Merge remote-tracking branch 'giteaoffical/main'

* giteaoffical/main: (22 commits)
  Use case-insensitive regex for all webpack assets (go-gitea#26867)
  restrict certificate type for builtin SSH server (go-gitea#26789)
  feat(API): add secret deletion functionality for repository (go-gitea#26808)
  Avoid double-unescaping of form value (go-gitea#26853)
  Move web/api context related testing function into a separate package (go-gitea#26859)
  Remove some unused CSS styles (go-gitea#26852)
  [skip ci] Updated translations via Crowdin
  Minor dashboard tweaks, fix flex-list margins (go-gitea#26829)
  Update team invitation email link (go-gitea#26550)
  Redirect from `{repo}/issues/new` to `{repo}/issues/new/choose` when blank issues are disabled (go-gitea#26813)
  Remove "TODO" tasks from CSS file (go-gitea#26835)
  User details page (go-gitea#26713)
  Render code blocks in repo description (go-gitea#26830)
  Remove joinPaths function (go-gitea#26833)
  Remove polluted `.ui.right` (go-gitea#26825)
  Sync tags when adopting repos (go-gitea#26816)
  rm comment about hugo (go-gitea#26832)
  Fix filename for .spectral.yaml (go-gitea#26828)
  [skip ci] Updated translations via Crowdin
  Check blocklist for emails when adding them to account (go-gitea#26812)
  ...

Author: zjjhot

.github/workflows/files-changed.yml

@@ -81,4 +81,4 @@ jobs:
               - "Makefile"
               - "package.json"
               - "package-lock.json"
-              - ".spectral.yml"
+              - ".spectral.yaml"

README.md

@@ -121,8 +121,6 @@ If you have questions that are not covered by the documentation, you can get in
 
 We maintain a list of Gitea-related projects at [gitea/awesome-gitea](https://gitea.com/gitea/awesome-gitea).
 
-The Hugo-based documentation theme is hosted at [gitea/theme](https://gitea.com/gitea/theme).
-
 The official Gitea CLI is developed at [gitea/tea](https://gitea.com/gitea/tea).
 
 ## Authors

models/user/email_address.go

@@ -16,6 +16,7 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
+	"code.gitea.io/gitea/modules/validation"
 
 	"xorm.io/builder"
 )
@@ -161,7 +162,17 @@ func ValidateEmail(email string) error {
 		return ErrEmailInvalid{email}
 	}
 
-	// TODO: add an email allow/block list
+	// if there is no allow list, then check email against block list
+	if len(setting.Service.EmailDomainAllowList) == 0 &&
+		validation.IsEmailDomainListed(setting.Service.EmailDomainBlockList, email) {
+		return ErrEmailInvalid{email}
+	}
+
+	// if there is an allow list, then check email against allow list
+	if len(setting.Service.EmailDomainAllowList) > 0 &&
+		!validation.IsEmailDomainListed(setting.Service.EmailDomainAllowList, email) {
+		return ErrEmailInvalid{email}
+	}
 
 	return nil
 }

modules/context/utils.go

@@ -4,37 +4,27 @@
 package context
 
 import (
-	"net/url"
 	"strings"
 	"time"
 )
 
 // GetQueryBeforeSince return parsed time (unix format) from URL query's before and since
 func GetQueryBeforeSince(ctx *Base) (before, since int64, err error) {
-	qCreatedBefore, err := prepareQueryArg(ctx, "before")
+	before, err = parseFormTime(ctx, "before")
 	if err != nil {
 		return 0, 0, err
 	}
 
-	qCreatedSince, err := prepareQueryArg(ctx, "since")
-	if err != nil {
-		return 0, 0, err
-	}
-
-	before, err = parseTime(qCreatedBefore)
-	if err != nil {
-		return 0, 0, err
-	}
-
-	since, err = parseTime(qCreatedSince)
+	since, err = parseFormTime(ctx, "since")
 	if err != nil {
 		return 0, 0, err
 	}
 	return before, since, nil
 }
 
 // parseTime parse time and return unix timestamp
-func parseTime(value string) (int64, error) {
+func parseFormTime(ctx *Base, name string) (int64, error) {
+	value := strings.TrimSpace(ctx.FormString(name))
 	if len(value) != 0 {
 		t, err := time.Parse(time.RFC3339, value)
 		if err != nil {
@@ -46,10 +36,3 @@ func parseTime(value string) (int64, error) {
 	}
 	return 0, nil
 }
-
-// prepareQueryArg unescape and trim a query arg
-func prepareQueryArg(ctx *Base, name string) (value string, err error) {
-	value, err = url.PathUnescape(ctx.FormString(name))
-	value = strings.TrimSpace(value)
-	return value, err
-}

modules/test/context_tests.go renamed to modules/contexttest/context_tests.go

@@ -1,7 +1,8 @@
 // Copyright 2017 The Gitea Authors. All rights reserved.
 // SPDX-License-Identifier: MIT
 
-package test
+// Package contexttest provides utilities for testing Web/API contexts with models.
+package contexttest
 
 import (
 	gocontext "context"
@@ -22,7 +23,7 @@ import (
 	"code.gitea.io/gitea/modules/translation"
 	"code.gitea.io/gitea/modules/web/middleware"
 
-	chi "github.com/go-chi/chi/v5"
+	"github.com/go-chi/chi/v5"
 	"github.com/stretchr/testify/assert"
 )
 
@@ -40,7 +41,6 @@ func mockRequest(t *testing.T, reqPath string) *http.Request {
 }
 
 // MockContext mock context for unit tests
-// TODO: move this function to other packages, because it depends on "models" package
 func MockContext(t *testing.T, reqPath string) (*context.Context, *httptest.ResponseRecorder) {
 	resp := httptest.NewRecorder()
 	req := mockRequest(t, reqPath)
@@ -50,15 +50,13 @@ func MockContext(t *testing.T, reqPath string) (*context.Context, *httptest.Resp
 	base.Locale = &translation.MockLocale{}
 
 	ctx := context.NewWebContext(base, &MockRender{}, nil)
-	ctx.Flash = &middleware.Flash{Values: url.Values{}}
 
 	chiCtx := chi.NewRouteContext()
 	ctx.Base.AppendContextValue(chi.RouteCtxKey, chiCtx)
 	return ctx, resp
 }
 
 // MockAPIContext mock context for unit tests
-// TODO: move this function to other packages, because it depends on "models" package
 func MockAPIContext(t *testing.T, reqPath string) (*context.APIContext, *httptest.ResponseRecorder) {
 	resp := httptest.NewRecorder()
 	req := mockRequest(t, reqPath)
@@ -123,7 +121,7 @@ func LoadRepoCommit(t *testing.T, ctx gocontext.Context) {
 	}
 }
 
-// LoadUser load a user into a test context.
+// LoadUser load a user into a test context
 func LoadUser(t *testing.T, ctx gocontext.Context, userID int64) {
 	doer := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: userID})
 	switch ctx := ctx.(type) {

modules/ssh/ssh.go

@@ -191,6 +191,12 @@ func publicKeyHandler(ctx ssh.Context, key ssh.PublicKey) bool {
 			return false
 		}
 
+		if cert.CertType != gossh.UserCert {
+			log.Warn("Certificate Rejected: Not a user certificate")
+			log.Warn("Failed authentication attempt from %s", ctx.RemoteAddr())
+			return false
+		}
+
 		// look for the exact principal
 	principalLoop:
 		for _, principal := range cert.ValidPrincipals {

modules/templates/util_render.go

@@ -108,10 +108,9 @@ func RenderCommitBody(ctx context.Context, msg, urlPrefix string, metas map[stri
 // Match text that is between back ticks.
 var codeMatcher = regexp.MustCompile("`([^`]+)`")
 
-// RenderCodeBlock renders "`…`" as highlighted "<code>" block.
-// Intended for issue and PR titles, these containers should have styles for "<code>" elements
+// RenderCodeBlock renders "`…`" as highlighted "<code>" block, intended for issue and PR titles
 func RenderCodeBlock(htmlEscapedTextToRender template.HTML) template.HTML {
-	htmlWithCodeTags := codeMatcher.ReplaceAllString(string(htmlEscapedTextToRender), "<code>$1</code>") // replace with HTML <code> tags
+	htmlWithCodeTags := codeMatcher.ReplaceAllString(string(htmlEscapedTextToRender), `<code class="inline-code-block">$1</code>`) // replace with HTML <code> tags
 	return template.HTML(htmlWithCodeTags)
 }
 

modules/validation/helpers.go

@@ -10,6 +10,8 @@ import (
 	"strings"
 
 	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/gobwas/glob"
 )
 
 var externalTrackerRegex = regexp.MustCompile(`({?)(?:user|repo|index)+?(}?)`)
@@ -48,6 +50,29 @@ func IsValidSiteURL(uri string) bool {
 	return false
 }
 
+// IsEmailDomainListed checks whether the domain of an email address
+// matches a list of domains
+func IsEmailDomainListed(globs []glob.Glob, email string) bool {
+	if len(globs) == 0 {
+		return false
+	}
+
+	n := strings.LastIndex(email, "@")
+	if n <= 0 {
+		return false
+	}
+
+	domain := strings.ToLower(email[n+1:])
+
+	for _, g := range globs {
+		if g.Match(domain) {
+			return true
+		}
+	}
+
+	return false
+}
+
 // IsAPIURL checks if URL is current Gitea instance API URL
 func IsAPIURL(uri string) bool {
 	return strings.HasPrefix(strings.ToLower(uri), strings.ToLower(setting.AppURL+"api"))

options/locale/locale_en-US.ini

@@ -2823,6 +2823,7 @@ users.list_status_filter.is_prohibit_login = Prohibit Login
 users.list_status_filter.not_prohibit_login = Allow Login
 users.list_status_filter.is_2fa_enabled = 2FA Enabled
 users.list_status_filter.not_2fa_enabled = 2FA Disabled
+users.details = User Details
 
 emails.email_manage_panel = User Email Management
 emails.primary = Primary