* WeChat QR Sign Up, Login, and Unbind
* Add QR Refresh Icon
* refactor wechat QR login, and apply Gitea `APIContexter`
* GET /api/wechat/official-account/generate-qr-code?qrExpireSeconds=${qrExpireSeconds}&sceneStr=${sceneStr}
* [Fix] QR Expiration Mask too dark
* [Refactor] Deprecated in-memory cache, ready for Redis
* [Doc] Resolve WeChat QR config conflict in k8s mode
* [Fix] WeChat QR Login by default
* Improvement: use commit SHA to tag artifact
* bugFix: inconsistent collation
* Added Database migration for DevStar Studio 1.0
* Updated Transaction for table `user_wechat_official_account_openid`
* WeChat Official Account binding/updating done
* WeChat Official Account QR login Success
commit 2ed4e3e307
Author: DAI Mingchen <daimingchen@mail.ustc.edu.cn>
Date: Thu Jul 25 11:48:00 2024 +0000
resolved WARN NoEmptyContinuation (grammar mistakes), and removed trivial unit test for hCAPTCHA
commit 690157811b
Author: DAI Mingchen <daimingchen@mail.ustc.edu.cn>
Date: Thu Jul 25 10:21:39 2024 +0000
fix: checkout the corresponding branch(master or dev)
commit 046ff63e42
Author: DAI Mingchen <daimingchen@mail.ustc.edu.cn>
Date: Thu Jul 25 10:01:24 2024 +0000
test new CI pipeline workflow in the org repo, with a bunch of ENV vars
commit faf7f51d85
Author: 戴明辰 <daimingchen@mail.ustc.edu.cn>
Date: Thu Jul 25 07:59:31 2024 +0000
!1 DevStar Studio 界面原型 + CI流水线测试通过
* finalize this PoC repo, and migrate to the main repo (as a dev branch)
* bugFix: nullptr dereference @ routers/web/auth/wechat_utils.go
* bugFix: CAPTCHA needs manual reloading
* Updated UI
* Changed logo and favicon
* Made WeChat QR optional (will not cause HTTP 500 Internal Error), and …
* Added Unit Test in CI workflow, and removed redundant tests in dev container
* Compliance with open source licensing requirements
* Fix workflow: only exec 'docker rm' if there are dangling volumes
* Removed Magic values about: Docker registry(URL, username), k8s(nanesp…
* fix mistakes: git checkout branch should be master rather than the sta…
* Updated UI layouts and build scripts
* Updated copyright info and ICP License ID at page footer
* Updated ICP License ID at page footer
* Updated code ownership: web footer, logo and favicon
* Updated Internationalization(i18n): removed languages other than CN an…
This PR only does "renaming":
* `Route` should be `Router` (and chi router is also called "router")
* `Params` should be `PathParam` (to distingush it from URL query param, and to match `FormString`)
* Use lower case for private functions to avoid exposing or abusing
Initial support for #25680
This PR only adds some simple styles from GitHub, it is big enough and
it focuses on adding the necessary framework-level supports. More styles
could be fine-tuned later.
## Changes
- Adds setting `EXTERNAL_USER_DISABLE_FEATURES` to disable any supported
user features when login type is not plain
- In general, this is necessary for SSO implementations to avoid
inconsistencies between the external account management and the linked
account
- Adds helper functions to encourage correct use
Since `modules/context` has to depend on `models` and many other
packages, it should be moved from `modules/context` to
`services/context` according to design principles. There is no logic
code change on this PR, only move packages.
- Move `code.gitea.io/gitea/modules/context` to
`code.gitea.io/gitea/services/context`
- Move `code.gitea.io/gitea/modules/contexttest` to
`code.gitea.io/gitea/services/contexttest` because of depending on
context
- Move `code.gitea.io/gitea/modules/upload` to
`code.gitea.io/gitea/services/context/upload` because of depending on
context
Extract from #20549
This PR added a new option on app.ini `[admin]USER_DISABLED_FEATURES` to
allow the site administrator to disable users visiting deletion user
interface or allow.
This options are also potentially allowed to define more features in
future PRs.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Clarify when "string" should be used (and be escaped), and when
"template.HTML" should be used (no need to escape)
And help PRs like #29059 , to render the error messages correctly.
Fixes#28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api
This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.
After that PR is merged, the user creation should be next.
Renames it to `ENABLED` to be consistent with other settings and
deprecates it.
I believe this change is necessary because other setting groups such as
`attachment`, `cors`, `mailer`, etc. have an `ENABLED` setting, but
`oauth2` is the only one with an `ENABLE` setting, which could cause
confusion for users.
This is no longer a breaking change because `ENABLE` has been set as
deprecated and as an alias to `ENABLED`.
Nowadays, cache will be used on almost everywhere of Gitea and it cannot
be disabled, otherwise some features will become unaviable.
Then I think we can just remove the option for cache enable. That means
cache cannot be disabled.
But of course, we can still use cache configuration to set how should
Gitea use the cache.
The steps to reproduce it.
First, create a new oauth2 source.
Then, a user login with this oauth2 source.
Disable the oauth2 source.
Visit users -> settings -> security, 500 will be displayed.
This is because this page only load active Oauth2 sources but not all
Oauth2 sources.
Fix nil access for inactive auth sources.
> Render failed, failed to render template:
user/settings/security/security, error: template error:
builtin(static):user/settings/security/accountlinks:32:20 : executing
"user/settings/security/accountlinks" at <$providerData.IconHTML>: nil
pointer evaluating oauth2.Provider.IconHTML
Code tries to access the auth source of an `ExternalLoginUser` but the
list contains only the active auth sources.
This PR reduces the complexity of the system setting system.
It only needs one line to introduce a new option, and the option can be
used anywhere out-of-box.
It is still high-performant (and more performant) because the config
values are cached in the config system.
This PR removed `unittest.MainTest` the second parameter
`TestOptions.GiteaRoot`. Now it detects the root directory by current
working directory.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Part of #27065
This reduces the usage of `db.DefaultContext`. I think I've got enough
files for the first PR. When this is merged, I will continue working on
this.
Considering how many files this PR affect, I hope it won't take to long
to merge, so I don't end up in the merge conflict hell.
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Unfortunately, when a system setting hasn't been stored in the database,
it cannot be cached.
Meanwhile, this PR also uses context cache for push email avatar display
which should avoid to read user table via email address again and again.
According to my local test, this should reduce dashboard elapsed time
from 150ms -> 80ms .
