdmin(), repo.DeleteTeam)
+				}, reqToken())
 				m.Get("/raw/*", context.RepoRefForAPI, reqRepoReader(models.UnitTypeCode), repo.GetRawFile)
 				m.Get("/archive/*", reqRepoReader(models.UnitTypeCode), repo.GetArchive)
 				m.Combo("/forks").Get(repo.ListForks).