Merge branch 'master' into improve-strings

Author: lunny

.gitattributes

@@ -1,3 +1,4 @@
 * text=auto eol=lf
 /vendor/** -text -eol linguist-vendored
 /public/vendor/** -text -eol linguist-vendored
+/templates/**/*.tmpl linguist-language=Handlebars

.github/lock.yml

@@ -0,0 +1,23 @@
+# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
+
+# Number of days of inactivity before a closed issue or pull request is locked
+daysUntilLock: 60
+
+# Skip issues and pull requests created before a given timestamp. Timestamp must
+# follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
+skipCreatedBefore: false
+
+# Issues and pull requests with these labels will be ignored.
+exemptLabels: []
+
+# Label to add before locking, such as `outdated`. `false` is disabled
+lockLabel: false
+
+# Comment to post before locking.
+lockComment: >
+  This thread has been automatically locked since there has not been
+  any recent activity after it was closed. Please open a new issue for
+  related bugs and link to relevant comments in this thread.
+
+# Assign `resolved` as the reason for locking. Set to `false` to disable
+setLockReason: true

Dockerfile.rootless

@@ -50,8 +50,7 @@ RUN mkdir -p /var/lib/gitea /etc/gitea
 RUN chown git:git /var/lib/gitea /etc/gitea
 
 COPY docker/rootless /
-COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea
-RUN chown root:root /usr/local/bin/* && chmod 755 /usr/local/bin/*
+COPY --from=build-env --chown=root:root /go/src/code.gitea.io/gitea/gitea /usr/local/bin/gitea
 
 USER git:git
 ENV GITEA_WORK_DIR /var/lib/gitea

Makefile

@@ -638,8 +638,8 @@ fomantic: $(FOMANTIC_DEST)
 
 $(FOMANTIC_DEST): $(FOMANTIC_CONFIGS) | node_modules
 	rm -rf $(FOMANTIC_DEST_DIR)
-	cp web_src/fomantic/theme.config.less node_modules/fomantic-ui/src/theme.config
-	cp -r web_src/fomantic/_site/* node_modules/fomantic-ui/src/_site/
+	cp -f web_src/fomantic/theme.config.less node_modules/fomantic-ui/src/theme.config
+	cp -rf web_src/fomantic/_site/* node_modules/fomantic-ui/src/_site/
 	npx gulp -f node_modules/fomantic-ui/gulpfile.js build
 	@touch $(FOMANTIC_DEST)
 

cmd/web.go

@@ -165,9 +165,10 @@ func runWeb(ctx *cli.Context) error {
 			return err
 		}
 	}
-	// Set up Macaron
+	// Set up Chi routes
 	c := routes.NewChi()
-	routes.RegisterRoutes(c)
+	c.Mount("/", routes.NormalRoutes())
+	routes.DelegateToMacaron(c)
 
 	err := listen(c, true)
 	<-graceful.GetManager().Done()

contrib/pr/checkout.go

@@ -118,7 +118,8 @@ func runPR() {
 	external.RegisterParsers()
 	markup.Init()
 	c := routes.NewChi()
-	routes.RegisterRoutes(c)
+	c.Mount("/", routes.NormalRoutes())
+	routes.DelegateToMacaron(c)
 
 	log.Printf("[PR] Ready for testing !\n")
 	log.Printf("[PR] Login with user1, user2, user3, ... with pass: password\n")

custom/conf/app.example.ini

@@ -389,7 +389,7 @@ GRACEFUL_HAMMER_TIME = 60s
 ; Allows the setting of a startup timeout and waithint for Windows as SVC service
 ; 0 disables this.
 STARTUP_TIMEOUT = 0
-; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time, default is 6h
+; Static resources, includes resources on custom/, public/ and all uploaded avatars web browser cache time. Note that this cache is disabled when RUN_MODE is "dev". Default is 6h
 STATIC_CACHE_TIME = 6h
 
 ; Define allowed algorithms and their minimum key length (use -1 to disable a type)

docs/content/doc/advanced/config-cheat-sheet.en-us.md

@@ -262,7 +262,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `KEY_FILE`: **https/key.pem**: Key file path used for HTTPS. From 1.11 paths are relative to `CUSTOM_PATH`.
 - `STATIC_ROOT_PATH`: **./**: Upper level of template and static files path.
 - `APP_DATA_PATH`: **data** (**/data/gitea** on docker): Default path for application data.
-- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars.
+- `STATIC_CACHE_TIME`: **6h**: Web browser cache time for static resources on `custom/`, `public/` and all uploaded avatars. Note that this cache is disabled when `RUN_MODE` is "dev".
 - `ENABLE_GZIP`: **false**: Enables application-level GZIP support.
 - `ENABLE_PPROF`: **false**: Application profiling (memory and cpu). For "web" command it listens on localhost:6060. For "serv" command it dumps to disk at `PPROF_DATA_PATH` as `(cpuprofile|memprofile)_<username>_<temporary id>`
 - `PPROF_DATA_PATH`: **data/tmp/pprof**: `PPROF_DATA_PATH`, use an absolute path when you start gitea as service

docs/content/doc/installation/from-package.en-us.md

@@ -15,26 +15,29 @@ menu:
 
 # Installation from package
 
-## Debian
+## Alpine Linux
 
-Although there is a package of Gitea in Debian's [contrib](https://wiki.debian.org/SourcesList),
-it is not supported directly by us.
+Alpine Linux has [Gitea](https://pkgs.alpinelinux.org/packages?name=gitea&branch=edge) in its community repository which follows the latest stable version.
 
-Unfortunately, the package is not maintained anymore and broken because of missing sources.
-Please follow the [deployment from binary]({{< relref "from-binary.en-us.md" >}}) guide instead.
+```sh
+apk add gitea
+```
 
-Should the packages get updated and fixed, we will provide up-to-date installation instructions here.
+## Arch Linux
 
-## Alpine Linux
+The rolling release distribution has [Gitea](https://www.archlinux.org/packages/community/x86_64/gitea/) in their official community repository and package updates are provided with new Gitea releases.
 
-Alpine Linux has gitea in its community repository. It follows the latest stable version.
-for more information look at https://pkgs.alpinelinux.org/packages?name=gitea&branch=edge.
+```sh
+pacman -S gitea
+```
+
+## Arch Linux ARM
+
+Arch Linux ARM provides packages for [aarch64](https://archlinuxarm.org/packages/aarch64/gitea), [armv7h](https://archlinuxarm.org/packages/armv7h/gitea) and [armv6h](https://archlinuxarm.org/packages/armv6h/gitea).
 
-install as usual:
 ```sh
-apk add gitea
+pacman -S gitea
 ```
-config is found in **/etc/gitea/app.ini**
 
 ## Windows
 

integrations/api_admin_test.go

@@ -144,3 +144,22 @@ func TestAPIListUsersNonAdmin(t *testing.T) {
 	req := NewRequestf(t, "GET", "/api/v1/admin/users?token=%s", token)
 	session.MakeRequest(t, req, http.StatusForbidden)
 }
+
+func TestAPICreateUserInvalidEmail(t *testing.T) {
+	defer prepareTestEnv(t)()
+	adminUsername := "user1"
+	session := loginUser(t, adminUsername)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/admin/users?token=%s", token)
+	req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
+		"email":                "[email protected]\r\n",
+		"full_name":            "invalid user",
+		"login_name":           "invalidUser",
+		"must_change_password": "true",
+		"password":             "password",
+		"send_notify":          "true",
+		"source_id":            "0",
+		"username":             "invalidUser",
+	})
+	session.MakeRequest(t, req, http.StatusUnprocessableEntity)
+}

integrations/create_no_session_test.go

@@ -59,7 +59,8 @@ func TestSessionFileCreation(t *testing.T) {
 	defer func() {
 		setting.SessionConfig.ProviderConfig = oldSessionConfig
 		c = routes.NewChi()
-		routes.RegisterRoutes(c)
+		c.Mount("/", routes.NormalRoutes())
+		routes.DelegateToMacaron(c)
 	}()
 
 	var config session.Options
@@ -84,7 +85,8 @@ func TestSessionFileCreation(t *testing.T) {
 	setting.SessionConfig.ProviderConfig = string(newConfigBytes)
 
 	c = routes.NewChi()
-	routes.RegisterRoutes(c)
+	c.Mount("/", routes.NormalRoutes())
+	routes.DelegateToMacaron(c)
 
 	t.Run("NoSessionOnViewIssue", func(t *testing.T) {
 		defer PrintCurrentTest(t)()

integrations/integration_test.go

@@ -68,7 +68,8 @@ func TestMain(m *testing.M) {
 
 	initIntegrationTest()
 	c = routes.NewChi()
-	routes.RegisterRoutes(c)
+	c.Mount("/", routes.NormalRoutes())
+	routes.DelegateToMacaron(c)
 
 	// integration test settings...
 	if setting.Cfg != nil {

integrations/pull_merge_test.go

@@ -194,7 +194,7 @@ func TestCantMergeWorkInProgress(t *testing.T) {
 		req := NewRequest(t, "GET", resp.Header().Get("Location"))
 		resp = session.MakeRequest(t, req, http.StatusOK)
 		htmlDoc := NewHTMLParser(t, resp.Body)
-		text := strings.TrimSpace(htmlDoc.doc.Find(".attached.merge-section.no-header > .text.grey").Last().Text())
+		text := strings.TrimSpace(htmlDoc.doc.Find(".merge-section > .item").Last().Text())
 		assert.NotEmpty(t, text, "Can't find WIP text")
 
 		// remove <strong /> from lang

integrations/pull_status_test.go

@@ -114,7 +114,7 @@ func TestPullCreate_EmptyChangesWithCommits(t *testing.T) {
 		resp := session.MakeRequest(t, req, http.StatusOK)
 		doc := NewHTMLParser(t, resp.Body)
 
-		text := strings.TrimSpace(doc.doc.Find(".item.text.green").Text())
-		assert.EqualValues(t, "This pull request can be merged automatically.", text)
+		text := strings.TrimSpace(doc.doc.Find(".merge-section").Text())
+		assert.Contains(t, text, "This pull request can be merged automatically.")
 	})
 }

integrations/signup_test.go

@@ -5,10 +5,14 @@
 package integrations
 
 import (
+	"fmt"
 	"net/http"
+	"strings"
 	"testing"
 
 	"code.gitea.io/gitea/modules/setting"
+	"github.com/stretchr/testify/assert"
+	"github.com/unknwon/i18n"
 )
 
 func TestSignup(t *testing.T) {
@@ -28,3 +32,37 @@ func TestSignup(t *testing.T) {
 	req = NewRequest(t, "GET", "/exampleUser")
 	MakeRequest(t, req, http.StatusOK)
 }
+
+func TestSignupEmail(t *testing.T) {
+	defer prepareTestEnv(t)()
+
+	setting.Service.EnableCaptcha = false
+
+	tests := []struct {
+		email      string
+		wantStatus int
+		wantMsg    string
+	}{
+		{"[email protected]\r\n", http.StatusOK, i18n.Tr("en", "form.email_invalid", nil)},
+		{"[email protected]\r", http.StatusOK, i18n.Tr("en", "form.email_invalid", nil)},
+		{"[email protected]\n", http.StatusOK, i18n.Tr("en", "form.email_invalid", nil)},
+		{"[email protected]", http.StatusFound, ""},
+	}
+
+	for i, test := range tests {
+		req := NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{
+			"user_name": fmt.Sprintf("exampleUser%d", i),
+			"email":     test.email,
+			"password":  "examplePassword!1",
+			"retype":    "examplePassword!1",
+		})
+		resp := MakeRequest(t, req, test.wantStatus)
+		if test.wantMsg != "" {
+			htmlDoc := NewHTMLParser(t, resp.Body)
+			assert.Equal(t,
+				test.wantMsg,
+				strings.TrimSpace(htmlDoc.doc.Find(".ui.message").Text()),
+			)
+		}
+	}
+}

main.go

@@ -11,6 +11,7 @@ import (
 	"os"
 	"runtime"
 	"strings"
+	"time"
 
 	"code.gitea.io/gitea/cmd"
 	"code.gitea.io/gitea/modules/log"
@@ -40,6 +41,7 @@ var (
 func init() {
 	setting.AppVer = Version
 	setting.AppBuiltWith = formatBuiltWith()
+	setting.AppStartTime = time.Now().UTC()
 
 	// Grab the original help templates
 	originalAppHelpTemplate = cli.AppHelpTemplate

models/error.go

@@ -193,6 +193,21 @@ func (err ErrEmailAlreadyUsed) Error() string {
 	return fmt.Sprintf("e-mail already in use [email: %s]", err.Email)
 }
 
+// ErrEmailInvalid represents an error where the email address does not comply with RFC 5322
+type ErrEmailInvalid struct {
+	Email string
+}
+
+// IsErrEmailInvalid checks if an error is an ErrEmailInvalid
+func IsErrEmailInvalid(err error) bool {
+	_, ok := err.(ErrEmailInvalid)
+	return ok
+}
+
+func (err ErrEmailInvalid) Error() string {
+	return fmt.Sprintf("e-mail invalid [email: %s]", err.Email)
+}
+
 // ErrOpenIDAlreadyUsed represents a "OpenIDAlreadyUsed" kind of error.
 type ErrOpenIDAlreadyUsed struct {
 	OpenID string

models/user.go

@@ -14,6 +14,7 @@ import (
 	"errors"
 	"fmt"
 	_ "image/jpeg" // Needed for jpeg support
+	"net/mail"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -808,6 +809,11 @@ func CreateUser(u *User) (err error) {
 		return ErrEmailAlreadyUsed{u.Email}
 	}
 
+	_, err = mail.ParseAddress(u.Email)
+	if err != nil {
+		return ErrEmailInvalid{u.Email}
+	}
+
 	isExist, err = isEmailUsed(sess, u.Email)
 	if err != nil {
 		return err
@@ -951,7 +957,12 @@ func checkDupEmail(e Engine, u *User) error {
 }
 
 func updateUser(e Engine, u *User) error {
-	_, err := e.ID(u.ID).AllCols().Update(u)
+	u.Email = strings.ToLower(u.Email)
+	_, err := mail.ParseAddress(u.Email)
+	if err != nil {
+		return ErrEmailInvalid{u.Email}
+	}
+	_, err = e.ID(u.ID).AllCols().Update(u)
 	return err
 }
 

models/user_mail.go

@@ -8,6 +8,7 @@ package models
 import (
 	"errors"
 	"fmt"
+	"net/mail"
 	"strings"
 
 	"code.gitea.io/gitea/modules/log"
@@ -143,6 +144,11 @@ func addEmailAddress(e Engine, email *EmailAddress) error {
 		return ErrEmailAlreadyUsed{email.Email}
 	}
 
+	_, err = mail.ParseAddress(email.Email)
+	if err != nil {
+		return ErrEmailInvalid{email.Email}
+	}
+
 	_, err = e.Insert(email)
 	return err
 }
@@ -167,6 +173,10 @@ func AddEmailAddresses(emails []*EmailAddress) error {
 		} else if used {
 			return ErrEmailAlreadyUsed{emails[i].Email}
 		}
+		_, err = mail.ParseAddress(emails[i].Email)
+		if err != nil {
+			return ErrEmailInvalid{emails[i].Email}
+		}
 	}
 
 	if _, err := x.Insert(emails); err != nil {

models/user_test.go

@@ -329,6 +329,21 @@ func TestCreateUser(t *testing.T) {
 	assert.NoError(t, DeleteUser(user))
 }
 
+func TestCreateUserInvalidEmail(t *testing.T) {
+	user := &User{
+		Name:               "GiteaBot",
+		Email:              "[email protected]\r\n",
+		Passwd:             ";p['////..-++']",
+		IsAdmin:            false,
+		Theme:              setting.UI.DefaultTheme,
+		MustChangePassword: false,
+	}
+
+	err := CreateUser(user)
+	assert.Error(t, err)
+	assert.True(t, IsErrEmailInvalid(err))
+}
+
 func TestCreateUser_Issue5882(t *testing.T) {
 
 	// Init settings