Merge branch 'main' into speed-up-testpatch

Author: 6543

contrib/systemd/gitea.service

@@ -3,14 +3,23 @@ Description=Gitea (Git with a cup of tea)
 After=syslog.target
 After=network.target
 ###
-# Don't forget to add the database service requirements
+# Don't forget to add the database service dependencies
 ###
 #
-#Requires=mysql.service
-#Requires=mariadb.service
-#Requires=postgresql.service
-#Requires=memcached.service
-#Requires=redis.service
+#Wants=mysql.service
+#After=mysql.service
+#
+#Wants=mariadb.service
+#After=mariadb.service
+#
+#Wants=postgresql.service
+#After=postgresql.service
+#
+#Wants=memcached.service
+#After=memcached.service
+#
+#Wants=redis.service
+#After=redis.service
 #
 ###
 # If using socket activation for main http/s

docs/content/doc/developers/api-usage.en-us.md

@@ -40,8 +40,42 @@ better understand this by looking at the code -- as of this writing,
 Gitea parses queries and headers to find the token in
 [modules/auth/auth.go](https://github.com/go-gitea/gitea/blob/6efdcaed86565c91a3dc77631372a9cc45a58e89/modules/auth/auth.go#L47).
 
-You can create an API key token via your Gitea installation's web interface:
-`Settings | Applications | Generate New Token`.
+## Generating and listing API tokens
+
+A new token can be generated with a `POST` request to
+`/users/:name/tokens`.
+
+Note that `/users/:name/tokens` is a special endpoint and requires you
+to authenticate using `BasicAuth` and a password, as follows:
+
+
+```sh
+$ curl -XPOST -H "Content-Type: application/json"  -k -d '{"name":"test"}' -u username:password https://gitea.your.host/api/v1/users/<username>/tokens
+{"id":1,"name":"test","sha1":"9fcb1158165773dd010fca5f0cf7174316c3e37d","token_last_eight":"16c3e37d"}
+```
+
+The ``sha1`` (the token) is only returned once and is not stored in
+plain-text.  It will not be displayed when listing tokens with a `GET`
+request; e.g.
+
+```sh
+$ curl --request GET --url https://yourusername:password@gitea.your.host/api/v1/users/<username>/tokens
+[{"name":"test","sha1":"","token_last_eight:"........":},{"name":"dev","sha1":"","token_last_eight":"........"}]
+```
+
+To use the API with basic authentication with two factor authentication
+enabled, you'll need to send an additional header that contains the one
+time password (6 digitrotating token).
+An example of the header is `X-Gitea-OTP: 123456` where `123456`
+is where you'd place the code from your authenticator.
+Here is how the request would look like in curl:
+
+```sh
+$ curl -H "X-Gitea-OTP: 123456" --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+```
+
+You can also create an API key token via your Gitea installation's web
+interface: `Settings | Applications | Generate New Token`.
 
 ## OAuth2 Provider
 
@@ -82,26 +116,6 @@ or on
 The OpenAPI document is at:
 `https://gitea.your.host/swagger.v1.json`
 
-## Listing your issued tokens via the API
-
-As mentioned in
-[#3842](https://github.com/go-gitea/gitea/issues/3842#issuecomment-397743346),
-`/users/:name/tokens` is special and requires you to authenticate
-using BasicAuth, as follows:
-
-### Using basic authentication:
-
-```sh
-$ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
-[{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
-```
-
-As of v1.8.0 of Gitea, if using basic authentication with the API and your user has two factor authentication enabled, you'll need to send an additional header that contains the one time password (6 digit rotating token). An example of the header is `X-Gitea-OTP: 123456` where `123456` is where you'd place the code from your authenticator. Here is how the request would look like in curl:
-
-```sh
-$ curl -H "X-Gitea-OTP: 123456" --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
-```
-
 ## Sudo
 
 The API allows admin users to sudo API requests as another user. Simply add either a `sudo=` parameter or `Sudo:` request header with the username of the user to sudo.

docs/content/doc/developers/hacking-on-gitea.en-us.md

@@ -127,7 +127,7 @@ See `make help` for all available `make` targets. Also see [`.drone.yml`](https:
 
 ## Building continuously
 
-To run and continously rebuild when source files change:
+To run and continuously rebuild when source files change:
 
 ```bash
 make watch
@@ -216,7 +216,7 @@ You should validate your generated Swagger file and spell-check it with:
 make swagger-validate misspell-check
 ```
 
-You should commit the changed swagger JSON file. The continous integration
+You should commit the changed swagger JSON file. The continuous integration
 server will check that this has been done using:
 
 ```bash
@@ -315,7 +315,7 @@ branches as we will need to update it to main before merging and/or may be
 able to help fix issues directly.
 
 Any PR requires two approvals from the Gitea maintainers and needs to pass the
-continous integration. Take a look at our
+continuous integration. Take a look at our
 [`CONTRIBUTING.md`](https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md)
 document.
 

docs/content/doc/features/authentication.en-us.md

@@ -88,8 +88,8 @@ Adds the following fields:
 - Bind Password (optional)
 
   - The password for the Bind DN specified above, if any. _Note: The password
-    is stored in plaintext at the server. As such, ensure that the Bind DN
-    has as few privileges as possible._
+    is stored encrypted with the SECRET_KEY on the server. It is still recommended
+    to ensure that the Bind DN has as few privileges as possible._
 
 - User Search Base **(required)**
 

models/admin.go

@@ -114,6 +114,11 @@ func DeleteNotice(id int64) error {
 
 // DeleteNotices deletes all notices with ID from start to end (inclusive).
 func DeleteNotices(start, end int64) error {
+	if start == 0 && end == 0 {
+		_, err := x.Exec("DELETE FROM notice")
+		return err
+	}
+
 	sess := x.Where("id >= ?", start)
 	if end > 0 {
 		sess.And("id <= ?", end)

models/login_source.go

@@ -18,6 +18,7 @@ import (
 	"code.gitea.io/gitea/modules/auth/oauth2"
 	"code.gitea.io/gitea/modules/auth/pam"
 	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/secret"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/timeutil"
 	"code.gitea.io/gitea/modules/util"
@@ -77,11 +78,25 @@ type LDAPConfig struct {
 // FromDB fills up a LDAPConfig from serialized format.
 func (cfg *LDAPConfig) FromDB(bs []byte) error {
 	json := jsoniter.ConfigCompatibleWithStandardLibrary
-	return json.Unmarshal(bs, &cfg)
+	err := json.Unmarshal(bs, &cfg)
+	if err != nil {
+		return err
+	}
+	if cfg.BindPasswordEncrypt != "" {
+		cfg.BindPassword, err = secret.DecryptSecret(setting.SecretKey, cfg.BindPasswordEncrypt)
+		cfg.BindPasswordEncrypt = ""
+	}
+	return err
 }
 
 // ToDB exports a LDAPConfig to a serialized format.
 func (cfg *LDAPConfig) ToDB() ([]byte, error) {
+	var err error
+	cfg.BindPasswordEncrypt, err = secret.EncryptSecret(setting.SecretKey, cfg.BindPassword)
+	if err != nil {
+		return nil, err
+	}
+	cfg.BindPassword = ""
 	json := jsoniter.ConfigCompatibleWithStandardLibrary
 	return json.Marshal(cfg)
 }

modules/auth/ldap/ldap.go

@@ -35,6 +35,7 @@ type Source struct {
 	SecurityProtocol      SecurityProtocol
 	SkipVerify            bool
 	BindDN                string // DN to bind with
+	BindPasswordEncrypt   string // Encrypted Bind BN password
 	BindPassword          string // Bind DN password
 	UserBase              string // Base search path for users
 	UserDN                string // Template for the DN of the user for simple auth

modules/git/command.go

@@ -124,12 +124,18 @@ func (c *Command) RunInDirTimeoutEnvFullPipelineFunc(env []string, timeout time.
 
 	cmd := exec.CommandContext(ctx, c.name, c.args...)
 	if env == nil {
-		cmd.Env = append(os.Environ(), fmt.Sprintf("LC_ALL=%s", DefaultLocale))
+		cmd.Env = os.Environ()
 	} else {
 		cmd.Env = env
-		cmd.Env = append(cmd.Env, fmt.Sprintf("LC_ALL=%s", DefaultLocale))
 	}
 
+	cmd.Env = append(
+		cmd.Env,
+		fmt.Sprintf("LC_ALL=%s", DefaultLocale),
+		// avoid prompting for credentials interactively, supported since git v2.3
+		"GIT_TERMINAL_PROMPT=0",
+	)
+
 	// TODO: verify if this is still needed in golang 1.15
 	if goVersionLessThan115 {
 		cmd.Env = append(cmd.Env, "GODEBUG=asyncpreemptoff=1")

options/locale/locale_en-US.ini

@@ -1550,6 +1550,7 @@ settings.email_notifications.disable = Disable Email Notifications
 settings.email_notifications.submit = Set Email Preference
 settings.site = Website
 settings.update_settings = Update Settings
+settings.branches.update_default_branch = Update Default Branch
 settings.advanced_settings = Advanced Settings
 settings.wiki_desc = Enable Repository Wiki
 settings.use_internal_wiki = Use Built-In Wiki
@@ -2282,7 +2283,6 @@ auths.host = Host
 auths.port = Port
 auths.bind_dn = Bind DN
 auths.bind_password = Bind Password
-auths.bind_password_helper = Warning: This password is stored in plain text. Use a read-only account if possible.
 auths.user_base = User Search Base
 auths.user_dn = User DN
 auths.attribute_username = Username Attribute

options/locale/locale_es-ES.ini

@@ -854,6 +854,7 @@ branch=Rama
 tree=Árbol
 clear_ref=`Borrar referencia actual`
 filter_branch_and_tag=Filtrar por rama o etiqueta
+find_tag=Buscar etiqueta
 branches=Ramas
 tags=Etiquetas
 issues=Incidencias
@@ -1158,7 +1159,7 @@ issues.label_color=Color etiqueta
 issues.label_count=%d etiquetas
 issues.label_open_issues=%d incidencias abiertas
 issues.label_edit=Editar
-issues.label_delete=Borrar
+issues.label_delete=Eliminar
 issues.label_modify=Editar etiqueta
 issues.label_deletion=Eliminar etiqueta
 issues.label_deletion_desc=Eliminar una etiqueta la elimina de todos las incidencias. ¿Continuar?
@@ -1284,6 +1285,8 @@ issues.review.resolved_by=ha marcado esta conversación como resuelta
 issues.assignee.error=No todos los asignados fueron añadidos debido a un error inesperado.
 issues.reference_issue.body=Cuerpo
 
+compare.compare_base=base
+compare.compare_head=comparar
 
 pulls.desc=Activar Pull Requests y revisiones de código.
 pulls.new=Nuevo Pull Request
@@ -1546,6 +1549,7 @@ settings.email_notifications.disable=Deshabilitar las notificaciones por correo
 settings.email_notifications.submit=Establecer Preferencia de correo electrónico
 settings.site=Sitio web
 settings.update_settings=Actualizar configuración
+settings.branches.update_default_branch=Actualizar rama por defecto
 settings.advanced_settings=Ajustes avanzados
 settings.wiki_desc=Activar Wiki de repositorio
 settings.use_internal_wiki=Usar Wiki integrada
@@ -1886,6 +1890,7 @@ diff.file_image_width=Anchura
 diff.file_image_height=Altura
 diff.file_byte_size=Tamaño
 diff.file_suppressed=La diferencia del archivo ha sido suprimido porque es demasiado grande
+diff.file_suppressed_line_too_long=Las diferiencias del archivo han sido suprimidas porque una o mas lineas son muy largas
 diff.too_many_files=Algunos archivos no se mostraron porque demasiados archivos cambiaron en este cambio
 diff.comment.placeholder=Deja un comentario
 diff.comment.markdown_info=Es posible estilizar con markdown.
@@ -1913,6 +1918,7 @@ release.new_release=Nueva Release
 release.draft=Borrador
 release.prerelease=Pre-lanzamiento
 release.stable=Estable
+release.compare=Comparar
 release.edit=editar
 release.ahead.commits=<strong>%d</strong> commits
 release.ahead.target=a %s desde esta versión
@@ -2130,7 +2136,7 @@ dashboard.cron.error=Error en Cron: %s: %[3]s
 dashboard.cron.finished=Cron: %[1]s ha finalizado
 dashboard.delete_inactive_accounts=Eliminar todas las cuentas inactivas
 dashboard.delete_inactive_accounts.started=Se ha iniciado la tarea: "Eliminar todas las cuentas inactivas".
-dashboard.delete_repo_archives=Borrar todos los archivos del repositorio (ZIP, TAR.GZ, etc.)
+dashboard.delete_repo_archives=Eliminar todos los archivos del repositorio (ZIP, TAR.GZ, etc.)
 dashboard.delete_repo_archives.started=Se ha iniciado la tarea: "Eliminar todos los archivos del repositorios".
 dashboard.delete_missing_repos=Eliminar todos los repositorios que faltan sus archivos Git
 dashboard.delete_missing_repos.started=Se ha iniciado la tarea: "Eliminar todos los repositorios que faltan sus archivos Git".
@@ -2179,6 +2185,8 @@ dashboard.total_gc_time=Pausa Total por GC
 dashboard.total_gc_pause=Pausa Total por GC
 dashboard.last_gc_pause=Última Pausa por GC
 dashboard.gc_times=Ejecuciones GC
+dashboard.delete_old_actions=Eliminar todas las acciones antiguas de la base de datos
+dashboard.delete_old_actions.started=Eliminar todas las acciones antiguas de la base de datos inicializada.
 
 users.user_manage_panel=Gestión de cuentas de usuario
 users.new_account=Crear Cuenta de Usuario
@@ -2305,6 +2313,7 @@ auths.allowed_domains_helper=Dejar vacío para permitir todos los dominios. Sepa
 auths.enable_tls=Habilitar cifrado TLS
 auths.skip_tls_verify=Omitir la verificación TLS
 auths.pam_service_name=Nombre del Servicio PAM
+auths.pam_email_domain=Dominio de correo de PAM (opcional)
 auths.oauth2_provider=Proveedor OAuth2
 auths.oauth2_icon_url=URL de icono
 auths.oauth2_clientID=ID de cliente (clave)
@@ -2404,6 +2413,7 @@ config.db_path=Ruta
 config.service_config=Configuración del servicio
 config.register_email_confirm=Requerir confirmación de correo electrónico para registrarse
 config.disable_register=Deshabilitar auto-registro
+config.allow_only_internal_registration=Permitir el registro solo desde Gitea
 config.allow_only_external_registration=Permitir el registro únicamente a través de servicios externos
 config.enable_openid_signup=Habilitar el auto-registro con OpenID
 config.enable_openid_signin=Habilitar el inicio de sesión con OpenID

options/locale/locale_ja-JP.ini

@@ -1285,6 +1285,8 @@ issues.review.resolved_by=がこの会話を解決済みにしました
 issues.assignee.error=予期しないエラーにより、一部の担当者を追加できませんでした。
 issues.reference_issue.body=内容
 
+compare.compare_base=基準
+compare.compare_head=比較
 
 pulls.desc=プルリクエストとコードレビューの有効化。
 pulls.new=新しいプルリクエスト
@@ -1547,6 +1549,7 @@ settings.email_notifications.disable=メール通知無効
 settings.email_notifications.submit=メール設定を保存
 settings.site=Webサイト
 settings.update_settings=設定を更新
+settings.branches.update_default_branch=デフォルトブランチを更新
 settings.advanced_settings=拡張設定
 settings.wiki_desc=Wikiを有効にする
 settings.use_internal_wiki=ビルトインのWikiを使用する
@@ -1887,6 +1890,7 @@ diff.file_image_width=幅
 diff.file_image_height=高さ
 diff.file_byte_size=サイズ
 diff.file_suppressed=ファイル差分が大きすぎるため省略します
+diff.file_suppressed_line_too_long=長すぎる行があるためファイル差分は表示されません
 diff.too_many_files=変更されたファイルが多すぎるため、一部のファイルは表示されません
 diff.comment.placeholder=コメントを残す
 diff.comment.markdown_info=Markdownによる書式設定をサポートしています。
@@ -2309,6 +2313,7 @@ auths.allowed_domains_helper=すべてのドメインを許可する場合は空
 auths.enable_tls=TLS暗号化を有効にする
 auths.skip_tls_verify=TLS検証を省略
 auths.pam_service_name=PAMサービス名
+auths.pam_email_domain=PAM メールドメイン名 (オプション)
 auths.oauth2_provider=OAuth2プロバイダー
 auths.oauth2_icon_url=アイコンのURL
 auths.oauth2_clientID=クライアントID (キー)
@@ -2408,6 +2413,7 @@ config.db_path=パス
 config.service_config=サービス設定
 config.register_email_confirm=登録にはメールによる確認が必要
 config.disable_register=セルフ登録無効
+config.allow_only_internal_registration=Gitea上での登録のみを許可
 config.allow_only_external_registration=外部サービスを使用した登録のみを許可
 config.enable_openid_signup=OpenIDを使ったセルフ登録有効
 config.enable_openid_signin=OpenIDを使ったサインイン有効