Merge branch 'master' into oidc-core-implementation

Author: 6543

.eslintrc

@@ -346,6 +346,7 @@ rules:
   unicorn/catch-error-name: [0]
   unicorn/consistent-function-scoping: [2]
   unicorn/custom-error-definition: [0]
+  unicorn/empty-brace-spaces: [2]
   unicorn/error-message: [0]
   unicorn/escape-case: [0]
   unicorn/expiring-todo-comments: [0]
@@ -361,6 +362,7 @@ rules:
   unicorn/no-for-loop: [0]
   unicorn/no-hex-escape: [0]
   unicorn/no-keyword-prefix: [0]
+  unicorn/no-lonely-if: [2]
   unicorn/no-nested-ternary: [0]
   unicorn/no-new-buffer: [0]
   unicorn/no-null: [0]
@@ -377,6 +379,7 @@ rules:
   unicorn/prefer-add-event-listener: [2]
   unicorn/prefer-array-find: [2]
   unicorn/prefer-dataset: [2]
+  unicorn/prefer-date-now: [2]
   unicorn/prefer-event-key: [2]
   unicorn/prefer-includes: [2]
   unicorn/prefer-math-trunc: [2]

Makefile

@@ -317,8 +317,8 @@ lint: lint-frontend lint-backend
 
 .PHONY: lint-frontend
 lint-frontend: node_modules
-	npx eslint --max-warnings=0 web_src/js build templates webpack.config.js
-	npx stylelint --max-warnings=0 web_src/less
+	npx eslint --color --max-warnings=0 web_src/js build templates webpack.config.js
+	npx stylelint --color --max-warnings=0 web_src/less
 
 .PHONY: lint-backend
 lint-backend: golangci-lint revive vet
@@ -330,7 +330,7 @@ watch:
 .PHONY: watch-frontend
 watch-frontend: node-check node_modules
 	rm -rf $(WEBPACK_DEST_ENTRIES)
-	NODE_ENV=development npx webpack --hide-modules --display-entrypoints=false --watch --progress
+	NODE_ENV=development npx webpack --watch --progress
 
 .PHONY: watch-backend
 watch-backend: go-check
@@ -660,7 +660,7 @@ webpack: $(WEBPACK_DEST)
 
 $(WEBPACK_DEST): $(WEBPACK_SOURCES) $(WEBPACK_CONFIGS) package-lock.json | node_modules
 	rm -rf $(WEBPACK_DEST_ENTRIES)
-	npx webpack --hide-modules --display-entrypoints=false
+	npx webpack
 	@touch $(WEBPACK_DEST)
 
 .PHONY: svg

cmd/admin.go

@@ -282,6 +282,11 @@ var (
 			Value: "",
 			Usage: "Use a custom Email URL (option for GitHub)",
 		},
+		cli.StringFlag{
+			Name:  "icon-url",
+			Value: "",
+			Usage: "Custom icon URL for OAuth2 login source",
+		},
 	}
 
 	microcmdAuthUpdateOauth = cli.Command{
@@ -606,6 +611,7 @@ func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
 		ClientSecret:                  c.String("secret"),
 		OpenIDConnectAutoDiscoveryURL: c.String("auto-discover-url"),
 		CustomURLMapping:              customURLMapping,
+		IconURL:                       c.String("icon-url"),
 	}
 }
 
@@ -658,6 +664,10 @@ func runUpdateOauth(c *cli.Context) error {
 		oAuth2Config.OpenIDConnectAutoDiscoveryURL = c.String("auto-discover-url")
 	}
 
+	if c.IsSet("icon-url") {
+		oAuth2Config.IconURL = c.String("icon-url")
+	}
+
 	// update custom URL mapping
 	var customURLMapping = &oauth2.CustomURLMapping{}
 

docs/content/doc/installation/database-preparation.en-us.md

@@ -19,7 +19,7 @@ You need a database to use Gitea. Gitea supports PostgreSQL, MySQL, SQLite, and
 
 Database instance can be on same machine as Gitea (local database setup), or on different machine (remote database).
 
-Note: All steps below requires that the database engine of your choice is installed on your system. For remote database setup, install the server part on database instance and client part on your Gitea server. In addition, make sure you use same engine version for both server and client for some engine features to work. For security reason, protect `root` (MySQL) or `postgres` (PostgreSQL) database superuser with secure password. The steps assumes that you run Linux for both database and Gitea servers.
+Note: All steps below requires that the database engine of your choice is installed on your system. For remote database setup, install the server application on database instance and client program on your Gitea server. The client program is used to test connection to the database from Gitea server, while Gitea itself use database driver provided by Go to accomplish the same thing. In addition, make sure you use same engine version for both server and client for some engine features to work. For security reason, protect `root` (MySQL) or `postgres` (PostgreSQL) database superuser with secure password. The steps assumes that you run Linux for both database and Gitea servers.
 
 **Table of Contents**
 

docs/content/doc/usage/command-line.en-us.md

@@ -114,6 +114,7 @@ Admin operations:
         - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
         - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
         - `--custom-email-url`: Use a custom Email URL (option for GitHub).
+        - `--icon-url`: Custom icon URL for OAuth2 login source.
       - Examples:
         - `gitea admin auth add-oauth --name external-github --provider github --key OBTAIN_FROM_SOURCE --secret OBTAIN_FROM_SOURCE`
     - `update-oauth`:
@@ -129,6 +130,7 @@ Admin operations:
         - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
         - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
         - `--custom-email-url`: Use a custom Email URL (option for GitHub).
+        - `--icon-url`: Custom icon URL for OAuth2 login source.
       - Examples:
         - `gitea admin auth update-oauth --id 1 --name external-github-updated`
     - `add-ldap`: Add new LDAP (via Bind DN) authentication source
@@ -465,4 +467,4 @@ Restore-repo restore repository data from disk dir:
   - `--repo_dir dir`, `-r dir`: Repository dir path to restore from
   - `--owner_name lunny`: Restore destination owner name
   - `--repo_name tango`: Restore destination repository name
-  - `--units <units>`: Which items will be restored, one or more units should be separated as comma. wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.
+  - `--units <units>`: Which items will be restored, one or more units should be separated as comma. wiki, issues, labels, releases, release_assets, milestones, pull_requests, comments are allowed. Empty means all units.

models/action.go

@@ -289,6 +289,7 @@ func (a *Action) GetIssueContent() string {
 // GetFeedsOptions options for retrieving feeds
 type GetFeedsOptions struct {
 	RequestedUser   *User // the user we want activity for
+	RequestedTeam   *Team // the team we want activity for
 	Actor           *User // the user viewing the activity
 	IncludePrivate  bool  // include private actions
 	OnlyPerformedBy bool  // only actions performed by requested user
@@ -357,6 +358,15 @@ func activityQueryCondition(opts GetFeedsOptions) (builder.Cond, error) {
 		}
 	}
 
+	if opts.RequestedTeam != nil {
+		env := opts.RequestedUser.AccessibleTeamReposEnv(opts.RequestedTeam)
+		teamRepoIDs, err := env.RepoIDs(1, opts.RequestedUser.NumRepos)
+		if err != nil {
+			return nil, fmt.Errorf("GetTeamRepositories: %v", err)
+		}
+		cond = cond.And(builder.In("repo_id", teamRepoIDs))
+	}
+
 	cond = cond.And(builder.Eq{"user_id": opts.RequestedUser.ID})
 
 	if opts.OnlyPerformedBy {

models/login_source.go

@@ -131,6 +131,7 @@ type OAuth2Config struct {
 	ClientSecret                  string
 	OpenIDConnectAutoDiscoveryURL string
 	CustomURLMapping              *oauth2.CustomURLMapping
+	IconURL                       string
 }
 
 // FromDB fills up an OAuth2Config from serialized format.

models/oauth2.go

@@ -111,7 +111,11 @@ func GetActiveOAuth2Providers() ([]string, map[string]OAuth2Provider, error) {
 	var orderedKeys []string
 	providers := make(map[string]OAuth2Provider)
 	for _, source := range loginSources {
-		providers[source.Name] = OAuth2Providers[source.OAuth2().Provider]
+		prov := OAuth2Providers[source.OAuth2().Provider]
+		if source.OAuth2().IconURL != "" {
+			prov.Image = source.OAuth2().IconURL
+		}
+		providers[source.Name] = prov
 		orderedKeys = append(orderedKeys, source.Name)
 	}
 

models/org.go

@@ -746,6 +746,7 @@ type AccessibleReposEnvironment interface {
 type accessibleReposEnv struct {
 	org     *User
 	user    *User
+	team    *Team
 	teamIDs []int64
 	e       Engine
 	keyword string
@@ -782,16 +783,31 @@ func (org *User) accessibleReposEnv(e Engine, userID int64) (AccessibleReposEnvi
 	}, nil
 }
 
+// AccessibleTeamReposEnv an AccessibleReposEnvironment for the repositories in `org`
+// that are accessible to the specified team.
+func (org *User) AccessibleTeamReposEnv(team *Team) AccessibleReposEnvironment {
+	return &accessibleReposEnv{
+		org:     org,
+		team:    team,
+		e:       x,
+		orderBy: SearchOrderByRecentUpdated,
+	}
+}
+
 func (env *accessibleReposEnv) cond() builder.Cond {
 	var cond = builder.NewCond()
-	if env.user == nil || !env.user.IsRestricted {
-		cond = cond.Or(builder.Eq{
-			"`repository`.owner_id":   env.org.ID,
-			"`repository`.is_private": false,
-		})
-	}
-	if len(env.teamIDs) > 0 {
-		cond = cond.Or(builder.In("team_repo.team_id", env.teamIDs))
+	if env.team != nil {
+		cond = cond.And(builder.Eq{"team_repo.team_id": env.team.ID})
+	} else {
+		if env.user == nil || !env.user.IsRestricted {
+			cond = cond.Or(builder.Eq{
+				"`repository`.owner_id":   env.org.ID,
+				"`repository`.is_private": false,
+			})
+		}
+		if len(env.teamIDs) > 0 {
+			cond = cond.Or(builder.In("team_repo.team_id", env.teamIDs))
+		}
 	}
 	if env.keyword != "" {
 		cond = cond.And(builder.Like{"`repository`.lower_name", strings.ToLower(env.keyword)})

models/repo_list.go

@@ -138,6 +138,7 @@ type SearchRepoOptions struct {
 	Keyword         string
 	OwnerID         int64
 	PriorityOwnerID int64
+	TeamID          int64
 	OrderBy         SearchOrderBy
 	Private         bool // Include private repositories in results
 	StarredByID     int64
@@ -294,6 +295,10 @@ func SearchRepositoryCondition(opts *SearchRepoOptions) builder.Cond {
 		cond = cond.And(accessCond)
 	}
 
+	if opts.TeamID > 0 {
+		cond = cond.And(builder.In("`repository`.id", builder.Select("`team_repo`.repo_id").From("team_repo").Where(builder.Eq{"`team_repo`.team_id": opts.TeamID})))
+	}
+
 	if opts.Keyword != "" {
 		// separate keyword
 		var subQueryCond = builder.NewCond()

models/user_heatmap.go

@@ -17,6 +17,15 @@ type UserHeatmapData struct {
 
 // GetUserHeatmapDataByUser returns an array of UserHeatmapData
 func GetUserHeatmapDataByUser(user *User, doer *User) ([]*UserHeatmapData, error) {
+	return getUserHeatmapData(user, nil, doer)
+}
+
+// GetUserHeatmapDataByUserTeam returns an array of UserHeatmapData
+func GetUserHeatmapDataByUserTeam(user *User, team *Team, doer *User) ([]*UserHeatmapData, error) {
+	return getUserHeatmapData(user, team, doer)
+}
+
+func getUserHeatmapData(user *User, team *Team, doer *User) ([]*UserHeatmapData, error) {
 	hdata := make([]*UserHeatmapData, 0)
 
 	if !activityReadable(user, doer) {
@@ -39,6 +48,7 @@ func GetUserHeatmapDataByUser(user *User, doer *User) ([]*UserHeatmapData, error
 
 	cond, err := activityQueryCondition(GetFeedsOptions{
 		RequestedUser:  user,
+		RequestedTeam:  team,
 		Actor:          doer,
 		IncludePrivate: true, // don't filter by private, as we already filter by repo access
 		IncludeDeleted: true,

modules/auth/auth_form.go

@@ -56,6 +56,7 @@ type AuthenticationForm struct {
 	Oauth2AuthURL                 string
 	Oauth2ProfileURL              string
 	Oauth2EmailURL                string
+	Oauth2IconURL                 string
 	SSPIAutoCreateUsers           bool
 	SSPIAutoActivateUsers         bool
 	SSPIStripDomainNames          bool

options/locale/locale_en-US.ini

@@ -216,6 +216,7 @@ my_mirrors = My Mirrors
 view_home = View %s
 search_repos = Find a repository…
 filter = Other Filters
+filter_by_team_repositories = Filter by team repositories
 
 show_archived = Archived
 show_both_archived_unarchived = Showing both archived and unarchived
@@ -2202,6 +2203,7 @@ auths.enable_tls = Enable TLS Encryption
 auths.skip_tls_verify = Skip TLS Verify
 auths.pam_service_name = PAM Service Name
 auths.oauth2_provider = OAuth2 Provider
+auths.oauth2_icon_url = Icon URL
 auths.oauth2_clientID = Client ID (Key)
 auths.oauth2_clientSecret = Client Secret
 auths.openIdConnectAutoDiscoveryURL = OpenID Connect Auto Discovery URL

options/locale/locale_tr-TR.ini

@@ -216,6 +216,7 @@ my_mirrors=Yansılarım
 view_home=%s Görüntüle
 search_repos=Depo bul…
 filter=Diğer Süzgeçler
+filter_by_team_repositories=Takım depolarına göre süz
 
 show_archived=Arşivlenmiş
 show_both_archived_unarchived=Arşivlenenler ve arşivlenmeyenlerin hepsi gösteriliyor

options/locale/locale_zh-TW.ini

@@ -554,6 +554,7 @@ principal_state_desc=此主體在過去 7 天內曾被使用
 show_openid=在個人資料顯示
 hide_openid=從個人資料隱藏
 ssh_disabled=已停用 SSH
+ssh_externally_managed=此 SSH 金鑰由此使用者的外部服務所管理
 manage_social=管理關聯的社群帳戶
 social_desc=這些社群帳戶已經連結到你的 Gitea 帳戶。請確保您認得這些帳戶，因為這些帳戶能用來登入寧的 Gitea 帳戶。
 unbind=解除連結