Version 1.15.2

Fixes #5

CHANGELOG

@@ -23,3 +23,457 @@
 
 [1.0.3]
 * Update to version 1.1.4
+
+[1.1.0]
+* Update to version 1.2.0
+* New logo!
+* SECURITY: Sanitation fix from Gogs (#1461)
+* Status-API
+* Implement GPG api
+* https://github.com/go-gitea/gitea/releases/tag/v1.2.0
+
+[1.1.1]
+* Update to version 1.2.1
+* Fix PR, milestone and label functionality if issue unit is disabled (#2710) (#2714)
+* Fix plain readme didn't render correctly on repo home page (#2705) (#2712)
+* Fix so that user can still fork his own repository to his organizations (#2699) (#2707)
+* Fix .netrc authentication (#2700) (#2708)
+* Fix slice out of bounds error in mailer (#2479) (#2696)
+
+[1.1.2]
+* Update to version 1.2.2
+* Add checks for commits with missing author and time (#2771) (#2785)
+* Fix sending mail with a non-latin display name (#2559) (#2783)
+* Sync MaxGitDiffLineCharacters with conf/app.ini (#2779) (#2780)
+* Update vendor git (#2765) (#2772)
+* Fix emojify image URL (#2769) (#2773)
+
+[1.1.3]
+* Update to version 1.2.3
+* Only require one email when validating GPG key (#2266, #2467, #2663) (#2788)
+* Fix order of comments (#2835) (#2839)
+
+[1.2.0]
+* Update to version 1.3.0
+
+[1.3.0]
+* Update to version 1.3.1
+* Add documentationUrl
+* Sanitize logs for mirror sync (#3057, #3082) (#3078)
+* Fix missing branch in release bug (#3108) (#3117)
+* Fix repo indexer and submodule bug (#3107) (#3110)
+* Fix legacy URL redirects (#3100) (#3106)
+* Fix redis session failed (#3086) (#3089)
+* Fix issue list branch link broken (#3061) (#3070)
+* Fix missing password length check when change password (#3039) (#3071)
+
+[1.3.1]
+* Update Gitea to 1.3.2
+* Fix run web with -p push failed (#3154) (#3179)
+* Fix source download link when no code unit allowed (#3166) (#3169)
+* Allow adding collaborators with (fullname) (#3103) (#3168)
+* Fix repo links (#3093) (#3163)
+* Fix Uninitialized variable in ParsePatch (#3156) (#3162)
+* Fix migration order v1.3 (#3157)
+* Fix avatar URLs (#3069) (#3143)
+
+[1.4.0]
+* Fix email sending (use SMTPS)
+
+[1.4.1]
+* Update Gitea to 1.3.3
+* Security fixes
+    * Fix escaping changed title in comments (#3530) (#3535)
+    * Escape search query display (#3486) (#3489)
+* Bug fixes
+    * Fix repo-transfer-and-team-repo-count bug (#3241) (#3244)
+    * Open external tracker in blank window, consistently with wiki (#3227) (#3228)
+    * Change SSL Mode from checkbox to string in admin page (#3208) (#3211)
+
+[1.5.0]
+* Update Gitea to 1.4.0
+
+[1.5.1]
+* Update Gitea to 1.4.1
+* Add “error” as reserved username (#3882) (#3886)
+* Do not allow inactive users to access repositories using private key (#3887) (#3889)
+* Fix path cleanup in file editor, when initilizing new repository and LFS oids (#3871) (#3873)
+* Remove unnecessary allowed safe HTML (#3778) (#3779)
+* Correctly check http git access rights for reverse proxy authorized users (#3721) (#3743)
+* Fix to use only needed columns from tables to get repository git paths (#3870) (#3883)
+* Fix GPG expire time display when time is zero (#3584) (#3884)
+* Fix to update only issue last update time when adding a comment (#3855) (#3860)
+* Fix repository star count after deleting user (#3781) (#3783)
+* Use the active branch for the code tab (#3720) (#3776)
+* Set default branch name on first push (#3715) (#3723)
+* Show clipboard button if disable HTTP of git protocol (#3773) (#3774)
+
+[1.5.2]
+* Update Gitea to 1.4.2
+* Adjust z-index for floating labels (#3939) (#3950)
+* Add missing token validation on application settings page (#3976) #3978
+* Webhook and hook_task clean up (#4006)
+* Fix webhook bug of response info is not displayed in UI (#4023)
+* Fix writer cannot read bare repo guide (#4033) (#4039)
+* Don't force due date to current time (#3830) (#4057)
+* Fix wiki redirects (#3919) (#4065)
+* Fix attachment ENABLED (#4064) (#4066)
+* Added deletion of an empty line at the end of file (#4054) (#4074)
+* Use ResolveReference instead of path.Join (#4073)
+* Fix #4081 Check for leading / in base before removing it (#4083)
+* Respository's home page not updated after first push (#4075)
+
+[1.5.2-1]
+* Rebuild Gitea package because of https://github.com/go-gitea/gitea/issues/4167
+* Adjust z-index for floating labels (#3939) (#3950)
+* Add missing token validation on application settings page (#3976) #3978
+* Webhook and hook_task clean up (#4006)
+* Fix webhook bug of response info is not displayed in UI (#4023)
+* Fix writer cannot read bare repo guide (#4033) (#4039)
+* Don't force due date to current time (#3830) (#4057)
+* Fix wiki redirects (#3919) (#4065)
+* Fix attachment ENABLED (#4064) (#4066)
+* Added deletion of an empty line at the end of file (#4054) (#4074)
+* Use ResolveReference instead of path.Join (#4073)
+* Fix #4081 Check for leading / in base before removing it (#4083)
+* Respository's home page not updated after first push (#4075)
+
+[1.5.3]
+* Update Gitea to 1.4.3
+* SECURITY
+  * HTML-escape plain-text READMEs (#4192) (#4214)
+  * Fix open redirect vulnerability on login screen (#4312) (#4312)
+* BUGFIXES
+  * Fix broken monitoring page when running processes are shown (#4203) (#4208)
+  * Fix delete comment bug (#4216) (#4228)
+  * Delete reactions added to issues and comments when deleting repository (#4232) (#4237)
+  * Fix wiki URL encoding bug (#4091) (#4254)
+  * Fix code tab link when viewing tags (#3908) (#4263)
+  * Fix webhook type conflation (#4285) (#4285)
+
+[1.5.4]
+* Allow customization using gitea's custom data directory
+
+[1.6.0]
+* Update Gitea to 1.5.0
+* Security
+  * Check that repositories can only be migrated to own user or organizations (#4366) (#4370)
+  * Limit uploaded avatar image-size to 4096px x 3072px by default (#4353)
+  * Do not allow to reuse TOTP passcode (#3878)
+* Features
+  * Add cli commands to regen hooks & keys (#3979)
+  * Add support for FIDO U2F (#3971)
+  * Added user language setting (#3875)
+  * Add topic support (#3711)
+  * Multiple assignees (#3705)
+  * Add protected branch whitelists for merging (#3689)
+  * Global code search support (#3664)
+  * Add label descriptions (#3662)
+  * Add issue search via API (#3612)
+  * Add repository setting to enable/disable health checks (#3607)
+  * Emoji Autocomplete (#3433)
+  * Implements generator cli for secrets (#3531)
+
+[1.6.1]
+* Update Gitea to 1.5.1
+* Security
+  * Don't disclose emails of all users when sending out emails (#4784)
+  * Improve URL validation for external wiki and external issues (#4710) (#4740)
+  * Make cookies HttpOnly and obey COOKIE_SECURE flag (#4706) (#4707)
+* Bugfixes
+  * Fix missing release title in webhook (#4783) (#4800)
+  * Make sure to reset commit count in the cache on mirror syncing (#4770)
+  * Fixed bug where team with admin privelege type doesn't get any unit (#4759)
+  * Fix failure on creating pull request with assignees (#4583) (#4727)
+  * Hide org/create menu item in Dashboard if user has no rights (#4678) (#4686)
+
+[1.7.0]
+* Update base image
+
+[1.7.1]
+* Update Gitea to 1.5.2
+
+[1.7.2]
+* Update Gitea to 1.5.3
+* Security
+  * Fix remote command execution vulnerability in upstream library (#5177) (#5196)
+
+[1.8.0]
+* Update Gitea to 1.6.0
+
+[1.8.1]
+* Update Gitea to 1.6.1
+
+[1.8.2]
+* Update Gitea to 1.6.2
+* SECURITY
+  * Sanitize uploaded file names (#5571) (#5573)
+  * HTMLEncode user added text (#5570) (#5575)
+* BUGFIXES
+  * Fix indexer reindex bug when gitea restart (#5563) (#5564)
+  * Fix bug when a read perm user to edit his issue (#5516) (#5534)
+  * Detect force push failure on deletion of protected branches (#5522) (#5531)
+  * Fix forgot deletion of notification when delete repository (#5506) (#5514)
+  * Fix undeleted content when deleting user (#5429) (#5509)
+  * Fix empty wiki (#5504) (#5508)
+
+[1.8.3]
+* Update Gitea to 1.6.3
+* SECURITY: Prevent DeleteFilePost doing arbitrary deletion (#5631)
+* BUGFIX: Fix wrong text getting saved on editing second comment on an issue (#5608)
+
+[1.8.4]
+* Update Gitea to 1.6.4
+* Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
+* When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
+* Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
+
+[1.9.0]
+* Update Gitea to 1.7.0
+
+[1.9.1]
+* Update Gitea to 1.7.1
+* [Changelog](https://github.com/go-gitea/gitea/releases/tag/v1.7.1)
+* Disable redirect for i18n (#5910) (#5916)
+* Only allow local login if password is non-empty (#5906) (#5908)
+* Fix go-get URL generation (#5905) (#5907)
+* Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
+* Request for public keys only if LDAP attribute is set (#5816) (#5819)
+* Fix delete correct temp directory (#5840) (#5839)
+* Fix an error while adding a dependency via UI (#5862) (#5876)
+* Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
+* When creating new repository fsck option should be enabled (#5817) (#5885)
+* Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
+* Fix bug when read public repo lfs file (#5913) (#5912)
+* Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
+* Fix compare button on upstream repo leading to 404 (#5877) (#5914)
+
+[1.9.2]
+* Update Gitea to 1.7.2
+* Remove all CommitStatus when a repo is deleted (#5940) (#5941)
+* Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
+* Silence console logger in gitea serv (#5887) (#5943)
+* Handle milestone webhook events for issues and PR (#5947) (#5955)
+* Show user who created the repository instead of the organization in action feed (#5948) (#5956)
+* Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
+* Fix bug when deleting a linked account will removed all (#5989) (#5990)
+* Fix empty ssh key importing in ldap (#5984) (#6009)
+* Fix metrics auth token detection (#6006) (#6017)
+* Create repository on organisation by default on its dashboard (#6026) (#6048)
+* Make sure labels are actually returned in API (#6053) (#6059)
+* Switch to more recent build of xgo (#6070) (#6072)
+* In basic auth check for tokens before call UserSignIn (#5725) (#6083)
+
+[1.9.3]
+* Update Gitea to 1.7.3
+* Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
+* Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
+* Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
+* Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
+* Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
+* Fix prohibit login check on authorization (#6106) (#6115)
+* Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
+* Fix deadlock in webhook PullRequest (#6102) (#6104)
+* Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
+* Fix compare button regression (#5929) (#6098)
+* Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
+
+[1.9.4]
+* Update Gitea to 1.7.4
+* Fix potential XSS vulnerability in repository description. (#6306) (#6308)
+* Fix wrong release commit id (#6224) (#6300)
+* Fix panic on empty signed commits (#6292) (#6300)
+* Fix organization dropdown not being scrollable when using mouse wheel (#5988) (#6246)
+* Fix displaying dashboard even if required to change password (#6214) (#6215)
+
+[1.9.5]
+* Update Gitea to 1.7.5
+* unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
+* ParsePatch function to work with quoted diff --git strings (#6323) (#6332)
+
+[1.9.6]
+* Update Gitea to 1.7.6
+* Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
+* Allow resend of confirmation email when logged in (#6482) (#6487)
+
+[1.10.0]
+* Update Gitea to 1.8.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.8.0)
+* Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
+* Resolve 2FA bypass on API (#6676) (#6674)
+* Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
+* Expose issue stopwatch toggling via API (#5970)
+* Pull request conflict files detection (#5951)
+* Implement "conversation lock" for issue comments (#5073)
+* Feature: Archive repos (#5009)
+* Allow to set organization visibility (public, internal, private) (#1763)
+* Added URL mapping for Release attachments like on github.com (#1707)
+
+[1.10.1]
+* Update Gitea to 1.8.1
+
+[1.10.2]
+* Update Gitea to 1.8.2
+
+[1.11.0]
+* better custom app.ini integration
+* optional sso support
+
+[1.12.0]
+* Update Gitea to 1.8.3
+* Update manifest to v2
+
+[1.13.0]
+* Update Gitea to 1.9.0
+
+[1.13.1]
+* Update Gitea to 1.9.1
+
+[1.13.2]
+* Make sessions persist restarts
+
+[1.13.3]
+* Update Gitea to 1.9.2
+* Fix wrong sender when send slack webhook (#7918) (#7924)
+* Upload support text/plain; charset=utf8 (#7899)
+* Lfs/lock: round locked_at timestamp to second (#7872) (#7875)
+* Fix non existent milestone with 500 error (#7867) (#7873)
+* SECURITY
+  * Fix No PGP signature on 1.9.1 tag (#7874)
+  * Release built with go 1.12.9 to fix security fixes in golang std lib, ref: https://groups.google.com/forum/#!msg/golang-announce/oeMaeUnkvVE/a49yvTLqAAAJ
+* ENHANCEMENT
+  * Fix pull creation with empty changes (#7920) (#7926)
+* BUILD
+  * Drone/docker: prepare multi-arch release + provide arm64 image (#7571) (#7884)
+
+[1.13.4]
+* Update Gitea to 1.9.3
+* Fix go get from a private repository with Go 1.13 (#8100)
+* Strict name matching for Repository.GetTagID() (#8082)
+* Avoid ambiguity of branch/directory names for the git-diff-tree command (#8070)
+* Add change title notification for issues (#8064)
+* Run CORS handler first for /api routes (#7967) (#8053)
+* Evaluate emojis in commit messages in list view (#8044)
+* Fix failed to synchronize tags to releases for repository (#7990) (#7994)
+* Fix adding default Telegram webhook (#7972) (#7992)
+* Abort synchronization from LDAP source if there is some error (#7965)
+* Fix deformed emoji in commit message (#8071)
+* Keep blame view buttons sequence consistent with normal view when viewing a file (#8007) (#8009)
+
+[1.13.5]
+* Update Gitea to 1.9.4
+* Highlight issue references (#8101) (#8404)
+* Fix bug when migrating a private repository #7917 (#8403)
+* Change general form binding to gogs form (#8334) (#8402)
+* Fix editor commit to new branch if PR disabled (#8375) (#8401)
+* Fix milestone num_issues (#8221) (#8400)
+* Allow users with explicit read access to give approvals (#8398)
+* Fix commit status in PR #8316 and PR #8321 (#8339)
+* Fix API for edit and delete release attachment (#8290)
+* Fix assets on release webhook (#8283)
+* Fix release API URL generation (#8239)
+* Allow registration when button is hidden (#8238)
+* MS Teams webhook misses commit messages (backport v1.9) (#8225)
+
+[1.13.6]
+* Update Gitea to 1.9.5
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.9.5)
+* Hide some user information via API if user doesn't have enough permission (#8655) (#8658)
+* Fix milestone close timestamp (#8728) (#8731)
+* Fix deadline on update issue or PR via API (#8699)
+* Fix 'New Issue Missing Milestone Comment' (#8678) (#8682)
+* Fix 500 when getting user as unauthenticated user (#8653) (#8662)
+* Use AppSubUrl for more redirections (#8647) (#8652)
+* Add SubURL to redirect path (#8632) (#8634) (#8640)
+* Fix #8582 by handling empty repos (#8587) (#8593)
+* Fix bug on pull requests when transfer head repository (#8571)
+* Add missed close in ServeBlobLFS (#8527) (#8543)
+* Return false if provided branch name is empty for IsBranchExist (#8485) (#8492)
+* Create .ssh dir as necessary (#8369) (#8486) (#8489)
+* Restore functionality for early gits (#7775) (#8476)
+* Add check for empty set when dropping indexes during migration (#8475)
+* Ensure Request Body Readers are closed in LFS server (#8454) (#8459)
+* Ensure that LFS files are relative to the LFS content path (#8455) (#8458)
+* Ignore mentions for users with no access (#8395) (#8484)
+
+[1.14.0]
+* Update Gitea to 1.10.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.10.0)
+
+[1.14.1]
+* Update Gitea to 1.10.1
+* Fix max length check and limit in multiple repo forms (#9148) (#9204)
+* Properly fix displaying virtual session provider in admin panel (#9137) (#9203)
+* Upgrade levelqueue to 0.1.0 (#9192) (#9199)
+* Fix panic when diff (#9187) (#9193)
+* Smtp logger configuration sendTos should be an array (#9154) (#9157)
+* Always Show Password Field on Link Account Sign-in Page (#9150)
+* Create PR on Current Repository by Default (#8670) (#9141)
+* Fix race on indexer (#9136) (#9139)
+* Fix reCAPTCHA URL (#9119)
+* Hide migrated credentials (#9098)
+* Update golang.org/x/crypto vendor to use acme v2 (#9056) (#9085)
+* Fix password checks on admin create/edit user (#9076) (#9081)
+* Fix add search as a reserved username (#9063) (#9065)
+* Fix permission checks for close/reopen from commit (#8875) (#9033)
+* Ensure Written is set in GZIP ProxyResponseWriter (#9018) (#9025)
+* Fix broken link to branch from issue list (#9003) (#9021)
+* Fix wrong system notice when repository is empty (#9020)
+* Shadow password correctly for session config (#8984) (#9002)
+
+[1.14.2]
+* Update Gitea to 1.10.2
+* Allow only specific Columns to be updated on Issue via API (#9539) (#9580)
+* Add ErrReactionAlreadyExist error (#9550) (#9564)
+* Fix bug when migrate from API (#8631) (#9563)
+* Use default avatar for ghost user (#9536) (#9537)
+* Fix repository issues pagination bug when there are more than one label filter (#9512) (#9528)
+* Fix deleted branch not removed when push the branch again (#9516) (#9524)
+* Fix missing repository status when migrating repository via API (#9511)
+* Trigger webhook when deleting a branch after merging a PR (#9510)
+* Fix paging on /repos/{owner}/{repo}/git/trees/{sha} API endpoint (#9482)
+* Fix NewCommitStatus (#9434) (#9435)
+* Use OriginalURL instead of CloneAddr in migration logging (#9418) (#9420)
+* Fix Slack webhook payload title generation to work with Mattermost (#9404)
+* DefaultBranch needs to be prefixed by BranchPrefix (#9356) (#9359)
+* Fix issue indexer not triggered when migrating a repository (#9333)
+* Fix bug that release attachment files not deleted when deleting repository (#9322) (#9329)
+* Fix migration releases (#9319) (#9326) (#9328)
+* Fix File Edit: Author/Committer interchanged (#9297) (#9300)
+
+[1.14.3]
+* Update Gitea to 1.10.3
+* Hide credentials when submitting migration (#9102) (#9704)
+* Never allow an empty password to validate (#9682) (#9684)
+* Prevent redirect to Host (#9678) (#9680)
+* Hide public repos owned by private orgs (#9609) (#9616)
+* Allow assignee on Pull Creation when Issue Unit is deactivated (#9836) (#9838)
+* Fix download file wrong content-type (#9825) (#9835)
+* Fix wrong identify poster on a migrated pull request when submit review (#9827) (#9831)
+* Fix dump non-exist log directory (#9818) (#9820)
+* Fix compare (#9808) (#9815)
+* Fix missing msteam webhook on organization (#9781) (#9795)
+* Fix add team on collaborator page when same name as organization (#9783)
+* Fix cache problem on dashboard (#9358) (#9703)
+* Send tag create and push webhook when release created on UI (#8671) (#9702)
+* Branches not at ref commit ID should not be listed as Merged (#9614) (#9639)
+
+[1.15.0]
+* Update Gitea to 1.11.0
+
+[1.15.1]
+* Update Gitea to 1.11.1
+* Repo name added to automatically generated commit message when merging (#9997) (#10285)
+* Fix Workerpool deadlock (#10283) (#10284)
+* Divide GetIssueStats query in smaller chunks (#10176) (#10282)
+* Fix reply on code review (#10257)
+* Stop hanging issue indexer initialisation from preventing shutdown (#10243) (#10249)
+* Fix filter label emoji width (#10241) (#10244)
+* Fix issue sidebar menus having an infinite height (#10239) (#10240)
+* Fix commit between two commits calculation if there is only last commit (#10225) (#10226)
+* Only check for conflicts/merging if the PR has not been merged in the interim (#10132) (#10206)
+* Blacklist manifest.json & milestones user (#10292) (#10293)
+
+[1.15.2]
+* Update Gitea to 1.11.2
+

CloudronManifest.json

@@ -4,7 +4,7 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.0.3",
+  "version": "1.15.2",
   "healthCheckPath": "/healthcheck",
   "httpPort": 3000,
   "addons": {
@@ -20,10 +20,11 @@
       "defaultValue": 29418
     }
   },
-  "manifestVersion": 1,
+  "manifestVersion": 2,
   "website": "https://gitea.io",
   "contactEmail": "apps@cloudron.io",
   "icon": "file://logo.png",
+  "optionalSso": true,
   "mediaLinks": [
     "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/1.png",
     "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/2.png",
@@ -33,5 +34,7 @@
   ],
   "tags": [ "version control", "git", "code hosting", "development" ],
   "changelog": "file://CHANGELOG",
-  "postInstallMessage": "file://POSTINSTALL.md"
+  "postInstallMessage": "file://POSTINSTALL.md",
+  "minBoxVersion": "4.1.4",
+  "documentationUrl": "https://cloudron.io/documentation/apps/gitea/"
 }

DESCRIPTION.md

@@ -1,6 +1,6 @@
-Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab. The initial development have been done on Gogs but we have forked it and named it Gitea. If you want to read more about the reasons why we have done that please read [this](https://blog.gitea.io/2016/12/welcome-to-gitea/) blog post.
+This app packages Gitea <upstream>1.11.2</upstream>
 
-This app packages Gitea <upstream>1.1.4</upstream>
+Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab.
 
 ### Purpose
 

Dockerfile

@@ -1,6 +1,6 @@
-FROM cloudron/base:0.10.0
+FROM cloudron/base:1.0.0@sha256:147a648a068a2e746644746bbfb42eb7a50d682437cead3c67c933c546357617
 
-ENV VERSION 1.1.4
+ARG VERSION=1.11.2
 
 RUN apt-get update && \
     apt-get install -y openssh-server git && \
@@ -15,7 +15,7 @@ RUN adduser --disabled-login --gecos 'Gitea' git
 RUN passwd -d git
 
 RUN mkdir -p /home/git/gitea
-## TODO: use redis as well
+WORKDIR /home/git
 RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea
 
@@ -31,9 +31,7 @@ RUN ln -s /app/data/gitconfig /home/git/.gitconfig
 
 ADD start.sh /home/git/start.sh
 
-# disable pam authentication for sshd
-RUN sed -e 's/UsePAM yes/UsePAM no/' -e 's/UsePrivilegeSeparation yes/UsePrivilegeSeparation no/' -i /etc/ssh/sshd_config
-RUN echo "UseDNS no" >> /etc/ssh/sshd_config
+COPY sshd_config /etc/ssh/sshd_config
 
 CMD [ "/home/git/start.sh" ]
 

POSTINSTALL.md

@@ -1,12 +1,14 @@
-This app integrates with the Cloudron SSO. Admins on Cloudron automatically
-become admins on Gitea.
+A default admin user has been setup with the following credentials (use the `Local` authentication source when logging in):
 
-If you want to disable Cloudron SSO, do the following:
+```
+username: root
+password: changeme
+```
 
-* Admin Panel -> Authentication -> 'cloudron' -> Uncheck 'This authentication is activated'
-* Admin Panel -> Users -> Change Authentication Source to 'Local' and also give a password
+**Note:** Please change the password and email immediately after installation.
 
-You can edit `/app/data/app.ini` and add any custom configuration. See the 
-[configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet)
-for more information.
+<sso>
+This app integrates with the Cloudron SSO. Cloudron users can login and use Gitea
+using the `Cloudron` authentication source.
+</sso>
 

app.ini.template

@@ -95,3 +95,11 @@ PATH =
 [indexer]
 ; this setting is protected and can't be modified
 ISSUE_INDEXER_PATH = /app/data/appdata/indexers/issues.bleve
+
+[session]
+PROVIDER = file
+PROVIDER_CONFIG = /run/gitea/sessions
+COOKIE_SECURE = true
+COOKIE_NAME = cloudron_gitea
+GC_INTERVAL_TIME = 2592000
+

sshd_config

@@ -0,0 +1,79 @@
+# Package generated configuration file
+# See the sshd_config(5) manpage for details
+
+# What ports, IPs and protocols we listen for
+Port 29418
+# Use these options to restrict which interfaces/protocols sshd will bind to
+ListenAddress 0.0.0.0
+Protocol 2
+# HostKeys for protocol version 2
+HostKey /app/data/sshd/ssh_host_rsa_key
+HostKey /app/data/sshd/ssh_host_dsa_key
+HostKey /app/data/sshd/ssh_host_ecdsa_key
+HostKey /app/data/sshd/ssh_host_ed25519_key
+
+# Logging
+SyslogFacility AUTH
+LogLevel INFO
+
+# Authentication:
+LoginGraceTime 120
+PermitRootLogin prohibit-password
+StrictModes yes
+
+PubkeyAuthentication yes
+#AuthorizedKeysFile	%h/.ssh/authorized_keys
+
+# Don't read the user's ~/.rhosts and ~/.shosts files
+IgnoreRhosts yes
+# similar for protocol version 2
+HostbasedAuthentication no
+# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
+#IgnoreUserKnownHosts yes
+
+# To enable empty passwords, change to yes (NOT RECOMMENDED)
+PermitEmptyPasswords no
+
+# Change to yes to enable challenge-response passwords (beware issues with
+# some PAM modules and threads)
+ChallengeResponseAuthentication no
+
+# Change to no to disable tunnelled clear text passwords
+#PasswordAuthentication yes
+
+# Kerberos options
+#KerberosAuthentication no
+#KerberosGetAFSToken no
+#KerberosOrLocalPasswd yes
+#KerberosTicketCleanup yes
+
+# GSSAPI options
+#GSSAPIAuthentication no
+#GSSAPICleanupCredentials yes
+
+X11Forwarding yes
+X11DisplayOffset 10
+PrintMotd no
+PrintLastLog yes
+TCPKeepAlive yes
+#UseLogin no
+
+#MaxStartups 10:30:60
+#Banner /etc/issue.net
+
+# Allow client to pass locale environment variables
+AcceptEnv LANG LC_*
+
+Subsystem sftp /usr/lib/openssh/sftp-server
+
+# Set this to 'yes' to enable PAM authentication, account processing,
+# and session processing. If this is enabled, PAM authentication will
+# be allowed through the ChallengeResponseAuthentication and
+# PasswordAuthentication.  Depending on your PAM configuration,
+# PAM authentication via ChallengeResponseAuthentication may bypass
+# the setting of "PermitRootLogin without-password".
+# If you just want the PAM account and session checks to run without
+# PAM authentication, then enable this but set PasswordAuthentication
+# and ChallengeResponseAuthentication to 'no'.
+UsePAM no
+UseDNS no

start.sh

@@ -2,32 +2,61 @@
 
 set -eu -o pipefail
 
-mkdir -p /run/gitea/tmp/uploads
+mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 
 setup_ldap_source() {
     set -eu
 
-    # Wait for gitea to finish db setup, before we insert ldap source in db
-    while ! curl --fail http://localhost:3000/healthcheck; do
-        echo "Waiting for gitea to come up"
-        sleep 1
-    done
+    # Get the existing LDAP source status. This allows the user to disable LDAP
+    # Note that this method is deprecated since this app now supports optionalSso
+    ldap_status=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
+    [[ -z "${ldap_status}" ]] && ldap_status="1"
 
     now=$(date +%s)
 
-    # Get the existing LDAP source status. This allows the user to disable LDAP
-    ldap_status=$(mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" -N -B -e "select is_actived from login_source WHERE name='cloudron';")
-    [[ -z "${ldap_status}" ]] && ldap_status="1"
-
-    if mysql -u"${MYSQL_USERNAME}" -p"${MYSQL_PASSWORD}" -h mysql --database="${MYSQL_DATABASE}" \
-        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${LDAP_SERVER}\",\"Port\":${LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${LDAP_BIND_DN}\",\"BindPassword\":\"${LDAP_BIND_PASSWORD}\",\"UserBase\":\"${LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\",\"AdminFilter\":\"(memberof=cn=admins,${LDAP_GROUPS_BASE_DN})\"}','${now}','${now}');"; then
-        echo "LDAP Authentication was setup with status ${ldap_status}"
+    if mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" \
+        -e "REPLACE INTO login_source (id, type, name, is_actived, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${CLOUDRON_LDAP_SERVER}\",\"Port\":${CLOUDRON_LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${CLOUDRON_LDAP_BIND_DN}\",\"BindPassword\":\"${CLOUDRON_LDAP_BIND_PASSWORD}\",\"UserBase\":\"${CLOUDRON_LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
+        echo "==> LDAP Authentication was setup with activation status ${ldap_status}"
     else
-        echo "Failed to setup LDAP authentication"
+        echo "==> Failed to setup LDAP authentication"
         exit 1
     fi
 }
 
+setup_root_user() {
+    set -eu
+
+    if sudo -H -u git /home/git/gitea/gitea admin create-user --name root --password changeme --email test@cloudron.io --admin -c /run/gitea/app.ini; then
+        echo "==> root user added"
+    else
+        echo "==> Failed to add root user"
+        exit 1
+    fi
+}
+
+setup_auth() {
+    set -eu
+
+    # Wait for gitea to finish db setup, before we do any db operations
+    while ! curl --fail http://localhost:3000/healthcheck; do
+        echo "==> Waiting for gitea to come up"
+        sleep 1
+    done
+
+    echo "==> Gitea is up, setting up auth"
+
+    if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
+        setup_ldap_source
+    fi
+
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user;")
+    # be careful, not to create root user for existing LDAP based installs
+    if [[ "${user_count}" == "0" ]]; then
+        echo "==> Setting up root user for first run"
+        setup_root_user
+    fi
+}
+
 # SSH_PORT can be unset to disable SSH
 disable_ssh="false"
 if [[ -z "${SSH_PORT:-}" ]]; then
@@ -50,35 +79,28 @@ fi
 chmod 0600 /app/data/sshd/*_key
 chmod 0644 /app/data/sshd/*.pub
 
-sed -e "s/^Port .*/Port ${SSH_PORT}/" \
-    -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
-    -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
-    /etc/ssh/sshd_config > /run/gitea/sshd_config
+sed -e "s/^Port .*/Port ${SSH_PORT}/" /etc/ssh/sshd_config > /run/gitea/sshd_config
 
-cp /home/git/app.ini.template "/run/gitea/app.ini"
+if [[ ! -f /app/data/app.ini ]]; then
+    echo -e "; Add customizations here - https://docs.gitea.io/en-us/config-cheat-sheet/" > /app/data/app.ini
 
-# create default user config file
-if ! [ -f /app/data/app.ini ]; then
-    cp /home/git/app.ini.template /app/data/app.ini
-fi
-
-if [ "$(crudini --get /app/data/app.ini security SECRET_KEY)" == "##SECRET_KEY" ]; then
-    echo "Generating new SECRET_KEY"
+    echo "==> Generating new SECRET_KEY"
     crudini --set "/app/data/app.ini" security SECRET_KEY $(pwgen -1 -s)
 fi
 
 # merge user config file
+cp /home/git/app.ini.template "/run/gitea/app.ini"
 crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"
 
 # override important values
 crudini --set "/run/gitea/app.ini" database DB_TYPE mysql
-crudini --set "/run/gitea/app.ini" database HOST "${MYSQL_HOST}:${MYSQL_PORT}"
-crudini --set "/run/gitea/app.ini" database NAME "${MYSQL_DATABASE}"
-crudini --set "/run/gitea/app.ini" database USER "${MYSQL_USERNAME}"
-crudini --set "/run/gitea/app.ini" database PASSWD "${MYSQL_PASSWORD}"
+crudini --set "/run/gitea/app.ini" database HOST "${CLOUDRON_MYSQL_HOST}:${CLOUDRON_MYSQL_PORT}"
+crudini --set "/run/gitea/app.ini" database NAME "${CLOUDRON_MYSQL_DATABASE}"
+crudini --set "/run/gitea/app.ini" database USER "${CLOUDRON_MYSQL_USERNAME}"
+crudini --set "/run/gitea/app.ini" database PASSWD "${CLOUDRON_MYSQL_PASSWORD}"
 crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"
 crudini --set "/run/gitea/app.ini" server PROTOCOL "http"
-crudini --set "/run/gitea/app.ini" server DOMAIN "${APP_DOMAIN}"
+crudini --set "/run/gitea/app.ini" server DOMAIN "${CLOUDRON_APP_DOMAIN}"
 crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"
 crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""
 crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"
@@ -87,22 +109,22 @@ crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"
 crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
 crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
 crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
-crudini --set "/run/gitea/app.ini" mailer HOST "${MAIL_SMTP_SERVER}:${MAIL_SMTP_PORT}"
-crudini --set "/run/gitea/app.ini" mailer USER "${MAIL_SMTP_USERNAME}"
-crudini --set "/run/gitea/app.ini" mailer PASSWD "${MAIL_SMTP_PASSWORD}"
-crudini --set "/run/gitea/app.ini" mailer FROM "${MAIL_FROM}"
+crudini --set "/run/gitea/app.ini" mailer HOST "${CLOUDRON_MAIL_SMTP_SERVER}:${CLOUDRON_MAIL_SMTPS_PORT}"
+crudini --set "/run/gitea/app.ini" mailer USER "${CLOUDRON_MAIL_SMTP_USERNAME}"
+crudini --set "/run/gitea/app.ini" mailer PASSWD "${CLOUDRON_MAIL_SMTP_PASSWORD}"
+crudini --set "/run/gitea/app.ini" mailer FROM "${CLOUDRON_MAIL_FROM}"
 crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"
 crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
 crudini --set "/run/gitea/app.ini" log MODE "console"
 crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
 crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
 
-
-mkdir -p /app/data/repository /app/data/ssh
-
+echo "==> Creating dirs and changing permissions"
+mkdir -p /app/data/repository /app/data/ssh /app/data/custom
 chown -R git:git /app/data /run/gitea
 
-( setup_ldap_source ) &
+# this expects app.ini to be available
+( setup_auth ) &
 
 exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
 

supervisor/gitea.conf

@@ -9,4 +9,4 @@ stdout_logfile=/dev/stdout
 stdout_logfile_maxbytes=0
 stderr_logfile=/dev/stderr
 stderr_logfile_maxbytes=0
-environment=HOME="/home/git",USER="git"
+environment=HOME="/home/git",USER="git",GITEA_CUSTOM="/app/data/custom"

test/package.json

@@ -8,17 +8,13 @@
   },
   "author": "",
   "license": "ISC",
-  "devDependencies": {
-    "ejs": "^2.3.4",
-    "expect.js": "^0.3.1",
-    "mkdirp": "^0.5.1",
-    "mocha": "^2.3.4",
-    "rimraf": "^2.4.4",
-    "superagent": "^1.4.0"
-  },
   "dependencies": {
-    "selenium-server-standalone-jar": "^3.3.1",
-    "selenium-webdriver": "^3.3.0",
-    "superagent": "^1.8.5"
+    "chromedriver": "^80.0.1",
+    "expect.js": "^0.3.1",
+    "mocha": "^7.1.0",
+    "rimraf": "^3.0.2",
+    "selenium-server-standalone-jar": "^3.141.59",
+    "selenium-webdriver": "^3.6.0",
+    "superagent": "^5.2.2"
   }
 }

test/test.js

@@ -9,58 +9,60 @@
 
 'use strict';
 
+require('chromedriver');
+
 var execSync = require('child_process').execSync,
-    ejs = require('ejs'),
     expect = require('expect.js'),
     fs = require('fs'),
-    mkdirp = require('mkdirp'),
     path = require('path'),
     rimraf = require('rimraf'),
     superagent = require('superagent'),
-    webdriver = require('selenium-webdriver');
+    { Builder, By, until } = require('selenium-webdriver'),
+    { Options } = require('selenium-webdriver/chrome');
 
-var by = require('selenium-webdriver').By,
-    until = require('selenium-webdriver').until,
-    Builder = require('selenium-webdriver').Builder;
-
-process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
+if (!process.env.USERNAME || !process.env.PASSWORD || !process.env.EMAIL) {
+    console.log('USERNAME, PASSWORD and EMAIL env vars need to be set');
+    process.exit(1);
+}
 
 describe('Application life cycle test', function () {
     this.timeout(0);
-    var server, browser = new Builder().forBrowser('chrome').build();
+
+    var TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
+    var EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
     var LOCATION = 'test';
+    var SSH_PORT = 29420;
+
+    var app;
+    var token;
+
+    var server, browser = new Builder().forBrowser('chrome').build();
     var repodir = '/tmp/testrepo';
-    var app, reponame = 'testrepo';
+    var reponame = 'testrepo';
+
     var username = process.env.USERNAME;
     var password = process.env.PASSWORD;
-    var TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
-    var email, token;
-
-    before(function (done) {
-        if (!process.env.USERNAME) return done(new Error('USERNAME env var not set'));
-        if (!process.env.PASSWORD) return done(new Error('PASSWORD env var not set'));
+    var email = process.env.EMAIL;
 
+    before(function () {
         var seleniumJar= require('selenium-server-standalone-jar');
         var SeleniumServer = require('selenium-webdriver/remote').SeleniumServer;
         server = new SeleniumServer(seleniumJar.path, { port: 4444 });
         server.start();
-
-        done();
     });
 
     after(function (done) {
         browser.quit();
-        server.stop();
         rimraf.sync(repodir);
         done();
     });
 
-    function waitForUrl(url, done) {
-        browser.wait(function () {
+    function waitForUrl(url) {
+        return browser.wait(function () {
             return browser.getCurrentUrl().then(function (currentUrl) {
                 return currentUrl === url;
             });
-        }, TIMEOUT).then(function () { done(); });
+        }, TIMEOUT);
     }
 
     function getAppInfo() {
@@ -71,17 +73,43 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     }
 
-    function setAvatar(done) {
+    function setAvatarOld(done) {
         browser.get('https://' + app.fqdn + '/user/settings/avatar').then(function () {
-            return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
+            return browser.findElement(By.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
         }).then(function () {
-            return browser.findElement(by.xpath('//button[contains(text(), "Update Avatar Setting")]')).click();
+            return browser.findElement(By.xpath('//button[contains(text(), "Update Avatar Setting")]')).click();
         }).then(function () {
-            browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"updated successfully")]')), TIMEOUT).then(function () { done(); });
+            if (app.manifest.version === '1.0.3') {
+                return browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"updated successfully")]')), TIMEOUT);
+            } else {
+                return browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"Your avatar setting has been updated.")]')), TIMEOUT);
+            }
+        }).then(function () {
+            done();
+        });
+    }
+
+    function setAvatar(done) {
+        if (app.manifest.version === '1.5.4') return setAvatarOld(done);
+
+        browser.get('https://' + app.fqdn + '/user/settings').then(function () {
+            var button = browser.findElement(By.xpath('//label[contains(text(), "Use Custom Avatar")]'));
+            return browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        }).then(function () {
+            return browser.findElement(By.xpath('//label[contains(text(), "Use Custom Avatar")]')).click();
+        }).then(function () {
+            return browser.findElement(By.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
+        }).then(function () {
+            return browser.findElement(By.xpath('//button[contains(text(), "Update Avatar")]')).click();
+        }).then(function () {
+            return browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"Your avatar has been updated.")]')), TIMEOUT);
+        }).then(function () {
+            done();
         });
     }
 
     function checkAvatar(done) {
+return done();
         superagent.get('https://' + app.fqdn + '/avatars/a3e6f3316fc1738e29d621e6a26e93d3').end(function (error, result) {
             expect(error).to.be(null);
             expect(result.statusCode).to.be(200);
@@ -91,27 +119,51 @@ describe('Application life cycle test', function () {
 
     function editFile(done) {
         browser.get('https://' + app.fqdn + '/' + username + '/' + reponame + '/_edit/master/newfile').then(function () {
-            var cm = browser.findElement(by.xpath('//div[contains(@class,"CodeMirror")]'));
+            var cm = browser.findElement(By.xpath('//div[contains(@class,"CodeMirror")]'));
             var text = 'yo';
             return browser.executeScript('arguments[0].CodeMirror.setValue("' + text + '");', cm);
         }).then(function () {
-            return browser.findElement(by.xpath('//input[@name="commit_summary"]')).sendKeys('Dummy edit');
+            return browser.findElement(By.xpath('//input[@name="commit_summary"]')).sendKeys('Dummy edit');
         }).then(function () {
-            return browser.findElement(by.xpath('//button[contains(text(), "Commit Changes")]')).click();
+            // explicitly make the button clickable since CodeMirror.setValue() does not update the form state correctly
+            var button = browser.findElement(By.xpath('//button[contains(text(), "Commit Changes")]'));
+            return browser.executeScript('arguments[0].removeAttribute("disabled")', button);
         }).then(function () {
-            waitForUrl('https://' + app.fqdn + '/' + username + '/' + reponame + '/src/master/newfile', done);
+            return browser.findElement(By.xpath('//button[contains(text(), "Commit Changes")]')).click();
+        }).then(function () {
+            return waitForUrl('https://' + app.fqdn + '/' + username + '/' + reponame + '/src/branch/master/newfile');
+        }).then(function () {
+            done();
         });
     }
 
-    function login(done) {
+    function login(username, password, done) {
         browser.get('https://' + app.fqdn + '/user/login').then(function () {
-            return browser.findElement(by.id('user_name')).sendKeys(username);
+            return browser.findElement(By.id('user_name')).sendKeys(username);
         }).then(function () {
-            return browser.findElement(by.id('password')).sendKeys(password);
+            return browser.findElement(By.id('password')).sendKeys(password);
         }).then(function () {
-            return browser.findElement(by.tagName('form')).submit();
+            return browser.findElement(By.tagName('form')).submit();
         }).then(function () {
-            return browser.wait(until.elementLocated(by.linkText('Dashboard')), TIMEOUT);
+            return browser.wait(until.elementLocated(By.linkText('Dashboard')), TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
+    function adminLogin(done) {
+        login('root', 'changeme', done);
+    }
+
+    function logout(done) {
+        browser.get('https://' + app.fqdn).then(function () {
+            return browser.findElement(By.xpath('//img[contains(@class, "avatar")]')).click();
+        }).then(function () {
+            browser.sleep(2000);
+        }).then(function () {
+            return browser.findElement(By.xpath('//a[@data-url="/user/logout"]')).click();
+        }).then(function () {
+            browser.sleep(2000);
         }).then(function () {
             done();
         });
@@ -120,32 +172,51 @@ describe('Application life cycle test', function () {
     function addPublicKey(done) {
         var publicKey = fs.readFileSync(__dirname + '/id_rsa.pub', 'utf8');
 
-        browser.get('https://' + app.fqdn + '/user/settings/ssh').then(function () {
-            return browser.findElement(by.xpath('//div[text()="Add Key"]')).click();
+        const sshPage = 'https://' + app.fqdn + '/user/settings/keys';
+
+        browser.get(sshPage).then(function () {
+            return browser.findElement(By.xpath('//div[text()="Add Key"]')).click();
         }).then(function () {
-            return browser.findElement(by.id('ssh-key-title')).sendKeys('testkey');
+            return browser.findElement(By.id('ssh-key-title')).sendKeys('testkey');
         }).then(function () {
-            return browser.findElement(by.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
+            return browser.findElement(By.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
         }).then(function () {
-            return browser.findElement(by.xpath('//button[contains(text(), "Add Key")]')).click();
+            var button = browser.findElement(By.xpath('//button[contains(text(), "Add Key")]'));
+            return browser.executeScript('arguments[0].scrollIntoView(false)', button);
         }).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(), "added successfully!")]')), TIMEOUT);
+            return browser.findElement(By.xpath('//button[contains(text(), "Add Key")]')).click();
+        }).then(function () {
+            if (app.manifest.version === '1.0.3') {
+                return browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "added successfully!")]')), TIMEOUT);
+            } else {
+                return browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
+            }
         }).then(function () {
             done();
         });
     }
 
     function createRepo(done) {
-        browser.get('https://' + app.fqdn).then(function () {
-            return browser.findElement(by.linkText('New Repository')).click();
+        var getRepoPage;
+        if (app.manifest.version === '1.0.3') {
+            getRepoPage = browser.get('https://' + app.fqdn).then(function () {
+                return browser.findElement(By.linkText('New Repository')).click();
+            }).then(function () {
+                return browser.wait(until.elementLocated(By.xpath('//*[contains(text(), "New Repository")]')), TIMEOUT);
+            });
+        } else {
+            getRepoPage = browser.get('https://' + app.fqdn + '/repo/create');
+        }
+
+        getRepoPage.then(function () {
+            return browser.findElement(By.id('repo_name')).sendKeys(reponame);
         }).then(function () {
-            return browser.wait(until.elementLocated(by.xpath('//*[contains(text(), "New Repository")]')), TIMEOUT);
+            var button = browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]'));
+            return browser.executeScript('arguments[0].scrollIntoView(true)', button);
         }).then(function () {
-            return browser.findElement(by.id('repo_name')).sendKeys(reponame);
+            return browser.findElement(By.id('auto-init')).click();
         }).then(function () {
-            return browser.findElement(by.id('auto-init')).click();
-        }).then(function () {
-            return browser.findElement(by.xpath('//button[contains(text(), "Create Repository")]')).click();
+            return browser.findElement(By.xpath('//button[contains(text(), "Create Repository")]')).click();
         }).then(function () {
             browser.wait(function () {
                 return browser.getCurrentUrl().then(function (url) {
@@ -159,11 +230,11 @@ describe('Application life cycle test', function () {
 
     function checkCloneUrl(done) {
         browser.get('https://' + app.fqdn + '/' + username + '/' + reponame).then(function () {
-            return browser.findElement(by.id('repo-clone-ssh')).click();
+            return browser.findElement(By.id('repo-clone-ssh')).click();
         }).then(function () {
-            return browser.findElement(by.id('repo-clone-url')).getAttribute('value');
+            return browser.findElement(By.id('repo-clone-url')).getAttribute('value');
         }).then(function (cloneUrl) {
-            expect(cloneUrl).to.be('ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git');
+            expect(cloneUrl).to.be(`ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git`);
             done();
         });
     }
@@ -172,40 +243,72 @@ describe('Application life cycle test', function () {
         rimraf.sync(repodir);
         var env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
+        execSync(`git clone ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame}.git ${repodir}`, { env: env });
         done();
     }
 
     function pushFile(done) {
         var env = Object.create(process.env);
         env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('touch newfile && git add newfile && git commit -a -mx && git push ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + ' master',
+        execSync(`touch newfile && git add newfile && git commit -a -mx && git push ssh://git@${app.fqdn}:${SSH_PORT}/${username}/${reponame} master`,
                  { env: env, cwd: repodir });
         rimraf.sync('/tmp/testrepo');
         done();
     }
 
+    function addCustomFile(done) {
+        fs.writeFileSync('/tmp/customfile.txt', 'GOGS TEST', 'utf8');
+        execSync(`cloudron exec --app ${app.id} -- mkdir -p /app/data/custom/public`);
+        execSync(`cloudron push --app ${app.id} /tmp/customfile.txt /app/data/custom/public/customfile.txt`);
+        fs.unlinkSync('/tmp/customfile.txt');
+        done();
+    }
+
+    function checkCustomFile(done) {
+        superagent.get('https://' + app.fqdn + '/customfile.txt').end(function (error, result) {
+            if (error) return done(error);
+
+            expect(result.text).to.contain('GOGS TEST');
+            done();
+        });
+    }
+
     function fileExists() {
         expect(fs.existsSync(repodir + '/newfile')).to.be(true);
     }
 
+    function sendMail(done) {
+        browser.get(`https://${app.fqdn}/admin/config`).then(function () {
+            var button = browser.findElement(By.xpath('//button[@id="test-mail-btn"]'));
+            return browser.executeScript('arguments[0].scrollIntoView(true)', button);
+        }).then(function () {
+            return browser.findElement(By.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
+        }).then(function () {
+            return browser.findElement(By.xpath('//button[@id="test-mail-btn"]')).click();
+        }).then(function () {
+            return browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"A testing email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
     xit('build app', function () {
-        execSync('cloudron build', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron build', EXEC_ARGS);
     });
 
     it('can login', function (done) {
         var inspect = JSON.parse(execSync('cloudron inspect'));
 
-        superagent.post('https://' + inspect.apiEndpoint + '/api/v1/developer/login').send({
+        superagent.post(`https://${inspect.apiEndpoint}/api/v1/developer/login`).send({
             username: username,
             password: password
         }).end(function (error, result) {
             if (error) return done(error);
             if (result.statusCode !== 200) return done(new Error('Login failed with status ' + result.statusCode));
 
-            token = result.body.token;
+            token = result.body.accessToken;
 
-            superagent.get('https://' + inspect.apiEndpoint + '/api/v1/profile')
+            superagent.get(`https://${inspect.apiEndpoint}/api/v1/profile`)
                 .query({ access_token: token }).end(function (error, result) {
                 if (error) return done(error);
                 if (result.statusCode !== 200) return done(new Error('Get profile failed with status ' + result.statusCode));
@@ -216,9 +319,7 @@ describe('Application life cycle test', function () {
         });
     });
 
-    it('install app', function () {
-        execSync('cloudron install --new --wait --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-    });
+    it('install app', function () { execSync(`cloudron install --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
 
     it('can get app information', getAppInfo);
     it('can get the main page', function (done) {
@@ -230,7 +331,11 @@ describe('Application life cycle test', function () {
         });
     });
 
-    it('can login', login);
+    it('can admin login', adminLogin);
+    it('can send mail', sendMail);
+    it('can logout', logout);
+
+    it('can login', login.bind(null, username, password));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
 
@@ -245,67 +350,102 @@ describe('Application life cycle test', function () {
     it('can add and push a file', pushFile);
     it('can edit file', editFile);
 
-    it('can restart app', function (done) {
-        execSync('cloudron restart --wait');
-        done();
-    });
+    it('can add custom file', addCustomFile);
+    it('can check custom file', checkCustomFile);
 
-    it('can clone the url', checkCloneUrl);
+    it('can restart app', function () { execSync('cloudron restart  --app ' + app.id); });
+
+    xit('can login', login.bind(null, username, password)); // no need to relogin since session persists
+    it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', fileExists);
 
     it('backup app', function () {
-        execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron backup create --app ' + app.id, EXEC_ARGS);
     });
 
     it('restore app', function () {
-        execSync('cloudron restore --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron restore --app ' + app.id, EXEC_ARGS);
     });
 
+    it('can login', login.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
 
-    it('move to different location', function () {
-        browser.manage().deleteAllCookies();
-        execSync('cloudron configure --wait --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
-        expect(app).to.be.an('object');
+    it('move to different location', function (done) {
+        //browser.manage().deleteAllCookies(); // commented because of error "'Network.deleteCookie' wasn't found"
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron configure --location ' + LOCATION + '2 --app ' + app.id, EXEC_ARGS);
+            var inspect = JSON.parse(execSync('cloudron inspect'));
+            app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
+            expect(app).to.be.an('object');
+
+            done();
+        });
     });
 
-    it('can login', login);
+    it('can login', login.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
 
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+            done();
+        });
     });
 
     // check if the _first_ login via email succeeds
     it('can login via email', function (done) {
-        execSync('cloudron install --new --wait --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync(`cloudron install --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS);
         var inspect = JSON.parse(execSync('cloudron inspect'));
 
         app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
         expect(app).to.be.an('object');
 
-        login(function (error) {
+        login(email, password, function (error) {
             if (error) return done(error);
-            execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
-            done();
+
+            // ensure we don't hit NXDOMAIN in the mean time
+            browser.get('about:blank').then(function () {
+                execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+                done();
+            });
         });
     });
 
+    // No SSO
+    it('install app (no sso)', function () {
+        execSync(`cloudron install --no-sso --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS);
+    });
+
+    it('can get app information', function () {
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
+
+        expect(app).to.be.an('object');
+    });
+
+    it('can admin login (no sso)', adminLogin);
+    it('can logout', logout);
+
+    it('uninstall app (no sso)', function () {
+        execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+    });
+
     // test update
     it('can install app', function () {
-        execSync('cloudron install --new --wait --appstore-id ' + app.manifest.id + ' --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync(`cloudron install --appstore-id ${app.manifest.id} --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS);
     });
 
     it('can get app information', getAppInfo);
-    it('can login', login);
+    it('can login', login.bind(null, username, password));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
     it('can add public key', addPublicKey);
@@ -314,14 +454,23 @@ describe('Application life cycle test', function () {
     it('can add and push a file', pushFile);
 
     it('can update', function () {
-        execSync('cloudron install --wait --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron update --app ' + app.id, EXEC_ARGS);
     });
 
+    xit('can admin login', adminLogin);
+    xit('can send mail', sendMail);
+    xit('can logout', logout);
+
+    it('can login', login.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in cloned repo', fileExists);
 
-    it('uninstall app', function () {
-        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    it('uninstall app', function (done) {
+        // ensure we don't hit NXDOMAIN in the mean time
+        browser.get('about:blank').then(function () {
+            execSync('cloudron uninstall --app ' + app.id, EXEC_ARGS);
+            done();
+        });
     });
 });