Updating to latest Gitea 1.16

Author: fnetX

CHANGELOG.md

@@ -4,6 +4,54 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).
 
+## [1.16.2](https://github.com/go-gitea/gitea/releases/tag/v1.16.2) - 2022-02-24
+
+* ENHANCEMENTS
+  * Show fullname on issue edits and gpg/ssh signing info (#18828)
+  * Immediately Hammer if second kill is sent (#18823) (#18826)
+  * Allow mermaid render error to wrap (#18791)
+* BUGFIXES
+  * Fix ldap user sync missed email in email_address table (#18786) (#18876) 
+  * Update assignees check to include any writing team and change org sidebar (#18680) (#18873)
+  * Don't report signal: killed errors in serviceRPC (#18850) (#18865)
+  * Fix bug where certain LDAP settings were reverted (#18859)
+  * Update go-org to 1.6.0 (#18824) (#18839)
+  * Fix login with email for ldap users (#18800) (#18836)
+  * Fix bug for get user by email (#18834)
+  * Fix panic in EscapeReader (#18820) (#18821)
+  * Fix ldap loginname (#18789) (#18804)
+  * Remove redundant call to UpdateRepoStats during migration (#18591) (#18794)
+  * In disk_channel queues synchronously push to disk on shutdown (#18415) (#18788)
+  * Fix template bug of LFS lock (#18784) (#18787)
+  * Attempt to fix the webauthn migration again - part 3 (#18770) (#18771)
+  * Send mail to issue/pr assignee/reviewer also when OnMention is set (#18707) (#18765)
+  * Fix a broken link in commits_list_small.tmpl (#18763) (#18764)
+  * Increase the size of the webauthn_credential credential_id field (#18739) (#18756)
+  * Prevent dangling GetAttribute calls (#18754) (#18755)
+  * Fix isempty detection of git repository (#18746) (#18750)
+  * Fix source code line highlighting on external tracker (#18729) (#18740)
+  * Prevent double encoding of branch names in delete branch (#18714) (#18738)
+  * Always set PullRequestWorkInProgressPrefixes in PrepareViewPullInfo (#18713) (#18737)
+  * Fix forked repositories missed tags (#18719) (#18735)
+  * Fix release typo (#18728) (#18731)
+  * Separate the details links of commit-statuses in headers (#18661) (#18730)
+  * Update object repo with the migrated repository (#18684) (#18726)
+  * Fix bug for version update hint (#18701) (#18705)
+  * Fix issue with docker-rootless shimming script (#18690) (#18699)
+  * Let `MinUnitAccessMode` return correct perm (#18675) (#18689)
+  * Prevent security failure due to bad APP_ID (#18678) (#18682)
+  * Restart zero worker if there is still work to do (#18658) (#18672)
+  * If rendering has failed due to a net.OpError stop rendering (#18642) (#18645)
+* TESTING
+  * Ensure git tag tests and others create test repos in tmpdir (#18447) (#18767)
+* BUILD
+  * Reduce CI go module downloads, add make targets (#18708, #18475, #18443) (#18741)
+* MISC
+  * Put buttons back in org dashboard (#18817) (#18825)
+  * Various Mermaid improvements (#18776) (#18780)
+  * C preprocessor colors improvement (#18671) (#18696)
+  * Fix the missing i18n key for update checker (#18646) (#18665)
+
 ## [1.16.1](https://github.com/go-gitea/gitea/releases/tag/v1.16.1) - 2022-02-06
 
 * SECURITY

models/migrations/v210.go

@@ -137,17 +137,23 @@ func remigrateU2FCredentials(x *xorm.Engine) error {
 					CreatedUnix:     reg.CreatedUnix,
 				}
 
-				has, err := sess.ID(reg.ID).Where("id = ?", reg.ID).Get(new(webauthnCredential))
+				has, err := sess.ID(reg.ID).Get(new(webauthnCredential))
 				if err != nil {
 					return fmt.Errorf("unable to get webauthn_credential[%d]. Error: %w", reg.ID, err)
 				}
 				if !has {
-					_, err = sess.Insert(remigrated)
+					has, err := sess.Where("`lower_name`=?", remigrated.LowerName).And("`user_id`=?", remigrated.UserID).Exist(new(webauthnCredential))
 					if err != nil {
-						return fmt.Errorf("unable to (re)insert webauthn_credential[%d]. Error: %w", reg.ID, err)
+						return fmt.Errorf("unable to check webauthn_credential[lower_name: %s, user_id:%v]. Error: %w", remigrated.LowerName, remigrated.UserID, err)
 					}
+					if !has {
+						_, err = sess.Insert(remigrated)
+						if err != nil {
+							return fmt.Errorf("unable to (re)insert webauthn_credential[%d]. Error: %w", reg.ID, err)
+						}
 
-					continue
+						continue
+					}
 				}
 
 				_, err = sess.ID(remigrated.ID).AllCols().Update(remigrated)

models/repo.go

@@ -150,27 +150,56 @@ func getRepoAssignees(ctx context.Context, repo *repo_model.Repository) (_ []*us
 	}
 
 	e := db.GetEngine(ctx)
-	accesses := make([]*Access, 0, 10)
-	if err = e.
+	userIDs := make([]int64, 0, 10)
+	if err = e.Table("access").
 		Where("repo_id = ? AND mode >= ?", repo.ID, perm.AccessModeWrite).
-		Find(&accesses); err != nil {
+		Select("id").
+		Find(&userIDs); err != nil {
 		return nil, err
 	}
 
-	// Leave a seat for owner itself to append later, but if owner is an organization
-	// and just waste 1 unit is cheaper than re-allocate memory once.
-	users := make([]*user_model.User, 0, len(accesses)+1)
-	if len(accesses) > 0 {
-		userIDs := make([]int64, len(accesses))
-		for i := 0; i < len(accesses); i++ {
-			userIDs[i] = accesses[i].UserID
+	additionalUserIDs := make([]int64, 0, 10)
+	if err = e.Table("team_user").
+		Join("INNER", "team_repo", "`team_repo`.team_id = `team_user`.team_id").
+		Join("INNER", "team_unit", "`team_unit`.team_id = `team_user`.team_id").
+		Where("`team_repo`.repo_id = ? AND `team_unit`.access_mode >= ?", repo.ID, perm.AccessModeWrite).
+		Distinct("`team_user`.uid").
+		Select("`team_user`.uid").
+		Find(&additionalUserIDs); err != nil {
+		return nil, err
+	}
+
+	uidMap := map[int64]bool{}
+	i := 0
+	for _, uid := range userIDs {
+		if uidMap[uid] {
+			continue
+		}
+		uidMap[uid] = true
+		userIDs[i] = uid
+		i++
+	}
+	userIDs = userIDs[:i]
+	userIDs = append(userIDs, additionalUserIDs...)
+
+	for _, uid := range additionalUserIDs {
+		if uidMap[uid] {
+			continue
 		}
+		userIDs[i] = uid
+		i++
+	}
+	userIDs = userIDs[:i]
 
+	// Leave a seat for owner itself to append later, but if owner is an organization
+	// and just waste 1 unit is cheaper than re-allocate memory once.
+	users := make([]*user_model.User, 0, len(userIDs)+1)
+	if len(userIDs) > 0 {
 		if err = e.In("id", userIDs).Find(&users); err != nil {
 			return nil, err
 		}
 	}
-	if !repo.Owner.IsOrganization() {
+	if !repo.Owner.IsOrganization() && !uidMap[repo.OwnerID] {
 		users = append(users, repo.Owner)
 	}
 

models/user/user.go

@@ -852,8 +852,9 @@ func validateUser(u *User) error {
 	return ValidateEmail(u.Email)
 }
 
-func updateUser(ctx context.Context, u *User, changePrimaryEmail bool) error {
-	if err := validateUser(u); err != nil {
+func updateUser(ctx context.Context, u *User, changePrimaryEmail bool, cols ...string) error {
+	err := validateUser(u)
+	if err != nil {
 		return err
 	}
 
@@ -885,15 +886,35 @@ func updateUser(ctx context.Context, u *User, changePrimaryEmail bool) error {
 		}); err != nil {
 			return err
 		}
+	} else { // check if primary email in email_address table
+		primaryEmailExist, err := e.Where("uid=? AND is_primary=?", u.ID, true).Exist(&EmailAddress{})
+		if err != nil {
+			return err
+		}
+
+		if !primaryEmailExist {
+			if _, err = e.Insert(&EmailAddress{
+				Email:       u.Email,
+				UID:         u.ID,
+				IsActivated: true,
+				IsPrimary:   true,
+			}); err != nil {
+				return err
+			}
+		}
 	}
 
-	_, err := e.ID(u.ID).AllCols().Update(u)
+	if len(cols) == 0 {
+		_, err = e.ID(u.ID).AllCols().Update(u)
+	} else {
+		_, err = e.ID(u.ID).Cols(cols...).Update(u)
+	}
 	return err
 }
 
 // UpdateUser updates user's information.
-func UpdateUser(u *User, emailChanged bool) error {
-	return updateUser(db.DefaultContext, u, emailChanged)
+func UpdateUser(u *User, emailChanged bool, cols ...string) error {
+	return updateUser(db.DefaultContext, u, emailChanged, cols...)
 }
 
 // UpdateUserCols update user according special columns

routers/web/org/teams.go

@@ -311,6 +311,7 @@ func TeamMembers(ctx *context.Context) {
 		ctx.ServerError("GetMembers", err)
 		return
 	}
+	ctx.Data["Units"] = unit_model.Units
 	ctx.HTML(http.StatusOK, tplTeamMembers)
 }
 
@@ -323,6 +324,7 @@ func TeamRepositories(ctx *context.Context) {
 		ctx.ServerError("GetRepositories", err)
 		return
 	}
+	ctx.Data["Units"] = unit_model.Units
 	ctx.HTML(http.StatusOK, tplTeamRepositories)
 }
 

routers/web/repo/compare.go

@@ -77,8 +77,8 @@ func setPathsCompareContext(ctx *context.Context, base, head *git.Commit, headOw
 	ctx.Data["SourcePath"] = SourceCommitURL(headOwner, headName, head)
 	ctx.Data["RawPath"] = RawCommitURL(headOwner, headName, head)
 	if base != nil {
-		ctx.Data["BeforeSourcePath"] = SourceCommitURL(headOwner, headName, head)
-		ctx.Data["BeforeRawPath"] = RawCommitURL(headOwner, headName, head)
+		ctx.Data["BeforeSourcePath"] = SourceCommitURL(headOwner, headName, base)
+		ctx.Data["BeforeRawPath"] = RawCommitURL(headOwner, headName, base)
 	}
 }
 

routers/web/repo/http.go

@@ -103,7 +103,7 @@ func httpBase(ctx *context.Context) (h *serviceHandler) {
 	}
 
 	isWiki := false
-	var unitType = unit.TypeCode
+	unitType := unit.TypeCode
 	var wikiRepoName string
 	if strings.HasSuffix(reponame, ".wiki") {
 		isWiki = true
@@ -456,7 +456,6 @@ func serviceRPC(h serviceHandler, service string) {
 		if err := h.r.Body.Close(); err != nil {
 			log.Error("serviceRPC: Close: %v", err)
 		}
-
 	}()
 
 	if !hasAccess(service, h, true) {
@@ -467,7 +466,7 @@ func serviceRPC(h serviceHandler, service string) {
 	h.w.Header().Set("Content-Type", fmt.Sprintf("application/x-git-%s-result", service))
 
 	var err error
-	var reqBody = h.r.Body
+	reqBody := h.r.Body
 
 	// Handle GZIP.
 	if h.r.Header.Get("Content-Encoding") == "gzip" {
@@ -502,7 +501,9 @@ func serviceRPC(h serviceHandler, service string) {
 	cmd.Stderr = &stderr
 
 	if err := cmd.Run(); err != nil {
-		log.Error("Fail to serve RPC(%s) in %s: %v - %s", service, h.dir, err, stderr.String())
+		if err.Error() != "signal: killed" {
+			log.Error("Fail to serve RPC(%s) in %s: %v - %s", service, h.dir, err, stderr.String())
+		}
 		return
 	}
 }

services/auth/source/ldap/source_sync.go

@@ -143,6 +143,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 				log.Trace("SyncExternalUsers[%s]: Updating user %s", source.authSource.Name, usr.Name)
 
 				usr.FullName = fullName
+				emailChanged := usr.Email != su.Mail
 				usr.Email = su.Mail
 				// Change existing admin flag only if AdminFilter option is set
 				if len(source.AdminFilter) > 0 {
@@ -154,7 +155,7 @@ func (source *Source) Sync(ctx context.Context, updateExisting bool) error {
 				}
 				usr.IsActive = true
 
-				err = user_model.UpdateUserCols(db.DefaultContext, usr, "full_name", "email", "is_admin", "is_restricted", "is_active")
+				err = user_model.UpdateUser(usr, emailChanged, "full_name", "email", "is_admin", "is_restricted", "is_active")
 				if err != nil {
 					log.Error("SyncExternalUsers[%s]: Error updating user %s: %v", source.authSource.Name, usr.Name, err)
 				}

templates/org/team/sidebar.tmpl

@@ -25,31 +25,55 @@
 				<span class="text grey italic">{{.i18n.Tr "org.teams.no_desc"}}</span>
 			{{end}}
 		</div>
-
-		<div class="item">
-			{{if eq .Team.LowerName "owners"}}
+		{{if eq .Team.LowerName "owners"}}
+			<div class="item">
 				{{.i18n.Tr "org.teams.owners_permission_desc" | Str2html}}
-			{{else if (eq .Team.AccessMode 1)}}
-				{{if .Team.IncludesAllRepositories}}
-					{{.i18n.Tr "org.teams.all_repositories_read_permission_desc" | Str2html}}
-				{{else}}
-					{{.i18n.Tr "org.teams.read_permission_desc" | Str2html}}
-				{{end}}
-			{{else if (eq .Team.AccessMode 2)}}
-				{{if .Team.IncludesAllRepositories}}
-					{{.i18n.Tr "org.teams.all_repositories_write_permission_desc" | Str2html}}
+			</div>
+		{{else}}
+			<div class="item">
+				<h3>{{.i18n.Tr "org.team_access_desc"}}</h3>
+				<ul>
+					{{if .Team.IncludesAllRepositories}}
+						<li>{{.i18n.Tr "org.teams.all_repositories" | Str2html}}
+					{{else}}
+						<li>{{.i18n.Tr "org.teams.specific_repositories" | Str2html}}
+					{{end}}
+					{{if .Team.CanCreateOrgRepo}}
+						<li>{{.i18n.Tr "org.teams.can_create_org_repo"}}
+					{{end}}
+				</ul>
+				{{if (eq .Team.AccessMode 2)}}
+					<h3>{{.i18n.Tr "org.settings.permission"}}</h3>
+					{{.i18n.Tr "org.teams.write_permission_desc"}}
+				{{else if (eq .Team.AccessMode 3)}}
+					<h3>{{.i18n.Tr "org.settings.permission"}}</h3>
+					{{.i18n.Tr "org.teams.admin_permission_desc"}}
 				{{else}}
-					{{.i18n.Tr "org.teams.write_permission_desc" | Str2html}}
+					<table class="ui table">
+						<thead>
+							<tr>
+								<th>{{.i18n.Tr "units.unit"}}</th>
+								<th>{{.i18n.Tr "org.team_permission_desc"}}</th>
+							</tr>
+						</thead>
+						<tbody>
+							{{range $t, $unit := $.Units}}
+								{{if and (lt $unit.MaxPerm 2) (not $unit.Type.UnitGlobalDisabled)}}
+									<tr>
+										<td><strong>{{$.i18n.Tr $unit.NameKey}}</strong></td>
+										<td>{{if eq ($.Team.UnitAccessMode $unit.Type) 0 -}}
+										{{$.i18n.Tr "org.teams.none_access"}}
+										{{- else if or (eq $.Team.ID 0) (eq ($.Team.UnitAccessMode $unit.Type) 1) -}}
+										{{$.i18n.Tr "org.teams.read_access"}}
+										{{- else if eq ($.Team.UnitAccessMode $unit.Type) 2 -}}
+										{{$.i18n.Tr "org.teams.write_access"}}
+										{{- end}}</td>
+									</tr>
+								{{end}}
+							{{end}}
+						</tbody>
+					</table>
 				{{end}}
-			{{else if (eq .Team.AccessMode 3)}}
-				{{if .Team.IncludesAllRepositories}}
-					{{.i18n.Tr "org.teams.all_repositories_admin_permission_desc" | Str2html}}
-				{{else}}
-					{{.i18n.Tr "org.teams.admin_permission_desc" | Str2html}}
-				{{end}}
-			{{end}}
-			{{if .Team.CanCreateOrgRepo}}
-				<br><br>{{.i18n.Tr "org.teams.create_repo_permission_desc" | Str2html}}
 			{{end}}
 		</div>
 	</div>