Documentation: Clarity for HTTPS setups (#5626 )

[https-setup] - Made it clearer that HTTP redirection is possible [config-cheat-sheet] - Clarified the behavihour of the redirection-related config keys
2019-01-03 16:46:07 +01:00
118 changed files with 942 additions and 2726 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -211,7 +211,7 @@ pipeline:
      branch: [ master ]

  static:
-    image: techknowlogick/xgo:latest
+    image: karalabe/xgo-latest:latest
    pull: true
    environment:
      TAGS: bindata sqlite sqlite_unlock_notify
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,71 +4,7 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

-## [1.7.4](https://github.com/go-gitea/gitea/releases/tag/v1.7.4) - 2019-03-12  
-* SECURITY
-  * Fix potential XSS vulnerability in repository description. (#6306) (#6308)
-* BUGFIXES
-  * Fix wrong release commit id (#6224) (#6300)
-  * Fix panic on empty signed commits (#6292) (#6300)
-  * Fix organization dropdown not being scrollable when using mouse wheel (#5988) (#6246)
-  * Fix displaying dashboard even if required to change password (#6214) (#6215)
-
-## [1.7.3](https://github.com/go-gitea/gitea/releases/tag/v1.7.3) - 2019-02-27
-* BUGFIXES
-  * Fix server 500 when trying to migrate to an already existing repository (#6188) (#6197)
-  * Load Issue attributes for API /repos/{owner}/{repo}/issues/{index} (#6122) (#6185)
-  * Fix bug whereby user could change private repository to public when force private enabled. (#6156) (#6165)
-  * Fix bug when update owner team then visit team's repo return 404 (#6119) (#6166)
-  * Fix heatmap and repository menu display in Internet Explorer 9+ (#6117) (#6137)
-  * Fix prohibit login check on authorization (#6106) (#6115)
-  * Fix LDAP protocol error regression by moving to ldap.v3 (#6105) (#6107)
-  * Fix deadlock in webhook PullRequest (#6102) (#6104)
-  * Fix redirect loop when password change is required and Gitea is installed as a suburl (#5965) (#6101)
-  * Fix compare button regression (#5929) (#6098)
-  * Recover panic in orgmode.Render if bad orgfile (#4982) (#5903) (#6097)
-
-## [1.7.2](https://github.com/go-gitea/gitea/releases/tag/v1.7.2) - 2019-02-14
-* BUGFIXES
-  * Remove all CommitStatus when a repo is deleted (#5940) (#5941)
-  * Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
-  * Silence console logger in gitea serv (#5887) (#5943)
-  * Handle milestone webhook events for issues and PR (#5947) (#5955)
-  * Show user who created the repository instead of the organization in action feed (#5948) (#5956)
-  * Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
-  * Fix bug when deleting a linked account will removed all (#5989) (#5990)
-  * Fix empty ssh key importing in ldap (#5984) (#6009)
-  * Fix metrics auth token detection (#6006) (#6017)
-  * Create repository on organisation by default on its dashboard (#6026) (#6048)
-  * Make sure labels are actually returned in API (#6053) (#6059)
-  * Switch to more recent build of xgo (#6070) (#6072)
-  * In basic auth check for tokens before call UserSignIn (#5725) (#6083)
-
-## [1.7.1](https://github.com/go-gitea/gitea/releases/tag/v1.7.1) - 2019-01-31
-* SECURITY
-  * Disable redirect for i18n (#5910) (#5916)
-  * Only allow local login if password is non-empty (#5906) (#5908)
-  * Fix go-get URL generation (#5905) (#5907)
-* BUGFIXES
-  * Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
-  * Request for public keys only if LDAP attribute is set (#5816) (#5819)
-  * Fix delete correct temp directory (#5840) (#5839)
-  * Fix an error while adding a dependency via UI (#5862) (#5876)
-  * Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
-  * When creating new repository fsck option should be enabled (#5817) (#5885)
-  * Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
-  * Fix bug when read public repo lfs file (#5913) (#5912)
-  * Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
-  * Fix compare button on upstream repo leading to 404 (#5877) (#5914)
-* DOCS
-  * Added docs for the tree api (#5835)
-* MISC
-  * Include Go toolchain to --version (#5832) (#5830)
-
-## [1.7.0](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-22
-* SECURITY
-  * Do not display the raw OpenID error in the UI (#5705) (#5712)
-  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
-  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
+## [1.7.0-rc1](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-02
 * BREAKING
  * Restrict permission check on repositories and fix some problems (#5314)
  * Show only opened milestones on issues page milestone filter (#5051)
@@ -87,13 +23,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Give user a link to create PR after push (#4716)
  * Add rebase with merge commit merge style (#3844) (#4052)
 * BUGFIXES
-  * Disallow empty titles (#5785) (#5794)
-  * Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
-  * Don't close issues via commits on non-default branch. (#5622) (#5643)
-  * Fix commit page showing status for current default branch (#5650) (#5653)
-  * Only count users own actions for heatmap contributions (#5647) (#5655)
-  * Update xorm to fix issue postgresql dumping issues (#5680) (#5692)
-  * Use correct value for "MSpan Structures Obtained" (#5706) (#5716)
  * Fix bug on modifying sshd username (#5624)
  * Delete tags in mirror which are removed for original repo. (#5609)
  * Fix wrong text getting saved on editing second comment on an issue. (#5608)
@@ -220,18 +149,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Git-Trees API (#5403)
  * Only chown directories during docker setup if necessary. Fix #4425 (#5064)

-## [1.6.4](https://github.com/go-gitea/gitea/releases/tag/v1.6.4) - 2019-01-15
-* BUGFIX
-  * Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
-  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
-  * Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
-
-## [1.6.3](https://github.com/go-gitea/gitea/releases/tag/v1.6.3) - 2019-01-04
-* SECURITY
-  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
-* BUGFIX
-  * Fix wrong text getting saved on editing second comment on an issue (#5608)
-
 ## [1.6.2](https://github.com/go-gitea/gitea/releases/tag/v1.6.2) - 2018-12-21
 * SECURITY
  * Sanitize uploaded file names (#5571) (#5573)
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -3,11 +3,11 @@

 [[projects]]
  branch = "master"
-  digest = "1:e1fa64238b0a2dbf1edf98c4af8d1b8cb65179e286d7f28006b50fa9f508ee9d"
+  digest = "1:ab875622908a804a327a95a1701002b150806a3c5406df51ec231eac16d3a1ca"
  name = "code.gitea.io/git"
  packages = ["."]
  pruneopts = "NUT"
-  revision = "74d7c14dd4a3ed9c5def0dc3c1aeede399ddc5c5"
+  revision = "389d3c803e12a30dffcbb54a15c2242521bc4333"

 [[projects]]
  branch = "master"
@@ -406,11 +406,11 @@
  version = "v0.6.0"

 [[projects]]
-  digest = "1:d366480c27ab51b3f7e995f25503063e7a6ebc7feb269df2499c33471f35cd62"
+  digest = "1:931a62a1aacc37a5e4c309a111642ec4da47b4dc453cd4ba5481b12eedb04a5d"
  name = "github.com/go-xorm/xorm"
  packages = ["."]
  pruneopts = "NUT"
-  revision = "1cd2662be938bfee0e34af92fe448513e0560fb1"
+  revision = "401f4ee8ff8cbc40a4754cb12192fbe4f02f3979"

 [[projects]]
  branch = "master"
@@ -1005,12 +1005,12 @@
  version = "v1.31.1"

 [[projects]]
-  digest = "1:8a502dedecf5b6d56e36f0d0e6196392baf616634af2c23108b6e8bb89ec57fc"
-  name = "gopkg.in/ldap.v3"
+  digest = "1:01f4ac37c52bda6f7e1bd73680a99f88733c0408aaa159ecb1ba53a1ade9423c"
+  name = "gopkg.in/ldap.v2"
  packages = ["."]
  pruneopts = "NUT"
-  revision = "214f299a0ecb2a6c6f6d2b0f13977032b207dc58"
-  version = "v3.0.1"
+  revision = "d0a5ced67b4dc310b9158d63a2c6f9c5ec13f105"
+  version = "v2.4.1"

 [[projects]]
  digest = "1:cfe1730a152ff033ad7d9c115d22e36b19eec6d5928c06146b9119be45d39dc0"
@@ -1214,7 +1214,7 @@
    "gopkg.in/editorconfig/editorconfig-core-go.v1",
    "gopkg.in/gomail.v2",
    "gopkg.in/ini.v1",
-    "gopkg.in/ldap.v3",
+    "gopkg.in/ldap.v2",
    "gopkg.in/macaron.v1",
    "gopkg.in/testfixtures.v2",
    "strk.kbt.io/projects/go/libravatar",
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -38,7 +38,7 @@ ignored = ["google.golang.org/appengine*"]

 [[override]]
  name = "github.com/go-xorm/xorm"
-  revision = "1cd2662be938bfee0e34af92fe448513e0560fb1"
+  revision = "401f4ee8ff8cbc40a4754cb12192fbe4f02f3979"

 [[override]]
  name = "github.com/go-xorm/builder"
@@ -97,8 +97,8 @@ ignored = ["google.golang.org/appengine*"]
  version = "1.31.1"

 [[constraint]]
-  name = "gopkg.in/ldap.v3"
-  version = "3.0.1"
+  name = "gopkg.in/ldap.v2"
+  version = "2.4.1"

 [[constraint]]
  name = "gopkg.in/macaron.v1"
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -9,11 +9,10 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"strings"

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
-
 	"github.com/urfave/cli"
 )

@@ -25,7 +24,7 @@ func argsSet(c *cli.Context, args ...string) error {
 			return errors.New(a + " is not set")
 		}

-		if util.IsEmptyString(a) {
+		if len(strings.TrimSpace(c.String(a))) == 0 {
 			return errors.New(a + " is required")
 		}
 	}
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -70,7 +70,6 @@ func checkLFSVersion() {
 }

 func setup(logPath string) {
-	log.DelLogger("console")
 	setting.NewContext()
 	checkLFSVersion()
 	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
@@ -234,30 +233,23 @@ func runServ(c *cli.Context) error {

 		// Check deploy key or user key.
 		if key.Type == models.KeyTypeDeploy {
-			// Now we have to get the deploy key for this repo
-			deployKey, err := private.GetDeployKey(key.ID, repo.ID)
+			if key.Mode < requestedMode {
+				fail("Key permission denied", "Cannot push with deployment key: %d", key.ID)
+			}
+
+			// Check if this deploy key belongs to current repository.
+			has, err := private.HasDeployKey(key.ID, repo.ID)
 			if err != nil {
 				fail("Key access denied", "Failed to access internal api: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
 			}
-
-			if deployKey == nil {
+			if !has {
 				fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
 			}

-			if deployKey.Mode < requestedMode {
-				fail("Key permission denied", "Cannot push with read-only deployment key: %d to repo_id: %d", key.ID, repo.ID)
-			}
-
 			// Update deploy key activity.
 			if err = private.UpdateDeployKeyUpdated(key.ID, repo.ID); err != nil {
 				fail("Internal error", "UpdateDeployKey: %v", err)
 			}
-
-			// FIXME: Deploy keys aren't really the owner of the repo pushing changes
-			// however we don't have good way of representing deploy keys in hook.go
-			// so for now use the owner
-			os.Setenv(models.EnvPusherName, username)
-			os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", repo.OwnerID))
 		} else {
 			user, err = private.GetUserByKeyID(key.ID)
 			if err != nil {
--- a/integrations/api_helper_for_declarative_test.go
+++ b/integrations/api_helper_for_declarative_test.go
@@ -1,152 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package integrations
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"testing"
-
-	api "code.gitea.io/sdk/gitea"
-	"github.com/stretchr/testify/assert"
-)
-
-type APITestContext struct {
-	Reponame     string
-	Session      *TestSession
-	Token        string
-	Username     string
-	ExpectedCode int
-}
-
-func NewAPITestContext(t *testing.T, username, reponame string) APITestContext {
-	session := loginUser(t, username)
-	token := getTokenForLoggedInUser(t, session)
-	return APITestContext{
-		Session:  session,
-		Token:    token,
-		Username: username,
-		Reponame: reponame,
-	}
-}
-
-func (ctx APITestContext) GitPath() string {
-	return fmt.Sprintf("%s/%s.git", ctx.Username, ctx.Reponame)
-}
-
-func doAPICreateRepository(ctx APITestContext, empty bool, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
-	return func(t *testing.T) {
-		createRepoOption := &api.CreateRepoOption{
-			AutoInit:    !empty,
-			Description: "Temporary repo",
-			Name:        ctx.Reponame,
-			Private:     true,
-			Gitignores:  "",
-			License:     "WTFPL",
-			Readme:      "Default",
-		}
-		req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+ctx.Token, createRepoOption)
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
-
-		var repository api.Repository
-		DecodeJSON(t, resp, &repository)
-		if len(callback) > 0 {
-			callback[0](t, repository)
-		}
-	}
-}
-
-func doAPIGetRepository(ctx APITestContext, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
-
-		req := NewRequest(t, "GET", urlStr)
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
-
-		var repository api.Repository
-		DecodeJSON(t, resp, &repository)
-		if len(callback) > 0 {
-			callback[0](t, repository)
-		}
-	}
-}
-
-func doAPIDeleteRepository(ctx APITestContext) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
-
-		req := NewRequest(t, "DELETE", urlStr)
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
-	}
-}
-
-func doAPICreateUserKey(ctx APITestContext, keyname, keyFile string, callback ...func(*testing.T, api.PublicKey)) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/user/keys?token=%s", ctx.Token)
-
-		dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
-		assert.NoError(t, err)
-		req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateKeyOption{
-			Title: keyname,
-			Key:   string(dataPubKey),
-		})
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
-		var publicKey api.PublicKey
-		DecodeJSON(t, resp, &publicKey)
-		if len(callback) > 0 {
-			callback[0](t, publicKey)
-		}
-	}
-}
-
-func doAPIDeleteUserKey(ctx APITestContext, keyID int64) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/user/keys/%d?token=%s", keyID, ctx.Token)
-
-		req := NewRequest(t, "DELETE", urlStr)
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
-	}
-}
-
-func doAPICreateDeployKey(ctx APITestContext, keyname, keyFile string, readOnly bool) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
-
-		dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
-		assert.NoError(t, err)
-		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateKeyOption{
-			Title:    keyname,
-			Key:      string(dataPubKey),
-			ReadOnly: readOnly,
-		})
-
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		ctx.Session.MakeRequest(t, req, http.StatusCreated)
-	}
-}
--- a/integrations/git_helper_for_declarative_test.go
+++ b/integrations/git_helper_for_declarative_test.go
@@ -1,127 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package integrations
-
-import (
-	"context"
-	"fmt"
-	"io/ioutil"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"testing"
-	"time"
-
-	"code.gitea.io/git"
-	"code.gitea.io/gitea/modules/setting"
-	"github.com/Unknwon/com"
-	"github.com/stretchr/testify/assert"
-)
-
-func withKeyFile(t *testing.T, keyname string, callback func(string)) {
-	keyFile := filepath.Join(setting.AppDataPath, keyname)
-	err := exec.Command("ssh-keygen", "-f", keyFile, "-t", "rsa", "-N", "").Run()
-	assert.NoError(t, err)
-
-	//Setup ssh wrapper
-	os.Setenv("GIT_SSH_COMMAND",
-		"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "+
-			filepath.Join(setting.AppWorkPath, keyFile))
-	os.Setenv("GIT_SSH_VARIANT", "ssh")
-
-	callback(keyFile)
-
-	defer os.RemoveAll(keyFile)
-	defer os.RemoveAll(keyFile + ".pub")
-}
-
-func createSSHUrl(gitPath string, u *url.URL) *url.URL {
-	u2 := *u
-	u2.Scheme = "ssh"
-	u2.User = url.User("git")
-	u2.Host = fmt.Sprintf("%s:%d", setting.SSH.ListenHost, setting.SSH.ListenPort)
-	u2.Path = gitPath
-	return &u2
-}
-
-func onGiteaRun(t *testing.T, callback func(*testing.T, *url.URL)) {
-	prepareTestEnv(t)
-	s := http.Server{
-		Handler: mac,
-	}
-
-	u, err := url.Parse(setting.AppURL)
-	assert.NoError(t, err)
-	listener, err := net.Listen("tcp", u.Host)
-	assert.NoError(t, err)
-
-	defer func() {
-		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
-		s.Shutdown(ctx)
-		cancel()
-	}()
-
-	go s.Serve(listener)
-	//Started by config go ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
-
-	callback(t, u)
-}
-
-func doGitClone(dstLocalPath string, u *url.URL) func(*testing.T) {
-	return func(t *testing.T) {
-		assert.NoError(t, git.Clone(u.String(), dstLocalPath, git.CloneRepoOptions{}))
-		assert.True(t, com.IsExist(filepath.Join(dstLocalPath, "README.md")))
-	}
-}
-
-func doGitCloneFail(dstLocalPath string, u *url.URL) func(*testing.T) {
-	return func(t *testing.T) {
-		assert.Error(t, git.Clone(u.String(), dstLocalPath, git.CloneRepoOptions{}))
-		assert.False(t, com.IsExist(filepath.Join(dstLocalPath, "README.md")))
-	}
-}
-
-func doGitInitTestRepository(dstPath string) func(*testing.T) {
-	return func(t *testing.T) {
-		// Init repository in dstPath
-		assert.NoError(t, git.InitRepository(dstPath, false))
-		assert.NoError(t, ioutil.WriteFile(filepath.Join(dstPath, "README.md"), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s", dstPath)), 0644))
-		assert.NoError(t, git.AddChanges(dstPath, true))
-		signature := git.Signature{
-			Email: "test@example.com",
-			Name:  "test",
-			When:  time.Now(),
-		}
-		assert.NoError(t, git.CommitChanges(dstPath, git.CommitChangesOptions{
-			Committer: &signature,
-			Author:    &signature,
-			Message:   "Initial Commit",
-		}))
-	}
-}
-
-func doGitAddRemote(dstPath, remoteName string, u *url.URL) func(*testing.T) {
-	return func(t *testing.T) {
-		_, err := git.NewCommand("remote", "add", remoteName, u.String()).RunInDir(dstPath)
-		assert.NoError(t, err)
-	}
-}
-
-func doGitPushTestRepository(dstPath, remoteName, branch string) func(*testing.T) {
-	return func(t *testing.T) {
-		_, err := git.NewCommand("push", "-u", remoteName, branch).RunInDir(dstPath)
-		assert.NoError(t, err)
-	}
-}
-
-func doGitPushTestRepositoryFail(dstPath, remoteName, branch string) func(*testing.T) {
-	return func(t *testing.T) {
-		_, err := git.NewCommand("push", "-u", remoteName, branch).RunInDir(dstPath)
-		assert.Error(t, err)
-	}
-}
--- a/integrations/git_test.go
+++ b/integrations/git_test.go
@@ -5,17 +5,25 @@
 package integrations

 import (
+	"context"
 	"crypto/rand"
 	"fmt"
 	"io/ioutil"
+	"net"
+	"net/http"
 	"net/url"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"testing"
 	"time"

 	"code.gitea.io/git"
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/setting"
+	api "code.gitea.io/sdk/gitea"

+	"github.com/Unknwon/com"
 	"github.com/stretchr/testify/assert"
 )

@@ -24,86 +32,160 @@ const (
 	bigSize    = 128 * 1024 * 1024 //128Mo
 )

-func TestGit(t *testing.T) {
-	onGiteaRun(t, testGit)
+func onGiteaRun(t *testing.T, callback func(*testing.T, *url.URL)) {
+	prepareTestEnv(t)
+	s := http.Server{
+		Handler: mac,
+	}
+
+	u, err := url.Parse(setting.AppURL)
+	assert.NoError(t, err)
+	listener, err := net.Listen("tcp", u.Host)
+	assert.NoError(t, err)
+
+	defer func() {
+		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
+		s.Shutdown(ctx)
+		cancel()
+	}()
+
+	go s.Serve(listener)
+	//Started by config go ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
+
+	callback(t, u)
 }

-func testGit(t *testing.T, u *url.URL) {
-	username := "user2"
-	baseAPITestContext := NewAPITestContext(t, username, "repo1")
+func TestGit(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		u.Path = "user2/repo1.git"

-	u.Path = baseAPITestContext.GitPath()
-
-	t.Run("HTTP", func(t *testing.T) {
-		httpContext := baseAPITestContext
-		httpContext.Reponame = "repo-tmp-17"
-
-		dstPath, err := ioutil.TempDir("", httpContext.Reponame)
-		assert.NoError(t, err)
-		defer os.RemoveAll(dstPath)
-		t.Run("Standard", func(t *testing.T) {
-			ensureAnonymousClone(t, u)
-
-			t.Run("CreateRepo", doAPICreateRepository(httpContext, false))
-
-			u.Path = httpContext.GitPath()
-			u.User = url.UserPassword(username, userPassword)
-
-			t.Run("Clone", doGitClone(dstPath, u))
-
-			t.Run("PushCommit", func(t *testing.T) {
-				t.Run("Little", func(t *testing.T) {
-					commitAndPush(t, littleSize, dstPath)
+		t.Run("HTTP", func(t *testing.T) {
+			dstPath, err := ioutil.TempDir("", "repo-tmp-17")
+			assert.NoError(t, err)
+			defer os.RemoveAll(dstPath)
+			t.Run("Standard", func(t *testing.T) {
+				t.Run("CloneNoLogin", func(t *testing.T) {
+					dstLocalPath, err := ioutil.TempDir("", "repo1")
+					assert.NoError(t, err)
+					defer os.RemoveAll(dstLocalPath)
+					err = git.Clone(u.String(), dstLocalPath, git.CloneRepoOptions{})
+					assert.NoError(t, err)
+					assert.True(t, com.IsExist(filepath.Join(dstLocalPath, "README.md")))
 				})
-				t.Run("Big", func(t *testing.T) {
-					commitAndPush(t, bigSize, dstPath)
+
+				t.Run("CreateRepo", func(t *testing.T) {
+					session := loginUser(t, "user2")
+					token := getTokenForLoggedInUser(t, session)
+					req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{
+						AutoInit:    true,
+						Description: "Temporary repo",
+						Name:        "repo-tmp-17",
+						Private:     false,
+						Gitignores:  "",
+						License:     "WTFPL",
+						Readme:      "Default",
+					})
+					session.MakeRequest(t, req, http.StatusCreated)
+				})
+
+				u.Path = "user2/repo-tmp-17.git"
+				u.User = url.UserPassword("user2", userPassword)
+				t.Run("Clone", func(t *testing.T) {
+					err = git.Clone(u.String(), dstPath, git.CloneRepoOptions{})
+					assert.NoError(t, err)
+					assert.True(t, com.IsExist(filepath.Join(dstPath, "README.md")))
+				})
+
+				t.Run("PushCommit", func(t *testing.T) {
+					t.Run("Little", func(t *testing.T) {
+						commitAndPush(t, littleSize, dstPath)
+					})
+					t.Run("Big", func(t *testing.T) {
+						commitAndPush(t, bigSize, dstPath)
+					})
+				})
+			})
+			t.Run("LFS", func(t *testing.T) {
+				t.Run("PushCommit", func(t *testing.T) {
+					//Setup git LFS
+					_, err = git.NewCommand("lfs").AddArguments("install").RunInDir(dstPath)
+					assert.NoError(t, err)
+					_, err = git.NewCommand("lfs").AddArguments("track", "data-file-*").RunInDir(dstPath)
+					assert.NoError(t, err)
+					err = git.AddChanges(dstPath, false, ".gitattributes")
+					assert.NoError(t, err)
+
+					t.Run("Little", func(t *testing.T) {
+						commitAndPush(t, littleSize, dstPath)
+					})
+					t.Run("Big", func(t *testing.T) {
+						commitAndPush(t, bigSize, dstPath)
+					})
+				})
+				t.Run("Locks", func(t *testing.T) {
+					lockTest(t, u.String(), dstPath)
 				})
 			})
 		})
-		t.Run("LFS", func(t *testing.T) {
-			t.Run("PushCommit", func(t *testing.T) {
-				//Setup git LFS
-				_, err = git.NewCommand("lfs").AddArguments("install").RunInDir(dstPath)
-				assert.NoError(t, err)
-				_, err = git.NewCommand("lfs").AddArguments("track", "data-file-*").RunInDir(dstPath)
-				assert.NoError(t, err)
-				err = git.AddChanges(dstPath, false, ".gitattributes")
-				assert.NoError(t, err)
-
-				t.Run("Little", func(t *testing.T) {
-					commitAndPush(t, littleSize, dstPath)
-				})
-				t.Run("Big", func(t *testing.T) {
-					commitAndPush(t, bigSize, dstPath)
-				})
-			})
-			t.Run("Locks", func(t *testing.T) {
-				lockTest(t, u.String(), dstPath)
-			})
-		})
-	})
-	t.Run("SSH", func(t *testing.T) {
-		sshContext := baseAPITestContext
-		sshContext.Reponame = "repo-tmp-18"
-		keyname := "my-testing-key"
-		//Setup key the user ssh key
-		withKeyFile(t, keyname, func(keyFile string) {
-			t.Run("CreateUserKey", doAPICreateUserKey(sshContext, "test-key", keyFile))
-
+		t.Run("SSH", func(t *testing.T) {
 			//Setup remote link
-			sshURL := createSSHUrl(sshContext.GitPath(), u)
+			u.Scheme = "ssh"
+			u.User = url.User("git")
+			u.Host = fmt.Sprintf("%s:%d", setting.SSH.ListenHost, setting.SSH.ListenPort)
+			u.Path = "user2/repo-tmp-18.git"
+
+			//Setup key
+			keyFile := filepath.Join(setting.AppDataPath, "my-testing-key")
+			err := exec.Command("ssh-keygen", "-f", keyFile, "-t", "rsa", "-N", "").Run()
+			assert.NoError(t, err)
+			defer os.RemoveAll(keyFile)
+			defer os.RemoveAll(keyFile + ".pub")
+
+			session := loginUser(t, "user1")
+			keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
+			token := getTokenForLoggedInUser(t, session)
+			urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)
+
+			dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
+			assert.NoError(t, err)
+			req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
+				"key":   string(dataPubKey),
+				"title": "test-key",
+			})
+			session.MakeRequest(t, req, http.StatusCreated)
+
+			//Setup ssh wrapper
+			os.Setenv("GIT_SSH_COMMAND",
+				"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "+
+					filepath.Join(setting.AppWorkPath, keyFile))
+			os.Setenv("GIT_SSH_VARIANT", "ssh")

 			//Setup clone folder
-			dstPath, err := ioutil.TempDir("", sshContext.Reponame)
+			dstPath, err := ioutil.TempDir("", "repo-tmp-18")
 			assert.NoError(t, err)
 			defer os.RemoveAll(dstPath)

 			t.Run("Standard", func(t *testing.T) {
-				t.Run("CreateRepo", doAPICreateRepository(sshContext, false))
-
+				t.Run("CreateRepo", func(t *testing.T) {
+					session := loginUser(t, "user2")
+					token := getTokenForLoggedInUser(t, session)
+					req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{
+						AutoInit:    true,
+						Description: "Temporary repo",
+						Name:        "repo-tmp-18",
+						Private:     false,
+						Gitignores:  "",
+						License:     "WTFPL",
+						Readme:      "Default",
+					})
+					session.MakeRequest(t, req, http.StatusCreated)
+				})
 				//TODO get url from api
-				t.Run("Clone", doGitClone(dstPath, sshURL))
-
+				t.Run("Clone", func(t *testing.T) {
+					_, err = git.NewCommand("clone").AddArguments(u.String(), dstPath).Run()
+					assert.NoError(t, err)
+					assert.True(t, com.IsExist(filepath.Join(dstPath, "README.md")))
+				})
 				//time.Sleep(5 * time.Minute)
 				t.Run("PushCommit", func(t *testing.T) {
 					t.Run("Little", func(t *testing.T) {
@@ -135,20 +217,10 @@ func testGit(t *testing.T, u *url.URL) {
 					lockTest(t, u.String(), dstPath)
 				})
 			})
-
 		})
-
 	})
 }

-func ensureAnonymousClone(t *testing.T, u *url.URL) {
-	dstLocalPath, err := ioutil.TempDir("", "repo1")
-	assert.NoError(t, err)
-	defer os.RemoveAll(dstLocalPath)
-	t.Run("CloneAnonymous", doGitClone(dstLocalPath, u))
-
-}
-
 func lockTest(t *testing.T, remote, repoPath string) {
 	_, err := git.NewCommand("remote").AddArguments("set-url", "origin", remote).RunInDir(repoPath) //TODO add test ssh git-lfs-creds
 	assert.NoError(t, err)
--- a/integrations/release_test.go
+++ b/integrations/release_test.go
@@ -112,7 +112,7 @@ func TestCreateReleasePaging(t *testing.T) {

 	checkLatestReleaseAndCount(t, session, "/user2/repo1", "v0.0.12", i18n.Tr("en", "repo.release.draft"), 10)

-	// Check that user4 does not see draft and still see 10 latest releases
-	session2 := loginUser(t, "user4")
+	// Check that user3 does not see draft and still see 10 latest releases
+	session2 := loginUser(t, "user3")
 	checkLatestReleaseAndCount(t, session2, "/user2/repo1", "v0.0.11", i18n.Tr("en", "repo.release.stable"), 10)
 }
--- a/integrations/ssh_key_test.go
+++ b/integrations/ssh_key_test.go
@@ -1,217 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package integrations
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"testing"
-	"time"
-
-	"code.gitea.io/git"
-	api "code.gitea.io/sdk/gitea"
-	"github.com/stretchr/testify/assert"
-)
-
-func doCheckRepositoryEmptyStatus(ctx APITestContext, isEmpty bool) func(*testing.T) {
-	return doAPIGetRepository(ctx, func(t *testing.T, repository api.Repository) {
-		assert.Equal(t, isEmpty, repository.Empty)
-	})
-}
-
-func doAddChangesToCheckout(dstPath, filename string) func(*testing.T) {
-	return func(t *testing.T) {
-		assert.NoError(t, ioutil.WriteFile(filepath.Join(dstPath, filename), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s at time: %v", dstPath, time.Now())), 0644))
-		assert.NoError(t, git.AddChanges(dstPath, true))
-		signature := git.Signature{
-			Email: "test@example.com",
-			Name:  "test",
-			When:  time.Now(),
-		}
-		assert.NoError(t, git.CommitChanges(dstPath, git.CommitChangesOptions{
-			Committer: &signature,
-			Author:    &signature,
-			Message:   "Initial Commit",
-		}))
-	}
-}
-
-func TestPushDeployKeyOnEmptyRepo(t *testing.T) {
-	onGiteaRun(t, testPushDeployKeyOnEmptyRepo)
-}
-
-func testPushDeployKeyOnEmptyRepo(t *testing.T, u *url.URL) {
-	// OK login
-	ctx := NewAPITestContext(t, "user2", "deploy-key-empty-repo-1")
-	keyname := fmt.Sprintf("%s-push", ctx.Reponame)
-	u.Path = ctx.GitPath()
-
-	t.Run("CreateEmptyRepository", doAPICreateRepository(ctx, true))
-
-	t.Run("CheckIsEmpty", doCheckRepositoryEmptyStatus(ctx, true))
-
-	withKeyFile(t, keyname, func(keyFile string) {
-		t.Run("CreatePushDeployKey", doAPICreateDeployKey(ctx, keyname, keyFile, false))
-
-		// Setup the testing repository
-		dstPath, err := ioutil.TempDir("", "repo-tmp-deploy-key-empty-repo-1")
-		assert.NoError(t, err)
-		defer os.RemoveAll(dstPath)
-
-		t.Run("InitTestRepository", doGitInitTestRepository(dstPath))
-
-		//Setup remote link
-		sshURL := createSSHUrl(ctx.GitPath(), u)
-
-		t.Run("AddRemote", doGitAddRemote(dstPath, "origin", sshURL))
-
-		t.Run("SSHPushTestRepository", doGitPushTestRepository(dstPath, "origin", "master"))
-
-		t.Run("CheckIsNotEmpty", doCheckRepositoryEmptyStatus(ctx, false))
-
-		t.Run("DeleteRepository", doAPIDeleteRepository(ctx))
-	})
-}
-
-func TestKeyOnlyOneType(t *testing.T) {
-	onGiteaRun(t, testKeyOnlyOneType)
-}
-
-func testKeyOnlyOneType(t *testing.T, u *url.URL) {
-	// Once a key is a user key we cannot use it as a deploy key
-	// If we delete it from the user we should be able to use it as a deploy key
-	reponame := "ssh-key-test-repo"
-	username := "user2"
-	u.Path = fmt.Sprintf("%s/%s.git", username, reponame)
-	keyname := fmt.Sprintf("%s-push", reponame)
-
-	// OK login
-	ctx := NewAPITestContext(t, username, reponame)
-
-	otherCtx := ctx
-	otherCtx.Reponame = "ssh-key-test-repo-2"
-
-	failCtx := ctx
-	failCtx.ExpectedCode = http.StatusUnprocessableEntity
-
-	t.Run("CreateRepository", doAPICreateRepository(ctx, false))
-	t.Run("CreateOtherRepository", doAPICreateRepository(otherCtx, false))
-
-	withKeyFile(t, keyname, func(keyFile string) {
-		var userKeyPublicKeyID int64
-		t.Run("KeyCanOnlyBeUser", func(t *testing.T) {
-			dstPath, err := ioutil.TempDir("", ctx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstPath)
-
-			sshURL := createSSHUrl(ctx.GitPath(), u)
-
-			t.Run("FailToClone", doGitCloneFail(dstPath, sshURL))
-
-			t.Run("CreateUserKey", doAPICreateUserKey(ctx, keyname, keyFile, func(t *testing.T, publicKey api.PublicKey) {
-				userKeyPublicKeyID = publicKey.ID
-			}))
-
-			t.Run("FailToAddReadOnlyDeployKey", doAPICreateDeployKey(failCtx, keyname, keyFile, true))
-
-			t.Run("FailToAddDeployKey", doAPICreateDeployKey(failCtx, keyname, keyFile, false))
-
-			t.Run("Clone", doGitClone(dstPath, sshURL))
-
-			t.Run("AddChanges", doAddChangesToCheckout(dstPath, "CHANGES1.md"))
-
-			t.Run("Push", doGitPushTestRepository(dstPath, "origin", "master"))
-
-			t.Run("DeleteUserKey", doAPIDeleteUserKey(ctx, userKeyPublicKeyID))
-		})
-
-		t.Run("KeyCanBeAnyDeployButNotUserAswell", func(t *testing.T) {
-			dstPath, err := ioutil.TempDir("", ctx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstPath)
-
-			sshURL := createSSHUrl(ctx.GitPath(), u)
-
-			t.Run("FailToClone", doGitCloneFail(dstPath, sshURL))
-
-			// Should now be able to add...
-			t.Run("AddReadOnlyDeployKey", doAPICreateDeployKey(ctx, keyname, keyFile, true))
-
-			t.Run("Clone", doGitClone(dstPath, sshURL))
-
-			t.Run("AddChanges", doAddChangesToCheckout(dstPath, "CHANGES2.md"))
-
-			t.Run("FailToPush", doGitPushTestRepositoryFail(dstPath, "origin", "master"))
-
-			otherSSHURL := createSSHUrl(otherCtx.GitPath(), u)
-			dstOtherPath, err := ioutil.TempDir("", otherCtx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstOtherPath)
-
-			t.Run("AddWriterDeployKeyToOther", doAPICreateDeployKey(otherCtx, keyname, keyFile, false))
-
-			t.Run("CloneOther", doGitClone(dstOtherPath, otherSSHURL))
-
-			t.Run("AddChangesToOther", doAddChangesToCheckout(dstOtherPath, "CHANGES3.md"))
-
-			t.Run("PushToOther", doGitPushTestRepository(dstOtherPath, "origin", "master"))
-
-			t.Run("FailToCreateUserKey", doAPICreateUserKey(failCtx, keyname, keyFile))
-		})
-
-		t.Run("DeleteRepositoryShouldReleaseKey", func(t *testing.T) {
-			otherSSHURL := createSSHUrl(otherCtx.GitPath(), u)
-			dstOtherPath, err := ioutil.TempDir("", otherCtx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstOtherPath)
-
-			t.Run("DeleteRepository", doAPIDeleteRepository(ctx))
-
-			t.Run("FailToCreateUserKeyAsStillDeploy", doAPICreateUserKey(failCtx, keyname, keyFile))
-
-			t.Run("MakeSureCloneOtherStillWorks", doGitClone(dstOtherPath, otherSSHURL))
-
-			t.Run("AddChangesToOther", doAddChangesToCheckout(dstOtherPath, "CHANGES3.md"))
-
-			t.Run("PushToOther", doGitPushTestRepository(dstOtherPath, "origin", "master"))
-
-			t.Run("DeleteOtherRepository", doAPIDeleteRepository(otherCtx))
-
-			t.Run("RecreateRepository", doAPICreateRepository(ctx, false))
-
-			t.Run("CreateUserKey", doAPICreateUserKey(ctx, keyname, keyFile, func(t *testing.T, publicKey api.PublicKey) {
-				userKeyPublicKeyID = publicKey.ID
-			}))
-
-			dstPath, err := ioutil.TempDir("", ctx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstPath)
-
-			sshURL := createSSHUrl(ctx.GitPath(), u)
-
-			t.Run("Clone", doGitClone(dstPath, sshURL))
-
-			t.Run("AddChanges", doAddChangesToCheckout(dstPath, "CHANGES1.md"))
-
-			t.Run("Push", doGitPushTestRepository(dstPath, "origin", "master"))
-		})
-
-		t.Run("DeleteUserKeyShouldRemoveAbilityToClone", func(t *testing.T) {
-			dstPath, err := ioutil.TempDir("", ctx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstPath)
-
-			sshURL := createSSHUrl(ctx.GitPath(), u)
-
-			t.Run("DeleteUserKey", doAPIDeleteUserKey(ctx, userKeyPublicKeyID))
-
-			t.Run("FailToClone", doGitCloneFail(dstPath, sshURL))
-		})
-	})
-}
--- a/main.go
+++ b/main.go
@@ -8,7 +8,6 @@ package main // import "code.gitea.io/gitea"

 import (
 	"os"
-	"runtime"
 	"strings"

 	"code.gitea.io/gitea/cmd"
@@ -62,8 +61,8 @@ arguments - which can alternatively be run by running the subcommand web.`

 func formatBuiltWith(Tags string) string {
 	if len(Tags) == 0 {
-		return " built with " + runtime.Version()
+		return ""
 	}

-	return " built with " + runtime.Version() + " : " + strings.Replace(Tags, " ", ", ", -1)
+	return " built with: " + strings.Replace(Tags, " ", ", ", -1)
 }
--- a/models/action.go
+++ b/models/action.go
@@ -476,34 +476,8 @@ func getIssueFromRef(repo *Repository, ref string) (*Issue, error) {
 	return issue, nil
 }

-func changeIssueStatus(repo *Repository, doer *User, ref string, refMarked map[int64]bool, status bool) error {
-	issue, err := getIssueFromRef(repo, ref)
-	if err != nil {
-		return err
-	}
-
-	if issue == nil || refMarked[issue.ID] {
-		return nil
-	}
-	refMarked[issue.ID] = true
-
-	if issue.RepoID != repo.ID || issue.IsClosed == status {
-		return nil
-	}
-
-	issue.Repo = repo
-	if err = issue.ChangeStatus(doer, status); err != nil {
-		// Don't return an error when dependencies are open as this would let the push fail
-		if IsErrDependenciesLeft(err) {
-			return nil
-		}
-		return err
-	}
-	return nil
-}
-
 // UpdateIssuesCommit checks if issues are manipulated by commit message.
-func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit, branchName string) error {
+func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) error {
 	// Commits are appended in the reverse order.
 	for i := len(commits) - 1; i >= 0; i-- {
 		c := commits[i]
@@ -526,21 +500,51 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit, bra
 			}
 		}

-		// Change issue status only if the commit has been pushed to the default branch.
-		if repo.DefaultBranch != branchName {
-			continue
-		}
-
 		refMarked = make(map[int64]bool)
+		// FIXME: can merge this one and next one to a common function.
 		for _, ref := range issueCloseKeywordsPat.FindAllString(c.Message, -1) {
-			if err := changeIssueStatus(repo, doer, ref, refMarked, true); err != nil {
+			issue, err := getIssueFromRef(repo, ref)
+			if err != nil {
+				return err
+			}
+
+			if issue == nil || refMarked[issue.ID] {
+				continue
+			}
+			refMarked[issue.ID] = true
+
+			if issue.RepoID != repo.ID || issue.IsClosed {
+				continue
+			}
+
+			issue.Repo = repo
+			if err = issue.ChangeStatus(doer, true); err != nil {
+				// Don't return an error when dependencies are open as this would let the push fail
+				if IsErrDependenciesLeft(err) {
+					return nil
+				}
 				return err
 			}
 		}

 		// It is conflict to have close and reopen at same time, so refsMarked doesn't need to reinit here.
 		for _, ref := range issueReopenKeywordsPat.FindAllString(c.Message, -1) {
-			if err := changeIssueStatus(repo, doer, ref, refMarked, false); err != nil {
+			issue, err := getIssueFromRef(repo, ref)
+			if err != nil {
+				return err
+			}
+
+			if issue == nil || refMarked[issue.ID] {
+				continue
+			}
+			refMarked[issue.ID] = true
+
+			if issue.RepoID != repo.ID || !issue.IsClosed {
+				continue
+			}
+
+			issue.Repo = repo
+			if err = issue.ChangeStatus(doer, false); err != nil {
 				return err
 			}
 		}
@@ -605,7 +609,7 @@ func CommitRepoAction(opts CommitRepoActionOptions) error {
 			opts.Commits.CompareURL = repo.ComposeCompareURL(opts.OldCommitID, opts.NewCommitID)
 		}

-		if err = UpdateIssuesCommit(pusher, repo, opts.Commits.Commits, refName); err != nil {
+		if err = UpdateIssuesCommit(pusher, repo, opts.Commits.Commits); err != nil {
 			log.Error(4, "updateIssuesCommit: %v", err)
 		}
 	}
--- a/models/action_test.go
+++ b/models/action_test.go
@@ -227,37 +227,10 @@ func TestUpdateIssuesCommit(t *testing.T) {

 	AssertNotExistsBean(t, commentBean)
 	AssertNotExistsBean(t, &Issue{RepoID: repo.ID, Index: 2}, "is_closed=1")
-	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits, repo.DefaultBranch))
+	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits))
 	AssertExistsAndLoadBean(t, commentBean)
 	AssertExistsAndLoadBean(t, issueBean, "is_closed=1")
 	CheckConsistencyFor(t, &Action{})
-
-	// Test that push to a non-default branch closes no issue.
-	pushCommits = []*PushCommit{
-		{
-			Sha1:           "abcdef1",
-			CommitterEmail: "user2@example.com",
-			CommitterName:  "User Two",
-			AuthorEmail:    "user4@example.com",
-			AuthorName:     "User Four",
-			Message:        "close #1",
-		},
-	}
-	repo = AssertExistsAndLoadBean(t, &Repository{ID: 3}).(*Repository)
-	commentBean = &Comment{
-		Type:      CommentTypeCommitRef,
-		CommitSHA: "abcdef1",
-		PosterID:  user.ID,
-		IssueID:   6,
-	}
-	issueBean = &Issue{RepoID: repo.ID, Index: 1}
-
-	AssertNotExistsBean(t, commentBean)
-	AssertNotExistsBean(t, &Issue{RepoID: repo.ID, Index: 1}, "is_closed=1")
-	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits, "non-existing-branch"))
-	AssertExistsAndLoadBean(t, commentBean)
-	AssertNotExistsBean(t, issueBean, "is_closed=1")
-	CheckConsistencyFor(t, &Action{})
 }

 func testCorrectRepoAction(t *testing.T, opts CommitRepoActionOptions, actionBean *Action) {
--- a/models/error.go
+++ b/models/error.go
@@ -90,38 +90,6 @@ func (err ErrUserNotExist) Error() string {
 	return fmt.Sprintf("user does not exist [uid: %d, name: %s, keyid: %d]", err.UID, err.Name, err.KeyID)
 }

-// ErrUserProhibitLogin represents a "ErrUserProhibitLogin" kind of error.
-type ErrUserProhibitLogin struct {
-	UID  int64
-	Name string
-}
-
-// IsErrUserProhibitLogin checks if an error is a ErrUserProhibitLogin
-func IsErrUserProhibitLogin(err error) bool {
-	_, ok := err.(ErrUserProhibitLogin)
-	return ok
-}
-
-func (err ErrUserProhibitLogin) Error() string {
-	return fmt.Sprintf("user is not allowed login [uid: %d, name: %s]", err.UID, err.Name)
-}
-
-// ErrUserInactive represents a "ErrUserInactive" kind of error.
-type ErrUserInactive struct {
-	UID  int64
-	Name string
-}
-
-// IsErrUserInactive checks if an error is a ErrUserInactive
-func IsErrUserInactive(err error) bool {
-	_, ok := err.(ErrUserInactive)
-	return ok
-}
-
-func (err ErrUserInactive) Error() string {
-	return fmt.Sprintf("user is inactive [uid: %d, name: %s]", err.UID, err.Name)
-}
-
 // ErrEmailAlreadyUsed represents a "EmailAlreadyUsed" kind of error.
 type ErrEmailAlreadyUsed struct {
 	Email string
--- a/models/issue.go
+++ b/models/issue.go
@@ -1402,7 +1402,7 @@ func UpdateIssueMentions(e Engine, issueID int64, mentions []string) error {
 		}

 		memberIDs := make([]int64, 0, user.NumMembers)
-		orgUsers, err := getOrgUsersByOrgID(e, user.ID)
+		orgUsers, err := GetOrgUsersByOrgID(user.ID)
 		if err != nil {
 			return fmt.Errorf("GetOrgUsersByOrgID [%d]: %v", user.ID, err)
 		}
--- a/models/issue_assignees.go
+++ b/models/issue_assignees.go
@@ -44,11 +44,7 @@ func (issue *Issue) loadAssignees(e Engine) (err error) {

 // GetAssigneesByIssue returns everyone assigned to that issue
 func GetAssigneesByIssue(issue *Issue) (assignees []*User, err error) {
-	return getAssigneesByIssue(x, issue)
-}
-
-func getAssigneesByIssue(e Engine, issue *Issue) (assignees []*User, err error) {
-	err = issue.loadAssignees(e)
+	err = issue.loadAssignees(x)
 	if err != nil {
 		return assignees, err
 	}
@@ -177,7 +173,7 @@ func (issue *Issue) changeAssignee(sess *xorm.Session, doer *User, assigneeID in
 		issue.PullRequest.Issue = issue
 		apiPullRequest := &api.PullRequestPayload{
 			Index:       issue.Index,
-			PullRequest: issue.PullRequest.apiFormat(sess),
+			PullRequest: issue.PullRequest.APIFormat(),
 			Repository:  issue.Repo.innerAPIFormat(sess, mode, false),
 			Sender:      doer.APIFormat(),
 		}
--- a/models/issue_comment.go
+++ b/models/issue_comment.go
@@ -748,9 +748,6 @@ func createIssueDependencyComment(e *xorm.Session, doer *User, issue *Issue, dep
 	if !add {
 		cType = CommentTypeRemoveDependency
 	}
-	if err = issue.loadRepo(e); err != nil {
-		return
-	}

 	// Make two comments, one in each issue
 	_, err = createComment(e, &CreateCommentOptions{
--- a/models/issue_dependency_test.go
+++ b/models/issue_dependency_test.go
@@ -19,9 +19,11 @@ func TestCreateIssueDependency(t *testing.T) {

 	issue1, err := GetIssueByID(1)
 	assert.NoError(t, err)
+	issue1.LoadAttributes()

 	issue2, err := GetIssueByID(2)
 	assert.NoError(t, err)
+	issue2.LoadAttributes()

 	// Create a dependency and check if it was successful
 	err = CreateIssueDependency(user1, issue1, issue2)
--- a/models/issue_mail.go
+++ b/models/issue_mail.go
@@ -39,16 +39,16 @@ func mailIssueCommentToParticipants(e Engine, issue *Issue, doer *User, content

 	// In case the issue poster is not watching the repository and is active,
 	// even if we have duplicated in watchers, can be safely filtered out.
-	err = issue.loadPoster(e)
+	poster, err := getUserByID(e, issue.PosterID)
 	if err != nil {
 		return fmt.Errorf("GetUserByID [%d]: %v", issue.PosterID, err)
 	}
-	if issue.PosterID != doer.ID && issue.Poster.IsActive && !issue.Poster.ProhibitLogin {
+	if issue.PosterID != doer.ID && poster.IsActive && !poster.ProhibitLogin {
 		participants = append(participants, issue.Poster)
 	}

 	// Assignees must receive any communications
-	assignees, err := getAssigneesByIssue(e, issue)
+	assignees, err := GetAssigneesByIssue(issue)
 	if err != nil {
 		return err
 	}
@@ -88,10 +88,6 @@ func mailIssueCommentToParticipants(e Engine, issue *Issue, doer *User, content
 		names = append(names, participants[i].Name)
 	}

-	if err := issue.loadRepo(e); err != nil {
-		return err
-	}
-
 	for _, to := range tos {
 		SendIssueCommentMail(issue, doer, content, comment, []string{to})
 	}
--- a/models/issue_user.go
+++ b/models/issue_user.go
@@ -54,7 +54,7 @@ func newIssueUsers(e Engine, repo *Repository, issue *Issue) error {
 func updateIssueAssignee(e *xorm.Session, issue *Issue, assigneeID int64) (removed bool, err error) {

 	// Check if the user exists
-	assignee, err := getUserByID(e, assigneeID)
+	assignee, err := GetUserByID(assigneeID)
 	if err != nil {
 		return false, err
 	}
--- a/models/login_source.go
+++ b/models/login_source.go
@@ -600,29 +600,16 @@ func ExternalUserLogin(user *User, login, password string, source *LoginSource,
 		return nil, ErrLoginSourceNotActived
 	}

-	var err error
 	switch source.Type {
 	case LoginLDAP, LoginDLDAP:
-		user, err = LoginViaLDAP(user, login, password, source, autoRegister)
+		return LoginViaLDAP(user, login, password, source, autoRegister)
 	case LoginSMTP:
-		user, err = LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
+		return LoginViaSMTP(user, login, password, source.ID, source.Cfg.(*SMTPConfig), autoRegister)
 	case LoginPAM:
-		user, err = LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
-	default:
-		return nil, ErrUnsupportedLoginType
+		return LoginViaPAM(user, login, password, source.ID, source.Cfg.(*PAMConfig), autoRegister)
 	}

-	if err != nil {
-		return nil, err
-	}
-
-	if !user.IsActive {
-		return nil, ErrUserInactive{user.ID, user.Name}
-	} else if user.ProhibitLogin {
-		return nil, ErrUserProhibitLogin{user.ID, user.Name}
-	}
-
-	return user, nil
+	return nil, ErrUnsupportedLoginType
 }

 // UserSignIn validates user name and password.
@@ -657,13 +644,7 @@ func UserSignIn(username, password string) (*User, error) {
 	if hasUser {
 		switch user.LoginType {
 		case LoginNoType, LoginPlain, LoginOAuth2:
-			if user.IsPasswordSet() && user.ValidatePassword(password) {
-				if !user.IsActive {
-					return nil, ErrUserInactive{user.ID, user.Name}
-				} else if user.ProhibitLogin {
-					return nil, ErrUserProhibitLogin{user.ID, user.Name}
-				}
-
+			if user.ValidatePassword(password) {
 				return user, nil
 			}

--- a/models/org.go
+++ b/models/org.go
@@ -393,12 +393,8 @@ func GetOrgUsersByUserID(uid int64, all bool) ([]*OrgUser, error) {

 // GetOrgUsersByOrgID returns all organization-user relations by organization ID.
 func GetOrgUsersByOrgID(orgID int64) ([]*OrgUser, error) {
-	return getOrgUsersByOrgID(x, orgID)
-}
-
-func getOrgUsersByOrgID(e Engine, orgID int64) ([]*OrgUser, error) {
 	ous := make([]*OrgUser, 0, 10)
-	err := e.
+	err := x.
 		Where("org_id=?", orgID).
 		Find(&ous)
 	return ous, err
--- a/models/pull.go
+++ b/models/pull.go
@@ -366,7 +366,7 @@ func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository, mergeStyle
 		return fmt.Errorf("Failed to create dir %s: %v", tmpBasePath, err)
 	}

-	defer os.RemoveAll(tmpBasePath)
+	defer os.RemoveAll(path.Dir(tmpBasePath))

 	var stderr string
 	if _, stderr, err = process.GetManager().ExecTimeout(5*time.Minute,
--- a/models/repo.go
+++ b/models/repo.go
@@ -11,7 +11,6 @@ import (
 	"fmt"
 	"html/template"
 	"io/ioutil"
-	"net/url"
 	"os"
 	"os/exec"
 	"path"
@@ -35,8 +34,8 @@ import (
 	"github.com/Unknwon/com"
 	"github.com/go-xorm/builder"
 	"github.com/go-xorm/xorm"
-	version "github.com/mcuadros/go-version"
-	ini "gopkg.in/ini.v1"
+	"github.com/mcuadros/go-version"
+	"gopkg.in/ini.v1"
 )

 var repoWorkingPool = sync.NewExclusivePool()
@@ -719,12 +718,10 @@ var (

 // DescriptionHTML does special handles to description and return HTML string.
 func (repo *Repository) DescriptionHTML() template.HTML {
-	desc, err := markup.RenderDescriptionHTML([]byte(repo.Description), repo.HTMLURL(), repo.ComposeMetas())
-	if err != nil {
-		log.Error(4, "Failed to render description for %s (ID: %d): %v", repo.Name, repo.ID, err)
-		return template.HTML(markup.Sanitize(repo.Description))
+	sanitize := func(s string) string {
+		return fmt.Sprintf(`<a href="%[1]s" target="_blank" rel="noopener noreferrer">%[1]s</a>`, s)
 	}
-	return template.HTML(markup.Sanitize(string(desc)))
+	return template.HTML(descPattern.ReplaceAllStringFunc(markup.Sanitize(repo.Description), sanitize))
 }

 // LocalCopyPath returns the local repository copy path.
@@ -827,7 +824,7 @@ type CloneLink struct {

 // ComposeHTTPSCloneURL returns HTTPS clone URL based on given owner and repository name.
 func ComposeHTTPSCloneURL(owner, repo string) string {
-	return fmt.Sprintf("%s%s/%s.git", setting.AppURL, url.QueryEscape(owner), url.QueryEscape(repo))
+	return fmt.Sprintf("%s%s/%s.git", setting.AppURL, owner, repo)
 }

 func (repo *Repository) cloneLink(e Engine, isWiki bool) *CloneLink {
@@ -1348,27 +1345,26 @@ func createRepository(e *xorm.Session, doer, u *User, repo *Repository) (err err

 	if err = watchRepo(e, doer.ID, repo.ID, true); err != nil {
 		return fmt.Errorf("watchRepo: %v", err)
-	} else if err = newRepoAction(e, doer, repo); err != nil {
+	} else if err = newRepoAction(e, u, repo); err != nil {
 		return fmt.Errorf("newRepoAction: %v", err)
 	}

 	return nil
 }

-// CreateRepository creates a repository for the user/organization.
+// CreateRepository creates a repository for the user/organization u.
 func CreateRepository(doer, u *User, opts CreateRepoOptions) (_ *Repository, err error) {
 	if !doer.IsAdmin && !u.CanCreateRepo() {
 		return nil, ErrReachLimitOfRepo{u.MaxRepoCreation}
 	}

 	repo := &Repository{
-		OwnerID:       u.ID,
-		Owner:         u,
-		Name:          opts.Name,
-		LowerName:     strings.ToLower(opts.Name),
-		Description:   opts.Description,
-		IsPrivate:     opts.IsPrivate,
-		IsFsckEnabled: true,
+		OwnerID:     u.ID,
+		Owner:       u,
+		Name:        opts.Name,
+		LowerName:   strings.ToLower(opts.Name),
+		Description: opts.Description,
+		IsPrivate:   opts.IsPrivate,
 	}

 	sess := x.NewSession()
@@ -1745,17 +1741,6 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 		return ErrRepoNotExist{repoID, uid, "", ""}
 	}

-	// Delete Deploy Keys
-	deployKeys, err := listDeployKeys(sess, repo.ID)
-	if err != nil {
-		return fmt.Errorf("listDeployKeys: %v", err)
-	}
-	for _, dKey := range deployKeys {
-		if err := deleteDeployKey(sess, doer, dKey.ID); err != nil {
-			return fmt.Errorf("deleteDeployKeys: %v", err)
-		}
-	}
-
 	if cnt, err := sess.ID(repoID).Delete(&Repository{}); err != nil {
 		return err
 	} else if cnt != 1 {
@@ -1787,7 +1772,6 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 		&Webhook{RepoID: repoID},
 		&HookTask{RepoID: repoID},
 		&Notification{RepoID: repoID},
-		&CommitStatus{RepoID: repoID},
 	); err != nil {
 		return fmt.Errorf("deleteBeans: %v", err)
 	}
@@ -1898,12 +1882,6 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 	}

 	if err = sess.Commit(); err != nil {
-		if len(deployKeys) > 0 {
-			// We need to rewrite the public keys because the commit failed
-			if err2 := RewriteAllPublicKeys(); err2 != nil {
-				return fmt.Errorf("Commit: %v SSH Keys: %v", err, err2)
-			}
-		}
 		return fmt.Errorf("Commit: %v", err)
 	}

--- a/models/repo_branch.go
+++ b/models/repo_branch.go
@@ -70,6 +70,10 @@ func (repo *Repository) CheckBranchName(name string) error {
 		return err
 	}

+	if _, err := gitRepo.GetTag(name); err == nil {
+		return ErrTagAlreadyExists{name}
+	}
+
 	branches, err := repo.GetBranches()
 	if err != nil {
 		return err
@@ -83,11 +87,6 @@ func (repo *Repository) CheckBranchName(name string) error {
 			return ErrBranchNameConflict{branch.Name}
 		}
 	}
-
-	if _, err := gitRepo.GetTag(name); err == nil {
-		return ErrTagAlreadyExists{name}
-	}
-
 	return nil
 }

--- a/models/repo_permission.go
+++ b/models/repo_permission.go
@@ -151,15 +151,6 @@ func getUserRepoPermission(e Engine, repo *Repository, user *User) (perm Permiss
 		return
 	}

-	// if user in an owner team
-	for _, team := range teams {
-		if team.Authorize >= AccessModeOwner {
-			perm.AccessMode = AccessModeOwner
-			perm.UnitsMode = nil
-			return
-		}
-	}
-
 	for _, u := range repo.Units {
 		var found bool
 		for _, team := range teams {
--- a/models/repo_permission_test.go
+++ b/models/repo_permission_test.go
@@ -219,17 +219,6 @@ func TestRepoPermissionPrivateOrgRepo(t *testing.T) {
 		assert.True(t, perm.CanWrite(unit.Type))
 	}

-	// update team information and then check permission
-	team := AssertExistsAndLoadBean(t, &Team{ID: 5}).(*Team)
-	err = UpdateTeamUnits(team, nil)
-	assert.NoError(t, err)
-	perm, err = GetUserRepoPermission(repo, owner)
-	assert.NoError(t, err)
-	for _, unit := range repo.Units {
-		assert.True(t, perm.CanRead(unit.Type))
-		assert.True(t, perm.CanWrite(unit.Type))
-	}
-
 	// org member team tester
 	tester := AssertExistsAndLoadBean(t, &User{ID: 2}).(*User)
 	perm, err = GetUserRepoPermission(repo, tester)
--- a/models/repo_watch.go
+++ b/models/repo_watch.go
@@ -113,15 +113,15 @@ func notifyWatchers(e Engine, act *Action) error {

 		switch act.OpType {
 		case ActionCommitRepo, ActionPushTag, ActionDeleteTag, ActionDeleteBranch:
-			if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypeCode) {
+			if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypeCode) {
 				continue
 			}
 		case ActionCreateIssue, ActionCommentIssue, ActionCloseIssue, ActionReopenIssue:
-			if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypeIssues) {
+			if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypeIssues) {
 				continue
 			}
 		case ActionCreatePullRequest, ActionMergePullRequest, ActionClosePullRequest, ActionReopenPullRequest:
-			if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypePullRequests) {
+			if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypePullRequests) {
 				continue
 			}
 		}
--- a/models/ssh_key.go
+++ b/models/ssh_key.go
@@ -51,7 +51,7 @@ type PublicKey struct {
 	ID            int64      `xorm:"pk autoincr"`
 	OwnerID       int64      `xorm:"INDEX NOT NULL"`
 	Name          string     `xorm:"NOT NULL"`
-	Fingerprint   string     `xorm:"INDEX NOT NULL"`
+	Fingerprint   string     `xorm:"NOT NULL"`
 	Content       string     `xorm:"TEXT NOT NULL"`
 	Mode          AccessMode `xorm:"NOT NULL DEFAULT 2"`
 	Type          KeyType    `xorm:"NOT NULL DEFAULT 1"`
@@ -350,6 +350,7 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error {
 func checkKeyFingerprint(e Engine, fingerprint string) error {
 	has, err := e.Get(&PublicKey{
 		Fingerprint: fingerprint,
+		Type:        KeyTypeUser,
 	})
 	if err != nil {
 		return err
@@ -400,18 +401,12 @@ func AddPublicKey(ownerID int64, name, content string, LoginSourceID int64) (*Pu
 		return nil, err
 	}

-	sess := x.NewSession()
-	defer sess.Close()
-	if err = sess.Begin(); err != nil {
-		return nil, err
-	}
-
-	if err := checkKeyFingerprint(sess, fingerprint); err != nil {
+	if err := checkKeyFingerprint(x, fingerprint); err != nil {
 		return nil, err
 	}

 	// Key name of same user cannot be duplicated.
-	has, err := sess.
+	has, err := x.
 		Where("owner_id = ? AND name = ?", ownerID, name).
 		Get(new(PublicKey))
 	if err != nil {
@@ -420,6 +415,12 @@ func AddPublicKey(ownerID int64, name, content string, LoginSourceID int64) (*Pu
 		return nil, ErrKeyNameAlreadyUsed{ownerID, name}
 	}

+	sess := x.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return nil, err
+	}
+
 	key := &PublicKey{
 		OwnerID:       ownerID,
 		Name:          name,
@@ -518,7 +519,7 @@ func UpdatePublicKeyUpdated(id int64) error {
 }

 // deletePublicKeys does the actual key deletion but does not update authorized_keys file.
-func deletePublicKeys(e Engine, keyIDs ...int64) error {
+func deletePublicKeys(e *xorm.Session, keyIDs ...int64) error {
 	if len(keyIDs) == 0 {
 		return nil
 	}
@@ -727,28 +728,24 @@ func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey
 		accessMode = AccessModeWrite
 	}

+	pkey := &PublicKey{
+		Fingerprint: fingerprint,
+		Mode:        accessMode,
+		Type:        KeyTypeDeploy,
+	}
+	has, err := x.Get(pkey)
+	if err != nil {
+		return nil, err
+	}
+
 	sess := x.NewSession()
 	defer sess.Close()
 	if err = sess.Begin(); err != nil {
 		return nil, err
 	}

-	pkey := &PublicKey{
-		Fingerprint: fingerprint,
-	}
-	has, err := sess.Get(pkey)
-	if err != nil {
-		return nil, err
-	}
-
-	if has {
-		if pkey.Type != KeyTypeDeploy {
-			return nil, ErrKeyAlreadyExist{0, fingerprint, ""}
-		}
-	} else {
-		// First time use this deploy key.
-		pkey.Mode = accessMode
-		pkey.Type = KeyTypeDeploy
+	// First time use this deploy key.
+	if !has {
 		pkey.Content = content
 		pkey.Name = name
 		if err = addKey(sess, pkey); err != nil {
@@ -766,12 +763,8 @@ func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey

 // GetDeployKeyByID returns deploy key by given ID.
 func GetDeployKeyByID(id int64) (*DeployKey, error) {
-	return getDeployKeyByID(x, id)
-}
-
-func getDeployKeyByID(e Engine, id int64) (*DeployKey, error) {
 	key := new(DeployKey)
-	has, err := e.ID(id).Get(key)
+	has, err := x.ID(id).Get(key)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -782,15 +775,11 @@ func getDeployKeyByID(e Engine, id int64) (*DeployKey, error) {

 // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.
 func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {
-	return getDeployKeyByRepo(x, keyID, repoID)
-}
-
-func getDeployKeyByRepo(e Engine, keyID, repoID int64) (*DeployKey, error) {
 	key := &DeployKey{
 		KeyID:  keyID,
 		RepoID: repoID,
 	}
-	has, err := e.Get(key)
+	has, err := x.Get(key)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -813,19 +802,7 @@ func UpdateDeployKey(key *DeployKey) error {

 // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
 func DeleteDeployKey(doer *User, id int64) error {
-	sess := x.NewSession()
-	defer sess.Close()
-	if err := sess.Begin(); err != nil {
-		return err
-	}
-	if err := deleteDeployKey(sess, doer, id); err != nil {
-		return err
-	}
-	return sess.Commit()
-}
-
-func deleteDeployKey(sess Engine, doer *User, id int64) error {
-	key, err := getDeployKeyByID(sess, id)
+	key, err := GetDeployKeyByID(id)
 	if err != nil {
 		if IsErrDeployKeyNotExist(err) {
 			return nil
@@ -835,11 +812,11 @@ func deleteDeployKey(sess Engine, doer *User, id int64) error {

 	// Check if user has access to delete this key.
 	if !doer.IsAdmin {
-		repo, err := getRepositoryByID(sess, key.RepoID)
+		repo, err := GetRepositoryByID(key.RepoID)
 		if err != nil {
 			return fmt.Errorf("GetRepositoryByID: %v", err)
 		}
-		has, err := isUserRepoAdmin(sess, repo, doer)
+		has, err := IsUserRepoAdmin(repo, doer)
 		if err != nil {
 			return fmt.Errorf("GetUserRepoPermission: %v", err)
 		} else if !has {
@@ -847,6 +824,12 @@ func deleteDeployKey(sess Engine, doer *User, id int64) error {
 		}
 	}

+	sess := x.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
 	if _, err = sess.ID(key.ID).Delete(new(DeployKey)); err != nil {
 		return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)
 	}
@@ -861,24 +844,15 @@ func deleteDeployKey(sess Engine, doer *User, id int64) error {
 		if err = deletePublicKeys(sess, key.KeyID); err != nil {
 			return err
 		}
-
-		// after deleted the public keys, should rewrite the public keys file
-		if err = rewriteAllPublicKeys(sess); err != nil {
-			return err
-		}
 	}

-	return nil
+	return sess.Commit()
 }

 // ListDeployKeys returns all deploy keys by given repository ID.
 func ListDeployKeys(repoID int64) ([]*DeployKey, error) {
-	return listDeployKeys(x, repoID)
-}
-
-func listDeployKeys(e Engine, repoID int64) ([]*DeployKey, error) {
 	keys := make([]*DeployKey, 0, 5)
-	return keys, e.
+	return keys, x.
 		Where("repo_id = ?", repoID).
 		Find(&keys)
 }
--- a/models/user.go
+++ b/models/user.go
@@ -1461,12 +1461,9 @@ func synchronizeLdapSSHPublicKeys(usr *User, s *LoginSource, SSHPublicKeys []str
 	// Get Public Keys from LDAP and skip duplicate keys
 	var ldapKeys []string
 	for _, v := range SSHPublicKeys {
-		sshKeySplit := strings.Split(v, " ")
-		if len(sshKeySplit) > 1 {
-			ldapKey := strings.Join(sshKeySplit[:2], " ")
-			if !util.ExistsInSlice(ldapKey, ldapKeys) {
-				ldapKeys = append(ldapKeys, ldapKey)
-			}
+		ldapKey := strings.Join(strings.Split(v, " ")[:2], " ")
+		if !util.ExistsInSlice(ldapKey, ldapKeys) {
+			ldapKeys = append(ldapKeys, ldapKey)
 		}
 	}

--- a/models/user_heatmap.go
+++ b/models/user_heatmap.go
@@ -32,22 +32,12 @@ func GetUserHeatmapDataByUser(user *User) ([]*UserHeatmapData, error) {
 		groupByName = groupBy
 	}

-	sess := x.Select(groupBy+" AS timestamp, count(user_id) as contributions").
+	err := x.Select(groupBy+" AS timestamp, count(user_id) as contributions").
 		Table("action").
 		Where("user_id = ?", user.ID).
-		And("created_unix > ?", (util.TimeStampNow() - 31536000))
-
-	// * Heatmaps for individual users only include actions that the user themself
-	//   did.
-	// * For organizations actions by all users that were made in owned
-	//   repositories are counted.
-	if user.Type == UserTypeIndividual {
-		sess = sess.And("act_user_id = ?", user.ID)
-	}
-
-	err := sess.GroupBy(groupByName).
+		And("created_unix > ?", (util.TimeStampNow() - 31536000)).
+		GroupBy(groupByName).
 		OrderBy("timestamp").
 		Find(&hdata)
-
 	return hdata, err
 }
--- a/models/webhook_dingtalk.go
+++ b/models/webhook_dingtalk.go
@@ -230,13 +230,12 @@ func getDingtalkPullRequestPayload(p *api.PullRequestPayload) (*DingtalkPayload,
 		title = fmt.Sprintf("[%s] Pull request edited: #%d %s", p.Repository.FullName, p.Index, p.PullRequest.Title)
 		text = p.PullRequest.Body
 	case api.HookIssueAssigned:
-		list := make([]string, len(p.PullRequest.Assignees))
-		for i, user := range p.PullRequest.Assignees {
-			list[i] = user.UserName
+		list, err := MakeAssigneeList(&Issue{ID: p.PullRequest.ID})
+		if err != nil {
+			return &DingtalkPayload{}, err
 		}
 		title = fmt.Sprintf("[%s] Pull request assigned to %s: #%d %s", p.Repository.FullName,
-			strings.Join(list, ", "),
-			p.Index, p.PullRequest.Title)
+			list, p.Index, p.PullRequest.Title)
 		text = p.PullRequest.Body
 	case api.HookIssueUnassigned:
 		title = fmt.Sprintf("[%s] Pull request unassigned: #%d %s", p.Repository.FullName, p.Index, p.PullRequest.Title)
--- a/models/webhook_discord.go
+++ b/models/webhook_discord.go
@@ -347,13 +347,12 @@ func getDiscordPullRequestPayload(p *api.PullRequestPayload, meta *DiscordMeta)
 		text = p.PullRequest.Body
 		color = warnColor
 	case api.HookIssueAssigned:
-		list := make([]string, len(p.PullRequest.Assignees))
-		for i, user := range p.PullRequest.Assignees {
-			list[i] = user.UserName
+		list, err := MakeAssigneeList(&Issue{ID: p.PullRequest.ID})
+		if err != nil {
+			return &DiscordPayload{}, err
 		}
-		title = fmt.Sprintf("[%s] Pull request assigned to %s: #%d by %s", p.Repository.FullName,
-			strings.Join(list, ", "),
-			p.Index, p.PullRequest.Title)
+		title = fmt.Sprintf("[%s] Pull request assigned to %s: #%d %s", p.Repository.FullName,
+			list, p.Index, p.PullRequest.Title)
 		text = p.PullRequest.Body
 		color = successColor
 	case api.HookIssueUnassigned:
--- a/models/webhook_slack.go
+++ b/models/webhook_slack.go
@@ -160,10 +160,6 @@ func getSlackIssuesPayload(p *api.IssuePayload, slack *SlackMeta) (*SlackPayload
 		text = fmt.Sprintf("[%s] Issue labels cleared: %s by %s", p.Repository.FullName, titleLink, senderLink)
 	case api.HookIssueSynchronized:
 		text = fmt.Sprintf("[%s] Issue synchronized: %s by %s", p.Repository.FullName, titleLink, senderLink)
-	case api.HookIssueMilestoned:
-		text = fmt.Sprintf("[%s] Issue milestoned: #%s %s", p.Repository.FullName, titleLink, senderLink)
-	case api.HookIssueDemilestoned:
-		text = fmt.Sprintf("[%s] Issue milestone cleared: #%s %s", p.Repository.FullName, titleLink, senderLink)
 	}

 	return &SlackPayload{
@@ -301,12 +297,12 @@ func getSlackPullRequestPayload(p *api.PullRequestPayload, slack *SlackMeta) (*S
 		text = fmt.Sprintf("[%s] Pull request edited: %s by %s", p.Repository.FullName, titleLink, senderLink)
 		attachmentText = SlackTextFormatter(p.PullRequest.Body)
 	case api.HookIssueAssigned:
-		list := make([]string, len(p.PullRequest.Assignees))
-		for i, user := range p.PullRequest.Assignees {
-			list[i] = SlackLinkFormatter(setting.AppURL+user.UserName, user.UserName)
+		list, err := MakeAssigneeList(&Issue{ID: p.PullRequest.ID})
+		if err != nil {
+			return &SlackPayload{}, err
 		}
 		text = fmt.Sprintf("[%s] Pull request assigned to %s: %s by %s", p.Repository.FullName,
-			strings.Join(list, ", "),
+			SlackLinkFormatter(setting.AppURL+list, list),
 			titleLink, senderLink)
 	case api.HookIssueUnassigned:
 		text = fmt.Sprintf("[%s] Pull request unassigned: %s by %s", p.Repository.FullName, titleLink, senderLink)
@@ -316,10 +312,6 @@ func getSlackPullRequestPayload(p *api.PullRequestPayload, slack *SlackMeta) (*S
 		text = fmt.Sprintf("[%s] Pull request labels cleared: %s by %s", p.Repository.FullName, titleLink, senderLink)
 	case api.HookIssueSynchronized:
 		text = fmt.Sprintf("[%s] Pull request synchronized: %s by %s", p.Repository.FullName, titleLink, senderLink)
-	case api.HookIssueMilestoned:
-		text = fmt.Sprintf("[%s] Pull request milestoned: #%s %s", p.Repository.FullName, titleLink, senderLink)
-	case api.HookIssueDemilestoned:
-		text = fmt.Sprintf("[%s] Pull request milestone cleared: #%s %s", p.Repository.FullName, titleLink, senderLink)
 	}

 	return &SlackPayload{
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -135,56 +135,15 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
 	if len(baHead) > 0 {
 		auths := strings.Fields(baHead)
 		if len(auths) == 2 && auths[0] == "Basic" {
-			var u *models.User
-
 			uname, passwd, _ := base.BasicAuthDecode(auths[1])

-			// Check if username or password is a token
-			isUsernameToken := len(passwd) == 0 || passwd == "x-oauth-basic"
-			// Assume username is token
-			authToken := uname
-			if !isUsernameToken {
-				// Assume password is token
-				authToken = passwd
+			u, err := models.UserSignIn(uname, passwd)
+			if err != nil {
+				if !models.IsErrUserNotExist(err) {
+					log.Error(4, "UserSignIn: %v", err)
+				}
+				return nil, false
 			}
-			token, err := models.GetAccessTokenBySHA(authToken)
-			if err == nil {
-				if isUsernameToken {
-					u, err = models.GetUserByID(token.UID)
-					if err != nil {
-						log.Error(4, "GetUserByID:  %v", err)
-						return nil, false
-					}
-				} else {
-					u, err = models.GetUserByName(uname)
-					if err != nil {
-						log.Error(4, "GetUserByID:  %v", err)
-						return nil, false
-					}
-					if u.ID != token.UID {
-						return nil, false
-					}
-				}
-				token.UpdatedUnix = util.TimeStampNow()
-				if err = models.UpdateAccessToken(token); err != nil {
-					log.Error(4, "UpdateAccessToken:  %v", err)
-				}
-			} else {
-				if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
-					log.Error(4, "GetAccessTokenBySha: %v", err)
-				}
-			}
-
-			if u == nil {
-				u, err = models.UserSignIn(uname, passwd)
-				if err != nil {
-					if !models.IsErrUserNotExist(err) {
-						log.Error(4, "UserSignIn: %v", err)
-					}
-					return nil, false
-				}
-			}
-
 			ctx.Data["IsApiToken"] = true
 			return u, true
 		}
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -11,9 +11,9 @@ import (
 	"fmt"
 	"strings"

-	"code.gitea.io/gitea/modules/log"
+	"gopkg.in/ldap.v2"

-	ldap "gopkg.in/ldap.v3"
+	"code.gitea.io/gitea/modules/log"
 )

 // SecurityProtocol protocol type
@@ -247,17 +247,11 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
 		return nil
 	}

-	var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
-
-	attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
-	if isAttributeSSHPublicKeySet {
-		attribs = append(attribs, ls.AttributeSSHPublicKey)
-	}
-
 	log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, userDN)
 	search := ldap.NewSearchRequest(
 		userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
-		attribs, nil)
+		[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey},
+		nil)

 	sr, err := l.Search(search)
 	if err != nil {
@@ -273,15 +267,11 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
 		return nil
 	}

-	var sshPublicKey []string
-
 	username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
 	firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName)
 	surname := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
 	mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
-	if isAttributeSSHPublicKeySet {
-		sshPublicKey = sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey)
-	}
+	sshPublicKey := sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey)
 	isAdmin := checkAdmin(l, ls, userDN)

 	if !directBind && ls.AttributesInBind {
@@ -330,17 +320,11 @@ func (ls *Source) SearchEntries() []*SearchResult {

 	userFilter := fmt.Sprintf(ls.Filter, "*")

-	var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
-
-	attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
-	if isAttributeSSHPublicKeySet {
-		attribs = append(attribs, ls.AttributeSSHPublicKey)
-	}
-
 	log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, ls.UserBase)
 	search := ldap.NewSearchRequest(
 		ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
-		attribs, nil)
+		[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey},
+		nil)

 	var sr *ldap.SearchResult
 	if ls.UsePagedSearch() {
@@ -357,14 +341,12 @@ func (ls *Source) SearchEntries() []*SearchResult {

 	for i, v := range sr.Entries {
 		result[i] = &SearchResult{
-			Username: v.GetAttributeValue(ls.AttributeUsername),
-			Name:     v.GetAttributeValue(ls.AttributeName),
-			Surname:  v.GetAttributeValue(ls.AttributeSurname),
-			Mail:     v.GetAttributeValue(ls.AttributeMail),
-			IsAdmin:  checkAdmin(l, ls, v.DN),
-		}
-		if isAttributeSSHPublicKeySet {
-			result[i].SSHPublicKey = v.GetAttributeValues(ls.AttributeSSHPublicKey)
+			Username:     v.GetAttributeValue(ls.AttributeUsername),
+			Name:         v.GetAttributeValue(ls.AttributeName),
+			Surname:      v.GetAttributeValue(ls.AttributeSurname),
+			Mail:         v.GetAttributeValue(ls.AttributeMail),
+			SSHPublicKey: v.GetAttributeValues(ls.AttributeSSHPublicKey),
+			IsAdmin:      checkAdmin(l, ls, v.DN),
 		}
 	}

--- a/modules/context/auth.go
+++ b/modules/context/auth.go
@@ -8,7 +8,6 @@ import (
 	"net/url"

 	"code.gitea.io/gitea/modules/auth"
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
 	"github.com/go-macaron/csrf"
 	macaron "gopkg.in/macaron.v1"
@@ -33,28 +32,28 @@ func Toggle(options *ToggleOptions) macaron.Handler {

 		// Check prohibit login users.
 		if ctx.IsSigned {
-			if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
-				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.HTML(200, "user/auth/activate")
-				return
-			} else if !ctx.User.IsActive || ctx.User.ProhibitLogin {
-				log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
+
+			if ctx.User.ProhibitLogin {
 				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
 				ctx.HTML(200, "user/auth/prohibit_login")
 				return
 			}

-			if ctx.User.MustChangePassword {
-				if ctx.Req.URL.Path != "/user/settings/change_password" {
-					ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
-					ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
-					ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
-					ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
-					return
+			// prevent infinite redirection
+			// also make sure that the form cannot be accessed by
+			// users who don't need this
+			if ctx.Req.URL.Path == setting.AppSubURL+"/user/settings/change_password" {
+				if !ctx.User.MustChangePassword {
+					ctx.Redirect(setting.AppSubURL + "/")
 				}
-			} else if ctx.Req.URL.Path == "/user/settings/change_password" {
-				// make sure that the form cannot be accessed by users who don't need this
-				ctx.Redirect(setting.AppSubURL + "/")
+				return
+			}
+
+			if ctx.User.MustChangePassword {
+				ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
+				ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
+				ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
+				ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
 				return
 			}
 		}
--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -209,7 +209,7 @@ func Contexter() macaron.Handler {
 			if err == nil && len(repo.DefaultBranch) > 0 {
 				branchName = repo.DefaultBranch
 			}
-			prefix := setting.AppURL + path.Join(url.QueryEscape(ownerName), url.QueryEscape(repoName), "src", "branch", branchName)
+			prefix := setting.AppURL + path.Join(ownerName, repoName, "src", "branch", branchName)
 			c.Header().Set("Content-Type", "text/html")
 			c.WriteHeader(http.StatusOK)
 			c.Write([]byte(com.Expand(`<!doctype html>
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -8,7 +8,6 @@ package context
 import (
 	"fmt"
 	"io/ioutil"
-	"net/url"
 	"path"
 	"strings"

@@ -163,7 +162,7 @@ func RetrieveBaseRepo(ctx *Context, repo *models.Repository) {

 // ComposeGoGetImport returns go-get-import meta content.
 func ComposeGoGetImport(owner, repo string) string {
-	return path.Join(setting.Domain, setting.AppSubURL, url.QueryEscape(owner), url.QueryEscape(repo))
+	return path.Join(setting.Domain, setting.AppSubURL, owner, repo)
 }

 // EarlyResponseForGoGetMeta responses appropriate go-get meta with status 200
--- a/modules/lfs/server.go
+++ b/modules/lfs/server.go
@@ -497,15 +497,12 @@ func authenticate(ctx *context.Context, repository *models.Repository, authoriza
 		accessMode = models.AccessModeWrite
 	}

-	// ctx.IsSigned is unnecessary here, this will be checked in perm.CanAccess
 	perm, err := models.GetUserRepoPermission(repository, ctx.User)
 	if err != nil {
 		return false
 	}
-
-	canRead := perm.CanAccess(accessMode, models.UnitTypeCode)
-	if canRead {
-		return true
+	if ctx.IsSigned {
+		return perm.CanAccess(accessMode, models.UnitTypeCode)
 	}

 	user, repo, opStr, err := parseToken(authorization)
@@ -585,7 +582,7 @@ func parseToken(authorization string) (*models.User, *models.Repository, string,
 		if err != nil {
 			return nil, nil, "basic", err
 		}
-		if !u.IsPasswordSet() || !u.ValidatePassword(password) {
+		if !u.ValidatePassword(password) {
 			return nil, nil, "basic", fmt.Errorf("Basic auth failed")
 		}
 		return u, nil, "basic", nil
--- a/modules/markup/html.go
+++ b/modules/markup/html.go
@@ -234,23 +234,6 @@ func RenderCommitMessage(
 	return ctx.postProcess(rawHTML)
 }

-// RenderDescriptionHTML will use similar logic as PostProcess, but will
-// use a single special linkProcessor.
-func RenderDescriptionHTML(
-	rawHTML []byte,
-	urlPrefix string,
-	metas map[string]string,
-) ([]byte, error) {
-	ctx := &postProcessCtx{
-		metas:     metas,
-		urlPrefix: urlPrefix,
-		procs: []processor{
-			descriptionLinkProcessor,
-		},
-	}
-	return ctx.postProcess(rawHTML)
-}
-
 var byteBodyTag = []byte("<body>")
 var byteBodyTagClosing = []byte("</body>")

@@ -685,34 +668,3 @@ func genDefaultLinkProcessor(defaultLink string) processor {
 		node.FirstChild, node.LastChild = ch, ch
 	}
 }
-
-// descriptionLinkProcessor creates links for DescriptionHTML
-func descriptionLinkProcessor(ctx *postProcessCtx, node *html.Node) {
-	m := linkRegex.FindStringIndex(node.Data)
-	if m == nil {
-		return
-	}
-	uri := node.Data[m[0]:m[1]]
-	replaceContent(node, m[0], m[1], createDescriptionLink(uri, uri))
-}
-
-func createDescriptionLink(href, content string) *html.Node {
-	textNode := &html.Node{
-		Type: html.TextNode,
-		Data: content,
-	}
-	linkNode := &html.Node{
-		FirstChild: textNode,
-		LastChild:  textNode,
-		Type:       html.ElementNode,
-		Data:       "a",
-		DataAtom:   atom.A,
-		Attr: []html.Attribute{
-			{Key: "href", Val: href},
-			{Key: "target", Val: "_blank"},
-			{Key: "rel", Val: "noopener noreferrer"},
-		},
-	}
-	textNode.Parent = linkNode
-	return linkNode
-}
--- a/modules/markup/orgmode/orgmode.go
+++ b/modules/markup/orgmode/orgmode.go
@@ -5,7 +5,6 @@
 package markup

 import (
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/markdown"

@@ -32,13 +31,7 @@ func (Parser) Extensions() []string {
 }

 // Render renders orgmode rawbytes to HTML
-func Render(rawBytes []byte, urlPrefix string, metas map[string]string, isWiki bool) (result []byte) {
-	defer func() {
-		if err := recover(); err != nil {
-			log.Error(4, "Panic in orgmode.Render: %v Just returning the rawBytes", err)
-			result = rawBytes
-		}
-	}()
+func Render(rawBytes []byte, urlPrefix string, metas map[string]string, isWiki bool) []byte {
 	htmlFlags := blackfriday.HTML_USE_XHTML
 	htmlFlags |= blackfriday.HTML_SKIP_STYLE
 	htmlFlags |= blackfriday.HTML_OMIT_CONTENTS
@@ -47,8 +40,9 @@ func Render(rawBytes []byte, urlPrefix string, metas map[string]string, isWiki b
 		URLPrefix: urlPrefix,
 		IsWiki:    isWiki,
 	}
-	result = goorgeous.Org(rawBytes, renderer)
-	return
+
+	result := goorgeous.Org(rawBytes, renderer)
+	return result
 }

 // RenderString reners orgmode string to HTML string
--- a/modules/private/internal.go
+++ b/modules/private/internal.go
@@ -39,7 +39,6 @@ func decodeJSONError(resp *http.Response) *Response {
 func newInternalRequest(url, method string) *httplib.Request {
 	req := newRequest(url, method).SetTLSClientConfig(&tls.Config{
 		InsecureSkipVerify: true,
-		ServerName:         setting.Domain,
 	})
 	if setting.Protocol == setting.UnixSocket {
 		req.SetTransport(&http.Transport{
--- a/modules/private/key.go
+++ b/modules/private/key.go
@@ -32,31 +32,6 @@ func UpdateDeployKeyUpdated(keyID int64, repoID int64) error {
 	return nil
 }

-// GetDeployKey check if repo has deploy key
-func GetDeployKey(keyID, repoID int64) (*models.DeployKey, error) {
-	reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/keys/%d", repoID, keyID)
-	log.GitLogger.Trace("GetDeployKey: %s", reqURL)
-
-	resp, err := newInternalRequest(reqURL, "GET").Response()
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	switch resp.StatusCode {
-	case 404:
-		return nil, nil
-	case 200:
-		var dKey models.DeployKey
-		if err := json.NewDecoder(resp.Body).Decode(&dKey); err != nil {
-			return nil, err
-		}
-		return &dKey, nil
-	default:
-		return nil, fmt.Errorf("Failed to get deploy key: %s", decodeJSONError(resp).Err)
-	}
-}
-
 // HasDeployKey check if repo has deploy key
 func HasDeployKey(keyID, repoID int64) (bool, error) {
 	reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/has-keys/%d", repoID, keyID)
--- a/modules/public/public.go
+++ b/modules/public/public.go
@@ -117,7 +117,7 @@ func (opts *Options) handle(ctx *macaron.Context, log *log.Logger, opt *Options)
 	if fi.IsDir() {
 		// Redirect if missing trailing slash.
 		if !strings.HasSuffix(ctx.Req.URL.Path, "/") {
-			http.Redirect(ctx.Resp, ctx.Req.Request, path.Clean(ctx.Req.URL.Path+"/"), http.StatusFound)
+			http.Redirect(ctx.Resp, ctx.Req.Request, ctx.Req.URL.Path+"/", http.StatusFound)
 			return true
 		}

--- a/modules/util/util.go
+++ b/modules/util/util.go
@@ -98,8 +98,3 @@ func Min(a, b int) int {
 	}
 	return a
 }
-
-// IsEmptyString checks if the provided string is empty
-func IsEmptyString(s string) bool {
-	return len(strings.TrimSpace(s)) == 0
-}
--- a/modules/util/util_test.go
+++ b/modules/util/util_test.go
@@ -77,20 +77,3 @@ func TestIsExternalURL(t *testing.T) {
 		assert.Equal(t, test.Expected, IsExternalURL(test.RawURL))
 	}
 }
-
-func TestIsEmptyString(t *testing.T) {
-
-	cases := []struct {
-		s        string
-		expected bool
-	}{
-		{"", true},
-		{" ", true},
-		{"   ", true},
-		{"  a", false},
-	}
-
-	for _, v := range cases {
-		assert.Equal(t, v.expected, IsEmptyString(v.s))
-	}
-}
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -413,7 +413,7 @@ ssh_helper = <strong>Need help?</strong> Have a look at GitHub's guide to <a hre
 gpg_helper = <strong>Need help?</strong> Have a look at GitHub's guide <a href="%s">about GPG</a>.
 add_new_key = Add SSH Key
 add_new_gpg_key = Add GPG Key
-ssh_key_been_used = This SSH key has already been added to the server.
+ssh_key_been_used = This SSH key is already added to your account.
 ssh_key_name_used = An SSH key with same name is already added to your account.
 gpg_key_id_used = A public GPG key with same ID already exists.
 gpg_no_key_email_found = This GPG key is not usable with any email address associated with your account.
@@ -655,7 +655,6 @@ ext_issues.desc = Link to an external issue tracker.

 issues.desc = Organize bug reports, tasks and milestones.
 issues.new = New Issue
-issues.new.title_empty = Title cannot be empty
 issues.new.labels = Labels
 issues.new.no_label = No Label
 issues.new.clear_labels = Clear labels
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -859,7 +859,6 @@ pulls.title_wip_desc=`<a href="#">Sāciet virsrakstu ar <strong>%s</strong></a>,
 pulls.cannot_merge_work_in_progress=Šis izmaiņu pieprasījums ir atzīmēts, ka pie tā vēl notiek izstrāde. Noņemiet <strong>%s</strong> no virsraksta sākuma, kad tas ir pabeigts.
 pulls.data_broken=Izmaiņu pieprasījums ir bojāts, jo dzēsta informācija no atdalītā repozitorija.
 pulls.is_checking=Notiek konfliktu pārbaude, mirkli uzgaidiet un atjaunojiet lapu.
-pulls.blocked_by_approvals=Šim izmaiņu pieprasījumam nav nepieciešamais apstiprinājumu daudzums. %d no %d apstiprinājumi piešķirti.
 pulls.can_auto_merge_desc=Šo izmaiņu pieprasījumu var automātiski sapludināt.
 pulls.cannot_auto_merge_desc=Šis izmaiņu pieprasījums nevar tikt automātiski sapludināts konfliktu dēļ.
 pulls.cannot_auto_merge_helper=Sapludiniet manuāli, lai atrisinātu konfliktus.
@@ -868,7 +867,6 @@ pulls.no_merge_helper=Lai sapludinātu šo izmaiņu pieprasījumu, iespējojiet
 pulls.no_merge_wip=Šo izmaiņu pieprasījumu nav iespējams sapludināt, jo tas ir atzīmēts, ka darbs pie tā vēl nav pabeigts.
 pulls.merge_pull_request=Izmaiņu pieprasījuma sapludināšana
 pulls.rebase_merge_pull_request=Pārbāzēt un sapludināt
-pulls.rebase_merge_commit_pull_request=Pārbāzēt un sapludināt (--no-ff)
 pulls.squash_merge_pull_request=Saspiest un sapludināt
 pulls.invalid_merge_option=Nav iespējams izmantot šādu sapludināšanas veidu šim izmaiņu pieprasījumam.
 pulls.open_unmerged_pull_exists=`Jūs nevarat veikt atkārtotas atvēršanas darbību, jo jau eksistē izmaiņu pieprasījums (#%d) ar šādu sapludināšanas informāciju.`
@@ -1014,7 +1012,6 @@ settings.pulls_desc=Iespējot repozitorija izmaiņu pieprasījumus
 settings.pulls.ignore_whitespace=Pārbaudot konfliktus, ignorēt izmaiņas atstarpēs
 settings.pulls.allow_merge_commits=Iespējot revīziju sapludināšanu
 settings.pulls.allow_rebase_merge=Iespējot pārbāzēšanu sapludinot revīzijas
-settings.pulls.allow_rebase_merge_commit=Iespējot pārbāzēšanu sapludinot revīzijas (--no-ff)
 settings.pulls.allow_squash_commits=Iespējot saspiešanu sapludinot revīzijas
 settings.admin_settings=Administratora iestatījumi
 settings.admin_enable_health_check=Iespējot veselības pārbaudi (git fsck) šim repozitorijam
@@ -1101,7 +1098,6 @@ settings.event_issue_comment_desc=Problēmas komentārs pievienots, labots vai d
 settings.event_release=Laidiens
 settings.event_release_desc=Publicēts, atjaunots vai dzēsts laidiens repozitorijā.
 settings.event_pull_request=Izmaiņu pieprasījums
-settings.event_pull_request_desc=Izmaiņu pieprasījums izveidots, slēgts, atkārtoti atvērts, labots, apstiprināts, noraidīts, recenzēts, piešķirts, pievienots vai noņemts atbildīgais, pievienota etiķete, noņemta etiķete, pievienots vai noņemts atskaites punkts.
 settings.event_push=Izmaiņu nosūtīšana
 settings.event_push_desc=Git izmaiņu nosūtīšana uz repozitoriju.
 settings.event_repository=Repozitorijs
@@ -1152,10 +1148,6 @@ settings.protect_merge_whitelist_committers=Iespējot sapludināšanas ierobežo
 settings.protect_merge_whitelist_committers_desc=Atļaut tikai noteiktiem lietotājiem vai komandām sapludināt izmaiņu pieprasījumus šajā atzarā.
 settings.protect_merge_whitelist_users=Lietotāji, kas var veikt izmaiņu sapludināšanu:
 settings.protect_merge_whitelist_teams=Komandas, kas var veikt izmaiņu sapludināšanu:
-settings.protect_required_approvals=Vajadzīgi apstiprinājumi:
-settings.protect_required_approvals_desc=Atļaut tikai noteiktiem lietotājiem vai komandām sapludināt izmaiņu pieprasījumu, kam veikts noteikts daudzums pozitīvu recenziju.
-settings.protect_approvals_whitelist_users=Lietotāji, kas var veikt recenzijas:
-settings.protect_approvals_whitelist_teams=Komandas, kas var veikt recenzijas:
 settings.add_protected_branch=Iespējot aizsargāšanu
 settings.delete_protected_branch=Atspējot aizsargāšanu
 settings.update_protect_branch_success=Atzara aizsardzība atzaram '%s' tika saglabāta.
@@ -1166,7 +1158,6 @@ settings.default_branch_desc=Norādiet noklusēto repozitorija atzaru izmaiņu p
 settings.choose_branch=Izvēlieties atzaru…
 settings.no_protected_branch=Nav neviena aizsargātā atzara.
 settings.edit_protected_branch=Labot
-settings.protected_branch_required_approvals_min=Pieprasīto recenziju skaits nevar būt negatīvs.

 diff.browse_source=Pārlūkot izejas kodu
 diff.parent=vecāks
--- a/public/css/index.css
+++ b/public/css/index.css
--- a/public/js/index.js
+++ b/public/js/index.js
@@ -7,115 +7,6 @@ function htmlEncode(text) {
 var csrf;
 var suburl;

-// Polyfill for IE9+ support (https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/from)
-if (!Array.from) {
-    Array.from = (function () {
-        var toStr = Object.prototype.toString;
-        var isCallable = function (fn) {
-            return typeof fn === 'function' || toStr.call(fn) === '[object Function]';
-        };
-        var toInteger = function (value) {
-            var number = Number(value);
-            if (isNaN(number)) { return 0; }
-            if (number === 0 || !isFinite(number)) { return number; }
-            return (number > 0 ? 1 : -1) * Math.floor(Math.abs(number));
-        };
-        var maxSafeInteger = Math.pow(2, 53) - 1;
-        var toLength = function (value) {
-            var len = toInteger(value);
-            return Math.min(Math.max(len, 0), maxSafeInteger);
-        };
-
-        // The length property of the from method is 1.
-        return function from(arrayLike/*, mapFn, thisArg */) {
-            // 1. Let C be the this value.
-            var C = this;
-
-            // 2. Let items be ToObject(arrayLike).
-            var items = Object(arrayLike);
-
-            // 3. ReturnIfAbrupt(items).
-            if (arrayLike == null) {
-                throw new TypeError("Array.from requires an array-like object - not null or undefined");
-            }
-
-            // 4. If mapfn is undefined, then let mapping be false.
-            var mapFn = arguments.length > 1 ? arguments[1] : void undefined;
-            var T;
-            if (typeof mapFn !== 'undefined') {
-                // 5. else
-                // 5. a If IsCallable(mapfn) is false, throw a TypeError exception.
-                if (!isCallable(mapFn)) {
-                    throw new TypeError('Array.from: when provided, the second argument must be a function');
-                }
-
-                // 5. b. If thisArg was supplied, let T be thisArg; else let T be undefined.
-                if (arguments.length > 2) {
-                    T = arguments[2];
-                }
-            }
-
-            // 10. Let lenValue be Get(items, "length").
-            // 11. Let len be ToLength(lenValue).
-            var len = toLength(items.length);
-
-            // 13. If IsConstructor(C) is true, then
-            // 13. a. Let A be the result of calling the [[Construct]] internal method of C with an argument list containing the single item len.
-            // 14. a. Else, Let A be ArrayCreate(len).
-            var A = isCallable(C) ? Object(new C(len)) : new Array(len);
-
-            // 16. Let k be 0.
-            var k = 0;
-            // 17. Repeat, while k < len… (also steps a - h)
-            var kValue;
-            while (k < len) {
-                kValue = items[k];
-                if (mapFn) {
-                    A[k] = typeof T === 'undefined' ? mapFn(kValue, k) : mapFn.call(T, kValue, k);
-                } else {
-                    A[k] = kValue;
-                }
-                k += 1;
-            }
-            // 18. Let putStatus be Put(A, "length", len, true).
-            A.length = len;
-            // 20. Return A.
-            return A;
-        };
-    }());
-}
-
-// https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Object/assign
-if (typeof Object.assign != 'function') {
-    // Must be writable: true, enumerable: false, configurable: true
-    Object.defineProperty(Object, "assign", {
-        value: function assign(target, varArgs) { // .length of function is 2
-            'use strict';
-            if (target == null) { // TypeError if undefined or null
-                throw new TypeError('Cannot convert undefined or null to object');
-            }
-
-            var to = Object(target);
-
-            for (var index = 1; index < arguments.length; index++) {
-                var nextSource = arguments[index];
-
-                if (nextSource != null) { // Skip over if undefined or null
-                    for (var nextKey in nextSource) {
-                        // Avoid bugs when hasOwnProperty is shadowed
-                        if (Object.prototype.hasOwnProperty.call(nextSource, nextKey)) {
-                            to[nextKey] = nextSource[nextKey];
-                        }
-                    }
-                }
-            }
-            return to;
-        },
-        writable: true,
-        configurable: true
-    });
-}
-
 function initCommentPreviewTab($form) {
    var $tabMenu = $form.find('.tabular.menu');
    $tabMenu.find('.item').tab();
@@ -2457,6 +2348,7 @@ function initHeatmap(appElementId, heatmapUser, locale) {
                this.getColor(4),
                this.getColor(5)
            ];
+            console.log(this.colorRange);
            this.endDate = new Date();
            this.loadHeatmap(this.user);
        },
--- a/public/less/_base.less
+++ b/public/less/_base.less
@@ -384,12 +384,33 @@ pre, code {

 }

-.ui.floating.dropdown {
-    .overflow.menu {
-        .scrolling.menu.items {
-            border-radius: 0px !important;
-            box-shadow: none !important;
-            border-bottom: 1px solid rgba(34, 36, 38, 0.15);
+.overflow.menu {
+    .items {
+        max-height: 300px;
+        overflow-y: auto;
+        .item {
+            position: relative;
+            cursor: pointer;
+            display: block;
+            border: none;
+            height: auto;
+            border-top: none;
+            line-height: 1em;
+            color: rgba(0,0,0,.8);
+            padding: .71428571em 1.14285714em !important;
+            font-size: 1rem;
+            text-transform: none;
+            font-weight: 400;
+            box-shadow: none;
+            -webkit-touch-callout: none;
+            &.active {
+                font-weight: 700;
+            }
+            &:hover {
+                background: rgba(0,0,0,.05);
+                color: rgba(0,0,0,.8);
+                z-index: 13;
+            }
        }
    }
 }
--- a/public/vendor/librejs.html
+++ b/public/vendor/librejs.html
@@ -48,7 +48,7 @@
        <tr>
          <td><a href="./plugins/vue/vue.min.js">vue.min.js</a></td>
          <td><a href="https://github.com/vuejs/vue/blob/dev/LICENSE">Expat</a></td>
-          <td><a href="https://github.com/vuejs/vue/archive/v2.6.6.tar.gz">vue.js-v2.6.6.tar.gz</a></td>
+          <td><a href="https://github.com/vuejs/vue/archive/v2.1.10.tar.gz">vue.js-v2.1.10.tar.gz</a></td>
        </tr>
        <tr>
          <td><a href="./plugins/emojify/emojify.min.js">emojify.min.js</a></td>
@@ -136,7 +136,7 @@
          <td><a href="https://github.com/swagger-api/swagger-ui/archive/v3.0.4.tar.gz">swagger-ui-v3.0.4.tar.gz</a></td>
        </tr>
        <tr>
-          <td><a href="./plugins/vue-calendar-heatmap/">vue-calendar-heatmap</a></td>
+          <td><a href="./plugins/vue-calendar-heatmap">vue-calendar-heatmap</a></td>
          <td><a href="https://github.com/WildCodeSchool/vue-calendar-heatmap/blob/master/README.md">MIT</a></td>
          <td><a href="https://github.com/WildCodeSchool/vue-calendar-heatmap/archive/master.zip">7f48b20.zip</a></td>
        </tr>
@@ -145,11 +145,6 @@
          <td><a href="https://github.com/moment/moment/blob/develop/LICENSE">MIT</a></td>
          <td><a href="https://github.com/moment/moment/archive/2.22.2.tar.gz">0.4.1.tar.gz</a></td>
        </tr>
-        <tr>
-          <td><a href="./plugins/es6-promise/">es6-promise</a></td>
-          <td><a href="https://github.com/stefanpenner/es6-promise/blob/master/LICENSE">MIT</a></td>
-          <td><a href="https://github.com/stefanpenner/es6-promise/archive/v4.2.6.tar.gz">4.2.6.tar.gz</a></td>
-        </tr>
      </tbody>
    </table>
  </body>
--- a/public/vendor/plugins/es6-promise/es6-promise.auto.min.js
+++ b/public/vendor/plugins/es6-promise/es6-promise.auto.min.js
--- a/public/vendor/plugins/vue/vue.min.js
+++ b/public/vendor/plugins/vue/vue.min.js
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -85,7 +85,7 @@ func sudo() macaron.Handler {
 		}

 		if len(sudo) > 0 {
-			if ctx.IsSigned && ctx.User.IsAdmin {
+			if ctx.User.IsAdmin {
 				user, err := models.GetUserByName(sudo)
 				if err != nil {
 					if models.IsErrUserNotExist(err) {
--- a/routers/api/v1/repo/issue.go
+++ b/routers/api/v1/repo/issue.go
@@ -129,7 +129,7 @@ func GetIssue(ctx *context.APIContext) {
 	// responses:
 	//   "200":
 	//     "$ref": "#/responses/Issue"
-	issue, err := models.GetIssueWithAttrsByIndex(ctx.Repo.Repository.ID, ctx.ParamsInt64(":index"))
+	issue, err := models.GetIssueByIndex(ctx.Repo.Repository.ID, ctx.ParamsInt64(":index"))
 	if err != nil {
 		if models.IsErrIssueNotExist(err) {
 			ctx.Status(404)
--- a/routers/api/v1/repo/issue_label.go
+++ b/routers/api/v1/repo/issue_label.go
@@ -51,11 +51,6 @@ func ListIssueLabels(ctx *context.APIContext) {
 		return
 	}

-	if err := issue.LoadAttributes(); err != nil {
-		ctx.Error(500, "LoadAttributes", err)
-		return
-	}
-
 	apiLabels := make([]*api.Label, len(issue.Labels))
 	for i := range issue.Labels {
 		apiLabels[i] = issue.Labels[i].APIFormat()
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@@ -159,8 +159,6 @@ func HandleCheckKeyStringError(ctx *context.APIContext, err error) {
 // HandleAddKeyError handle add key error
 func HandleAddKeyError(ctx *context.APIContext, err error) {
 	switch {
-	case models.IsErrDeployKeyAlreadyExist(err):
-		ctx.Error(422, "", "This key has already been added to this repository")
 	case models.IsErrKeyAlreadyExist(err):
 		ctx.Error(422, "", "Key content has been used as non-deploy key")
 	case models.IsErrKeyNameAlreadyUsed(err):
--- a/routers/api/v1/repo/pull.go
+++ b/routers/api/v1/repo/pull.go
@@ -668,8 +668,8 @@ func parseCompareInfo(ctx *context.APIContext, form api.CreatePullRequestOption)
 		ctx.ServerError("GetUserRepoPermission", err)
 		return nil, nil, nil, nil, "", ""
 	}
-	if !perm.CanReadIssuesOrPulls(true) {
-		log.Trace("ParseCompareInfo[%d]: cannot create/read pull requests", baseRepo.ID)
+	if !perm.CanWrite(models.UnitTypeCode) {
+		log.Trace("ParseCompareInfo[%d]: does not have write access or site admin", baseRepo.ID)
 		ctx.Status(404)
 		return nil, nil, nil, nil, "", ""
 	}
--- a/routers/api/v1/repo/repo.go
+++ b/routers/api/v1/repo/repo.go
@@ -400,11 +400,6 @@ func Migrate(ctx *context.APIContext, form auth.MigrateRepoForm) {
 		RemoteAddr:  remoteAddr,
 	})
 	if err != nil {
-		if models.IsErrRepoAlreadyExist(err) {
-			ctx.Error(409, "", "The repository with the same name already exists.")
-			return
-		}
-
 		err = util.URLSanitizedError(err, remoteAddr)
 		if repo != nil {
 			if errDelete := models.DeleteRepository(ctx.User, ctxUser.ID, repo.ID); errDelete != nil {
--- a/routers/api/v1/repo/tree.go
+++ b/routers/api/v1/repo/tree.go
@@ -16,30 +16,6 @@ import (

 // GetTree get the tree of a repository.
 func GetTree(ctx *context.APIContext) {
-	// swagger:operation GET /repos/{owner}/{repo}/git/trees/{sha} repository GetTree
-	// ---
-	// summary: Gets the tree of a repository.
-	// produces:
-	// - application/json
-	// parameters:
-	// - name: owner
-	//   in: path
-	//   description: owner of the repo
-	//   type: string
-	//   required: true
-	// - name: repo
-	//   in: path
-	//   description: name of the repo
-	//   type: string
-	//   required: true
-	// - name: sha
-	//   in: path
-	//   description: sha of the commit
-	//   type: string
-	//   required: true
-	// responses:
-	//   "200":
-	//     "$ref": "#/responses/GitTreeResponse"
 	sha := ctx.Params("sha")
 	if len(sha) == 0 {
 		ctx.Error(400, "sha not provided", nil)
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -133,10 +133,3 @@ type swaggerResponseAttachment struct {
 	//in: body
 	Body api.Attachment `json:"body"`
 }
-
-// GitTreeResponse
-// swagger:response GitTreeResponse
-type swaggerGitTreeResponse struct {
-	//in: body
-	Body api.GitTreeResponse `json:"body"`
-}
--- a/routers/home.go
+++ b/routers/home.go
@@ -6,13 +6,11 @@ package routers

 import (
 	"bytes"
-	"net/url"
 	"strings"

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
-	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/search"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/modules/util"
@@ -40,15 +38,6 @@ func Home(ctx *context.Context) {
 		if !ctx.User.IsActive && setting.Service.RegisterEmailConfirm {
 			ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
 			ctx.HTML(200, user.TplActivate)
-		} else if !ctx.User.IsActive || ctx.User.ProhibitLogin {
-			log.Info("Failed authentication attempt for %s from %s", ctx.User.Name, ctx.RemoteAddr())
-			ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-			ctx.HTML(200, "user/auth/prohibit_login")
-		} else if ctx.User.MustChangePassword {
-			ctx.Data["Title"] = ctx.Tr("auth.must_change_password")
-			ctx.Data["ChangePasscodeLink"] = setting.AppSubURL + "/user/change_password"
-			ctx.SetCookie("redirect_to", url.QueryEscape(setting.AppSubURL+ctx.Req.RequestURI), 0, setting.AppSubURL)
-			ctx.Redirect(setting.AppSubURL + "/user/settings/change_password")
 		} else {
 			user.Dashboard(ctx)
 		}
--- a/routers/metrics.go
+++ b/routers/metrics.go
@@ -17,7 +17,7 @@ func Metrics(ctx *context.Context) {
 		promhttp.Handler().ServeHTTP(ctx.Resp, ctx.Req.Request)
 		return
 	}
-	header := ctx.Req.Header.Get("Authorization")
+	header := ctx.Header().Get("Authorization")
 	if header == "" {
 		ctx.Error(401)
 		return
--- a/routers/org/teams.go
+++ b/routers/org/teams.go
@@ -288,6 +288,8 @@ func EditTeamPost(ctx *context.Context, form auth.CreateTeamForm) {
 			})
 		}
 		models.UpdateTeamUnits(t, units)
+	} else {
+		models.UpdateTeamUnits(t, nil)
 	}

 	if ctx.HasError() {
--- a/routers/private/internal.go
+++ b/routers/private/internal.go
@@ -82,7 +82,6 @@ func RegisterRoutes(m *macaron.Macaron) {
 		m.Post("/repositories/:repoid/keys/:keyid/update", UpdateDeployKey)
 		m.Get("/repositories/:repoid/user/:userid/checkunituser", CheckUnitUser)
 		m.Get("/repositories/:repoid/has-keys/:keyid", HasDeployKey)
-		m.Get("/repositories/:repoid/keys/:keyid", GetDeployKey)
 		m.Get("/repositories/:repoid/wiki/init", InitWiki)
 		m.Post("/push/update", PushUpdate)
 		m.Get("/protectedbranch/:pbid/:userid", CanUserPush)
--- a/routers/private/key.go
+++ b/routers/private/key.go
@@ -72,24 +72,6 @@ func GetUserByKeyID(ctx *macaron.Context) {
 	ctx.JSON(200, user)
 }

-//GetDeployKey chainload to models.GetDeployKey
-func GetDeployKey(ctx *macaron.Context) {
-	repoID := ctx.ParamsInt64(":repoid")
-	keyID := ctx.ParamsInt64(":keyid")
-	dKey, err := models.GetDeployKeyByRepo(keyID, repoID)
-	if err != nil {
-		if models.IsErrDeployKeyNotExist(err) {
-			ctx.JSON(404, []byte("not found"))
-			return
-		}
-		ctx.JSON(500, map[string]interface{}{
-			"err": err.Error(),
-		})
-		return
-	}
-	ctx.JSON(200, dKey)
-}
-
 //HasDeployKey chainload to models.HasDeployKey
 func HasDeployKey(ctx *macaron.Context) {
 	repoID := ctx.ParamsInt64(":repoid")
--- a/routers/repo/commit.go
+++ b/routers/repo/commit.go
@@ -201,7 +201,7 @@ func Diff(ctx *context.Context) {
 		commitID = commit.ID.String()
 	}

-	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository, commitID, 0)
+	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository, ctx.Repo.Commit.ID.String(), 0)
 	if err != nil {
 		log.Error(3, "GetLatestCommitStatus: %v", err)
 	}
--- a/routers/repo/editor.go
+++ b/routers/repo/editor.go
@@ -163,11 +163,7 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
 		branchName = form.NewBranchName
 	}

-	form.TreePath = cleanUploadFileName(form.TreePath)
-	if len(form.TreePath) == 0 {
-		ctx.Error(500, "Upload file name is invalid")
-		return
-	}
+	form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
 	treeNames, treePaths := getParentTreeFields(form.TreePath)

 	ctx.Data["TreePath"] = form.TreePath
@@ -377,13 +373,6 @@ func DeleteFile(ctx *context.Context) {
 func DeleteFilePost(ctx *context.Context, form auth.DeleteRepoFileForm) {
 	ctx.Data["PageIsDelete"] = true
 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
-
-	ctx.Repo.TreePath = cleanUploadFileName(ctx.Repo.TreePath)
-	if len(ctx.Repo.TreePath) == 0 {
-		ctx.Error(500, "Delete file name is invalid")
-		return
-	}
-
 	ctx.Data["TreePath"] = ctx.Repo.TreePath
 	canCommit := renderCommitRights(ctx)

@@ -488,12 +477,7 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
 		branchName = form.NewBranchName
 	}

-	form.TreePath = cleanUploadFileName(form.TreePath)
-	if len(form.TreePath) == 0 {
-		ctx.Error(500, "Upload file name is invalid")
-		return
-	}
-
+	form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
 	treeNames, treePaths := getParentTreeFields(form.TreePath)
 	if len(treeNames) == 0 {
 		// We must at least have one element for user to input.
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -113,24 +113,24 @@ func HTTP(ctx *context.Context) {
 				return
 			}

-			// Check if username or password is a token
-			isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic"
-			// Assume username is token
-			authToken := authUsername
-			if !isUsernameToken {
-				// Assume password is token
-				authToken = authPasswd
+			authUser, err = models.UserSignIn(authUsername, authPasswd)
+			if err != nil {
+				if !models.IsErrUserNotExist(err) {
+					ctx.ServerError("UserSignIn error: %v", err)
+					return
+				}
 			}
-			// Assume password is a token.
-			token, err := models.GetAccessTokenBySHA(authToken)
-			if err == nil {
-				if isUsernameToken {
-					authUser, err = models.GetUserByID(token.UID)
-					if err != nil {
-						ctx.ServerError("GetUserByID", err)
-						return
-					}
-				} else {
+
+			if authUser == nil {
+				isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic"
+
+				// Assume username is token
+				authToken := authUsername
+
+				if !isUsernameToken {
+					// Assume password is token
+					authToken = authPasswd
+
 					authUser, err = models.GetUserByName(authUsername)
 					if err != nil {
 						if models.IsErrUserNotExist(err) {
@@ -140,37 +140,37 @@ func HTTP(ctx *context.Context) {
 						}
 						return
 					}
-					if authUser.ID != token.UID {
+				}
+
+				// Assume password is a token.
+				token, err := models.GetAccessTokenBySHA(authToken)
+				if err != nil {
+					if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {
 						ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
+					} else {
+						ctx.ServerError("GetAccessTokenBySha", err)
+					}
+					return
+				}
+
+				if isUsernameToken {
+					authUser, err = models.GetUserByID(token.UID)
+					if err != nil {
+						ctx.ServerError("GetUserByID", err)
 						return
 					}
+				} else if authUser.ID != token.UID {
+					ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
+					return
 				}
+
 				token.UpdatedUnix = util.TimeStampNow()
 				if err = models.UpdateAccessToken(token); err != nil {
 					ctx.ServerError("UpdateAccessToken", err)
 				}
 			} else {
-				if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
-					log.Error(4, "GetAccessTokenBySha: %v", err)
-				}
-			}
-
-			if authUser == nil {
-				// Check username and password
-				authUser, err = models.UserSignIn(authUsername, authPasswd)
-				if err != nil {
-					if !models.IsErrUserNotExist(err) {
-						ctx.ServerError("UserSignIn error: %v", err)
-						return
-					}
-				}
-
-				if authUser == nil {
-					ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
-					return
-				}
-
 				_, err = models.GetTwoFactorByUID(authUser.ID)
+
 				if err == nil {
 					// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
 					ctx.HandleText(http.StatusUnauthorized, "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page")
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -355,7 +355,7 @@ func setTemplateIfExists(ctx *context.Context, ctxDataKey string, possibleFiles
 	}
 }

-// NewIssue render creating issue page
+// NewIssue render createing issue page
 func NewIssue(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("repo.issues.new")
 	ctx.Data["PageIsIssueList"] = true
@@ -494,11 +494,6 @@ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) {
 		return
 	}

-	if util.IsEmptyString(form.Title) {
-		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplIssueNew, form)
-		return
-	}
-
 	issue := &models.Issue{
 		RepoID:      repo.ID,
 		Title:       form.Title,
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@@ -22,7 +22,6 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"

 	"github.com/Unknwon/com"
 )
@@ -684,8 +683,8 @@ func ParseCompareInfo(ctx *context.Context) (*models.User, *models.Repository, *
 		ctx.ServerError("GetUserRepoPermission", err)
 		return nil, nil, nil, nil, "", ""
 	}
-	if !perm.CanReadIssuesOrPulls(true) {
-		log.Trace("ParseCompareInfo[%d]: cannot create/read pull requests", baseRepo.ID)
+	if !perm.CanWrite(models.UnitTypeCode) {
+		log.Trace("ParseCompareInfo[%d]: does not have write access or site admin", baseRepo.ID)
 		ctx.NotFound("ParseCompareInfo", nil)
 		return nil, nil, nil, nil, "", ""
 	}
@@ -861,16 +860,6 @@ func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm)
 		return
 	}

-	if util.IsEmptyString(form.Title) {
-		PrepareCompareDiff(ctx, headUser, headRepo, headGitRepo, prInfo, baseBranch, headBranch)
-		if ctx.Written() {
-			return
-		}
-
-		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplComparePull, form)
-		return
-	}
-
 	patch, err := headGitRepo.GetPatch(prInfo.MergeBase, headBranch)
 	if err != nil {
 		ctx.ServerError("GetPatch", err)
--- a/routers/repo/repo.go
+++ b/routers/repo/repo.go
@@ -256,11 +256,6 @@ func MigratePost(ctx *context.Context, form auth.MigrateRepoForm) {
 		return
 	}

-	if models.IsErrRepoAlreadyExist(err) {
-		ctx.RenderWithErr(ctx.Tr("form.repo_name_been_taken"), tplMigrate, &form)
-		return
-	}
-
 	// remoteAddr may contain credentials, so we sanitize it
 	err = util.URLSanitizedError(err, remoteAddr)

--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -6,7 +6,6 @@
 package repo

 import (
-	"errors"
 	"strings"
 	"time"

@@ -37,7 +36,6 @@ const (
 func Settings(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("repo.settings")
 	ctx.Data["PageIsSettingsOptions"] = true
-	ctx.Data["ForcePrivate"] = setting.Repository.ForcePrivate
 	ctx.HTML(200, tplSettingsOptions)
 }

@@ -96,12 +94,6 @@ func SettingsPost(ctx *context.Context, form auth.RepoSettingForm) {
 		}

 		visibilityChanged := repo.IsPrivate != form.Private
-		// when ForcePrivate enabled, you could change public repo to private, but could not change private to public
-		if visibilityChanged && setting.Repository.ForcePrivate && !form.Private {
-			ctx.ServerError("Force Private enabled", errors.New("cannot change private repository to public"))
-			return
-		}
-
 		repo.IsPrivate = form.Private
 		if err := models.UpdateRepository(repo, visibilityChanged); err != nil {
 			ctx.ServerError("UpdateRepository", err)
@@ -589,9 +581,6 @@ func DeployKeysPost(ctx *context.Context, form auth.AddKeyForm) {
 		case models.IsErrDeployKeyAlreadyExist(err):
 			ctx.Data["Err_Content"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_been_used"), tplDeployKeys, &form)
-		case models.IsErrKeyAlreadyExist(err):
-			ctx.Data["Err_Content"] = true
-			ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplDeployKeys, &form)
 		case models.IsErrKeyNameAlreadyUsed(err):
 			ctx.Data["Err_Title"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_name_used"), tplDeployKeys, &form)
--- a/routers/repo/view.go
+++ b/routers/repo/view.go
@@ -50,7 +50,7 @@ func renderDirectory(ctx *context.Context, treeLink string) {
 	}
 	entries.CustomSort(base.NaturalSortLess)

-	ctx.Data["Files"], err = entries.GetCommitsInfo(ctx.Repo.Commit, ctx.Repo.TreePath, nil)
+	ctx.Data["Files"], err = entries.GetCommitsInfo(ctx.Repo.Commit, ctx.Repo.TreePath)
 	if err != nil {
 		ctx.ServerError("GetCommitsInfo", err)
 		return
--- a/routers/repo/wiki.go
+++ b/routers/repo/wiki.go
@@ -341,11 +341,6 @@ func NewWikiPost(ctx *context.Context, form auth.NewWikiForm) {
 		return
 	}

-	if util.IsEmptyString(form.Title) {
-		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplWikiNew, form)
-		return
-	}
-
 	wikiName := models.NormalizeWikiName(form.Title)
 	if err := ctx.Repo.Repository.AddWikiPage(ctx.User, wikiName, form.Content, form.Message); err != nil {
 		if models.IsErrWikiReservedName(err) {
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@@ -106,7 +106,7 @@ func NewMacaron() *macaron.Macaron {
 		Langs:       setting.Langs,
 		Names:       setting.Names,
 		DefaultLang: "en-US",
-		Redirect:    false,
+		Redirect:    true,
 	}))
 	m.Use(cache.Cacher(cache.Options{
 		Adapter:       setting.CacheService.Adapter,
@@ -643,7 +643,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 			}
 			ctx.Data["CommitsCount"] = ctx.Repo.CommitsCount
 		})
-	}, ignSignIn, context.RepoAssignment(), context.UnitTypes(), reqRepoReleaseReader)
+	}, context.RepoAssignment(), context.UnitTypes(), reqRepoReleaseReader)

 	m.Group("/:username/:reponame", func() {
 		m.Post("/topics", repo.TopicsPost)
--- a/routers/user/auth.go
+++ b/routers/user/auth.go
@@ -161,19 +161,6 @@ func SignInPost(ctx *context.Context, form auth.SignInForm) {
 		} else if models.IsErrEmailAlreadyUsed(err) {
 			ctx.RenderWithErr(ctx.Tr("form.email_been_used"), tplSignIn, &form)
 			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
-		} else if models.IsErrUserProhibitLogin(err) {
-			log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
-			ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-			ctx.HTML(200, "user/auth/prohibit_login")
-		} else if models.IsErrUserInactive(err) {
-			if setting.Service.RegisterEmailConfirm {
-				ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
-				ctx.HTML(200, TplActivate)
-			} else {
-				log.Info("Failed authentication attempt for %s from %s", form.UserName, ctx.RemoteAddr())
-				ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
-				ctx.HTML(200, "user/auth/prohibit_login")
-			}
 		} else {
 			ctx.ServerError("UserSignIn", err)
 		}
--- a/routers/user/auth_openid.go
+++ b/routers/user/auth_openid.go
@@ -115,8 +115,7 @@ func SignInOpenIDPost(ctx *context.Context, form auth.SignInOpenIDForm) {
 	redirectTo := setting.AppURL + "user/login/openid"
 	url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)
 	if err != nil {
-		log.Error(1, "Error in OpenID redirect URL: %s, %v", redirectTo, err.Error())
-		ctx.RenderWithErr(fmt.Sprintf("Unable to find OpenID provider in %s", redirectTo), tplSignInOpenID, &form)
+		ctx.RenderWithErr(err.Error(), tplSignInOpenID, &form)
 		return
 	}

--- a/routers/user/setting/security.go
+++ b/routers/user/setting/security.go
@@ -34,15 +34,10 @@ func Security(ctx *context.Context) {

 // DeleteAccountLink delete a single account link
 func DeleteAccountLink(ctx *context.Context) {
-	id := ctx.QueryInt64("id")
-	if id <= 0 {
-		ctx.Flash.Error("Account link id is not given")
+	if _, err := models.RemoveAccountLink(ctx.User, ctx.QueryInt64("loginSourceID")); err != nil {
+		ctx.Flash.Error("RemoveAccountLink: " + err.Error())
 	} else {
-		if _, err := models.RemoveAccountLink(ctx.User, id); err != nil {
-			ctx.Flash.Error("RemoveAccountLink: " + err.Error())
-		} else {
-			ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
-		}
+		ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
 	}

 	ctx.JSON(200, map[string]interface{}{
--- a/templates/admin/dashboard.tmpl
+++ b/templates/admin/dashboard.tmpl
@@ -100,7 +100,7 @@
 				<dt>{{.i18n.Tr "admin.dashboard.mspan_structures_usage"}}</dt>
 				<dd>{{.SysStatus.MSpanInuse}}</dd>
 				<dt>{{.i18n.Tr "admin.dashboard.mspan_structures_obtained"}}</dt>
-				<dd>{{.SysStatus.MSpanSys}}</dd>
+				<dd>{{.SysStatus.HeapSys}}</dd>
 				<dt>{{.i18n.Tr "admin.dashboard.mcache_structures_usage"}}</dt>
 				<dd>{{.SysStatus.MCacheInuse}}</dd>
 				<dt>{{.i18n.Tr "admin.dashboard.mcache_structures_obtained"}}</dt>
--- a/templates/base/footer.tmpl
+++ b/templates/base/footer.tmpl
@@ -112,7 +112,6 @@
 	<script src="{{AppSubUrl}}/vendor/plugins/semantic/semantic.min.js"></script>
 	<script src="{{AppSubUrl}}/js/index.js?v={{MD5 AppVer}}"></script>
 {{if .EnableHeatmap}}
-	<script src="{{AppSubUrl}}/vendor/plugins/es6-promise/es6-promise.auto.min.js" charset="utf-8"></script>
 	<script src="{{AppSubUrl}}/vendor/plugins/moment/moment.min.js" charset="utf-8"></script>
 	<script src="{{AppSubUrl}}/vendor/plugins/vue-calendar-heatmap/vue-calendar-heatmap.browser.js" charset="utf-8"></script>
 	<script type="text/javascript">
--- a/templates/repo/home.tmpl
+++ b/templates/repo/home.tmpl
@@ -54,8 +54,8 @@
 		<div class="ui stackable secondary menu mobile--margin-between-items mobile--no-negative-margins">
 			{{if and .PullRequestCtx.Allowed .IsViewBranch}}
 				<div class="fitted item">
-					<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{if ne .Repository.Owner.Name .BaseRepo.Owner.Name}}{{.Repository.Owner.Name}}:{{end}}{{.BranchName | EscapePound}}">
-					<button class="ui green tiny compact button"><i class="octicon octicon-git-compare"></i></button>
+					<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{.Repository.Owner.Name}}:{{.BranchName | EscapePound}}">
+						<button class="ui green tiny compact button"><i class="octicon octicon-git-compare"></i></button>
 					</a>
 				</div>
 			{{end}}
--- a/templates/repo/settings/options.tmpl
+++ b/templates/repo/settings/options.tmpl
@@ -19,7 +19,7 @@
 					<div class="inline field">
 						<label>{{.i18n.Tr "repo.visibility"}}</label>
 						<div class="ui checkbox">
-							<input name="private" type="checkbox" {{if .Repository.IsPrivate}}checked{{end}}{{if and $.ForcePrivate .Repository.IsPrivate}} readonly{{end}}>
+							<input name="private" type="checkbox" {{if .Repository.IsPrivate}}checked{{end}}>
 							<label>{{.i18n.Tr "repo.visibility_helper" | Safe}} {{if .Repository.NumForks}}<span class="text red">{{.i18n.Tr "repo.visibility_fork_helper"}}</span>{{end}}</label>
 						</div>
 					</div>
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -1663,46 +1663,6 @@
        }
      }
    },
-    "/repos/{owner}/{repo}/git/trees/{sha}": {
-      "get": {
-        "produces": [
-          "application/json"
-        ],
-        "tags": [
-          "repository"
-        ],
-        "summary": "Gets the tree of a repository.",
-        "operationId": "GetTree",
-        "parameters": [
-          {
-            "type": "string",
-            "description": "owner of the repo",
-            "name": "owner",
-            "in": "path",
-            "required": true
-          },
-          {
-            "type": "string",
-            "description": "name of the repo",
-            "name": "repo",
-            "in": "path",
-            "required": true
-          },
-          {
-            "type": "string",
-            "description": "sha of the commit",
-            "name": "sha",
-            "in": "path",
-            "required": true
-          }
-        ],
-        "responses": {
-          "200": {
-            "$ref": "#/responses/GitTreeResponse"
-          }
-        }
-      }
-    },
    "/repos/{owner}/{repo}/hooks": {
      "get": {
        "produces": [
@@ -7080,38 +7040,6 @@
      },
      "x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
    },
-    "GitEntry": {
-      "description": "GitEntry represents a git tree",
-      "type": "object",
-      "properties": {
-        "mode": {
-          "type": "string",
-          "x-go-name": "Mode"
-        },
-        "path": {
-          "type": "string",
-          "x-go-name": "Path"
-        },
-        "sha": {
-          "type": "string",
-          "x-go-name": "SHA"
-        },
-        "size": {
-          "type": "integer",
-          "format": "int64",
-          "x-go-name": "Size"
-        },
-        "type": {
-          "type": "string",
-          "x-go-name": "Type"
-        },
-        "url": {
-          "type": "string",
-          "x-go-name": "URL"
-        }
-      },
-      "x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
-    },
    "GitObject": {
      "type": "object",
      "title": "GitObject represents a Git object.",
@@ -7131,32 +7059,6 @@
      },
      "x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
    },
-    "GitTreeResponse": {
-      "description": "GitTreeResponse returns a git tree",
-      "type": "object",
-      "properties": {
-        "sha": {
-          "type": "string",
-          "x-go-name": "SHA"
-        },
-        "tree": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/GitEntry"
-          },
-          "x-go-name": "Entries"
-        },
-        "truncated": {
-          "type": "boolean",
-          "x-go-name": "Truncated"
-        },
-        "url": {
-          "type": "string",
-          "x-go-name": "URL"
-        }
-      },
-      "x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
-    },
    "Issue": {
      "description": "Issue represents an issue in a repository",
      "type": "object",
@@ -8298,12 +8200,6 @@
        }
      }
    },
-    "GitTreeResponse": {
-      "description": "GitTreeResponse",
-      "schema": {
-        "$ref": "#/definitions/GitTreeResponse"
-      }
-    },
    "Hook": {
      "description": "Hook",
      "schema": {
--- a/templates/user/dashboard/dashboard.tmpl
+++ b/templates/user/dashboard/dashboard.tmpl
@@ -44,14 +44,12 @@
 						<div v-show="tab === 'repos'" class="ui tab active list dashboard-repos">
 							<h4 class="ui top attached header">
 								{{.i18n.Tr "home.my_repos"}} <span class="ui grey label">${reposTotalCount}</span>
-								{{if or (not .ContextUser.IsOrganization) .IsOrganizationOwner}}
 								<div class="ui right">
-									<a class="poping up" :href="suburl + '/repo/create{{if .ContextUser.IsOrganization}}?org={{.ContextUser.ID}}{{end}}'" data-content="{{.i18n.Tr "new_repo"}}" data-variation="tiny inverted" data-position="left center">
+									<a class="poping up" :href="suburl + '/repo/create'" data-content="{{.i18n.Tr "new_repo"}}" data-variation="tiny inverted" data-position="left center">
 										<i class="plus icon"></i>
 										<span class="sr-only">{{.i18n.Tr "new_repo"}}</span>
 									</a>
 								</div>
-								{{end}}
 							</h4>
 							<div class="ui attached secondary segment repos-search">
 								<div class="ui fluid icon input" :class="{loading: isLoading}">
--- a/templates/user/dashboard/navbar.tmpl
+++ b/templates/user/dashboard/navbar.tmpl
@@ -11,7 +11,7 @@
 					<div class="ui header">
 						{{.i18n.Tr "home.switch_dashboard_context"}}
 					</div>
-					<div class="scrolling menu items">
+					<div class="items">
 						<a class="{{if eq .ContextUser.ID .SignedUser.ID}}active selected{{end}} item" href="{{AppSubUrl}}/{{if .PageIsIssues}}issues{{else if .PageIsPulls}}pulls{{end}}">
 							<img class="ui avatar image" src="{{.SignedUser.RelAvatarLink}}">
 							{{.SignedUser.Name}}
--- a/vendor/code.gitea.io/git/cache.go
+++ b/vendor/code.gitea.io/git/cache.go
@@ -1,11 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package git
-
-// LastCommitCache cache
-type LastCommitCache interface {
-	Get(repoPath, ref, entryPath string) (*Commit, error)
-	Put(repoPath, ref, entryPath string, commit *Commit) error
-}
--- a/vendor/code.gitea.io/git/commit.go
+++ b/vendor/code.gitea.io/git/commit.go
@@ -1,5 +1,4 @@
 // Copyright 2015 The Gogs Authors. All rights reserved.
-// Copyright 2018 The Gitea Authors. All rights reserved.
 // Use of this source code is governed by a MIT-style
 // license that can be found in the LICENSE file.

@@ -10,7 +9,6 @@ import (
 	"bytes"
 	"container/list"
 	"fmt"
-	"io"
 	"net/http"
 	"strconv"
 	"strings"
@@ -18,7 +16,6 @@ import (

 // Commit represents a git commit.
 type Commit struct {
-	Branch string // Branch this commit belongs to
 	Tree
 	ID            SHA1 // The ID of this commit object
 	Author        *Signature
@@ -282,56 +279,6 @@ func (c *Commit) GetSubModule(entryname string) (*SubModule, error) {
 	return nil, nil
 }

-// CommitFileStatus represents status of files in a commit.
-type CommitFileStatus struct {
-	Added    []string
-	Removed  []string
-	Modified []string
-}
-
-// NewCommitFileStatus creates a CommitFileStatus
-func NewCommitFileStatus() *CommitFileStatus {
-	return &CommitFileStatus{
-		[]string{}, []string{}, []string{},
-	}
-}
-
-// GetCommitFileStatus returns file status of commit in given repository.
-func GetCommitFileStatus(repoPath, commitID string) (*CommitFileStatus, error) {
-	stdout, w := io.Pipe()
-	done := make(chan struct{})
-	fileStatus := NewCommitFileStatus()
-	go func() {
-		scanner := bufio.NewScanner(stdout)
-		for scanner.Scan() {
-			fields := strings.Fields(scanner.Text())
-			if len(fields) < 2 {
-				continue
-			}
-
-			switch fields[0][0] {
-			case 'A':
-				fileStatus.Added = append(fileStatus.Added, fields[1])
-			case 'D':
-				fileStatus.Removed = append(fileStatus.Removed, fields[1])
-			case 'M':
-				fileStatus.Modified = append(fileStatus.Modified, fields[1])
-			}
-		}
-		done <- struct{}{}
-	}()
-
-	stderr := new(bytes.Buffer)
-	err := NewCommand("show", "--name-status", "--pretty=format:''", commitID).RunInDirPipeline(repoPath, w, stderr)
-	w.Close() // Close writer to exit parsing goroutine
-	if err != nil {
-		return nil, concatenateError(err, stderr.String())
-	}
-
-	<-done
-	return fileStatus, nil
-}
-
 // GetFullCommitID returns full length (40) of commit ID by given short SHA in a repository.
 func GetFullCommitID(repoPath, shortID string) (string, error) {
 	if len(shortID) >= 40 {
--- a/vendor/code.gitea.io/git/commit_info.go
+++ b/vendor/code.gitea.io/git/commit_info.go
@@ -72,20 +72,13 @@ func (state *getCommitsInfoState) getTargetedEntryPath() string {
 }

 // repeatedly perform targeted searches for unpopulated entries
-func targetedSearch(state *getCommitsInfoState, done chan error, cache LastCommitCache) {
+func targetedSearch(state *getCommitsInfoState, done chan error) {
 	for {
 		entryPath := state.getTargetedEntryPath()
 		if len(entryPath) == 0 {
 			done <- nil
 			return
 		}
-		if cache != nil {
-			commit, err := cache.Get(state.headCommit.repo.Path, state.headCommit.ID.String(), entryPath)
-			if err == nil && commit != nil {
-				state.update(entryPath, commit)
-				continue
-			}
-		}
 		command := NewCommand("rev-list", "-1", state.headCommit.ID.String(), "--", entryPath)
 		output, err := command.RunInDir(state.headCommit.repo.Path)
 		if err != nil {
@@ -103,9 +96,6 @@ func targetedSearch(state *getCommitsInfoState, done chan error, cache LastCommi
 			return
 		}
 		state.update(entryPath, commit)
-		if cache != nil {
-			cache.Put(state.headCommit.repo.Path, state.headCommit.ID.String(), entryPath, commit)
-		}
 	}
 }

@@ -128,9 +118,9 @@ func initGetCommitInfoState(entries Entries, headCommit *Commit, treePath string
 }

 // GetCommitsInfo gets information of all commits that are corresponding to these entries
-func (tes Entries) GetCommitsInfo(commit *Commit, treePath string, cache LastCommitCache) ([][]interface{}, error) {
+func (tes Entries) GetCommitsInfo(commit *Commit, treePath string) ([][]interface{}, error) {
 	state := initGetCommitInfoState(tes, commit, treePath)
-	if err := getCommitsInfo(state, cache); err != nil {
+	if err := getCommitsInfo(state); err != nil {
 		return nil, err
 	}
 	if len(state.commits) < len(state.entryPaths) {
@@ -198,7 +188,7 @@ func (state *getCommitsInfoState) update(entryPath string, commit *Commit) bool

 const getCommitsInfoPretty = "--pretty=format:%H %ct %s"

-func getCommitsInfo(state *getCommitsInfoState, cache LastCommitCache) error {
+func getCommitsInfo(state *getCommitsInfoState) error {
 	ctx, cancel := context.WithTimeout(context.Background(), 1*time.Minute)
 	defer cancel()

@@ -225,7 +215,7 @@ func getCommitsInfo(state *getCommitsInfoState, cache LastCommitCache) error {
 	numThreads := runtime.NumCPU()
 	done := make(chan error, numThreads)
 	for i := 0; i < numThreads; i++ {
-		go targetedSearch(state, done, cache)
+		go targetedSearch(state, done)
 	}

 	scanner := bufio.NewScanner(readCloser)
--- a/vendor/code.gitea.io/git/repo_commit.go
+++ b/vendor/code.gitea.io/git/repo_commit.go
@@ -10,7 +10,7 @@ import (
 	"strconv"
 	"strings"

-	version "github.com/mcuadros/go-version"
+	"github.com/mcuadros/go-version"
 )

 // GetRefCommitID returns the last commit ID string of given reference (branch or tag).
@@ -32,14 +32,7 @@ func (repo *Repository) GetBranchCommitID(name string) (string, error) {

 // GetTagCommitID returns last commit ID string of given tag.
 func (repo *Repository) GetTagCommitID(name string) (string, error) {
-	stdout, err := NewCommand("rev-list", "-n", "1", name).RunInDir(repo.Path)
-	if err != nil {
-		if strings.Contains(err.Error(), "unknown revision or path") {
-			return "", ErrNotExist{name, ""}
-		}
-		return "", err
-	}
-	return strings.TrimSpace(stdout), nil
+	return repo.GetRefCommitID(TagPrefix + name)
 }

 // parseCommitData parses commit information from the (uncompressed) raw
@@ -101,11 +94,7 @@ l:
 				sig, err := newGPGSignatureFromCommitline(data, (nextline+1)+sigindex, true)
 				if err == nil && sig != nil {
 					// remove signature from commit message
-					if sigindex == 0 {
-						cm = ""
-					} else {
-						cm = cm[:sigindex-1]
-					}
+					cm = cm[:sigindex-1]
 					commit.Signature = sig
 				}
 			}
@@ -141,14 +130,6 @@ func (repo *Repository) getCommit(id SHA1) (*Commit, error) {
 	commit.repo = repo
 	commit.ID = id

-	data, err = NewCommand("name-rev", id.String()).RunInDirBytes(repo.Path)
-	if err != nil {
-		return nil, err
-	}
-
-	// name-rev commitID ouput will be "COMMIT_ID master" or "COMMIT_ID master~12"
-	commit.Branch = strings.Split(strings.Split(string(data), " ")[1], "~")[0]
-
 	repo.commitCache.Set(id.String(), commit)
 	return commit, nil
 }
@@ -157,14 +138,10 @@ func (repo *Repository) getCommit(id SHA1) (*Commit, error) {
 func (repo *Repository) GetCommit(commitID string) (*Commit, error) {
 	if len(commitID) != 40 {
 		var err error
-		actualCommitID, err := NewCommand("rev-parse", commitID).RunInDir(repo.Path)
+		commitID, err = NewCommand("rev-parse", commitID).RunInDir(repo.Path)
 		if err != nil {
-			if strings.Contains(err.Error(), "unknown revision or path") {
-				return nil, ErrNotExist{commitID, ""}
-			}
 			return nil, err
 		}
-		commitID = actualCommitID
 	}
 	id, err := NewIDFromString(commitID)
 	if err != nil {
--- a/vendor/code.gitea.io/git/repo_tag.go
+++ b/vendor/code.gitea.io/git/repo_tag.go
@@ -76,12 +76,12 @@ func (repo *Repository) getTag(id SHA1) (*Tag, error) {

 // GetTag returns a Git tag by given name.
 func (repo *Repository) GetTag(name string) (*Tag, error) {
-	idStr, err := repo.GetTagCommitID(name)
+	stdout, err := NewCommand("show-ref", "--tags", name).RunInDir(repo.Path)
 	if err != nil {
 		return nil, err
 	}

-	id, err := NewIDFromString(idStr)
+	id, err := NewIDFromString(strings.Split(stdout, " ")[0])
 	if err != nil {
 		return nil, err
 	}
@@ -103,18 +103,26 @@ func (repo *Repository) GetTagInfos() ([]*Tag, error) {
 	}

 	tagNames := strings.Split(stdout, "\n")
-	var tags = make([]*Tag, 0, len(tagNames))
+	var tags []*Tag
 	for _, tagName := range tagNames {
 		tagName = strings.TrimSpace(tagName)
 		if len(tagName) == 0 {
 			continue
 		}
-
-		tag, err := repo.GetTag(tagName)
+		commitID, err := NewCommand("rev-parse", tagName).RunInDir(repo.Path)
 		if err != nil {
 			return nil, err
 		}
-		tags = append(tags, tag)
+		commit, err := repo.GetCommit(commitID)
+		if err != nil {
+			return nil, err
+		}
+		tags = append(tags, &Tag{
+			Name:    tagName,
+			Message: commit.Message(),
+			Object:  commit.ID,
+			Tagger:  commit.Author,
+		})
 	}
 	sortTagsByTime(tags)
 	return tags, nil
--- a/vendor/code.gitea.io/git/submodule.go
+++ b/vendor/code.gitea.io/git/submodule.go
@@ -29,12 +29,13 @@ func NewSubModuleFile(c *Commit, refURL, refID string) *SubModuleFile {
 	}
 }

-func getRefURL(refURL, urlPrefix, parentPath string) string {
-	if refURL == "" {
+// RefURL guesses and returns reference URL.
+func (sf *SubModuleFile) RefURL(urlPrefix string, parentPath string) string {
+	if sf.refURL == "" {
 		return ""
 	}

-	url := strings.TrimSuffix(refURL, ".git")
+	url := strings.TrimSuffix(sf.refURL, ".git")

 	// git://xxx/user/repo
 	if strings.HasPrefix(url, "git://") {
@@ -66,21 +67,12 @@ func getRefURL(refURL, urlPrefix, parentPath string) string {
 		if strings.Contains(urlPrefix, url[i+1:j]) {
 			return urlPrefix + url[j+1:]
 		}
-		if strings.HasPrefix(url, "ssh://") || strings.HasPrefix(url, "git+ssh://") {
-			k := strings.Index(url[j+1:], "/")
-			return "http://" + url[i+1:j] + "/" + url[j+1:][k+1:]
-		}
 		return "http://" + url[i+1:j] + "/" + url[j+1:]
 	}

 	return url
 }

-// RefURL guesses and returns reference URL.
-func (sf *SubModuleFile) RefURL(urlPrefix string, parentPath string) string {
-	return getRefURL(sf.refURL, urlPrefix, parentPath)
-}
-
 // RefID returns reference ID.
 func (sf *SubModuleFile) RefID() string {
 	return sf.refID
--- a/vendor/code.gitea.io/git/tree.go
+++ b/vendor/code.gitea.io/git/tree.go
@@ -18,9 +18,6 @@ type Tree struct {

 	entries       Entries
 	entriesParsed bool
-
-	entriesRecursive 	Entries
-	entriesRecursiveParsed 	bool
 }

 // NewTree create a new tree according the repository and commit id
@@ -70,29 +67,20 @@ func (t *Tree) ListEntries() (Entries, error) {
 	if err != nil {
 		return nil, err
 	}
-
 	t.entries, err = parseTreeEntries(stdout, t)
-	if err == nil {
-		t.entriesParsed = true
-	}
-
 	return t.entries, err
 }

 // ListEntriesRecursive returns all entries of current tree recursively including all subtrees
 func (t *Tree) ListEntriesRecursive() (Entries, error) {
-	if t.entriesRecursiveParsed {
-		return t.entriesRecursive, nil
+	if t.entriesParsed {
+		return t.entries, nil
 	}
 	stdout, err := NewCommand("ls-tree", "-t", "-r", t.ID.String()).RunInDirBytes(t.repo.Path)
+
 	if err != nil {
 		return nil, err
 	}
-
-	t.entriesRecursive, err = parseTreeEntries(stdout, t)
-	if err == nil {
-		t.entriesRecursiveParsed = true
-	}
-
-	return t.entriesRecursive, err
+	t.entries, err = parseTreeEntries(stdout, t)
+	return t.entries, err
 }
--- a/vendor/github.com/go-xorm/xorm/dialect_postgres.go
+++ b/vendor/github.com/go-xorm/xorm/dialect_postgres.go
@@ -822,7 +822,7 @@ func (db *postgres) SqlType(c *core.Column) string {
 	case core.NVarchar:
 		res = core.Varchar
 	case core.Uuid:
-		return core.Uuid
+		res = core.Uuid
 	case core.Blob, core.TinyBlob, core.MediumBlob, core.LongBlob:
 		return core.Bytea
 	case core.Double:
@@ -834,10 +834,6 @@ func (db *postgres) SqlType(c *core.Column) string {
 		res = t
 	}

-	if strings.EqualFold(res, "bool") {
-		// for bool, we don't need length information
-		return res
-	}
 	hasLen1 := (c.Length > 0)
 	hasLen2 := (c.Length2 > 0)

--- a/vendor/github.com/go-xorm/xorm/engine.go
+++ b/vendor/github.com/go-xorm/xorm/engine.go
@@ -481,8 +481,7 @@ func (engine *Engine) dumpTables(tables []*core.Table, w io.Writer, tp ...core.D
 		}

 		cols := table.ColumnsSeq()
-		colNames := engine.dialect.Quote(strings.Join(cols, engine.dialect.Quote(", ")))
-		destColNames := dialect.Quote(strings.Join(cols, dialect.Quote(", ")))
+		colNames := dialect.Quote(strings.Join(cols, dialect.Quote(", ")))

 		rows, err := engine.DB().Query("SELECT " + colNames + " FROM " + engine.Quote(table.Name))
 		if err != nil {
@@ -497,7 +496,7 @@ func (engine *Engine) dumpTables(tables []*core.Table, w io.Writer, tp ...core.D
 				return err
 			}

-			_, err = io.WriteString(w, "INSERT INTO "+dialect.Quote(table.Name)+" ("+destColNames+") VALUES (")
+			_, err = io.WriteString(w, "INSERT INTO "+dialect.Quote(table.Name)+" ("+colNames+") VALUES (")
 			if err != nil {
 				return err
 			}
--- a/vendor/gopkg.in/ldap.v2/LICENSE
+++ b/vendor/gopkg.in/ldap.v2/LICENSE
@@ -0,0 +1,27 @@
+Copyright (c) 2012 The Go Authors. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:
+
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/vendor/gopkg.in/ldap.v2/add.go
+++ b/vendor/gopkg.in/ldap.v2/add.go
@@ -41,8 +41,6 @@ type AddRequest struct {
 	DN string
 	// Attributes list the attributes of the new entry
 	Attributes []Attribute
-	// Controls hold optional controls to send with the request
-	Controls []Control
 }

 func (a AddRequest) encode() *ber.Packet {
@@ -62,10 +60,9 @@ func (a *AddRequest) Attribute(attrType string, attrVals []string) {
 }

 // NewAddRequest returns an AddRequest for the given DN, with no attributes
-func NewAddRequest(dn string, controls []Control) *AddRequest {
+func NewAddRequest(dn string) *AddRequest {
 	return &AddRequest{
-		DN:       dn,
-		Controls: controls,
+		DN: dn,
 	}

 }
@@ -75,9 +72,6 @@ func (l *Conn) Add(addRequest *AddRequest) error {
 	packet := ber.Encode(ber.ClassUniversal, ber.TypeConstructed, ber.TagSequence, nil, "LDAP Request")
 	packet.AppendChild(ber.NewInteger(ber.ClassUniversal, ber.TypePrimitive, ber.TagInteger, l.nextMessageID(), "MessageID"))
 	packet.AppendChild(addRequest.encode())
-	if len(addRequest.Controls) > 0 {
-		packet.AppendChild(encodeControls(addRequest.Controls))
-	}

 	l.Debug.PrintPacket(packet)

@@ -106,9 +100,9 @@ func (l *Conn) Add(addRequest *AddRequest) error {
 	}

 	if packet.Children[1].Tag == ApplicationAddResponse {
-		err := GetLDAPError(packet)
-		if err != nil {
-			return err
+		resultCode, resultDescription := getLDAPResultCode(packet)
+		if resultCode != 0 {
+			return NewError(resultCode, errors.New(resultDescription))
 		}
 	} else {
 		log.Printf("Unexpected Response: %d", packet.Children[1].Tag)
--- a/Show More
+++ b/Show More