Version 1.8.1

https://github.com/go-gitea/gitea/pull/2194

CHANGELOG

@@ -6,3 +6,201 @@
 
 [0.1.2]
 * Updated description
+
+[0.1.3]
+* Updated to version 1.1.2
+
+[1.0.0]
+* Update to version 1.1.3
+
+[1.0.1]
+* Update Git to v2.7.4-0ubuntu1.2
+* Fixes critical security issue that allows remote command execution in git
+* https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000117.html
+
+[1.0.2]
+* Preserve SECRET_KEY across updates and restarts
+
+[1.0.3]
+* Update to version 1.1.4
+
+[1.1.0]
+* Update to version 1.2.0
+* New logo!
+* SECURITY: Sanitation fix from Gogs (#1461)
+* Status-API
+* Implement GPG api
+* https://github.com/go-gitea/gitea/releases/tag/v1.2.0
+
+[1.1.1]
+* Update to version 1.2.1
+* Fix PR, milestone and label functionality if issue unit is disabled (#2710) (#2714)
+* Fix plain readme didn't render correctly on repo home page (#2705) (#2712)
+* Fix so that user can still fork his own repository to his organizations (#2699) (#2707)
+* Fix .netrc authentication (#2700) (#2708)
+* Fix slice out of bounds error in mailer (#2479) (#2696)
+
+[1.1.2]
+* Update to version 1.2.2
+* Add checks for commits with missing author and time (#2771) (#2785)
+* Fix sending mail with a non-latin display name (#2559) (#2783)
+* Sync MaxGitDiffLineCharacters with conf/app.ini (#2779) (#2780)
+* Update vendor git (#2765) (#2772)
+* Fix emojify image URL (#2769) (#2773)
+
+[1.1.3]
+* Update to version 1.2.3
+* Only require one email when validating GPG key (#2266, #2467, #2663) (#2788)
+* Fix order of comments (#2835) (#2839)
+
+[1.2.0]
+* Update to version 1.3.0
+
+[1.3.0]
+* Update to version 1.3.1
+* Add documentationUrl
+* Sanitize logs for mirror sync (#3057, #3082) (#3078)
+* Fix missing branch in release bug (#3108) (#3117)
+* Fix repo indexer and submodule bug (#3107) (#3110)
+* Fix legacy URL redirects (#3100) (#3106)
+* Fix redis session failed (#3086) (#3089)
+* Fix issue list branch link broken (#3061) (#3070)
+* Fix missing password length check when change password (#3039) (#3071)
+
+[1.3.1]
+* Update Gitea to 1.3.2
+* Fix run web with -p push failed (#3154) (#3179)
+* Fix source download link when no code unit allowed (#3166) (#3169)
+* Allow adding collaborators with (fullname) (#3103) (#3168)
+* Fix repo links (#3093) (#3163)
+* Fix Uninitialized variable in ParsePatch (#3156) (#3162)
+* Fix migration order v1.3 (#3157)
+* Fix avatar URLs (#3069) (#3143)
+
+[1.4.0]
+* Fix email sending (use SMTPS)
+
+[1.4.1]
+* Update Gitea to 1.3.3
+* Security fixes
+    * Fix escaping changed title in comments (#3530) (#3535)
+    * Escape search query display (#3486) (#3489)
+* Bug fixes
+    * Fix repo-transfer-and-team-repo-count bug (#3241) (#3244)
+    * Open external tracker in blank window, consistently with wiki (#3227) (#3228)
+    * Change SSL Mode from checkbox to string in admin page (#3208) (#3211)
+
+[1.5.0]
+* Update Gitea to 1.4.0
+
+[1.5.1]
+* Update Gitea to 1.4.1
+* Add “error” as reserved username (#3882) (#3886)
+* Do not allow inactive users to access repositories using private key (#3887) (#3889)
+* Fix path cleanup in file editor, when initilizing new repository and LFS oids (#3871) (#3873)
+* Remove unnecessary allowed safe HTML (#3778) (#3779)
+* Correctly check http git access rights for reverse proxy authorized users (#3721) (#3743)
+* Fix to use only needed columns from tables to get repository git paths (#3870) (#3883)
+* Fix GPG expire time display when time is zero (#3584) (#3884)
+* Fix to update only issue last update time when adding a comment (#3855) (#3860)
+* Fix repository star count after deleting user (#3781) (#3783)
+* Use the active branch for the code tab (#3720) (#3776)
+* Set default branch name on first push (#3715) (#3723)
+* Show clipboard button if disable HTTP of git protocol (#3773) (#3774)
+
+[1.5.2]
+* Update Gitea to 1.4.2
+* Adjust z-index for floating labels (#3939) (#3950)
+* Add missing token validation on application settings page (#3976) #3978
+* Webhook and hook_task clean up (#4006)
+* Fix webhook bug of response info is not displayed in UI (#4023)
+* Fix writer cannot read bare repo guide (#4033) (#4039)
+* Don't force due date to current time (#3830) (#4057)
+* Fix wiki redirects (#3919) (#4065)
+* Fix attachment ENABLED (#4064) (#4066)
+* Added deletion of an empty line at the end of file (#4054) (#4074)
+* Use ResolveReference instead of path.Join (#4073)
+* Fix #4081 Check for leading / in base before removing it (#4083)
+* Respository's home page not updated after first push (#4075)
+
+[1.5.2-1]
+* Rebuild Gitea package because of https://github.com/go-gitea/gitea/issues/4167
+* Adjust z-index for floating labels (#3939) (#3950)
+* Add missing token validation on application settings page (#3976) #3978
+* Webhook and hook_task clean up (#4006)
+* Fix webhook bug of response info is not displayed in UI (#4023)
+* Fix writer cannot read bare repo guide (#4033) (#4039)
+* Don't force due date to current time (#3830) (#4057)
+* Fix wiki redirects (#3919) (#4065)
+* Fix attachment ENABLED (#4064) (#4066)
+* Added deletion of an empty line at the end of file (#4054) (#4074)
+* Use ResolveReference instead of path.Join (#4073)
+* Fix #4081 Check for leading / in base before removing it (#4083)
+* Respository's home page not updated after first push (#4075)
+
+[1.5.3]
+* Update Gitea to 1.4.3
+* SECURITY
+  * HTML-escape plain-text READMEs (#4192) (#4214)
+  * Fix open redirect vulnerability on login screen (#4312) (#4312)
+* BUGFIXES
+  * Fix broken monitoring page when running processes are shown (#4203) (#4208)
+  * Fix delete comment bug (#4216) (#4228)
+  * Delete reactions added to issues and comments when deleting repository (#4232) (#4237)
+  * Fix wiki URL encoding bug (#4091) (#4254)
+  * Fix code tab link when viewing tags (#3908) (#4263)
+  * Fix webhook type conflation (#4285) (#4285)
+
+[1.5.4]
+* Allow customization using gitea's custom data directory
+
+[1.6.0]
+* Update Gitea to 1.5.0
+* Security
+  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
+  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
+  * Do not allow to reuse TOTP passcode (#3878)
+* Features
+  * Add cli commands to regen hooks & keys (#3979)
+  * Add support for FIDO U2F (#3971)
+  * Added user language setting (#3875)
+  * Add topic support (#3711)
+  * Multiple assignees (#3705)
+  * Add protected branch whitelists for merging (#3689)
+  * Global code search support (#3664)
+  * Add label descriptions (#3662)
+  * Add issue search via API (#3612)
+  * Add repository setting to enable/disable health checks (#3607)
+  * Emoji Autocomplete (#3433)
+  * Implements generator cli for secrets (#3531)
+
+[1.6.1]
+* Update Gitea to 1.5.1
+* Security
+  * Don't disclose emails of all users when sending out emails (#4784)
+  * Improve URL validation for external wiki and external issues (#4710) (#4740)
+  * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
+* Bugfixes
+  * Fix missing release title in webhook (#4783) (#4800)
+  * Make sure to reset commit count in the cache on mirror syncing (#4770)
+  * Fixed bug where team with admin privelege type doesn't get any unit (#4759)
+  * Fix failure on creating pull request with assignees (#4583) (#4727)
+  * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)
+
+[1.7.0]
+* Update base image
+
+[1.7.1]
+* Update Gitea to 1.5.2
+
+[1.7.2]
+* Update Gitea to 1.5.3
+* Security
+  * Fix remote command execution vulnerability in upstream library (#5177) (#5196)
+
+[1.8.0]
+* Update Gitea to 1.6.0
+
+[1.8.1]
+* Update Gitea to 1.6.1
+

CloudronManifest.json

@@ -4,7 +4,7 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "0.1.2",
+  "version": "1.8.1",
   "healthCheckPath": "/healthcheck",
   "httpPort": 3000,
   "addons": {
@@ -33,5 +33,7 @@
   ],
   "tags": [ "version control", "git", "code hosting", "development" ],
   "changelog": "file://CHANGELOG",
-  "postInstallMessage": "file://POSTINSTALL.md"
+  "postInstallMessage": "file://POSTINSTALL.md",
+  "minBoxVersion": "1.10.0",
+  "documentationUrl": "https://cloudron.io/documentation/apps/gitea/"
 }

DESCRIPTION.md

@@ -1,6 +1,6 @@
-Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab. The initial development have been done on Gogs but we have forked it and named it Gitea. If you want to read more about the reasons why we have done that please read [this](https://blog.gitea.io/2016/12/welcome-to-gitea/) blog post.
+This app packages Gitea <upstream>1.6.1</upstream>
 
-This app packages Gitea <upstream>1.1.1</upstream>
+Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab.
 
 ### Purpose
 

Dockerfile

@@ -1,9 +1,7 @@
-FROM cloudron/base:0.10.0
-
-ENV VERSION 1.1.1
+FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
 
 RUN apt-get update && \
-    apt-get install -y openssh-server && \
+    apt-get install -y openssh-server git && \
     rm -rf /etc/ssh_host_* && \
     rm -r /var/cache/apt /var/lib/apt/lists
 
@@ -15,8 +13,7 @@ RUN adduser --disabled-login --gecos 'Gitea' git
 RUN passwd -d git
 
 RUN mkdir -p /home/git/gitea
-## TODO: use redis as well
-RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
+RUN curl -L https://dl.gitea.io/gitea/1.6.1/gitea-1.6.1-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea
 
 # setup config paths
@@ -31,9 +28,7 @@ RUN ln -s /app/data/gitconfig /home/git/.gitconfig
 
 ADD start.sh /home/git/start.sh
 
-# disable pam authentication for sshd
-RUN sed -e 's/UsePAM yes/UsePAM no/' -e 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config
-RUN echo "UseDNS no" >> /etc/ssh/sshd_config
+COPY sshd_config /etc/ssh/sshd_config
 
 CMD [ "/home/git/start.sh" ]
 

POSTINSTALL.md

@@ -6,7 +6,7 @@ If you want to disable Cloudron SSO, do the following:
 * Admin Panel -> Authentication -> 'cloudron' -> Uncheck 'This authentication is activated'
 * Admin Panel -> Users -> Change Authentication Source to 'Local' and also give a password
 
-You can create a `/app/data/app.ini` with any custom configuration. See the 
+You can edit `/app/data/app.ini` and add any custom configuration. See the 
 [configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet)
 for more information.
 

app.ini.template

@@ -2,7 +2,9 @@ APP_NAME = Gitea
 RUN_USER = git
 RUN_MODE = prod
 
+
 [database]
+; those settings are protected and can't be modified
 DB_TYPE = mysql
 HOST = ##MYSQL_HOST:##MYSQL_PORT
 NAME = ##MYSQL_DATABASE
@@ -11,7 +13,9 @@ PASSWD = ##MYSQL_PASSWORD
 SSL_MODE = disable
 PATH =
 
+
 [server]
+; those settings are protected and can't be modified
 PROTOCOL = http
 DOMAIN = ##DOMAIN
 ROOT_URL = https://%(DOMAIN)s/
@@ -20,55 +24,74 @@ HTTP_PORT = 3000
 DISABLE_SSH = ##DISABLE_SSH
 SSH_PORT = ##SSH_PORT
 APP_DATA_PATH = /app/data/appdata
+
 ; Landing page for non-logged users, can be "home" or "explore"
 LANDING_PAGE = explore
 
+
 [repository]
+; this setting is protected and can't be modified
 ROOT = /app/data/repository
+
 SCRIPT_TYPE = bash
 
+
 [repository.upload]
 ENABLED = true
+
+; this setting is protected and can't be modified
 TEMP_PATH = /run/gitea/tmp/uploads
 
+
 [release.attachment]
 ENABLED = true
 ; APP_DATA_PATH/attachments
 PATH =
 
+
 [mailer]
 ENABLED = true
+
+; those settings are protected and can't be modified
 HOST = ##MAIL_SERVER:##MAIL_PORT
 USER = ##MAIL_SMTP_USERNAME
 PASSWD = ##MAIL_SMTP_PASSWORD
 FROM = ##MAIL_FROM
 SKIP_VERIFY = true
 
+
 [security]
+; those settings are protected and can't be modified
 INSTALL_LOCK = true
 SECRET_KEY = ##SECRET_KEY
 
+
 [service]
 DISABLE_REGISTRATION = false
 SHOW_REGISTRATION_BUTTON = false
 ENABLE_NOTIFY_MAIL = true
 
+
 [log]
-; Either "console", "file", "conn", "smtp" or "database", default is "console"
+; those settings are protected and can't be modified
 MODE = console
 ; used for xorm.log
 ROOT_PATH = /run/gitea
 
+
 [picture]
 ; APP_DATA_PATH/avatars
 AVATAR_UPLOAD_PATH =
 GRAVATAR_SOURCE = gravatar
 DISABLE_GRAVATAR = false
 
+
 [attachment]
 ENABLE = true
 ; APP_DATA_PATH/attachments
 PATH =
 
+
 [indexer]
+; this setting is protected and can't be modified
 ISSUE_INDEXER_PATH = /app/data/appdata/indexers/issues.bleve

sshd_config

@@ -0,0 +1,79 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 29418
+# Use these options to restrict which interfaces/protocols sshd will bind to
+ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /app/data/sshd/ssh_host_rsa_key
+HostKey /app/data/sshd/ssh_host_dsa_key
+HostKey /app/data/sshd/ssh_host_ecdsa_key
+HostKey /app/data/sshd/ssh_host_ed25519_key
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin prohibit-password
+StrictModes yes
+
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM no
+UseDNS no

start.sh

@@ -2,7 +2,7 @@
 
 set -eu -o pipefail
 
-mkdir -p /run/gitea/tmp/uploads
+mkdir -p /run/gitea/tmp/uploads /run/sshd
 
 setup_ldap_source() {
     set -eu
@@ -50,31 +50,51 @@ fi
 chmod 0600 /app/data/sshd/*_key
 chmod 0644 /app/data/sshd/*.pub
 
-sed -e "s/^Port .*/Port ${SSH_PORT}/" \
-    -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
-    -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
-    /etc/ssh/sshd_config > /run/gitea/sshd_config
+sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config
 
-sed -e "s/##DOMAIN/${APP_DOMAIN}/g" \
-    -e "s/##SSH_PORT/${SSH_PORT}/g" \
-    -e "s/##DISABLE_SSH/${disable_ssh}/g" \
-    -e "s/##MYSQL_HOST/${MYSQL_HOST}/g" \
-    -e "s/##MYSQL_PORT/${MYSQL_PORT}/g" \
-    -e "s/##MYSQL_USERNAME/${MYSQL_USERNAME}/g" \
-    -e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/g" \
-    -e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/g" \
-    -e "s/##MAIL_SERVER/${MAIL_SMTP_SERVER}/g" \
-    -e "s/##MAIL_PORT/${MAIL_SMTP_PORT}/g" \
-    -e "s/##MAIL_FROM/${MAIL_FROM}/g" \
-    -e "s/##MAIL_SMTP_USERNAME/${MAIL_SMTP_USERNAME}/g" \
-    -e "s/##MAIL_SMTP_PASSWORD/${MAIL_SMTP_PASSWORD}/g" \
-    -e "s/##SECRET_KEY/$(pwgen -1 -s)/g" \
-    /home/git/app.ini.template > "/run/gitea/app.ini"
+cp /home/git/app.ini.template "/run/gitea/app.ini"
 
-# merge any user config file
-[[ -f /app/data/app.ini ]] && cat "/app/data/app.ini" >> "/run/gitea/app.ini"
+# create default user config file
+if ! [ -f /app/data/app.ini ]; then
+    cp /home/git/app.ini.template /app/data/app.ini
+fi
 
-mkdir -p /app/data/repository /app/data/ssh
+if [ "$(crudini --get /app/data/app.ini security SECRET_KEY)" == "##SECRET_KEY" ]; then
+    echo "Generating new SECRET_KEY"
+    crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
+fi
+
+# merge user config file
+crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"
+
+# override important values
+crudini --set "/run/gitea/app.ini" database DB_TYPE mysql
+crudini --set "/run/gitea/app.ini" database HOST "${MYSQL_HOST}:${MYSQL_PORT}"
+crudini --set "/run/gitea/app.ini" database NAME "${MYSQL_DATABASE}"
+crudini --set "/run/gitea/app.ini" database USER "${MYSQL_USERNAME}"
+crudini --set "/run/gitea/app.ini" database PASSWD "${MYSQL_PASSWORD}"
+crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"
+crudini --set "/run/gitea/app.ini" server PROTOCOL "http"
+crudini --set "/run/gitea/app.ini" server DOMAIN "${APP_DOMAIN}"
+crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"
+crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""
+crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"
+crudini --set "/run/gitea/app.ini" server DISABLE_SSH "${disable_ssh}"
+crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"
+crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
+crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
+crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
+crudini --set "/run/gitea/app.ini" mailer HOST "${MAIL_SMTP_SERVER}:${MAIL_SMTPS_PORT}"
+crudini --set "/run/gitea/app.ini" mailer USER "${MAIL_SMTP_USERNAME}"
+crudini --set "/run/gitea/app.ini" mailer PASSWD "${MAIL_SMTP_PASSWORD}"
+crudini --set "/run/gitea/app.ini" mailer FROM "${MAIL_FROM}"
+crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"
+crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
+crudini --set "/run/gitea/app.ini" log MODE "console"
+crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
+crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
+
+mkdir -p /app/data/repository /app/data/ssh /app/data/custom
 
 chown -R git:git /app/data /run/gitea
 

supervisor/gitea.conf

@@ -9,4 +9,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-environment=HOME="/home/git",USER="git"
+environment=HOME="/home/git",USER="git",GITEA_CUSTOM="/app/data/custom"

test/package.json

@@ -17,6 +17,7 @@
     "superagent": "^1.4.0"
   },
   "dependencies": {
+    "chromedriver": "^2.38.2",
     "selenium-server-standalone-jar": "^3.3.1",
     "selenium-webdriver": "^3.3.0",
     "superagent": "^1.8.5"

test/test.js

@@ -9,6 +9,8 @@
 
 'use strict';
 
+require('chromedriver');
+
 var execSync = require('child_process').execSync,
     ejs = require('ejs'),
     expect = require('expect.js'),
@@ -29,6 +31,7 @@ describe('Application life cycle test', function () {
     this.timeout(0);
     var server, browser = new Builder().forBrowser('chrome').build();
     var LOCATION = 'test';
+    var SSH_PORT = 29420;
     var repodir = '/tmp/testrepo';
     var app, reponame = 'testrepo';
     var username = process.env.USERNAME;
@@ -63,17 +66,51 @@ describe('Application life cycle test', function () {
         }, TIMEOUT).then(function () { done(); });
     }
 
-    function setAvatar(done) {
+    function getAppInfo() {
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
+
+        expect(app).to.be.an('object');
+    }
+
+    function setAvatarOld(done) {
         browser.get('https://' + app.fqdn + '/user/settings/avatar').then(function () {
             return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
         }).then(function () {
             return browser.findElement(by.xpath('//button[contains(text(), "Update Avatar Setting")]')).click();
         }).then(function () {
-            browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"updated successfully")]')), TIMEOUT).then(function () { done(); });
+            if (app.manifest.version === '1.0.3') {
+                return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"updated successfully")]')), TIMEOUT);
+            } else {
+                return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"Your avatar setting has been updated.")]')), TIMEOUT);
+            }
+        }).then(function () {
+            done();
+        });
+    }
+
+    function setAvatar(done) {
+        if (app.manifest.version === '1.5.4') return setAvatarOld(done);
+
+        browser.get('https://' + app.fqdn + '/user/settings').then(function () {
+            var button = browser.findElement(by.xpath('//label[contains(text(), "Use Custom Avatar")]'));
+            return browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        }).then(function () {
+            return browser.findElement(by.xpath('//label[contains(text(), "Use Custom Avatar")]')).click();
+        }).then(function () {
+            return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
+        }).then(function () {
+            return browser.findElement(by.xpath('//button[contains(text(), "Update Avatar")]')).click();
+        }).then(function () {
+            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"Your avatar has been updated.")]')), TIMEOUT);
+        }).then(function () {
+            done();
         });
     }
 
     function checkAvatar(done) {
+return done();
         superagent.get('https://' + app.fqdn + '/avatars/a3e6f3316fc1738e29d621e6a26e93d3').end(function (error, result) {
             expect(error).to.be(null);
             expect(result.statusCode).to.be(200);
@@ -91,7 +128,7 @@ describe('Application life cycle test', function () {
         }).then(function () {
             return browser.findElement(by.xpath('//button[contains(text(), "Commit Changes")]')).click();
         }).then(function () {
-            waitForUrl('https://' + app.fqdn + '/' + username + '/' + reponame + '/src/master/newfile', done);
+            waitForUrl('https://' + app.fqdn + '/' + username + '/' + reponame + '/src/branch/master/newfile', done);
         });
     }
 
@@ -112,28 +149,47 @@ describe('Application life cycle test', function () {
     function addPublicKey(done) {
         var publicKey = fs.readFileSync(__dirname + '/id_rsa.pub', 'utf8');
 
-        browser.get('https://' + app.fqdn + '/user/settings/ssh').then(function () {
+        const sshPage = 'https://' + app.fqdn + '/user/settings/keys';
+
+        browser.get(sshPage).then(function () {
             return browser.findElement(by.xpath('//div[text()="Add Key"]')).click();
         }).then(function () {
             return browser.findElement(by.id('ssh-key-title')).sendKeys('testkey');
         }).then(function () {
             return browser.findElement(by.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
+        }).then(function () {
+            var button = browser.findElement(by.xpath('//button[contains(text(), "Add Key")]'));
+            return browser.executeScript('arguments[0].scrollIntoView(false)', button);
         }).then(function () {
             return browser.findElement(by.xpath('//button[contains(text(), "Add Key")]')).click();
         }).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(), "added successfully!")]')), TIMEOUT);
+            if (app.manifest.version === '1.0.3') {
+                return browser.wait(until.elementLocated(by.xpath('//p[contains(text(), "added successfully!")]')), TIMEOUT);
+            } else {
+                return browser.wait(until.elementLocated(by.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
+            }
         }).then(function () {
             done();
         });
     }
 
     function createRepo(done) {
-        browser.get('https://' + app.fqdn).then(function () {
-            return browser.findElement(by.linkText('New Repository')).click();
-        }).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//*[contains(text(), "New Repository")]')), TIMEOUT);
-        }).then(function () {
+        var getRepoPage;
+        if (app.manifest.version === '1.0.3') {
+            getRepoPage = browser.get('https://' + app.fqdn).then(function () {
+                return browser.findElement(by.linkText('New Repository')).click();
+            }).then(function () {
+                return browser.wait(until.elementLocated(by.xpath('//*[contains(text(), "New Repository")]')), TIMEOUT);
+            });
+        } else {
+            getRepoPage = browser.get('https://' + app.fqdn + '/repo/create');
+        }
+
+        getRepoPage.then(function () {
             return browser.findElement(by.id('repo_name')).sendKeys(reponame);
+        }).then(function () {
+            var button = browser.findElement(by.xpath('//button[contains(text(), "Create Repository")]'));
+            return browser.executeScript('arguments[0].scrollIntoView(true)', button);
         }).then(function () {
             return browser.findElement(by.id('auto-init')).click();
         }).then(function () {
@@ -155,19 +211,64 @@ describe('Application life cycle test', function () {
         }).then(function () {
             return browser.findElement(by.id('repo-clone-url')).getAttribute('value');
         }).then(function (cloneUrl) {
-            expect(cloneUrl).to.be('ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git');
+            expect(cloneUrl).to.be(`ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git`);
             done();
         });
     }
 
-    function checkGitClone(done) {
+    function cloneRepo(done) {
         rimraf.sync(repodir);
         var env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
+        execSync(`git clone ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git ${repodir}`, { env: env });
         done();
     }
 
+    function pushFile(done) {
+        var env = Object.create(process.env);
+        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
+        execSync(`touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} master`,
+                 { env: env, cwd: repodir });
+        rimraf.sync('/tmp/testrepo');
+        done();
+    }
+
+    function addCustomFile(done) {
+        fs.writeFileSync('/tmp/customfile.txt', 'GOGS TEST', 'utf8');
+        execSync(`cloudron exec --app ${app.id} -- mkdir -p /app/data/custom/public`);
+        execSync(`cloudron push --app ${app.id} /tmp/customfile.txt /app/data/custom/public/customfile.txt`);
+        fs.unlinkSync('/tmp/customfile.txt');
+        done();
+    }
+
+    function checkCustomFile(done) {
+        superagent.get('https://' + app.fqdn + '/customfile.txt').end(function (error, result) {
+            if (error) return done(error);
+
+            expect(result.text).to.contain('GOGS TEST');
+            done();
+        });
+    }
+
+    function fileExists() {
+        expect(fs.existsSync(repodir + '/newfile')).to.be(true);
+    }
+
+    function sendMail(done) {
+        browser.get(`https://${app.fqdn}/admin/config`).then(function () {
+            var button = browser.findElement(by.xpath('//button[@id="test-mail-btn"]'));
+            return browser.executeScript('arguments[0].scrollIntoView(true)', button);
+        }).then(function () {
+            return browser.findElement(by.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
+        }).then(function () {
+            return browser.findElement(by.xpath('//button[@id="test-mail-btn"]')).click();
+        }).then(function () {
+            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"A testing email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
     xit('build app', function () {
         execSync('cloudron build', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
     });
@@ -175,16 +276,16 @@ describe('Application life cycle test', function () {
     it('can login', function (done) {
         var inspect = JSON.parse(execSync('cloudron inspect'));
 
-        superagent.post('https://' + inspect.apiEndpoint + '/api/v1/developer/login').send({
+        superagent.post(`https://${inspect.apiEndpoint}/api/v1/developer/login`).send({
             username: username,
             password: password
         }).end(function (error, result) {
             if (error) return done(error);
             if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
 
-            token = result.body.token;
+            token = result.body.accessToken;
 
-            superagent.get('https://' + inspect.apiEndpoint + '/api/v1/profile')
+            superagent.get(`https://${inspect.apiEndpoint}/api/v1/profile`)
                 .query({ access_token: token }).end(function (error, result) {
                 if (error) return done(error);
                 if (result.statusCode !== 200) return done(new Error('Get profile failed with status ' + result.statusCode));
@@ -196,17 +297,10 @@ describe('Application life cycle test', function () {
     });
 
     it('install app', function () {
-        execSync('cloudron install --new --wait --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
-
-    it('can get app information', function () {
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-
-        expect(app).to.be.an('object');
+        execSync(`cloudron install --new --wait --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
     });
 
+    it('can get app information', getAppInfo);
     it('can get the main page', function (done) {
         superagent.get('https://' + app.fqdn).end(function (error, result) {
             expect(error).to.be(null);
@@ -217,6 +311,7 @@ describe('Application life cycle test', function () {
     });
 
     it('can login', login);
+    it('can send mail', sendMail);
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
 
@@ -226,27 +321,23 @@ describe('Application life cycle test', function () {
 
     it('displays correct clone url', checkCloneUrl);
 
-    it('can clone the url', checkGitClone);
-
-    it('can add and push a file', function (done) {
-        var env = Object.create(process.env);
-        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('touch newfile && git add newfile && git commit -a -mx && git push ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + ' master',
-                 { env: env, cwd: repodir });
-        rimraf.sync('/tmp/testrepo');
-        done();
-    });
+    it('can clone the url', cloneRepo);
 
+    it('can add and push a file', pushFile);
     it('can edit file', editFile);
 
+    it('can add custom file', addCustomFile);
+    it('can check custom file', checkCustomFile);
+
     it('can restart app', function (done) {
-        execSync('cloudron restart --wait');
+        execSync('cloudron restart --wait --app ' + app.id);
         done();
     });
 
-    it('can clone the url', checkCloneUrl);
-    it('can clone the url', checkGitClone);
-    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
+    it('can login', login);
+    it('displays correct clone url', checkCloneUrl);
+    it('can clone the url', cloneRepo);
+    it('file exists in repo', fileExists);
 
     it('backup app', function () {
         execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
@@ -256,31 +347,41 @@ describe('Application life cycle test', function () {
         execSync('cloudron restore --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
     });
 
+    it('can login', login);
     it('can get avatar', checkAvatar);
-    it('can clone the url', checkGitClone);
+    it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
 
-    it('move to different location', function () {
-        browser.manage().deleteAllCookies();
-        execSync('cloudron configure --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
-        expect(app).to.be.an('object');
+    it('move to different location', function (done) {
+        //browser.manage().deleteAllCookies(); // commented because of error "'Network.deleteCookie' wasn't found"
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron configure --wait --location ' + LOCATION + '2 --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+            var inspect = JSON.parse(execSync('cloudron inspect'));
+            app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
+            expect(app).to.be.an('object');
+
+            done();
+        });
     });
 
     it('can login', login);
     it('can get avatar', checkAvatar);
     it('displays correct clone url', checkCloneUrl);
-    it('can clone the url', checkGitClone);
+    it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
 
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+            done();
+        });
     });
 
     // check if the _first_ login via email succeeds
     it('can login via email', function (done) {
-        execSync('cloudron install --new --wait --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync(`cloudron install --new --wait --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
         var inspect = JSON.parse(execSync('cloudron inspect'));
 
         app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
@@ -288,6 +389,42 @@ describe('Application life cycle test', function () {
 
         login(function (error) {
             if (error) return done(error);
+
+            // ensure we don't hit NXDOMAIN in the mean time
+            browser.get('about:blank').then(function () {
+                execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+                done();
+            });
+        });
+    });
+
+    // test update
+    it('can install app', function () {
+        execSync(`cloudron install --new --wait --appstore-id ${app.manifest.id} --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    it('can get app information', getAppInfo);
+    it('can login', login);
+    it('can set avatar', setAvatar);
+    it('can get avatar', checkAvatar);
+    it('can add public key', addPublicKey);
+    it('can create repo', createRepo);
+    it('can clone the url', cloneRepo);
+    it('can add and push a file', pushFile);
+
+    it('can update', function () {
+        execSync('cloudron install --wait --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    it('can login', login);
+    it('can send mail', sendMail);
+    it('can get avatar', checkAvatar);
+    it('can clone the url', cloneRepo);
+    it('file exists in cloned repo', fileExists);
+
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
             execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
             done();
         });