Merge branch 'main' into sync-git-hook

Author: wxiaoguang

docs/content/doc/installation/with-docker.en-us.md

@@ -333,9 +333,16 @@ sudo -u git ssh-keygen -t rsa -b 4096 -C "Gitea Host Key"
 In the next step a file named `/app/gitea/gitea` (with executable permissions) needs to be created on the host. This file will issue the SSH forwarding from the host to the container. Add the following contents to `/app/gitea/gitea`:
 
 ```bash
+#!/bin/sh
 ssh -p 2222 -o StrictHostKeyChecking=no [email protected] "SSH_ORIGINAL_COMMAND=\"$SSH_ORIGINAL_COMMAND\" $0 $@"
 ```
 
+Here you should also make sure that you've set the permisson of `/app/gitea/gitea` correctly:
+
+```bash
+sudo chmod +x /app/gitea/gitea
+```
+
 To make the forwarding work, the SSH port of the container (22) needs to be mapped to the host port 2222 in `docker-compose.yml` . Since this port does not need to be exposed to the outside world, it can be mapped to the `localhost` of the host machine:
 
 ```bash

models/user_heatmap_test.go

@@ -7,9 +7,11 @@ package models
 import (
 	"fmt"
 	"testing"
+	"time"
 
 	"code.gitea.io/gitea/models/db"
 	"code.gitea.io/gitea/modules/json"
+	"code.gitea.io/gitea/modules/timeutil"
 
 	"github.com/stretchr/testify/assert"
 )
@@ -39,6 +41,10 @@ func TestGetUserHeatmapDataByUser(t *testing.T) {
 	// Prepare
 	assert.NoError(t, db.PrepareTestDatabase())
 
+	// Mock time
+	timeutil.Set(time.Date(2021, 1, 1, 0, 0, 0, 0, time.UTC))
+	defer timeutil.Unset()
+
 	for i, tc := range testCases {
 		user := db.AssertExistsAndLoadBean(t, &User{ID: tc.userID}).(*User)
 

modules/timeutil/timestamp.go

@@ -13,8 +13,24 @@ import (
 // TimeStamp defines a timestamp
 type TimeStamp int64
 
+// mock is NOT concurrency-safe!!
+var mock time.Time
+
+// Set sets the time to a mocked time.Time
+func Set(now time.Time) {
+	mock = now
+}
+
+// Unset will unset the mocked time.Time
+func Unset() {
+	mock = time.Time{}
+}
+
 // TimeStampNow returns now int64
 func TimeStampNow() TimeStamp {
+	if !mock.IsZero() {
+		return TimeStamp(mock.Unix())
+	}
 	return TimeStamp(time.Now().Unix())
 }
 

options/locale/locale_ja-JP.ini

@@ -2026,6 +2026,8 @@ diff.file_image_height=高さ
 diff.file_byte_size=サイズ
 diff.file_suppressed=ファイル差分が大きすぎるため省略します
 diff.file_suppressed_line_too_long=長すぎる行があるためファイル差分は表示されません
+diff.too_many_files=変更されたファイルが多すぎるため、一部のファイルは表示されません
+diff.show_more=さらに表示
 diff.generated=generated
 diff.vendored=vendored
 diff.comment.placeholder=コメントを残す

options/locale/locale_zh-CN.ini

@@ -228,6 +228,7 @@ view_home=访问 %s
 search_repos=查找仓库…
 filter=其他过滤器
 filter_by_team_repositories=按团队仓库筛选
+feed_of="%s" 的源
 
 show_archived=已存档
 show_both_archived_unarchived=显示已存档和未存档的
@@ -887,6 +888,7 @@ migrate_items_releases=版本发布
 migrate_repo=迁移仓库
 migrate.clone_address=从 URL 迁移/克隆
 migrate.clone_address_desc=现有仓库的 HTTP(s) 或 Git "clone" URL
+migrate.github_token_desc=由于 Github API 速率限制，您可以在此处放置一个或多个以逗号分隔的令牌，以加快迁移速度。警告：滥用此功能可能会违反服务提供商的政策并导致帐户被封。
 migrate.clone_local_path=或服务器本地路径
 migrate.permission_denied=您没有获得导入本地仓库的权限。
 migrate.permission_denied_blocked=不允许从被屏蔽的主机导入。
@@ -2026,6 +2028,8 @@ diff.file_image_height=高度
 diff.file_byte_size=大小
 diff.file_suppressed=文件差异内容过多而无法显示
 diff.file_suppressed_line_too_long=文件差异因一行或多行过长而隐藏
+diff.too_many_files=某些文件未显示，因为此 diff 中更改的文件太多
+diff.show_more=显示更多
 diff.generated=自动生成的
 diff.vendored=vendored
 diff.comment.placeholder=留下评论
@@ -2774,6 +2778,8 @@ publish_release=`发布了 <a href="%s/releases/tag/%s"> "%[4]s" </a> 于 <a hre
 review_dismissed=`取消了 <b>%[4]s</b> 对 <a href="%[1]s/pulls/%[2]s">%[3]s#%[2]s</a> 的评审`
 review_dismissed_reason=原因：
 create_branch=创建分支 <a href="%[1]s/src/branch/%[2]s"> %[3]s</a> 于 <a href="%[1]s">%[4]s</a>
+stared_repo=用星号标记了 <a href="%[1]s">%[2]s</a>
+watched_repo=开始关注 <a href="%[1]s">%[2]s</a>
 
 [tool]
 ago=%s前

routers/web/user/home.go

@@ -72,8 +72,14 @@ func Dashboard(ctx *context.Context) {
 	ctx.Data["PageIsDashboard"] = true
 	ctx.Data["PageIsNews"] = true
 
+	var uid int64
+	if ctxUser != nil {
+		uid = ctxUser.ID
+	}
+
 	ctx.PageData["dashboardRepoList"] = map[string]interface{}{
 		"searchLimit": setting.UI.User.RepoPagingNum,
+		"uid":         uid,
 	}
 
 	if setting.Service.EnableUserHeatmap {

templates/admin/auth/edit.tmpl

@@ -8,6 +8,7 @@
 		</h4>
 		<div class="ui attached segment">
 			<form class="ui form" action="{{.Link}}" method="post">
+				{{template "base/disable_form_autofill"}}
 				{{.CsrfTokenHtml}}
 				<input type="hidden" name="id" value="{{.Source.ID}}">
 				<div class="inline field">
@@ -55,7 +56,6 @@
 							<label for="bind_dn">{{.i18n.Tr "admin.auths.bind_dn"}}</label>
 							<input id="bind_dn" name="bind_dn" value="{{$cfg.BindDN}}" placeholder="e.g. cn=Search,dc=mydomain,dc=com">
 						</div>
-						<input class="fake" type="password">
 						<div class="field">
 							<label for="bind_password">{{.i18n.Tr "admin.auths.bind_password"}}</label>
 							<input id="bind_password" name="bind_password" type="password" value="{{$cfg.BindPassword}}">

templates/admin/auth/new.tmpl

@@ -8,6 +8,7 @@
 		</h4>
 		<div class="ui attached segment">
 			<form class="ui form" action="{{.Link}}" method="post">
+				{{template "base/disable_form_autofill"}}
 				{{.CsrfTokenHtml}}
 				<!-- Types and name -->
 				<div class="inline required field {{if .Err_Type}}error{{end}}">

templates/admin/auth/source/ldap.tmpl

@@ -30,7 +30,6 @@
 		<label for="bind_dn">{{.i18n.Tr "admin.auths.bind_dn"}}</label>
 		<input id="bind_dn" name="bind_dn" value="{{.bind_dn}}" placeholder="e.g. cn=Search,dc=mydomain,dc=com">
 	</div>
-	<input class="fake" type="password">
 	<div class="ldap field {{if not (eq .type 2)}}hide{{end}}">
 		<label for="bind_password">{{.i18n.Tr "admin.auths.bind_password"}}</label>
 		<input id="bind_password" name="bind_password" type="password" autocomplete="off" value="{{.bind_password}}">

templates/admin/user/edit.tmpl

@@ -8,6 +8,7 @@
 		</h4>
 		<div class="ui attached segment">
 			<form class="ui form" action="{{.Link}}" method="post">
+				{{template "base/disable_form_autofill"}}
 				{{.CsrfTokenHtml}}
 				<div class="field {{if .Err_UserName}}error{{end}}">
 					<label for="user_name">{{.i18n.Tr "username"}}</label>
@@ -67,7 +68,6 @@
 					<label for="email">{{.i18n.Tr "email"}}</label>
 					<input id="email" name="email" type="email" value="{{.User.Email}}" autofocus required>
 				</div>
-				<input class="fake" type="password">
 				<div class="local field {{if .Err_Password}}error{{end}} {{if not (or (.User.IsLocal) (.User.IsOAuth2))}}hide{{end}}">
 					<label for="password">{{.i18n.Tr "password"}}</label>
 					<input id="password" name="password" type="password" autocomplete="new-password">

templates/admin/user/new.tmpl

@@ -8,6 +8,7 @@
 		</h4>
 		<div class="ui attached segment">
 			<form class="ui form" action="{{.Link}}" method="post">
+				{{template "base/disable_form_autofill"}}
 				{{.CsrfTokenHtml}}
 				<!-- Types and name -->
 				<div class="inline required field {{if .Err_LoginType}}error{{end}}">
@@ -61,7 +62,6 @@
 					<label for="email">{{.i18n.Tr "email"}}</label>
 					<input id="email" name="email" type="email" value="{{.email}}" required>
 				</div>
-				<input class="fake" type="password">
 				<div class="required local field {{if .Err_Password}}error{{end}} {{if not (eq .login_type "0-0")}}hide{{end}}">
 					<label for="password">{{.i18n.Tr "password"}}</label>
 					<input id="password" name="password" type="password" autocomplete="new-password" value="{{.password}}" {{if eq .login_type "0-0"}}required{{end}}>

templates/base/disable_form_autofill.tmpl

@@ -0,0 +1,31 @@
+{{/*
+Why we need to disable form autofill:
+1. Many pages contain different password inputs for different usages, eg: repo setting, autofill will make a mess.
+2. We have `areYouSure` confirm dialog if a user leaves a pages without submit.
+Autofill will make the form changed even if the user didn't input anything. Then the user keeps seeing annoying confirm dialog.
+
+In history, Gitea put `<input class="fake" type="password">` in forms to bypass the autofill,
+but there were still many forms suffered the autofill problem.
+
+Now we improve it.
+
+Solutions which do NOT work:
+1. Adding `autocomplete=off` doesn't help. New Chrome completely ignores it.
+2. Use a JavaScript to run in a few seconds later after the page is loaded to process the autofilled inputs, it doesn't work.
+Because for security reason, the inputs won't be filled before the user makes an interaction in the page.
+So we can not predict the correct time to run the JavaScript code.
+
+Solutions which work:
+1. Some hacky methods like: https://github.com/matteobad/detect-autofill
+2. This solution: use invisible inputs. Be aware of:
+(a) The inputs must be at the beginning of the form, and can not be hidden.
+(b) The input for username must have a valid name.
+(c) There should be no negative word (eg: fake) in the `name` attribute.
+(d) Chrome seems to use a weighted algorithm to choose an input to fill text, so the using "username" as input name is better than using "user".
+We make the names of these dummy inputs begin with an underline to indicate it is for special usage,
+and these dummy form values won't be used by backend code.
+*/}}
+<div class="autofill-dummy" aria-hidden="true">
+	<input type="text" name="_autofill_dummy_username" class="ays-ignore" tabindex="-1">
+	<input type="password" name="_autofill_dummy_password" class="ays-ignore" tabindex="-1">
+</div>

templates/repo/migrate/git.tmpl

@@ -3,6 +3,7 @@
 	<div class="ui middle very relaxed page grid">
 		<div class="column">
 			<form class="ui form" action="{{.Link}}" method="post">
+				{{template "base/disable_form_autofill"}}
 				{{.CsrfTokenHtml}}
 				<h3 class="ui top attached header">
 					{{.i18n.Tr "repo.migrate.migrate" .service.Title}}
@@ -21,7 +22,6 @@
 						<label for="auth_username">{{.i18n.Tr "username"}}</label>
 						<input id="auth_username" name="auth_username" value="{{.auth_username}}" {{if not .auth_username}}data-need-clear="true"{{end}}>
 					</div>
-					<input class="fake" type="password">
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_password">{{.i18n.Tr "password"}}</label>
 						<input id="auth_password" name="auth_password" type="password" value="{{.auth_password}}">

templates/repo/migrate/onedev.tmpl

@@ -3,6 +3,7 @@
 	<div class="ui middle very relaxed page grid">
 		<div class="column">
 			<form class="ui form" action="{{.Link}}" method="post">
+				{{template "base/disable_form_autofill"}}
 				{{.CsrfTokenHtml}}
 				<h3 class="ui top attached header">
 					{{.i18n.Tr "repo.migrate.migrate" .service.Title}}
@@ -22,7 +23,6 @@
 						<label for="auth_username">{{.i18n.Tr "username"}}</label>
 						<input id="auth_username" name="auth_username" value="{{.auth_username}}" {{if not .auth_username}}data-need-clear="true"{{end}}>
 					</div>
-					<input class="fake" type="password">
 					<div class="inline field {{if .Err_Auth}}error{{end}}">
 						<label for="auth_password">{{.i18n.Tr "password"}}</label>
 						<input id="auth_password" name="auth_password" type="password" value="{{.auth_password}}">

templates/repo/settings/options.tmpl

@@ -9,6 +9,7 @@
 		</h4>
 		<div class="ui attached segment">
 			<form class="ui form" action="{{.Link}}" method="post">
+				{{template "base/disable_form_autofill"}}
 				{{.CsrfTokenHtml}}
 				<input type="hidden" name="action" value="update">
 				<div class="required field {{if .Err_RepoName}}error{{end}}">
@@ -104,6 +105,7 @@
 						<tr>
 							<td colspan="4">
 								<form class="ui form" method="post">
+									{{template "base/disable_form_autofill"}}
 									{{.CsrfTokenHtml}}
 									<input type="hidden" name="action" value="mirror">
 									<div class="inline field {{if .Err_EnablePrune}}error{{end}}">
@@ -132,7 +134,6 @@
 												<label for="mirror_username">{{.i18n.Tr "username"}}</label>
 												<input id="mirror_username" name="mirror_username" value="{{$address.Username}}" {{if not .mirror_username}}data-need-clear="true"{{end}}>
 											</div>
-											<input class="fake" type="password">
 											<div class="inline field {{if .Err_Auth}}error{{end}}">
 												<label for="mirror_password">{{.i18n.Tr "password"}}</label>
 												<input id="mirror_password" name="mirror_password" type="password" placeholder="{{if $address.Password}}{{.i18n.Tr "repo.mirror_password_placeholder"}}{{else}}{{.i18n.Tr "repo.mirror_password_blank_placeholder"}}{{end}}" value="" {{if not .mirror_password}}data-need-clear="true"{{end}} autocomplete="off">
@@ -195,11 +196,12 @@
 							<tr>
 								<td colspan="4">
 									<form class="ui form" method="post">
+										{{template "base/disable_form_autofill"}}
 										{{.CsrfTokenHtml}}
 										<input type="hidden" name="action" value="push-mirror-add">
 										<div class="field {{if .Err_PushMirrorAddress}}error{{end}}">
 											<label for="push_mirror_address">{{.i18n.Tr "repo.settings.mirror_settings.push_mirror.remote_url"}}</label>
-											<input id="push_mirror_address" name="push_mirror_address" value="{{.push_mirror_address}}" autocomplete="off" required>
+											<input id="push_mirror_address" name="push_mirror_address" value="{{.push_mirror_address}}" required>
 											<p class="help">{{.i18n.Tr "repo.mirror_address_desc"}}</p>
 										</div>
 										<details class="ui optional field" {{if or .Err_PushMirrorAuth .push_mirror_username}}open{{end}}>
@@ -211,7 +213,6 @@
 													<label for="push_mirror_username">{{.i18n.Tr "username"}}</label>
 													<input id="push_mirror_username" name="push_mirror_username" value="{{.push_mirror_username}}">
 												</div>
-												<input class="fake" type="password">
 												<div class="inline field {{if .Err_PushMirrorAuth}}error{{end}}">
 													<label for="push_mirror_password">{{.i18n.Tr "password"}}</label>
 													<input id="push_mirror_password" name="push_mirror_password" type="password" value="{{.push_mirror_password}}" autocomplete="off">

templates/repo/settings/webhook/gitea.tmpl

@@ -1,6 +1,7 @@
 {{if eq .HookType "gitea"}}
 	<p>{{.i18n.Tr "repo.settings.add_webhook_desc" "https://docs.gitea.io/en-us/webhooks/" | Str2html}}</p>
 	<form class="ui form" action="{{.BaseLink}}/gitea/{{or .Webhook.ID "new"}}" method="post">
+		{{template "base/disable_form_autofill"}}
 		{{.CsrfTokenHtml}}
 		<div class="required field {{if .Err_PayloadURL}}error{{end}}">
 			<label for="payload_url">{{.i18n.Tr "repo.settings.payload_url"}}</label>
@@ -30,7 +31,6 @@
 				</div>
 			</div>
 		</div>
-		<input class="fake" type="password">
 		<div class="field {{if .Err_Secret}}error{{end}}">
 			<label for="secret">{{.i18n.Tr "repo.settings.secret"}}</label>
 			<input id="secret" name="secret" type="password" value="{{.Webhook.Secret}}" autocomplete="off">

templates/repo/settings/webhook/gogs.tmpl

@@ -1,6 +1,7 @@
 {{if eq .HookType "gogs"}}
 	<p>{{.i18n.Tr "repo.settings.add_webhook_desc" "https://docs.gitea.io/en-us/webhooks/" | Str2html}}</p>
 	<form class="ui form" action="{{.BaseLink}}/gogs/{{or .Webhook.ID "new"}}" method="post">
+		{{template "base/disable_form_autofill"}}
 		{{.CsrfTokenHtml}}
 		<div class="required field {{if .Err_PayloadURL}}error{{end}}">
 			<label for="payload_url">{{.i18n.Tr "repo.settings.payload_url"}}</label>
@@ -18,7 +19,6 @@
 				</div>
 			</div>
 		</div>
-		<input class="fake" type="password">
 		<div class="field {{if .Err_Secret}}error{{end}}">
 			<label for="secret">{{.i18n.Tr "repo.settings.secret"}}</label>
 			<input id="secret" name="secret" type="password" value="{{.Webhook.Secret}}" autocomplete="off">

templates/user/dashboard/repolist.tmpl

@@ -2,6 +2,7 @@
 	<repo-search
 	:search-limit="searchLimit"
 	:sub-url="subUrl"
+	:uid="uid"
 	{{if .Team}}
 	:team-id="{{.Team.ID}}"
 	{{end}}
@@ -95,7 +96,7 @@
 						</div>
 					</div>
 				</div>
-				<div class="ui secondary tiny pointing borderless menu center aligned grid repos-filter">
+				<div class="ui secondary tiny pointing borderless menu center grid repos-filter">
 					<a class="item" :class="{active: reposFilter === 'all'}" @click="changeReposFilter('all')">
 						{{.i18n.Tr "all"}}
 						<div v-show="reposFilter === 'all'" class="ui circular mini grey label">${repoTypeCount}</div>

templates/user/settings/account.tmpl

@@ -9,6 +9,7 @@
 		<div class="ui attached segment">
 			{{if or (.SignedUser.IsLocal) (.SignedUser.IsOAuth2)}}
 			<form class="ui form ignore-dirty" action="{{AppSubUrl}}/user/settings/account" method="post">
+				{{template "base/disable_form_autofill"}}
 				{{.CsrfTokenHtml}}
 				{{if .SignedUser.IsPasswordSet}}
 				<div class="required field {{if .Err_OldPassword}}error{{end}}">
@@ -178,8 +179,8 @@
 				{{ end }}
 			</div>
 			<form class="ui form ignore-dirty" id="delete-form" action="{{AppSubUrl}}/user/settings/account/delete" method="post">
+				{{template "base/disable_form_autofill"}}
 				{{.CsrfTokenHtml}}
-				<input class="fake" type="password">
 				<div class="required field {{if .Err_Password}}error{{end}}">
 					<label for="password-confirmation">{{.i18n.Tr "password"}}</label>
 					<input id="password-confirmation" name="password" type="password" autocomplete="off" required>

web_src/js/components/DashboardRepoList.js

@@ -362,6 +362,7 @@ export function initDashboardRepoList() {
       return {
         searchLimit: dashboardRepoListData.searchLimit || 0,
         subUrl: AppSubUrl,
+        uid: dashboardRepoListData.uid || 0,
       };
     },
   });