M Hickford
afebbf29a9
Require authentication for OAuth token refresh ( #21421 )
...
According to the OAuth spec
https://datatracker.ietf.org/doc/html/rfc6749#section-6 when "Refreshing
an Access Token"
> The authorization server MUST ... require client authentication for
confidential clients
Fixes #21418
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years ago
M Hickford
e84558b093
Improve OAuth integration tests ( #21390 )
...
In particular, test explicit error responses.
No change to behaviour.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years ago
Kyle D
c8ded77680
Kd/ci playwright go test ( #20123 )
...
* Add initial playwright config
* Simplify Makefile
* Simplify Makefile
* Use correct config files
* Update playwright settings
* Fix package-lock file
* Don't use test logger for e2e tests
* fix frontend lint
* Allow passing TEST_LOGGER variable
* Init postgres database
* use standard gitea env variables
* Update playwright
* update drone
* Move empty env var to commands
* Cleanup
* Move integrations to subfolder
* tests integrations to tests integraton
* Run e2e tests with go test
* Fix linting
* install CI deps
* Add files to ESlint
* Fix drone typo
* Don't log to console in CI
* Use go test http server
* Add build step before tests
* Move shared init function to common package
* fix drone
* Clean up tests
* Fix linting
* Better mocking for page + version string
* Cleanup test generation
* Remove dependency on gitea binary
* Fix linting
* add initial support for running specific tests
* Add ACCEPT_VISUAL variable
* don't require git-lfs
* Add initial documentation
* Review feedback
* Add logged in session test
* Attempt fixing drone race
* Cleanup and bump version
* Bump deps
* Review feedback
* simplify installation
* Fix ci
* Update install docs
2 years ago
Wim
cb50375e2b
Add more linters to improve code readability ( #19989 )
...
Add nakedret, unconvert, wastedassign, stylecheck and nolintlint linters to improve code readability
- nakedret - https://github.com/alexkohler/nakedret - nakedret is a Go static analysis tool to find naked returns in functions greater than a specified function length.
- unconvert - https://github.com/mdempsky/unconvert - Remove unnecessary type conversions
- wastedassign - https://github.com/sanposhiho/wastedassign - wastedassign finds wasted assignment statements.
- notlintlint - Reports ill-formed or insufficient nolint directives
- stylecheck - https://staticcheck.io/docs/checks/#ST - keep style consistent
- excluded: [ST1003 - Poorly chosen identifier](https://staticcheck.io/docs/checks/#ST1003 ) and [ST1005 - Incorrectly formatted error string](https://staticcheck.io/docs/checks/#ST1005 )
2 years ago
KN4CK3R
3f280f89e7
Update HTTP status codes to modern codes ( #18063 )
...
* 2xx/3xx/4xx/5xx -> http.Status...
* http.StatusFound -> http.StatusTemporaryRedirect
* http.StatusMovedPermanently -> http.StatusPermanentRedirect
3 years ago
Eng Zer Jun
f2e7d5477f
refactor: move from io/ioutil to io and os package ( #17109 )
...
The io/ioutil package has been deprecated as of Go 1.16, see
https://golang.org/doc/go1.16#ioutil . This commit replaces the existing
io/ioutil functions with their new definitions in io and os packages.
Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
3 years ago
Lunny Xiao
9f31f3aa8a
Add an abstract json layout to make it's easier to change json library ( #16528 )
...
* Add an abstract json layout to make it's easier to change json library
* Fix import
* Fix import sequence
* Fix blank lines
* Fix blank lines
3 years ago
zeripath
f0e15250b9
Migrate to use jsoniter instead of encoding/json ( #14841 )
...
* Migrate to use jsoniter
* fix tests
* update gitea.com/go-chi/binding
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
4 years ago
Lunny Xiao
0cd87d64ff
Update docs and comments to remove macaron ( #14491 )
4 years ago
Lunny Xiao
c296f4fed6
Introduce go chi web framework as frontend of macaron, so that we can move routes from macaron to chi step by step ( #7420 )
...
* When route cannot be found on chi, go to macaron
* Stick chi version to 1.5.0
* Follow router log setting
4 years ago
zeripath
055f6d2296
Fix "data race" in testlogger ( #9159 )
...
* Fix data race in testlogger
* Update git_helper_for_declarative_test.go
5 years ago
Jonas Franz
62d3f49c28
Add json tags for oauth2 form ( #6627 )
6 years ago
Jonas Franz
783cd64927
Add option to disable refresh token invalidation ( #6584 )
...
* Add option to disable refresh token invalidation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Add integration tests and remove wrong todos
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix typo
Signed-off-by: Jonas Franz <info@jonasfranz.software>
* Fix tests and add documentation
Signed-off-by: Jonas Franz <info@jonasfranz.software>
6 years ago
Jonas Franz
2315019fef
Add support for client basic auth for exchanging access tokens ( #6293 )
...
* Add support for client basic auth for exchanging access tokens
* Improve error messages
* Fix tests
6 years ago
Jonas Franz
e777c6bdc6
Integrate OAuth2 Provider ( #5378 )
6 years ago