go-gitea
diff --git a/‎.github/lock.yml
+23 b/‎.github/lock.yml
+23
diff --git a/‎docs/config.yaml
+1-1 b/‎docs/config.yaml
+1-1
diff --git a/‎docs/content/doc/installation/with-docker.en-us.md
+6-6 b/‎docs/content/doc/installation/with-docker.en-us.md
+6-6
diff --git a/‎integrations/api_admin_test.go
+30 b/‎integrations/api_admin_test.go
+30
diff --git a/‎models/user.go
+16-11 b/‎models/user.go
+16-11
diff --git a/‎models/user_mail.go
+19-6 b/‎models/user_mail.go
+19-6
diff --git a/‎modules/migrations/gitlab.go
+15-4 b/‎modules/migrations/gitlab.go
+15-4
diff --git a/‎modules/structs/admin_user.go
+16-15 b/‎modules/structs/admin_user.go
+16-15
diff --git a/‎options/locale/locale_de-DE.ini
+1 b/‎options/locale/locale_de-DE.ini
+1
diff --git a/‎options/locale/locale_en-US.ini
+2-2 b/‎options/locale/locale_en-US.ini
+2-2
diff --git a/‎routers/api/v1/admin/user.go
+18-5 b/‎routers/api/v1/admin/user.go
+18-5
@@ -0,0 +1,23 @@
+# Configuration for Lock Threads - https://github.com/dessant/lock-threads-app
+
+# Number of days of inactivity before a closed issue or pull request is locked
+daysUntilLock: 60
+
+# Skip issues and pull requests created before a given timestamp. Timestamp must
+# follow ISO 8601 (`YYYY-MM-DD`). `false` is disabled
+skipCreatedBefore: false
+
+# Issues and pull requests with these labels will be ignored.
+exemptLabels: []
+
+# Label to add before locking, such as `outdated`. `false` is disabled
+lockLabel: false
+
+# Comment to post before locking.
+lockComment: >
+  This thread has been automatically locked since there has not been
+  any recent activity after it was closed. Please open a new issue for
+  related bugs and link to relevant comments in this thread.
+
+# Assign `resolved` as the reason for locking. Set to `false` to disable
+setLockReason: true
@@ -18,7 +18,7 @@ params:
   description: Git with a cup of tea
   author: The Gitea Authors
   website: https://docs.gitea.io
-  version: 1.12.5
+  version: 1.12.6
   minGoVersion: 1.13
   goVersion: 1.15
   minNodeVersion: 10.13
 
@@ -42,7 +42,7 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:latest
+    image: gitea/gitea:{{< version >}}
     container_name: gitea
     environment:
       - USER_UID=1000
@@ -74,7 +74,7 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:latest
+    image: gitea/gitea:{{< version >}}
     container_name: gitea
     environment:
       - USER_UID=1000
@@ -107,7 +107,7 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:latest
+    image: gitea/gitea:{{< version >}}
     container_name: gitea
     environment:
       - USER_UID=1000
@@ -158,7 +158,7 @@ networks:
 
 services:
   server:
-    image: gitea/gitea:latest
+    image: gitea/gitea:{{< version >}}
     container_name: gitea
     environment:
       - USER_UID=1000
@@ -214,7 +214,7 @@ networks:
 +
 services:
   server:
-    image: gitea/gitea:latest
+    image: gitea/gitea:{{< version >}}
     container_name: gitea
     restart: always
     networks:
@@ -315,7 +315,7 @@ version: "3"
 
   services:
     server:
-      image: gitea/gitea:latest
+      image: gitea/gitea:{{< version >}}
       container_name: gitea
       environment:
         - USER_UID=1000
 
@@ -5,6 +5,7 @@
 package integrations
 
 import (
+	"encoding/json"
 	"fmt"
 	"net/http"
 	"testing"
@@ -163,3 +164,32 @@ func TestAPICreateUserInvalidEmail(t *testing.T) {
 	})
 	session.MakeRequest(t, req, http.StatusUnprocessableEntity)
 }
+
+func TestAPIEditUser(t *testing.T) {
+	defer prepareTestEnv(t)()
+	adminUsername := "user1"
+	session := loginUser(t, adminUsername)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/admin/users/%s?token=%s", "user2", token)
+
+	req := NewRequestWithValues(t, "PATCH", urlStr, map[string]string{
+		// required
+		"login_name": "user2",
+		"source_id":  "0",
+		// to change
+		"full_name": "Full Name User 2",
+	})
+	session.MakeRequest(t, req, http.StatusOK)
+
+	empty := ""
+	req = NewRequestWithJSON(t, "PATCH", urlStr, api.EditUserOption{
+		LoginName: "user2",
+		SourceID:  0,
+		Email:     &empty,
+	})
+	resp := session.MakeRequest(t, req, http.StatusUnprocessableEntity)
+
+	errMap := make(map[string]interface{})
+	json.Unmarshal(resp.Body.Bytes(), &errMap)
+	assert.EqualValues(t, "email is not allowed to be empty string", errMap["message"].(string))
+}
@@ -14,7 +14,6 @@ import (
 	"errors"
 	"fmt"
 	_ "image/jpeg" // Needed for jpeg support
-	"net/mail"
 	"os"
 	"path/filepath"
 	"regexp"
@@ -809,9 +808,8 @@ func CreateUser(u *User) (err error) {
 		return ErrEmailAlreadyUsed{u.Email}
 	}
 
-	_, err = mail.ParseAddress(u.Email)
-	if err != nil {
-		return ErrEmailInvalid{u.Email}
+	if err = ValidateEmail(u.Email); err != nil {
+		return err
 	}
 
 	isExist, err = isEmailUsed(sess, u.Email)
@@ -956,11 +954,10 @@ func checkDupEmail(e Engine, u *User) error {
 	return nil
 }
 
-func updateUser(e Engine, u *User) error {
+func updateUser(e Engine, u *User) (err error) {
 	u.Email = strings.ToLower(u.Email)
-	_, err := mail.ParseAddress(u.Email)
-	if err != nil {
-		return ErrEmailInvalid{u.Email}
+	if err = ValidateEmail(u.Email); err != nil {
+		return err
 	}
 	_, err = e.ID(u.ID).AllCols().Update(u)
 	return err
@@ -982,13 +979,21 @@ func updateUserCols(e Engine, u *User, cols ...string) error {
 }
 
 // UpdateUserSetting updates user's settings.
-func UpdateUserSetting(u *User) error {
+func UpdateUserSetting(u *User) (err error) {
+	sess := x.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
 	if !u.IsOrganization() {
-		if err := checkDupEmail(x, u); err != nil {
+		if err = checkDupEmail(sess, u); err != nil {
 			return err
 		}
 	}
-	return updateUser(x, u)
+	if err = updateUser(sess, u); err != nil {
+		return err
+	}
+	return sess.Commit()
 }
 
 // deleteBeans deletes all given beans, beans should contain delete conditions.
 
@@ -33,6 +33,21 @@ type EmailAddress struct {
 	IsPrimary   bool `xorm:"-"`
 }
 
+// ValidateEmail check if email is a allowed address
+func ValidateEmail(email string) error {
+	if len(email) == 0 {
+		return nil
+	}
+
+	if _, err := mail.ParseAddress(email); err != nil {
+		return ErrEmailInvalid{email}
+	}
+
+	// TODO: add an email allow/block list
+
+	return nil
+}
+
 // GetEmailAddresses returns all email addresses belongs to given user.
 func GetEmailAddresses(uid int64) ([]*EmailAddress, error) {
 	emails := make([]*EmailAddress, 0, 5)
@@ -144,9 +159,8 @@ func addEmailAddress(e Engine, email *EmailAddress) error {
 		return ErrEmailAlreadyUsed{email.Email}
 	}
 
-	_, err = mail.ParseAddress(email.Email)
-	if err != nil {
-		return ErrEmailInvalid{email.Email}
+	if err = ValidateEmail(email.Email); err != nil {
+		return err
 	}
 
 	_, err = e.Insert(email)
@@ -173,9 +187,8 @@ func AddEmailAddresses(emails []*EmailAddress) error {
 		} else if used {
 			return ErrEmailAlreadyUsed{emails[i].Email}
 		}
-		_, err = mail.ParseAddress(emails[i].Email)
-		if err != nil {
-			return ErrEmailInvalid{emails[i].Email}
+		if err = ValidateEmail(emails[i].Email); err != nil {
+			return err
 		}
 	}
 
 
@@ -90,12 +90,17 @@ func NewGitlabDownloader(ctx context.Context, baseURL, repoPath, username, passw
 
 	// split namespace and subdirectory
 	pathParts := strings.Split(strings.Trim(repoPath, "/"), "/")
-	for len(pathParts) > 2 {
-		if _, _, err = gitlabClient.Version.GetVersion(); err == nil {
+	var resp *gitlab.Response
+	u, _ := url.Parse(baseURL)
+	for len(pathParts) >= 2 {
+		_, resp, err = gitlabClient.Version.GetVersion()
+		if err == nil || resp != nil && resp.StatusCode == 401 {
+			err = nil // if no authentication given, this still should work
 			break
 		}
 
-		baseURL = path.Join(baseURL, pathParts[0])
+		u.Path = path.Join(u.Path, pathParts[0])
+		baseURL = u.String()
 		pathParts = pathParts[1:]
 		_ = gitlab.WithBaseURL(baseURL)(gitlabClient)
 		repoPath = strings.Join(pathParts, "/")
@@ -105,6 +110,8 @@ func NewGitlabDownloader(ctx context.Context, baseURL, repoPath, username, passw
 		return nil, err
 	}
 
+	log.Trace("gitlab downloader: use BaseURL: '%s' and RepoPath: '%s'", baseURL, repoPath)
+
 	// Grab and store project/repo ID here, due to issues using the URL escaped path
 	gr, _, err := gitlabClient.Projects.GetProject(repoPath, nil, nil, gitlab.WithContext(ctx))
 	if err != nil {
@@ -602,8 +609,12 @@ func (g *GitlabDownloader) GetPullRequests(page, perPage int) ([]*base.PullReque
 
 // GetReviews returns pull requests review
 func (g *GitlabDownloader) GetReviews(pullRequestNumber int64) ([]*base.Review, error) {
-	state, _, err := g.client.MergeRequestApprovals.GetApprovalState(g.repoID, int(pullRequestNumber), gitlab.WithContext(g.ctx))
+	state, resp, err := g.client.MergeRequestApprovals.GetApprovalState(g.repoID, int(pullRequestNumber), gitlab.WithContext(g.ctx))
 	if err != nil {
+		if resp != nil && resp.StatusCode == 404 {
+			log.Error(fmt.Sprintf("GitlabDownloader: while migrating a error occurred: '%s'", err.Error()))
+			return []*base.Review{}, nil
+		}
 		return nil, err
 	}
 
 
@@ -23,21 +23,22 @@ type CreateUserOption struct {
 
 // EditUserOption edit user options
 type EditUserOption struct {
-	SourceID  int64  `json:"source_id"`
-	LoginName string `json:"login_name"`
-	FullName  string `json:"full_name" binding:"MaxSize(100)"`
 	// required: true
+	SourceID int64 `json:"source_id"`
+	// required: true
+	LoginName string `json:"login_name" binding:"Required"`
 	// swagger:strfmt email
-	Email                   string `json:"email" binding:"Required;Email;MaxSize(254)"`
-	Password                string `json:"password" binding:"MaxSize(255)"`
-	MustChangePassword      *bool  `json:"must_change_password"`
-	Website                 string `json:"website" binding:"MaxSize(50)"`
-	Location                string `json:"location" binding:"MaxSize(50)"`
-	Active                  *bool  `json:"active"`
-	Admin                   *bool  `json:"admin"`
-	AllowGitHook            *bool  `json:"allow_git_hook"`
-	AllowImportLocal        *bool  `json:"allow_import_local"`
-	MaxRepoCreation         *int   `json:"max_repo_creation"`
-	ProhibitLogin           *bool  `json:"prohibit_login"`
-	AllowCreateOrganization *bool  `json:"allow_create_organization"`
+	Email                   *string `json:"email" binding:"MaxSize(254)"`
+	FullName                *string `json:"full_name" binding:"MaxSize(100)"`
+	Password                string  `json:"password" binding:"MaxSize(255)"`
+	MustChangePassword      *bool   `json:"must_change_password"`
+	Website                 *string `json:"website" binding:"MaxSize(50)"`
+	Location                *string `json:"location" binding:"MaxSize(50)"`
+	Active                  *bool   `json:"active"`
+	Admin                   *bool   `json:"admin"`
+	AllowGitHook            *bool   `json:"allow_git_hook"`
+	AllowImportLocal        *bool   `json:"allow_import_local"`
+	MaxRepoCreation         *int    `json:"max_repo_creation"`
+	ProhibitLogin           *bool   `json:"prohibit_login"`
+	AllowCreateOrganization *bool   `json:"allow_create_organization"`
 }
@@ -1012,6 +1012,7 @@ issues.action_milestone_no_select=Kein Meilenstein
 issues.action_assignee=Zuständig
 issues.action_assignee_no_select=Niemand zuständig
 issues.opened_by=%[1]s von <a href="%[2]s">%[3]s</a> geöffnet
+pulls.merged_by_fake=von %[2]s zusammengefügt %[1]s
 issues.closed_by=von <a href="%[2]s">%[3]s</a> %[1]s geschlossen
 issues.closed_by_fake=von %[2]s %[1]s geschlossen
 issues.previous=Vorherige
 
@@ -245,7 +245,7 @@ register_helper_msg = Already have an account? Sign in now!
 social_register_helper_msg = Already have an account? Link it now!
 disable_register_prompt = Registration is disabled. Please contact your site administrator.
 disable_register_mail = Email confirmation for registration is disabled.
-remember_me = Remember Me
+remember_me = Remember this Device
 forgot_password_title= Forgot Password
 forgot_password = Forgot password?
 sign_up_now = Need an account? Register now.
@@ -278,7 +278,7 @@ twofa_scratch_token_incorrect = Your scratch code is incorrect.
 login_userpass = Sign In
 login_openid = OpenID
 oauth_signup_tab = Register New Account
-oauth_signup_title = Add Email and Password (for Account Recovery)
+oauth_signup_title = Complete New Account
 oauth_signup_submit = Complete Account
 oauth_signin_tab = Link to Existing Account
 oauth_signin_title = Sign In to Authorize Linked Account
 
@@ -155,7 +155,7 @@ func EditUser(ctx *context.APIContext, form api.EditUserOption) {
 		return
 	}
 
-	if len(form.Password) > 0 {
+	if len(form.Password) != 0 {
 		if !password.IsComplexEnough(form.Password) {
 			err := errors.New("PasswordComplexity")
 			ctx.Error(http.StatusBadRequest, "PasswordComplexity", err)
@@ -182,10 +182,23 @@ func EditUser(ctx *context.APIContext, form api.EditUserOption) {
 	}
 
 	u.LoginName = form.LoginName
-	u.FullName = form.FullName
-	u.Email = form.Email
-	u.Website = form.Website
-	u.Location = form.Location
+
+	if form.FullName != nil {
+		u.FullName = *form.FullName
+	}
+	if form.Email != nil {
+		u.Email = *form.Email
+		if len(u.Email) == 0 {
+			ctx.Error(http.StatusUnprocessableEntity, "", fmt.Errorf("email is not allowed to be empty string"))
+			return
+		}
+	}
+	if form.Website != nil {
+		u.Website = *form.Website
+	}
+	if form.Location != nil {
+		u.Location = *form.Location
+	}
 	if form.Active != nil {
 		u.IsActive = *form.Active
 	}