Merge remote-tracking branch 'giteaofficial/main'

* giteaofficial/main:
  Add missing translation (go-gitea#26926)
  Vendor `jquery.are-you-sure` with strict mode fixes (go-gitea#26901)
  Fix the secret regexp pattern on web page (go-gitea#26910)
  Add @chenrui333 as maintainer (go-gitea#26917)
  Move notification interface to services layer (go-gitea#26915)
  fetch emails of currently displayed user on admin page (go-gitea#26918)
  Improve LDAP group config documentation, fixes go-gitea#21159 (go-gitea#21227)
  update footer link to new landing page (go-gitea#26916)
  Remove `Named` interface (go-gitea#26913)
  Refactor secrets modification logic (go-gitea#26873)
  Add missing `reqToken()` to notifications endpoints (go-gitea#26914)
  feat(API): add routes and functions for managing user's secrets (go-gitea#26909)
  Move feed notification service layer (go-gitea#26908)
  Extract common code to new template (go-gitea#26903)
  Move ui notification to service layer (go-gitea#26907)
  Remove duplicated notify mail configuration on tests (go-gitea#26912)
  Move indexer notification to service layer (go-gitea#26906)

# Conflicts:
#	templates/base/footer_content.tmpl

MAINTAINERS

@@ -55,3 +55,4 @@ Philip Peterson <philip.c.peterson@gmail.com> (@philip-peterson)
 Denys Konovalov <kontakt@denyskon.de> (@denyskon)
 Punit Inani <punitinani1@gmail.com> (@puni9869)
 CaiCandong  <1290147055@qq.com> (@caicandong)
+Rui Chen  <rui@chenrui.dev> (@chenrui333)

docs/content/usage/authentication.en-us.md

@@ -157,12 +157,13 @@ Uses the following fields:
 
 - User Attribute in Group (optional)
 
-  - Which user LDAP attribute is listed in the group.
-  - Example: `uid`
+  - The user attribute that is used to reference a user in the group object.
+  - Example: `uid` if the group objects contains a `member: bender` and the user object contains a `uid: bender`.
+  - Example: `dn` if the group object contains a `member: uid=bender,ou=users,dc=planetexpress,dc=com`.
 
 - Group Attribute for User (optional)
-  - Which group LDAP attribute contains an array above user attribute names.
-  - Example: `memberUid`
+  - The attribute of the group object that lists/contains the group members.
+  - Example: `memberUid` or `member`
 
 ## PAM (Pluggable Authentication Module)
 

models/secret/secret.go

@@ -33,12 +33,6 @@ type ErrSecretNotFound struct {
 	Name string
 }
 
-// IsErrSecretNotFound checks if an error is a ErrSecretNotFound.
-func IsErrSecretNotFound(err error) bool {
-	_, ok := err.(ErrSecretNotFound)
-	return ok
-}
-
 func (err ErrSecretNotFound) Error() string {
 	return fmt.Sprintf("secret was not found [name: %s]", err.Name)
 }
@@ -47,23 +41,18 @@ func (err ErrSecretNotFound) Unwrap() error {
 	return util.ErrNotExist
 }
 
-// newSecret Creates a new already encrypted secret
-func newSecret(ownerID, repoID int64, name, data string) *Secret {
-	return &Secret{
-		OwnerID: ownerID,
-		RepoID:  repoID,
-		Name:    strings.ToUpper(name),
-		Data:    data,
-	}
-}
-
 // InsertEncryptedSecret Creates, encrypts, and validates a new secret with yet unencrypted data and insert into database
 func InsertEncryptedSecret(ctx context.Context, ownerID, repoID int64, name, data string) (*Secret, error) {
 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)
 	if err != nil {
 		return nil, err
 	}
-	secret := newSecret(ownerID, repoID, name, encrypted)
+	secret := &Secret{
+		OwnerID: ownerID,
+		RepoID:  repoID,
+		Name:    strings.ToUpper(name),
+		Data:    encrypted,
+	}
 	if err := secret.Validate(); err != nil {
 		return secret, err
 	}
@@ -83,8 +72,10 @@ func (s *Secret) Validate() error {
 
 type FindSecretsOptions struct {
 	db.ListOptions
-	OwnerID int64
-	RepoID  int64
+	OwnerID  int64
+	RepoID   int64
+	SecretID int64
+	Name     string
 }
 
 func (opts *FindSecretsOptions) toConds() builder.Cond {
@@ -95,6 +86,12 @@ func (opts *FindSecretsOptions) toConds() builder.Cond {
 	if opts.RepoID > 0 {
 		cond = cond.And(builder.Eq{"repo_id": opts.RepoID})
 	}
+	if opts.SecretID != 0 {
+		cond = cond.And(builder.Eq{"id": opts.SecretID})
+	}
+	if opts.Name != "" {
+		cond = cond.And(builder.Eq{"name": strings.ToUpper(opts.Name)})
+	}
 
 	return cond
 }
@@ -116,75 +113,18 @@ func CountSecrets(ctx context.Context, opts *FindSecretsOptions) (int64, error)
 }
 
 // UpdateSecret changes org or user reop secret.
-func UpdateSecret(ctx context.Context, orgID, repoID int64, name, data string) error {
-	sc := new(Secret)
-	name = strings.ToUpper(name)
-	has, err := db.GetEngine(ctx).
-		Where("owner_id=?", orgID).
-		And("repo_id=?", repoID).
-		And("name=?", name).
-		Get(sc)
-	if err != nil {
-		return err
-	} else if !has {
-		return ErrSecretNotFound{Name: name}
-	}
-
+func UpdateSecret(ctx context.Context, secretID int64, data string) error {
 	encrypted, err := secret_module.EncryptSecret(setting.SecretKey, data)
 	if err != nil {
 		return err
 	}
 
-	sc.Data = encrypted
-	_, err = db.GetEngine(ctx).ID(sc.ID).Cols("data").Update(sc)
-	return err
-}
-
-// DeleteSecret deletes secret from an organization.
-func DeleteSecret(ctx context.Context, orgID, repoID int64, name string) error {
-	sc := new(Secret)
-	has, err := db.GetEngine(ctx).
-		Where("owner_id=?", orgID).
-		And("repo_id=?", repoID).
-		And("name=?", strings.ToUpper(name)).
-		Get(sc)
-	if err != nil {
-		return err
-	} else if !has {
-		return ErrSecretNotFound{Name: name}
-	}
-
-	if _, err := db.GetEngine(ctx).ID(sc.ID).Delete(new(Secret)); err != nil {
-		return fmt.Errorf("Delete: %w", err)
-	}
-
-	return nil
-}
-
-// CreateOrUpdateSecret creates or updates a secret and returns true if it was created
-func CreateOrUpdateSecret(ctx context.Context, orgID, repoID int64, name, data string) (bool, error) {
-	sc := new(Secret)
-	name = strings.ToUpper(name)
-	has, err := db.GetEngine(ctx).
-		Where("owner_id=?", orgID).
-		And("repo_id=?", repoID).
-		And("name=?", name).
-		Get(sc)
-	if err != nil {
-		return false, err
+	s := &Secret{
+		Data: encrypted,
 	}
-
-	if !has {
-		_, err = InsertEncryptedSecret(ctx, orgID, repoID, name, data)
-		if err != nil {
-			return false, err
-		}
-		return true, nil
+	affected, err := db.GetEngine(ctx).ID(secretID).Cols("data").Update(s)
+	if affected != 1 {
+		return ErrSecretNotFound{}
 	}
-
-	if err := UpdateSecret(ctx, orgID, repoID, name, data); err != nil {
-		return false, err
-	}
-
-	return false, nil
+	return err
 }