1.9.0-RC1 changelog (#7367 )

[skip ci] Updated translations via Crowdin
ui - issue view - fix icon position (#7354 )
2025-07-21 17:41:16 +02:00 · 2019-07-06 19:00:49 -04:00 · 2019-07-06 22:14:41 +00:00 · 2019-07-06 18:03:00 -04:00 · 2019-07-06 22:37:46 +01:00 · 2019-07-06 16:32:15 -04:00
2448 changed files with 271612 additions and 46230 deletions
--- a/.drone.yml
+++ b/.drone.yml
--- a/.eslintrc
+++ b/.eslintrc
@@ -0,0 +1,25 @@
+root: true
+
+extends:
+  - eslint:recommended
+
+parserOptions:
+  ecmaVersion: 2015
+
+env:
+  browser: true
+  jquery: true
+  es6: true
+
+globals:
+  Clipboard: false
+  CodeMirror: false
+  emojify: false
+  SimpleMDE: false
+  Vue: false
+  Dropzone: false
+  u2fApi: false
+  hljs: false
+
+rules:
+  no-unused-vars: [error, {args: all, argsIgnorePattern: ^_, varsIgnorePattern: ^_, ignoreRestSiblings: true}]
--- a/.github/FUNDING.yml
+++ b/.github/FUNDING.yml
@@ -0,0 +1 @@
+open_collective: gitea
--- a/.gitignore
+++ b/.gitignore
@@ -66,7 +66,8 @@ coverage.all
 /integrations/mssql.ini
 /node_modules
 /modules/indexer/issues/indexers
-
+routers/repo/authorized_keys
+/yarn.lock

 # Snapcraft
 snap/.snapcraft/
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -0,0 +1,97 @@
+linters:
+  enable:
+    - gosimple
+    - deadcode
+    - typecheck
+    - govet
+    - errcheck
+    - staticcheck
+    - unused
+    - structcheck
+    - varcheck
+    - golint
+    - dupl
+    #- gocyclo # The cyclomatic complexety of a lot of functions is too high, we should refactor those another time.
+    - gofmt
+    - misspell
+    - gocritic
+  enable-all: false
+  disable-all: true
+  fast: false
+
+linters-settings:
+  gocritic:
+    disabled-checks:
+      - ifElseChain
+      - singleCaseSwitch # Every time this occured in the code, there  was no other way.
+
+issues:
+  exclude-rules:
+    # Exclude some linters from running on tests files.
+    - path: _test\.go
+      linters:
+        - gocyclo
+        - errcheck
+        - dupl
+        - gosec
+        - unparam
+        - staticcheck
+    - path: models/migrations/v
+      linters:
+        - gocyclo
+        - errcheck
+        - dupl
+        - gosec
+    - linters:
+        - dupl
+      text: "webhook"
+    - linters:
+        - gocritic
+      text: "`ID' should not be capitalized"
+    - path: modules/templates/helper.go
+      linters:
+        - gocritic
+    - linters:
+        - unused
+        - deadcode
+      text: "swagger"
+    - path: contrib/pr/checkout.go
+      linters:
+        - errcheck
+    - path: models/issue.go
+      linters:
+        - errcheck
+    - path: models/migrations/
+      linters:
+        - errcheck
+    - path: modules/log/
+      linters:
+        - errcheck
+    - path: routers/routes/routes.go
+      linters:
+        - dupl
+    - path: routers/repo/view.go
+      linters:
+        - dupl
+    - path: models/migrations/
+      linters:
+        - unused
+    - linters:
+        - staticcheck
+      text: "argument x is overwritten before first use"
+    - path: modules/httplib/httplib.go
+      linters:
+        - staticcheck
+    # Enabling this would require refactoring the methods and how they are called.
+    - path: models/issue_comment_list.go
+      linters:
+        - dupl
+    # "Destroy" is misspelled in github.com/go-macaron/session/session.go:213 so it's not our responsability to fix it
+    - path: modules/session/virtual.go
+      linters:
+        - misspell
+      text: '`Destory` is a misspelling of `Destroy`'
+    - path: modules/session/memory.go
+      linters:
+        - misspell
+      text: '`Destory` is a misspelling of `Destroy`'
--- a/.npmrc
+++ b/.npmrc
@@ -0,0 +1 @@
+save-exact=true
--- a/.stylelintrc
+++ b/.stylelintrc
@@ -0,0 +1,11 @@
+extends: stylelint-config-standard
+
+rules:
+  block-closing-brace-empty-line-before: null
+  color-hex-length: null
+  comment-empty-line-before: null
+  declaration-empty-line-before: null
+  indentation: 4
+  no-descending-specificity: null
+  rule-empty-line-before: null
+  selector-pseudo-element-colon-notation: null
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,7 +4,380 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

-## [1.8.0-rc1](https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc1) - 2019-03-18
+## [1.9.0-RC1](https://github.com/go-gitea/gitea/releases/tag/v1.9.0-rc1) - 2019-07-06
+* BREAKING
+  * Better logging (#6038) (#6095)
+* FEATURE
+  * Content API for Creating, Updating, Deleting Files (#6314)
+  * Enable tls-alpn-01: Use certmanager provided TLSConfig for LetsEncrypt (#7229)
+  * Add command to convert mysql database from utf8 to utf8mb4 (#7144)
+  * Fixes #2738 - Adds the /git/tags API endpoint (#7138)
+  * Compare branches, commits and tags with each other (#6991)
+  * Show Pull Request button or status of latest PR in branch list (#6990)
+  * Repository avatars (#6986)
+  * Show git-notes (#6984)
+  * Add commit statuses reports on pull request view (#6845)
+  * Number of commits ahead/behind in branch overview (#6695)
+  * Add CLI commands to manage LDAP authentication source (#6681)
+  * Add support for MS Teams webhooks (#6632)
+  * OAuth2 Grant UI (#6625)
+  * Add SUBJECT_PREFIX mailer config option (#6605)
+  * Include custom configuration file in dump (#6516)
+  * Add API for manipulating Git hooks (#6436)
+  * Improve migrations to support migrating milestones/labels/issues/comments/pullrequests (#6290)
+  * Add option to blame files (#5721)
+  * Implement Default Webhooks (#4299)
+  * Telegram webhook (#4227)
+* BUGFIXES
+  * Correctly adjust mirror url (#6593)
+  * Handle early git version's lack of get-url (#7065)
+  * Fix icon position in issue view (#7354)
+  * Cut timeline length with last element on issue view (#7355)
+  * Fix mirror repository webhooks (#7366)
+  * Fix api route for hooks (#7346)
+  * Fix bug conflict between SyncReleasesWithTags and InsertReleases (#7337)
+  * Fix pull view ui merge section (#7335)
+  * Fix 7303 - remove unnessesary buttons on archived repos (#7326)
+  * Fix topic bar to allow prefixes (#7325)
+  * Fixes #7152 - Allow create/update/delete message to be empty, use default message (#7324)
+  * Fixes #7238 - Annotated tag commit ID incorrect (#7321)
+  * Dark theme fixes (#7319)
+  * Gitea own dark codemirror theme (#7317)
+  * Fixes #7292 - API File Contents bug (#7301)
+  * Fix API link header (#7298)
+  * Fix extra newlines when copying from diff in Firefox (#7288)
+  * Make diff line-marker non-selectable (#7279)
+  * Fix Submodule dection in subdir (#7275)
+  * Fix error log when loading issues caused by a xorm bug (#7271)
+  * Add .fa icon margin like .octicon (#7258)
+  * Fix hljs unintenionally highlighting commit links (#7244)
+  * Only check and config git on web subcommand but not others (#7236)
+  * Fix migration panic when Head.User is not exist (#7226)
+  * Only warn on errors in deleting LFS orphaned files during repo deletion (#7213)
+  * Fix duplicated file on pull request conflicted files (#7211)
+  * Allow colon between fixing word and issue (#7207)
+  * Fix overflow issues in repo (#7190)
+  * API error cleanup (#7186)
+  * Add error for fork already existing (#7185)
+  * Fixes diff on merged pull requests (#7171)
+  * If milestone id is zero don't get it from database (#7169)
+  * Fix pusher name via ssh push (#7167)
+  * Fix database lock when use random repository fallback image (#7166)
+  * Various fixes for issue mail notifications (#7165)
+  * Allow archived repos to be (un)starred and (un)watched (#7163)
+  * Fix GCArgs load from ini (#7156)
+  * Detect noreply email address as user (#7133)
+  * Avoid arbitrary format strings upon calling fail() function (#7112)
+  * Validate External Tracker URL Format (#7089)
+  * Repository avatar fallback configuration (#7087)
+  * Fix #732: Add LFS objects to base repository on merging  (#7082)
+  * Install page - Handle invalid administrator username better (#7060)
+  * Workaround for posting single comments in split diff view (#7052)
+  * Fix possbile mysql invalid connnection error (#7051)
+  * Fix charset was not saved after installation finished (#7048)
+  * Handle insecure and ports in go get (#7041)
+  * Avoid bad database state after failed migration (#7040)
+  * Fix wrong init dependency on markup extensions (#7038)
+  * Fix default for allowing new organization creation for new users (#7017)
+  * Fix content download and /verify LFS handler expecting wrong content-type (#7015)
+  * Fix missing repo description when migrating (#7000)
+  * Fix LFS Locks over SSH (#6999)
+  * Do not attempt to return blob on submodule (#6996)
+  * Fix U2F for Chrome >= 74 (#6980)
+  * Fix index produces problem when issues/pulls deleted (#6973)
+  * Allow collaborators to view repo owned by private org (#6965)
+  * Stop running hooks on pr merge (#6963)
+  * Run hooks on merge/edit and cope with protected branches (#6961)
+  * Webhook Logs show proper HTTP Method, and allow change HTTP method in form (#6953)
+  * Stop colorizing log files by default (#6949)
+  * Rotate serv.log, http.log and hook logs and stop stacktracing in these (#6935)
+  * Fix plain text overflow line wrap (#6915)
+  * Fix input size for dependency select (#6913)
+  * Change drone token name to let users know to use oauth2 (#6912)
+  * Fix syntax highlight in blame view #6895 (#6909)
+  * Use AppURL for Oauth user link (#6894)
+  * Fixes #6881 - API users search fix (#6882)
+  * Fix 404 when send pull request some situation  (#6871)
+  * Enforce osusergo build tag for releases (#6862)
+  * Fix 500 when reviewer is deleted with integration tests (#6856)
+  * Fix v85.go (#6851)
+  * Make dropTableColumns drop columns on sqlite and constraints on all (#6849)
+  * Fix double-generation of scratch token (#6832) (#6833)
+  * When mirroring we should set the remote to mirror (#6824)
+  * Fix the v78 migration "Drop is_bare" on MSSQL #6707 (#6823)
+  * Change verbose flag in dump command to avoid colliding with global version flag (#6822)
+  * Fix #6813: Allow git.GetTree to take both commit and tree names (#6816)
+  * Remove `seen` map from `getLastCommitForPaths` (#6807)
+  * Show scrollbar only when needed (#6802)
+  * Restore IsWindows variable assignment (#6722) (#6790)
+  * Service worker js is a missing comma (#6788)
+  * Fix team edit API panic (#6780)
+  * Set user search base field optional in LDAP (simple auth) edit page (#6779)
+  * Ignore already existing public keys after ldap sync (#6766)
+  * Fix pulls broken when fork repository deleted (#6754)
+  * Fix missing return (#6751)
+  * Fix new team 500 (#6749)
+  * OAuth2 token can be used in basic auth (#6747)
+  * Fix org visibility bug when git cloning (#6743)
+  * Fix bug when sort repos on org home page login with non-admin (#6741)
+  * Stricter domain name pattern in email regex (#6739)
+  * Fix admin template error (#6737)
+  * Drop is_bare IDX only when it exists for MySQL and MariaDB (#6736)
+  * UI: Detect and restore encoding and BOM in content  (#6727)
+  * Load issue attributes when editing an issue with API (#6723)
+  * Fix team members API (#6714)
+  * Unfortunately MemProvider Init does not actually Init properly (#6692)
+  * Fix partial reversion of #6657 caused by #6314 (#6685)
+  * Prevent creating empty sessions (#6677)
+  * Fixes #6659 - Swagger schemes selection default to page's protocol (#6660)
+  * Update highlight.js to 9.15.6 (#6658)
+  * Properly escape on the redirect from the web editor (#6657)
+  * Fix #6655 - Don't EscapePound .Link as it is already escaped (#6656)
+  * Use ctx.metas for SHA hash links (#6645)
+  * Fix wrong GPG expire date (#6643)
+  * upgrade version of lib/pq to v1.1.0 (#6640)
+  * Fix forking an empty repository (#6637)
+  * Fix issuer of OTP URI should be URI-encoded. (#6634)
+  * Return a UserList from /api/v1/admin/users (#6629)
+  * Add json tags for oauth2 form (#6627)
+  * Remove extra slash from twitter card (#6619)
+  * remove bash requirement in makefile (#6617)
+  * Fix Open Graph og:image link (#6612)
+  * Fix cross-compile builds (#6609)
+  * Change commit summary to full message in API (#6591)
+  * Fix bug user search API pagesize didn't obey ExplorePagingNum (#6579)
+  * Prevent server 500 on compare branches with no common history (#6555)
+  * Properly escape release attachment URL (#6512)
+  * Delete local branch when repo branch is deleted (#6497)
+  * Fix bug when user login and want to resend register confirmation email (#6482)
+  * Fix upload attachments (#6481)
+  * Avoid multi-clicks in oauth2 login (#6467)
+  * Hacky fix for alignment of the create-organization dialog (#6455)
+  * Change order that PostProcess Processors are run (#6445)
+  * Clean up ref name rules (#6437)
+  * Fix Hook & HookList in Swagger (#6432)
+  * Fixed unitTypeCode not being used in accessLevelUnit (#6419)
+  * Display correct error for invalid mirror interval (#6414)
+  * Don't Unescape redirect_to cookie value (#6399)
+  * Fix dump table name error and add some test for dump database (#6394)
+  * Fix migrations 82 to ignore unsynced tags between database and git data and missing is_archived on repository table (#6387)
+  * Make sure units of a team are returned (#6379)
+  * Fix bug manifest.json will not request with cookie so that session will created every request (#6372)
+  * Disable benchmarking during tag events on DroneIO (#6365)
+  * Comments list performance optimization (#5305)
+* ENHANCEMENT
+  * Add API Endpoint for Repo Edit (#7006)
+  * Add state param to milestone listing API (#7131)
+  * Make captcha and password optional for external accounts (#6606)
+  * Detect migrating batch size (#7353)
+  * Fix 7255 - wrap long texts on user profile info (#7333)
+  * Use commit graph files for listing pages (#7314)
+  * Add git command line commitgraph support global default true when git version >= 2.18 (#7313)
+  * Add LFS_START_SERVER option to control git-lfs support (#7281)
+  * Dark theme markdown fixes (#7260)
+  * Update go-git to v4.12.0 (#7249)
+  * Show lfs config on admin panel (#7220)
+  * Disable same user check for internal SSH (#7215)
+  * Add LastLogin to the User API (#7196)
+  * Add missing description of label on API (#7159)
+  * Use go method to calculate ssh key fingerprint (#7128)
+  * Enable Rust highlighting (#7125)
+  * Refactor submodule URL parsing (#7100)
+  * Change issue mail title. (#7064)
+  * Use batch insert on migrating repository to make the process faster (#7050)
+  * Improve github downloader on migrations (#7049)
+  * When git version >= 2.18, git command could run with git wire protocol version 2 param if enabled (#7047)
+  * Fix Erlang and Elixir highlight mappings (#7044)
+  * API Org Visibility (#7028)
+  * Improve handling of non-square avatars (#7025)
+  * Bugfix: Align comment label and actions to the right (#7024)
+  * Change UpdateRepoIndex api to include watchers (#7012)
+  * Move serv hook functionality & drop GitLogger (#6993)
+  * Add support of utf8mb4 for mysql (#6992)
+  * Make webhook http connections resuable (#6976)
+  * Move xorm logger bridge from log to models so that log module could be a standalone package (#6944)
+  * Refactor models.NewRepoContext to extract git related codes to modules/git (#6941)
+  * Remove macaron dependent on models (#6940)
+  * Add less linter via npx (#6936)
+  * Remove macaron dependent on modules/log (#6933)
+  * Remove macaron dependent on models/mail.go (#6931)
+  * Clean less files (#6921)
+  * Fix code overflow (#6914)
+  * Style orgs list in user profile (#6911)
+  * Improve description of branch protection (fix #6886) (#6906)
+  * Move sdk structs to modules/structs (#6905)
+  * update sdk to latest (#6903)
+  * Escape the commit message on issues update and title in telegram hook (#6901)
+  * SearchRepositoryByName improvements and unification (#6897)
+  * Change the color of issues/pulls list, merged is purple and closed is red (#6874)
+  * Refactor table width to have more info shown in file list (#6867)
+  * Monitor all git commands; move blame to git package and replace git as a variable (#6864)
+  * Fix config ui error about cache ttl (#6861)
+  * Improve localization of git activity stats (#6848)
+  * Generate access token in admin cli (#6847)
+  * Update github.com/urfave/cli to version 1.2.0 (#6838)
+  * Rename LFS_JWT_SECRET cli option to include OAUTH2 as well (#6826)
+  * internal/ssh: ignore env command totally (#6825)
+  * Allow Recaptcha service url to be configured (#6820)
+  * update github.com/mcuadros/go-version to v0.0.0-20190308113854-92cdf37c5b75 (#6815)
+  * Use modules/git for git commands (#6775)
+  * Add GET requests to webhook (#6771)
+  * Move PushUpdate dependency from models to repofiles (#6763)
+  * Tweak tab text and icon colors (#6760)
+  * Ignore non-standard refs in git push (#6758)
+  * Disable web preview for telegram webhook (#6719)
+  * Show full name if DEFAULT_SHOW_FULL_NAME setting enabled (#6710)
+  * Reorder file actions (#6706)
+  * README WordPress the code is overflowing #6679 (#6696)
+  * Improve issue reference on commit (#6694)
+  * Handle redirects for git clone commands (#6688)
+  * Fix one performance/correctness regression in #6478 found on Rails repository. (#6686)
+  * API OTP Context (#6674)
+  * Remove local clones & make hooks run on merge/edit/upload (#6672)
+  * Bump github.com/stretchr/testify from 1.2.2 to 1.3.0 (#6663)
+  * Bump gopkg.in/src-d/go-git.v4 from 4.8.0 to 4.10.0 (#6662)
+  * Fix dropdown icon padding (#6651)
+  * Add more title attributes on shortened names (#6647)
+  * Update UI for topics labels on projects (#6639)
+  * Trace Logging on Permission Denied & ColorFormat (#6618)
+  * Add .gpg url (match github behaviour) (#6610)
+  * Support for custom GITEA_CUSTOM env var in docker(#6608)
+  * Show "delete branch" button on closed pull requests (#6570) (#6601)
+  * Add option to disable refresh token invalidation (#6584)
+  * Fix new repo dropdown alignment (#6583)
+  * Fix mail notification when close/reopen issue (#6581)
+  * Pre-calculate the absolute path of git (#6575)
+  * Minor CSS cleanup for the navbar (#6553)
+  * Render SHA1 links as code blocks (#6546)
+  * Add username flag in create-user command (#6534)
+  * Unifies pagination template usage (#6531) (#6533)
+  * Fixes pagination width on mobile view (#5711) (#6532)
+  * Improve SHA1 link detection (#6526)
+  * Fixes #6446 - Sort team members and team's repositories (#6525)
+  * Use stricter boundaries for auto-link detection (#6522)
+  * Use regular line-height on frontpage entries (#6518)
+  * Fixes #6514 - New Pull Request on files and pulls pages the same (#6515)
+  * Make distinction between DisplayName and Username in email templates (#6495)
+  * Add X-Auto-Response-Suppress header to outgoing messages (#6492)
+  * Cleaned permission checks for API -> site admin can now do anything (#6483)
+  * Support search operators for commits search (#6479)
+  * Improve listing performance by using go-git (#6478)
+  * Fix repo sub_menu font color in arc-green (#6477)
+  * Show last commit status in pull request lists (#6465)
+  * Add signatures to webhooks (#6428)
+  * Optimize all images in public/img (#6427)
+  * Add golangci (#6418)
+  * Make "Ghost" not link to 404 page (#6410)
+  * Include more variables on admin/config page (#6378)
+  * Markdown: enable some more extensions (#6362)
+  * Include repo name in page title tag (#6343)
+  * Show locale string on timestamp (#6324)
+  * Handle CORS requests (#6289)
+  * Improve issue autolinks (#6273)
+  * Migration Tweaks (#6260)
+  * Add title attributes to all items in the repo list viewer (#6258)
+  * Issue indexer queue redis support (#6218)
+  * Add bio field for user (#6113)
+  * Make the version within makefile overwriteable (#6080)
+  * Updates to API 404 responses (#6077)
+  * Use Go1.11 module (#5743)
+  * UX + Security current user password reset (#5042)
+  * Refactor: append, build variable and type switch (#4940)
+  * Git statistics in Activity tab (#4724)
+  * Drop the bits argument when generating an ed25519 key (#6504)
+* SECURITY
+  * Shadow the password on cache and session config on admin panel (#7300)
+* TESTING
+  * Exclude pull_request from fetch-tags step, fixes #7108 (#7120)
+  * Refactor and improve git test (#7086)
+  * Fix TestSearchRepo by waiting till indexing is done (#7004)
+  * Add mssql migration tests (needs #6823) (#6852)
+  * Add tests for Org API (#6731)
+  * Context.ServerError and NotFound should log from their caller (#6550)
+* TRANSLATION
+  * Add french specific rule for translating plural texts (#6846)
+* BUILD
+  * Update mssql driver to last working version 20180314172330-6a30f4e59a44 (#7306)
+  * Alpine 3.10 (#7256)
+  * Use vfsgen instead of go-bindata (#7080)
+  * remove and disable package-lock (#6969)
+  * add make targets for js and css, add js linter (#6952)
+  * Added tags pull step to drone config to show correct version hashes i… (#6836)
+  * Make CustomPath, CustomConf and AppWorkPath configurable at build (#6631)
+  * chore: update drone format to 1.0 (#6602)
+  * Fix race in integration testlogger (#6556)
+  * Quieter Integration Tests (#6513)
+  * Drop the docker Makefile from the image (#6507)
+  * Add make version on gitea version (#6485)
+  * Fix #6468 - Uses space match and adds newline for all sed flavors (#6473)
+  * Move code.gitea.io/git to code.gitea.io/gitea/modules/git (#6364)
+  * Update npm dependencies and various tweaks (#7344)
+  * Fix updated drone file (#7336)
+  * Add 'npm' and 'npm-update' make targets and lockfile (#7246)
+* DOCS
+  * Add work path CLI option (#6922)
+  * Fix logging documentation (#6904)
+  * Some logging documentation (#6498)
+  * Fix link to Hacking on Gitea on From-Source doc page (#6471)
+  * Fix typos in docs command-line examples (#6466)
+  * Added docker example for backup (#5846)
+
+## [1.8.3](https://github.com/go-gitea/gitea/releases/tag/v1.8.3) - 2019-06-17
+* BUGFIXES
+  * Always set userID on LFS authentication (#7224) (Part of #6993)
+  * Fix LFS Locks over SSH (#6999) (#7223)
+  * Fix duplicated file on pull request conflicted files (#7211) (#7214)
+  * Detect noreply email address as user (#7133) (#7195)
+  * Don't get milestone from DB if ID is zero (#7169) (#7174)
+  * Allow archived repos to be (un)starred and (un)watched (#7163) (#7168)
+  * Fix GCArgs load from ini (#7156) (#7157)
+
+## [1.8.2](https://github.com/go-gitea/gitea/releases/tag/v1.8.2) - 2019-05-29
+* BUGFIXES
+  * Fix possbile mysql invalid connnection error (#7051) (#7071)
+  * Handle invalid administrator username on install page (#7060) (#7063)
+  * Disable arm7 builds (#7037) (#7042)
+  * Fix default for allowing new organization creation for new users (#7017) (#7034)
+  * SearchRepositoryByName improvements and unification (#6897) (#7002)
+  * Fix u2f registrationlist ToRegistrations() method (#6980) (#6982)
+  * Allow collaborators to view repo owned by private org (#6965) (#6968)
+  * Use AppURL for Oauth user link (#6894) (#6925)
+  * Escape the commit message on issues update (#6901) (#6902)
+  * Fix regression for API users search (#6882) (#6885)
+  * Handle early git version's lack of get-url (#7065) (#7076)
+  * Fix wrong init dependency on markup extensions (#7038) (#7074)
+
+## [1.8.1](https://github.com/go-gitea/gitea/releases/tag/v1.8.1) - 2019-05-08
+* BUGFIXES
+  * Fix 404 when sending pull requests in some situations (#6871) (#6873)
+  * Enforce osusergo build tag for releases (#6862) (#6869)
+  * Don't post process commit summary in templates (#6842) (#6868)
+  * Fix 500 when reviewer is deleted (#6856) (#6860)
+  * Fix v78 migration for MSSQL (#6823) (#6854)
+  * Added tags pull step to drone config to show correct version hashes (#6836) (#6839)
+  * Fix double-generation of scratch token (#6833) (#6835)
+  * When mirroring we should set the remote to mirror (#6824) (#6834)
+  * Show scrollbar only when needed (#6802) (#6803)
+  * Service worker js is missing a comma (#6788) (#6795)
+  * Set user search base field optional in LDAP (simple auth) edit page (#6779) (#6789)
+  * Fix team edit API panic (#6780) (#6785)
+  * Minor CSS cleanup for the navbar (#6553) (#6781)
+  * Stricter domain name pattern in email regex (#6739) (#6768)
+  * Detect and restore encoding and BOM in content (#6727) (#6765)
+  * Fix org visibility bug when git cloning (#6743) (#6762)
+  * OAuth2 token can be used in basic auth (#6747) (#6761)
+  * Fix missing return (#6751) (#6756)
+  * Fix sorting repos on org home page with non-admin login (#6741) (#6746)
+  * Drop is_bare IDX only when it exists for MySQL and MariaDB (#6736) (#6744)
+  * Fix team members API (#6714) (#6729)
+  * Load issue attributes when editing an issue with API (#6723) (#6725)
+  * Fix config ui error about cache ttl (#6861) (#6865)
+
+## [1.8.0](https://github.com/go-gitea/gitea/releases/tag/v1.8.0) - 2019-04-20
+* SECURITY
+  * Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6594)
+  * Resolve 2FA bypass on API (#6676) (#6674)
+  * Prevent the creation of empty sessions for non-logged in users (#6690) (#6677)
 * BREAKING
  * Add "ghost" and "notifications" to list of reserved user names. (#6208)
  * Change sqlite DB path default to data directory (#6198)
@@ -84,7 +457,31 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Allow markdown table to scroll (#4401)
  * Automatically clear stopwatch on merging a PR (#4327)
  * Add the Owner Name to differentiate when merging (#3807)
+  * Add title attributes to all items in the repo list viewer (#6258) (#6650)
 * BUGFIXES
+  * Fix dropdown icon padding (#6651) (#6654)
+  * Fix wrong GPG expire date (#6643) (#6644)
+  * Fix forking an empty repository (#6637) (#6653)
+  * Remove call to EscapePound .Link as it is already escaped (#6656) (#6666)
+  * Properly escape on the redirect from the web editor (#6657) (#6667)
+  * Allow resend of confirmation email when logged in (#6482) (#6486)
+  * Fix mail notification when close/reopen issue (#6581) (#6588)
+  * Change API commit summary to full message (#6591) (#6592)
+  * Add option to disable refresh token invalidation (#6584) (#6587)
+  * Fix bug user search API pagesize didn't obey ExplorePagingNum (#6579) (#6586)
+  * Fix new repo alignment (#6583) (#6585)
+  * Prevent server 500 on compare branches with no common history (#6555) (#6558)
+  * Properly escape release attachment URL (#6512) (#6523)
+  * Hacky fix for alignment of the create-organization dialog (#6455) (#6462)
+  * Disable benchmarking during tag events on DroneIO (#6365) (#6366)
+  * Make sure units of a team are returned (#6379) (#6381)
+  * Don't Unescape redirect_to cookie value (#6399) (#6401)
+  * Fix dump table name error and add some test for dump database (#6394) (#6402)
+  * Fix migration v82 to ignore unsynced tags between database and git data; Add missing is_archived column on repository table (#6387) (#6403)
+  * Display correct error for invalid mirror interval (#6414) (#6429)
+  * Clean up ref name rules (#6437) (#6439)
+  * Fix Hook & HookList in Swagger (#6432) (#6440)
+  * Change order that PostProcess Processors are run (#6445) (#6447)
  * Clean up various use of escape/unescape functions for URL generation (#6334)
  * Return 409 when creating repo if it already exists. (#6330)
  * Add same changes from issues page to milestone->issues page (#6328)
@@ -210,7 +607,19 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Add missing GET teams endpoints (#5382)
  * Migrate database if app.ini found (#5290)

-## [1.7.4](https://github.com/go-gitea/gitea/releases/tag/v1.7.4) - 2019-03-12
+## [1.7.6](https://github.com/go-gitea/gitea/releases/tag/v1.7.6) - 2019-04-12
+* SECURITY
+  * Prevent remote code execution vulnerability with mirror repo URL settings (#6593) (#6595)
+* BUGFIXES
+  * Allow resend of confirmation email when logged in (#6482) (#6487)
+
+## [1.7.5](https://github.com/go-gitea/gitea/releases/tag/v1.7.5) - 2019-03-27  
+* BUGFIXES
+  * Fix unitTypeCode not being used in accessLevelUnit (#6419) (#6423)
+  * Fix bug where manifest.json was being requested without cookies and continuously creating new sessions (#6372) (#6383) 
+  * Fix ParsePatch function to work with quoted diff --git strings (#6323) (#6332)
+
+## [1.7.4](https://github.com/go-gitea/gitea/releases/tag/v1.7.4) - 2019-03-12  
 * SECURITY
  * Fix potential XSS vulnerability in repository description. (#6306) (#6308)
 * BUGFIXES
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -65,17 +65,17 @@ high-level discussions.
 ## Testing redux

 Before submitting a pull request, run all the tests for the whole tree
-to make sure your changes don't cause regression elsewhere.  
+to make sure your changes don't cause regression elsewhere.

-Here's how to run the test suite: 
+Here's how to run the test suite:

 - Install the correct version of the drone-cli package.  As of this
  writing, the correct drone-cli version is
-  [0.8.6](https://0-8-0.docs.drone.io/cli-installation/).
+  [1.1.0](https://docs.drone.io/cli/install/).
 - Ensure you have enough free disk space.  You will need at least
  15-20 Gb of free disk space to hold all of the containers drone
  creates (a default AWS or GCE disk size won't work -- see
-  [#6243](https://github.com/go-gitea/gitea/issues/6243)).  
+  [#6243](https://github.com/go-gitea/gitea/issues/6243)).
 - Change into the base directory of your copy of the gitea repository,
  and run `drone exec --local --build-event pull_request`.

@@ -88,7 +88,7 @@ update these instructions.
 ## Vendoring

 We keep a cached copy of dependencies within the `vendor/` directory,
-managing updates via [dep](https://github.com/golang/dep).
+managing updates via [Modules](https://golang.org/cmd/go/#hdr-Module_maintenance).

 Pull requests should only include `vendor/` updates if they are part of
 the same change, be it a bugfix or a feature addition.
@@ -97,7 +97,7 @@ The `vendor/` update needs to be justified as part of the PR description,
 and must be verified by the reviewers and/or merger to always reference
 an existing upstream commit.

-You can find more information on how to get started with it on the [dep project website](https://golang.github.io/dep/docs/introduction.html).
+You can find more information on how to get started with it on the [Modules Wiki](https://github.com/golang/go/wiki/Modules).

 ## Translation

@@ -114,7 +114,7 @@ Generally, the go build tools are installed as-needed in the `Makefile`.
 An exception are the tools to build the CSS and images.

 - To build CSS: Install [Node.js](https://nodejs.org/en/download/package-manager) at version 8.0 or above
-  with `npm` and then run `npm install` and `make generate-stylesheets`.
+  with `npm` and then run `npm install` and `make css`.
 - To build Images: ImageMagick, inkscape and zopflipng binaries must be
  available in your `PATH` to run `make generate-images`.

@@ -214,7 +214,7 @@ to the maintainers team. If a maintainer is inactive for more than 3
 months and forgets to leave the maintainers team, the owners may move
 him or her from the maintainers team to the advisors team.
 For security reasons, Maintainers should use 2FA for their accounts and
-if possible provide gpg signed commits. 
+if possible provide gpg signed commits.
 https://help.github.com/articles/securing-your-account-with-two-factor-authentication-2fa/
 https://help.github.com/articles/signing-commits-with-gpg/

@@ -281,7 +281,7 @@ be reviewed by two maintainers and must pass the automatic tests.
  * Create `-dev` tag as `git tag -s -F release.notes v$vmaj.$vmin.0-dev` and push the tag as `git push origin v$vmaj.$vmin.0-dev`.
  * When CI has finished building tag then you have to create a new branch named `release/v$vmaj.$vmin`
 * If it is bugfix version create PR for changelog on branch `release/v$vmaj.$vmin` and wait till it is reviewed and merged.
-* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`. 
+* Add a tag as `git tag -s -F release.notes v$vmaj.$vmin.$`, release.notes file could be a temporary file to only include the changelog this version which you added to `CHANGELOG.md`.
 * And then push the tag as `git push origin v$vmaj.$vmin.$`. Drone CI will automatically created a release and upload all the compiled binary. (But currently it didn't add the release notes automatically. Maybe we should fix that.)
 * If needed send PR for changelog on branch `master`.
 * Send PR to [blog repository](https://github.com/go-gitea/blog) announcing the release.
--- a/6
+++ b/6
@@ -1,7 +1,7 @@

 ###################################
 #Build stage
-FROM golang:1.12-alpine3.9 AS build-env
+FROM golang:1.12-alpine3.10 AS build-env

 ARG GITEA_VERSION
 ARG TAGS="sqlite sqlite_unlock_notify"
@@ -18,7 +18,7 @@ WORKDIR ${GOPATH}/src/code.gitea.io/gitea
 RUN if [ -n "${GITEA_VERSION}" ]; then git checkout "${GITEA_VERSION}"; fi \
 && make clean generate build

-FROM alpine:3.9
+FROM alpine:3.10
 LABEL maintainer="maintainers@gitea.io"

 EXPOSE 22 3000
@@ -56,6 +56,6 @@ VOLUME ["/data"]
 ENTRYPOINT ["/usr/bin/entrypoint"]
 CMD ["/bin/s6-svscan", "/etc/s6"]

-COPY docker /
+COPY docker/root /
 COPY --from=build-env /go/src/code.gitea.io/gitea/gitea /app/gitea/gitea
 RUN ln -s /app/gitea/gitea /usr/local/bin/gitea
--- a/Gopkg.lock
+++ b/Gopkg.lock
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -1,119 +0,0 @@
-
-ignored = ["google.golang.org/appengine*"]
-
-[prune]
-  go-tests = true
-  unused-packages = true
-  non-go = true
-
-[[constraint]]
-  branch = "master"
-  name = "code.gitea.io/git"
-
-[[constraint]]
-  branch = "master"
-  name = "code.gitea.io/sdk"
-
-[[constraint]]
-  revision = "05d86ea8f6e30456949f612cf68cf4a27ce8c9c5"
-  name = "github.com/blevesearch/bleve"
-
-[[constraint]]
-  revision = "12dd70caea0268ac0d6c2707d0611ef601e7c64e"
-  name = "golang.org/x/crypto"
-
-[[constraint]]
-  branch = "master"
-  name = "golang.org/x/sys"
-
-[[constraint]]
-  revision = "2bf8f2a19ec09c670e931282edfe6567f6be21c9"
-  name = "golang.org/x/text"
-
-[[constraint]]
-  branch = "master"
-  name = "golang.org/x/net"
-
-[[override]]
-  name = "github.com/go-xorm/xorm"
-  revision = "a6300f2a45e05a8f75f00a1d6188049fe7851915"
-
-[[override]]
-  name = "github.com/go-xorm/builder"
-  version = "0.3.3"
-
-[[override]]
-  name = "github.com/go-sql-driver/mysql"
-  revision = "c45f530f8e7fe40f4687eaa50d0c8c5f1b66f9e0"
-
-[[override]]
-  name = "github.com/mattn/go-sqlite3"
-  revision = "c7c4067b79cc51e6dfdcef5c702e74b1e0fa7c75"
-
-[[override]]
-  name = "github.com/gorilla/mux"
-  revision = "757bef944d0f21880861c2dd9c871ca543023cba"
-
-[[constraint]]
-  name = "github.com/gorilla/context"
-  version = "1.1.1"
-
-[[constraint]]
-  name = "github.com/lafriks/xormstore"
-  version = "1.0.0"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/lunny/dingtalk_webhook"
-
-[[constraint]]
-  name = "github.com/markbates/goth"
-  version = "1.47.2"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/mcuadros/go-version"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/russross/blackfriday"
-
-[[constraint]]
-  branch = "master"
-  name = "github.com/tstranex/u2f"
-
-[[constraint]]
-  name = "gopkg.in/editorconfig/editorconfig-core-go.v1"
-  version = "1.2.0"
-
-[[constraint]]
-  branch = "v2"
-  name = "gopkg.in/gomail.v2"
-
-[[constraint]]
-  name = "gopkg.in/ini.v1"
-  version = "1.31.1"
-
-[[constraint]]
-  name = "gopkg.in/ldap.v3"
-  version = "3.0.1"
-
-[[constraint]]
-  name = "gopkg.in/macaron.v1"
-  version = "1.2.4"
-
-[[constraint]]
-  name = "gopkg.in/testfixtures.v2"
-  version = "2.0.0"
-
-[[override]]
-  branch = "master"
-  name = "golang.org/x/oauth2"
-
-[[constraint]]
-  name = "github.com/prometheus/client_golang"
-  version = "0.9.0"
-
-[[constraint]]
-  name = "github.com/mvdan/xurls"
-  version = "2.0.0"
--- a/2
+++ b/2
@@ -28,3 +28,5 @@ He-Long Zhang <outman99@hotmail.com> (@BetaCat0)
 Andrew Thornton <art27@cantab.net> (@zeripath)
 John Olheiser <john.olheiser@gmail.com> (@jolheiser)
 Richard Mahn <rich.mahn@unfoldingword.org> (@richmahn)
+Mrsdizzie <info@mrsdizzie.com> (@mrsdizzie)
+silverwind <me@silverwind.io> (@silverwind)
--- a/156
+++ b/156
@@ -1,15 +1,17 @@
 DIST := dist
 IMPORT := code.gitea.io/gitea
+export GO111MODULE=off

 GO ?= go
 SED_INPLACE := sed -i
+SHASUM ?= shasum -a 256

 export PATH := $($(GO) env GOPATH)/bin:$(PATH)

 ifeq ($(OS), Windows_NT)
-	EXECUTABLE := gitea.exe
+	EXECUTABLE ?= gitea.exe
 else
-	EXECUTABLE := gitea
+	EXECUTABLE ?= gitea
 	UNAME_S := $(shell uname -s)
 	ifeq ($(UNAME_S),Darwin)
 		SED_INPLACE := sed -i ''
@@ -23,19 +25,21 @@ GOFMT ?= gofmt -s
 GOFLAGS := -i -v
 EXTRA_GOFLAGS ?=

+MAKE_VERSION := $(shell make -v | head -n 1)
+
 ifneq ($(DRONE_TAG),)
 	VERSION ?= $(subst v,,$(DRONE_TAG))
-	GITEA_VERSION := $(VERSION)
+	GITEA_VERSION ?= $(VERSION)
 else
 	ifneq ($(DRONE_BRANCH),)
 		VERSION ?= $(subst release/v,,$(DRONE_BRANCH))
 	else
 		VERSION ?= master
 	endif
-	GITEA_VERSION := $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
+	GITEA_VERSION ?= $(shell git describe --tags --always | sed 's/-/+/' | sed 's/^v//')
 endif

-LDFLAGS := -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"
+LDFLAGS := $(LDFLAGS) -X "main.MakeVersion=$(MAKE_VERSION)" -X "main.Version=$(GITEA_VERSION)" -X "main.Tags=$(TAGS)"

 PACKAGES ?= $(filter-out code.gitea.io/gitea/integrations/migration-test,$(filter-out code.gitea.io/gitea/integrations,$(shell $(GO) list ./... | grep -v /vendor/)))
 SOURCES ?= $(shell find . -name "*.go" -type f)
@@ -45,8 +49,9 @@ TAGS ?=
 TMPDIR := $(shell mktemp -d 2>/dev/null || mktemp -d -t 'gitea-temp')

 SWAGGER_SPEC := templates/swagger/v1_json.tmpl
-SWAGGER_SPEC_S_TMPL := s|"basePath":\s*"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
-SWAGGER_SPEC_S_JSON := s|"basePath":\s*"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
+SWAGGER_SPEC_S_TMPL := s|"basePath": *"/api/v1"|"basePath": "{{AppSubUrl}}/api/v1"|g
+SWAGGER_SPEC_S_JSON := s|"basePath": *"{{AppSubUrl}}/api/v1"|"basePath": "/api/v1"|g
+SWAGGER_NEWLINE_COMMAND := -e '$$a\'

 TEST_MYSQL_HOST ?= mysql:3306
 TEST_MYSQL_DBNAME ?= testgitea
@@ -65,12 +70,6 @@ TEST_MSSQL_DBNAME ?= gitea
 TEST_MSSQL_USERNAME ?= sa
 TEST_MSSQL_PASSWORD ?= MwantsaSecurePassword1

-ifeq ($(OS), Windows_NT)
-	EXECUTABLE := gitea.exe
-else
-	EXECUTABLE := gitea
-endif
-
 # $(call strip-suffix,filename)
 strip-suffix = $(firstword $(subst ., ,$(1)))

@@ -98,18 +97,16 @@ vet:

 .PHONY: generate
 generate:
-	@hash go-bindata > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/jteeuwen/go-bindata/go-bindata; \
-	fi
-	$(GO) generate $(PACKAGES)
+	GO111MODULE=on $(GO) generate $(PACKAGES)

 .PHONY: generate-swagger
 generate-swagger:
 	@hash swagger > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger; \
+		GO111MODULE="on" $(GO) get -u github.com/go-swagger/go-swagger/cmd/swagger@v0.19.0; \
 	fi
 	swagger generate spec -o './$(SWAGGER_SPEC)'
 	$(SED_INPLACE) '$(SWAGGER_SPEC_S_TMPL)' './$(SWAGGER_SPEC)'
+	$(SED_INPLACE) $(SWAGGER_NEWLINE_COMMAND) './$(SWAGGER_SPEC)'

 .PHONY: swagger-check
 swagger-check: generate-swagger
@@ -138,6 +135,10 @@ errcheck:

 .PHONY: lint
 lint:
+	@echo 'make lint is depricated. Use "make revive" if you want to use the old lint tool, or "make golangci-lint" to run a complete code check.'
+
+.PHONY: revive
+revive:
 	@hash revive > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/mgechev/revive; \
 	fi
@@ -148,7 +149,7 @@ misspell-check:
 	@hash misspell > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/client9/misspell/cmd/misspell; \
 	fi
-	misspell -error -i unknwon $(GOFILES)
+	misspell -error -i unknwon,destory $(GOFILES)

 .PHONY: misspell
 misspell:
@@ -169,7 +170,7 @@ fmt-check:

 .PHONY: test
 test:
-	$(GO) test -tags='sqlite sqlite_unlock_notify' $(PACKAGES)
+	GO111MODULE=on $(GO) test -mod=vendor -tags='sqlite sqlite_unlock_notify' $(PACKAGES)

 .PHONY: coverage
 coverage:
@@ -184,10 +185,7 @@ unit-test-coverage:

 .PHONY: vendor
 vendor:
-	@hash dep > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		$(GO) get -u github.com/golang/dep/cmd/dep; \
-	fi
-	dep ensure -vendor-only
+	GO111MODULE=on $(GO) mod tidy && GO111MODULE=on $(GO) mod vendor

 .PHONY: test-vendor
 test-vendor: vendor
@@ -197,12 +195,15 @@ test-vendor: vendor
 		echo "$${diff}"; \
 		exit 1; \
 	fi;
-#TODO add dep status -missing when implemented

 .PHONY: test-sqlite
 test-sqlite: integrations.sqlite.test
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test

+.PHONY: test-sqlite\#%
+test-sqlite\#%: integrations.sqlite.test
+	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./integrations.sqlite.test -test.run $*
+
 .PHONY: test-sqlite-migration
 test-sqlite-migration:  migrations.sqlite.test
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/sqlite.ini ./migrations.sqlite.test
@@ -284,13 +285,13 @@ integration-test-coverage: integrations.cover.test generate-ini
 	GITEA_ROOT=${CURDIR} GITEA_CONF=integrations/mysql.ini ./integrations.cover.test -test.coverprofile=integration.coverage.out

 integrations.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations -o integrations.test
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.test

 integrations.sqlite.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -o integrations.sqlite.test -tags 'sqlite sqlite_unlock_notify'

 integrations.cover.test: $(SOURCES)
-	$(GO) test -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(PACKAGES) | tr ' ' ',') -o integrations.cover.test
+	GO111MODULE=on $(GO) test -mod=vendor -c code.gitea.io/gitea/integrations -coverpkg $(shell echo $(PACKAGES) | tr ' ' ',') -o integrations.cover.test

 .PHONY: migrations.test
 migrations.test: $(SOURCES)
@@ -311,7 +312,7 @@ install: $(wildcard *.go)
 build: $(EXECUTABLE)

 $(EXECUTABLE): $(SOURCES)
-	$(GO) build $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@
+	GO111MODULE=on $(GO) build -mod=vendor $(GOFLAGS) $(EXTRA_GOFLAGS) -tags '$(TAGS)' -ldflags '-s -w $(LDFLAGS)' -o $@

 .PHONY: release
 release: release-dirs release-windows release-linux release-darwin release-copy release-compress release-check
@@ -325,9 +326,9 @@ release-windows:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags 'netgo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
+	xgo -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'windows/*' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
-	mv /build/* $(DIST)/binaries
+	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-linux
@@ -335,9 +336,9 @@ release-linux:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags 'netgo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'linux/*' -out gitea-$(VERSION) .
+	xgo -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '-linkmode external -extldflags "-static" $(LDFLAGS)' -targets 'linux/amd64,linux/386,linux/arm-5,linux/arm-6,linux/arm64,linux/mips64le,linux/mips,linux/mipsle' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
-	mv /build/* $(DIST)/binaries
+	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-darwin
@@ -345,52 +346,78 @@ release-darwin:
 	@hash xgo > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u src.techknowlogick.com/xgo; \
 	fi
-	xgo -dest $(DIST)/binaries -tags 'netgo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin/*' -out gitea-$(VERSION) .
+	xgo -dest $(DIST)/binaries -tags 'netgo osusergo $(TAGS)' -ldflags '$(LDFLAGS)' -targets 'darwin/*' -out gitea-$(VERSION) .
 ifeq ($(CI),drone)
-	mv /build/* $(DIST)/binaries
+	cp /build/* $(DIST)/binaries
 endif

 .PHONY: release-copy
 release-copy:
-	$(foreach file,$(wildcard $(DIST)/binaries/$(EXECUTABLE)-*),cp $(file) $(DIST)/release/$(notdir $(file));)
+	cd $(DIST); for file in `find /build -type f -name "*"`; do cp $${file} ./release/; done;

 .PHONY: release-check
 release-check:
-	cd $(DIST)/release; $(foreach file,$(wildcard $(DIST)/release/$(EXECUTABLE)-*),sha256sum $(notdir $(file)) > $(notdir $(file)).sha256;)
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "checksumming $${file}" && $(SHASUM) `echo $${file} | sed 's/^..//'` > $${file}.sha256; done;

 .PHONY: release-compress
 release-compress:
 	@hash gxz > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
 		$(GO) get -u github.com/ulikunitz/xz/cmd/gxz; \
 	fi
-	cd $(DIST)/release; $(foreach file,$(wildcard $(DIST)/binaries/$(EXECUTABLE)-*),gxz -k -9 $(notdir $(file));)
+	cd $(DIST)/release/; for file in `find . -type f -name "*"`; do echo "compressing $${file}" && gxz -k -9 $${file}; done;

-.PHONY: javascripts
-javascripts: public/js/index.js
+npm-check:
+	@hash npm > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		echo "Please install Node.js 8.x or greater with npm"; \
+		exit 1; \
+	fi;
+	@hash npx > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		echo "Please install Node.js 8.x or greater with npm"; \
+		exit 1; \
+	fi;

-.IGNORE: public/js/index.js
-public/js/index.js: $(JAVASCRIPTS)
-	cat $< >| $@
+.PHONY: npm
+npm: npm-check
+	npm install --no-save
+
+.PHONY: npm-update
+npm-update: npm-check
+	npx updates -cu
+	rm -rf node_modules package-lock.json
+	npm install --package-lock
+
+.PHONY: js
+js: npm
+	npx eslint public/js
+
+.PHONY: css
+css: npm
+	npx stylelint public/less
+	npx lessc --clean-css="--s0 -b" public/less/index.less public/css/index.css
+	$(foreach file, $(filter-out public/less/themes/_base.less, $(wildcard public/less/themes/*)),npx lessc --clean-css="--s0 -b" public/less/themes/$(notdir $(file)) > public/css/theme-$(notdir $(call strip-suffix,$(file))).css;)
+	npx postcss --use autoprefixer --no-map --replace public/css/*

-.PHONY: stylesheets-check
-stylesheets-check: generate-stylesheets
 	@diff=$$(git diff public/css/*); \
-	if [ -n "$$diff" ]; then \
-		echo "Please run 'make generate-stylesheets' and commit the result:"; \
+	if ([ -n "$$CI" ] && [ -n "$$diff" ]); then \
+		echo "Generated files in public/css have changed, please commit the result:"; \
 		echo "$${diff}"; \
 		exit 1; \
 	fi;

+.PHONY: javascripts
+javascripts:
+	echo "'make javascripts' is deprecated, please use 'make js'"
+	$(MAKE) js
+
+.PHONY: stylesheets-check
+stylesheets-check:
+	echo "'make stylesheets-check' is deprecated, please use 'make css'"
+	$(MAKE) css
+
 .PHONY: generate-stylesheets
 generate-stylesheets:
-	@hash npx > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
-		echo "Please install npm version 5.2+"; \
-		exit 1; \
-	fi;
-	$(eval BROWSERS := "> 1%, last 2 firefox versions, last 2 safari versions, ie 11")
-	npx lessc --clean-css public/less/index.less public/css/index.css
-	$(foreach file, $(filter-out public/less/themes/_base.less, $(wildcard public/less/themes/*)),npx lessc --clean-css public/less/themes/$(notdir $(file)) > public/css/theme-$(notdir $(call strip-suffix,$(file))).css;)
-	$(foreach file, $(wildcard public/css/*),npx postcss --use autoprefixer --autoprefixer.browsers $(BROWSERS) -o $(file) $(file);)
+	echo "'make generate-stylesheets' is deprecated, please use 'make css'"
+	$(MAKE) css

 .PHONY: swagger-ui
 swagger-ui:
@@ -427,16 +454,25 @@ generate-images:
 	inkscape -f $(PWD)/assets/logo.svg -w 32 -h 32 -jC -i layer2 -e $(TMPDIR)/images/32-2.png
 	composite -compose atop $(TMPDIR)/images/32-2.png $(TMPDIR)/images/32-1.png $(TMPDIR)/images/32-raw.png
 	inkscape -f $(PWD)/assets/logo.svg -w 16 -h 16 -jC -i layer1 -e $(TMPDIR)/images/16-raw.png
-	zopflipng $(TMPDIR)/images/128-raw.png $(TMPDIR)/images/128.png
-	zopflipng $(TMPDIR)/images/64-raw.png $(TMPDIR)/images/64.png
-	zopflipng $(TMPDIR)/images/32-raw.png $(TMPDIR)/images/32.png
-	zopflipng $(TMPDIR)/images/16-raw.png $(TMPDIR)/images/16.png
+	zopflipng -m -y $(TMPDIR)/images/128-raw.png $(TMPDIR)/images/128.png
+	zopflipng -m -y $(TMPDIR)/images/64-raw.png $(TMPDIR)/images/64.png
+	zopflipng -m -y $(TMPDIR)/images/32-raw.png $(TMPDIR)/images/32.png
+	zopflipng -m -y $(TMPDIR)/images/16-raw.png $(TMPDIR)/images/16.png
 	rm -f $(TMPDIR)/images/*-*.png
 	convert $(TMPDIR)/images/16.png $(TMPDIR)/images/32.png \
 					$(TMPDIR)/images/64.png $(TMPDIR)/images/128.png \
 					$(PWD)/public/img/favicon.ico
 	rm -rf $(TMPDIR)/images
-	
+	$(foreach file, $(shell find public/img -type f -name '*.png'),zopflipng -m -y $(file) $(file);)
+
 .PHONY: pr
 pr:
 	$(GO) run contrib/pr/checkout.go $(PR)
+
+.PHONY: golangci-lint
+golangci-lint:
+	@hash golangci-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		export BINARY="golangci-lint"; \
+		curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | sh -s -- -b $(GOPATH)/bin v1.16.0; \
+	fi
+	golangci-lint run
--- a/README_ZH.md
+++ b/README_ZH.md
@@ -5,7 +5,7 @@
 [![Build Status](https://drone.gitea.io/api/badges/go-gitea/gitea/status.svg)](https://drone.gitea.io/go-gitea/gitea)
 [![Join the chat at https://img.shields.io/discord/322538954119184384.svg](https://img.shields.io/discord/322538954119184384.svg)](https://discord.gg/NsatcWJ)
 [![](https://images.microbadger.com/badges/image/gitea/gitea.svg)](https://microbadger.com/images/gitea/gitea "Get your own image badge on microbadger.com")
-[![Coverage Status](https://coverage.gitea.io/badges/go-gitea/gitea/coverage.svg)](https://coverage.gitea.io/go-gitea/gitea)
+[![codecov](https://codecov.io/gh/go-gitea/gitea/branch/master/graph/badge.svg)](https://codecov.io/gh/go-gitea/gitea)
 [![Go Report Card](https://goreportcard.com/badge/code.gitea.io/gitea)](https://goreportcard.com/report/code.gitea.io/gitea)
 [![GoDoc](https://godoc.org/code.gitea.io/gitea?status.svg)](https://godoc.org/code.gitea.io/gitea)
 [![GitHub release](https://img.shields.io/github/release/go-gitea/gitea.svg)](https://github.com/go-gitea/gitea/releases/latest)
--- a/cmd/admin.go
+++ b/cmd/admin.go
@@ -11,10 +11,10 @@ import (
 	"os"
 	"text/tabwriter"

-	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth/oauth2"
 	"code.gitea.io/gitea/modules/generate"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"

@@ -42,6 +42,10 @@ var (
 		Flags: []cli.Flag{
 			cli.StringFlag{
 				Name:  "name",
+				Usage: "Username. DEPRECATED: use username instead",
+			},
+			cli.StringFlag{
+				Name:  "username",
 				Usage: "Username",
 			},
 			cli.StringFlag{
@@ -56,11 +60,6 @@ var (
 				Name:  "admin",
 				Usage: "User is an admin",
 			},
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
 			cli.BoolFlag{
 				Name:  "random-password",
 				Usage: "Generate a random password for the user",
@@ -74,6 +73,10 @@ var (
 				Usage: "Length of the random password to be generated",
 				Value: 12,
 			},
+			cli.BoolFlag{
+				Name:  "access-token",
+				Usage: "Generate access token for the user",
+			},
 		},
 	}

@@ -92,11 +95,6 @@ var (
 				Value: "",
 				Usage: "New password to set for user",
 			},
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
 		},
 	}

@@ -119,26 +117,12 @@ var (
 		Name:   "hooks",
 		Usage:  "Regenerate git-hooks",
 		Action: runRegenerateHooks,
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
-		},
 	}

 	microcmdRegenKeys = cli.Command{
 		Name:   "keys",
 		Usage:  "Regenerate authorized_keys file",
 		Action: runRegenerateKeys,
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
-		},
 	}

 	subcmdAuth = cli.Command{
@@ -147,6 +131,10 @@ var (
 		Subcommands: []cli.Command{
 			microcmdAuthAddOauth,
 			microcmdAuthUpdateOauth,
+			cmdAuthAddLdapBindDn,
+			cmdAuthUpdateLdapBindDn,
+			cmdAuthAddLdapSimpleAuth,
+			cmdAuthUpdateLdapSimpleAuth,
 			microcmdAuthList,
 			microcmdAuthDelete,
 		},
@@ -156,40 +144,20 @@ var (
 		Name:   "list",
 		Usage:  "List auth sources",
 		Action: runListAuth,
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
-		},
 	}

 	idFlag = cli.Int64Flag{
 		Name:  "id",
-		Usage: "ID of OAuth authentication source",
+		Usage: "ID of authentication source",
 	}

 	microcmdAuthDelete = cli.Command{
 		Name:   "delete",
 		Usage:  "Delete specific auth source",
 		Action: runDeleteAuth,
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
-			idFlag,
-		},
 	}

 	oauthCLIFlags = []cli.Flag{
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
-		},
 		cli.StringFlag{
 			Name:  "name",
 			Value: "",
@@ -262,10 +230,6 @@ func runChangePassword(c *cli.Context) error {
 		return err
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
@@ -288,14 +252,29 @@ func runChangePassword(c *cli.Context) error {
 }

 func runCreateUser(c *cli.Context) error {
-	if err := argsSet(c, "name", "email"); err != nil {
+	if err := argsSet(c, "email"); err != nil {
 		return err
 	}

+	if c.IsSet("name") && c.IsSet("username") {
+		return errors.New("Cannot set both --name and --username flags")
+	}
+	if !c.IsSet("name") && !c.IsSet("username") {
+		return errors.New("One of --name or --username flags must be set")
+	}
+
 	if c.IsSet("password") && c.IsSet("random-password") {
 		return errors.New("cannot set both -random-password and -password flags")
 	}

+	var username string
+	if c.IsSet("username") {
+		username = c.String("username")
+	} else {
+		username = c.String("name")
+		fmt.Fprintf(os.Stderr, "--name flag is deprecated. Use --username instead.\n")
+	}
+
 	var password string

 	if c.IsSet("password") {
@@ -312,10 +291,6 @@ func runCreateUser(c *cli.Context) error {
 		return errors.New("must set either password or random-password flag")
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
@@ -333,19 +308,34 @@ func runCreateUser(c *cli.Context) error {
 		changePassword = c.Bool("must-change-password")
 	}

-	if err := models.CreateUser(&models.User{
-		Name:               c.String("name"),
+	u := &models.User{
+		Name:               username,
 		Email:              c.String("email"),
 		Passwd:             password,
 		IsActive:           true,
 		IsAdmin:            c.Bool("admin"),
 		MustChangePassword: changePassword,
 		Theme:              setting.UI.DefaultTheme,
-	}); err != nil {
+	}
+
+	if err := models.CreateUser(u); err != nil {
 		return fmt.Errorf("CreateUser: %v", err)
 	}

-	fmt.Printf("New user '%s' has been successfully created!\n", c.String("name"))
+	if c.Bool("access-token") {
+		t := &models.AccessToken{
+			Name: "gitea-admin",
+			UID:  u.ID,
+		}
+
+		if err := models.NewAccessToken(t); err != nil {
+			return err
+		}
+
+		fmt.Printf("Access token was successfully created... %s\n", t.Token)
+	}
+
+	fmt.Printf("New user '%s' has been successfully created!\n", username)
 	return nil
 }

@@ -411,10 +401,6 @@ func getReleaseCount(id int64) (int64, error) {
 }

 func runRegenerateHooks(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
@@ -422,10 +408,6 @@ func runRegenerateHooks(c *cli.Context) error {
 }

 func runRegenerateKeys(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
@@ -454,10 +436,6 @@ func parseOAuth2Config(c *cli.Context) *models.OAuth2Config {
 }

 func runAddOauth(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
@@ -471,10 +449,6 @@ func runAddOauth(c *cli.Context) error {
 }

 func runUpdateOauth(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if !c.IsSet("id") {
 		return fmt.Errorf("--id flag is missing")
 	}
@@ -511,7 +485,7 @@ func runUpdateOauth(c *cli.Context) error {
 	}

 	// update custom URL mapping
-	var customURLMapping *oauth2.CustomURLMapping
+	var customURLMapping = &oauth2.CustomURLMapping{}

 	if oAuth2Config.CustomURLMapping != nil {
 		customURLMapping.TokenURL = oAuth2Config.CustomURLMapping.TokenURL
@@ -542,10 +516,6 @@ func runUpdateOauth(c *cli.Context) error {
 }

 func runListAuth(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
@@ -568,10 +538,6 @@ func runListAuth(c *cli.Context) error {
 }

 func runDeleteAuth(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if !c.IsSet("id") {
 		return fmt.Errorf("--id flag is missing")
 	}
--- a/cmd/admin_auth_ldap.go
+++ b/cmd/admin_auth_ldap.go
@@ -0,0 +1,359 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+	"strings"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth/ldap"
+
+	"github.com/urfave/cli"
+)
+
+type (
+	authService struct {
+		initDB             func() error
+		createLoginSource  func(loginSource *models.LoginSource) error
+		updateLoginSource  func(loginSource *models.LoginSource) error
+		getLoginSourceByID func(id int64) (*models.LoginSource, error)
+	}
+)
+
+var (
+	commonLdapCLIFlags = []cli.Flag{
+		cli.StringFlag{
+			Name:  "name",
+			Usage: "Authentication name.",
+		},
+		cli.BoolFlag{
+			Name:  "not-active",
+			Usage: "Deactivate the authentication source.",
+		},
+		cli.StringFlag{
+			Name:  "security-protocol",
+			Usage: "Security protocol name.",
+		},
+		cli.BoolFlag{
+			Name:  "skip-tls-verify",
+			Usage: "Disable TLS verification.",
+		},
+		cli.StringFlag{
+			Name:  "host",
+			Usage: "The address where the LDAP server can be reached.",
+		},
+		cli.IntFlag{
+			Name:  "port",
+			Usage: "The port to use when connecting to the LDAP server.",
+		},
+		cli.StringFlag{
+			Name:  "user-search-base",
+			Usage: "The LDAP base at which user accounts will be searched for.",
+		},
+		cli.StringFlag{
+			Name:  "user-filter",
+			Usage: "An LDAP filter declaring how to find the user record that is attempting to authenticate.",
+		},
+		cli.StringFlag{
+			Name:  "admin-filter",
+			Usage: "An LDAP filter specifying if a user should be given administrator privileges.",
+		},
+		cli.StringFlag{
+			Name:  "username-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user name.",
+		},
+		cli.StringFlag{
+			Name:  "firstname-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s first name.",
+		},
+		cli.StringFlag{
+			Name:  "surname-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s surname.",
+		},
+		cli.StringFlag{
+			Name:  "email-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s email address.",
+		},
+		cli.StringFlag{
+			Name:  "public-ssh-key-attribute",
+			Usage: "The attribute of the user’s LDAP record containing the user’s public ssh key.",
+		},
+	}
+
+	ldapBindDnCLIFlags = append(commonLdapCLIFlags,
+		cli.StringFlag{
+			Name:  "bind-dn",
+			Usage: "The DN to bind to the LDAP server with when searching for the user.",
+		},
+		cli.StringFlag{
+			Name:  "bind-password",
+			Usage: "The password for the Bind DN, if any.",
+		},
+		cli.BoolFlag{
+			Name:  "attributes-in-bind",
+			Usage: "Fetch attributes in bind DN context.",
+		},
+		cli.BoolFlag{
+			Name:  "synchronize-users",
+			Usage: "Enable user synchronization.",
+		},
+		cli.UintFlag{
+			Name:  "page-size",
+			Usage: "Search page size.",
+		})
+
+	ldapSimpleAuthCLIFlags = append(commonLdapCLIFlags,
+		cli.StringFlag{
+			Name:  "user-dn",
+			Usage: "The user’s DN.",
+		})
+
+	cmdAuthAddLdapBindDn = cli.Command{
+		Name:  "add-ldap",
+		Usage: "Add new LDAP (via Bind DN) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().addLdapBindDn(c)
+		},
+		Flags: ldapBindDnCLIFlags,
+	}
+
+	cmdAuthUpdateLdapBindDn = cli.Command{
+		Name:  "update-ldap",
+		Usage: "Update existing LDAP (via Bind DN) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().updateLdapBindDn(c)
+		},
+		Flags: append([]cli.Flag{idFlag}, ldapBindDnCLIFlags...),
+	}
+
+	cmdAuthAddLdapSimpleAuth = cli.Command{
+		Name:  "add-ldap-simple",
+		Usage: "Add new LDAP (simple auth) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().addLdapSimpleAuth(c)
+		},
+		Flags: ldapSimpleAuthCLIFlags,
+	}
+
+	cmdAuthUpdateLdapSimpleAuth = cli.Command{
+		Name:  "update-ldap-simple",
+		Usage: "Update existing LDAP (simple auth) authentication source",
+		Action: func(c *cli.Context) error {
+			return newAuthService().updateLdapSimpleAuth(c)
+		},
+		Flags: append([]cli.Flag{idFlag}, ldapSimpleAuthCLIFlags...),
+	}
+)
+
+// newAuthService creates a service with default functions.
+func newAuthService() *authService {
+	return &authService{
+		initDB:             initDB,
+		createLoginSource:  models.CreateLoginSource,
+		updateLoginSource:  models.UpdateSource,
+		getLoginSourceByID: models.GetLoginSourceByID,
+	}
+}
+
+// parseLoginSource assigns values on loginSource according to command line flags.
+func parseLoginSource(c *cli.Context, loginSource *models.LoginSource) {
+	if c.IsSet("name") {
+		loginSource.Name = c.String("name")
+	}
+	if c.IsSet("not-active") {
+		loginSource.IsActived = !c.Bool("not-active")
+	}
+	if c.IsSet("synchronize-users") {
+		loginSource.IsSyncEnabled = c.Bool("synchronize-users")
+	}
+}
+
+// parseLdapConfig assigns values on config according to command line flags.
+func parseLdapConfig(c *cli.Context, config *models.LDAPConfig) error {
+	if c.IsSet("name") {
+		config.Source.Name = c.String("name")
+	}
+	if c.IsSet("host") {
+		config.Source.Host = c.String("host")
+	}
+	if c.IsSet("port") {
+		config.Source.Port = c.Int("port")
+	}
+	if c.IsSet("security-protocol") {
+		p, ok := findLdapSecurityProtocolByName(c.String("security-protocol"))
+		if !ok {
+			return fmt.Errorf("Unknown security protocol name: %s", c.String("security-protocol"))
+		}
+		config.Source.SecurityProtocol = p
+	}
+	if c.IsSet("skip-tls-verify") {
+		config.Source.SkipVerify = c.Bool("skip-tls-verify")
+	}
+	if c.IsSet("bind-dn") {
+		config.Source.BindDN = c.String("bind-dn")
+	}
+	if c.IsSet("user-dn") {
+		config.Source.UserDN = c.String("user-dn")
+	}
+	if c.IsSet("bind-password") {
+		config.Source.BindPassword = c.String("bind-password")
+	}
+	if c.IsSet("user-search-base") {
+		config.Source.UserBase = c.String("user-search-base")
+	}
+	if c.IsSet("username-attribute") {
+		config.Source.AttributeUsername = c.String("username-attribute")
+	}
+	if c.IsSet("firstname-attribute") {
+		config.Source.AttributeName = c.String("firstname-attribute")
+	}
+	if c.IsSet("surname-attribute") {
+		config.Source.AttributeSurname = c.String("surname-attribute")
+	}
+	if c.IsSet("email-attribute") {
+		config.Source.AttributeMail = c.String("email-attribute")
+	}
+	if c.IsSet("attributes-in-bind") {
+		config.Source.AttributesInBind = c.Bool("attributes-in-bind")
+	}
+	if c.IsSet("public-ssh-key-attribute") {
+		config.Source.AttributeSSHPublicKey = c.String("public-ssh-key-attribute")
+	}
+	if c.IsSet("page-size") {
+		config.Source.SearchPageSize = uint32(c.Uint("page-size"))
+	}
+	if c.IsSet("user-filter") {
+		config.Source.Filter = c.String("user-filter")
+	}
+	if c.IsSet("admin-filter") {
+		config.Source.AdminFilter = c.String("admin-filter")
+	}
+	return nil
+}
+
+// findLdapSecurityProtocolByName finds security protocol by its name ignoring case.
+// It returns the value of the security protocol and if it was found.
+func findLdapSecurityProtocolByName(name string) (ldap.SecurityProtocol, bool) {
+	for i, n := range models.SecurityProtocolNames {
+		if strings.EqualFold(name, n) {
+			return i, true
+		}
+	}
+	return 0, false
+}
+
+// getLoginSource gets the login source by its id defined in the command line flags.
+// It returns an error if the id is not set, does not match any source or if the source is not of expected type.
+func (a *authService) getLoginSource(c *cli.Context, loginType models.LoginType) (*models.LoginSource, error) {
+	if err := argsSet(c, "id"); err != nil {
+		return nil, err
+	}
+
+	loginSource, err := a.getLoginSourceByID(c.Int64("id"))
+	if err != nil {
+		return nil, err
+	}
+
+	if loginSource.Type != loginType {
+		return nil, fmt.Errorf("Invalid authentication type. expected: %s, actual: %s", models.LoginNames[loginType], models.LoginNames[loginSource.Type])
+	}
+
+	return loginSource, nil
+}
+
+// addLdapBindDn adds a new LDAP via Bind DN authentication source.
+func (a *authService) addLdapBindDn(c *cli.Context) error {
+	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-search-base", "user-filter", "email-attribute"); err != nil {
+		return err
+	}
+
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource := &models.LoginSource{
+		Type:      models.LoginLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
+		},
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.createLoginSource(loginSource)
+}
+
+// updateLdapBindDn updates a new LDAP via Bind DN authentication source.
+func (a *authService) updateLdapBindDn(c *cli.Context) error {
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource, err := a.getLoginSource(c, models.LoginLDAP)
+	if err != nil {
+		return err
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.updateLoginSource(loginSource)
+}
+
+// addLdapSimpleAuth adds a new LDAP (simple auth) authentication source.
+func (a *authService) addLdapSimpleAuth(c *cli.Context) error {
+	if err := argsSet(c, "name", "security-protocol", "host", "port", "user-dn", "user-filter", "email-attribute"); err != nil {
+		return err
+	}
+
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource := &models.LoginSource{
+		Type:      models.LoginDLDAP,
+		IsActived: true, // active by default
+		Cfg: &models.LDAPConfig{
+			Source: &ldap.Source{
+				Enabled: true, // always true
+			},
+		},
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.createLoginSource(loginSource)
+}
+
+// updateLdapBindDn updates a new LDAP (simple auth) authentication source.
+func (a *authService) updateLdapSimpleAuth(c *cli.Context) error {
+	if err := a.initDB(); err != nil {
+		return err
+	}
+
+	loginSource, err := a.getLoginSource(c, models.LoginDLDAP)
+	if err != nil {
+		return err
+	}
+
+	parseLoginSource(c, loginSource)
+	if err := parseLdapConfig(c, loginSource.LDAP()); err != nil {
+		return err
+	}
+
+	return a.updateLoginSource(loginSource)
+}
--- a/cmd/admin_auth_ldap_test.go
+++ b/cmd/admin_auth_ldap_test.go
--- a/cmd/cert.go
+++ b/cmd/cert.go
@@ -170,17 +170,28 @@ func runCert(c *cli.Context) error {
 	if err != nil {
 		log.Fatalf("Failed to open cert.pem for writing: %v", err)
 	}
-	pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
-	certOut.Close()
+	err = pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
+	if err != nil {
+		log.Fatalf("Failed to encode certificate: %v", err)
+	}
+	err = certOut.Close()
+	if err != nil {
+		log.Fatalf("Failed to write cert: %v", err)
+	}
 	log.Println("Written cert.pem")

 	keyOut, err := os.OpenFile("key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
 	if err != nil {
 		log.Fatalf("Failed to open key.pem for writing: %v", err)
 	}
-	pem.Encode(keyOut, pemBlockForKey(priv))
-	keyOut.Close()
+	err = pem.Encode(keyOut, pemBlockForKey(priv))
+	if err != nil {
+		log.Fatalf("Failed to encode key: %v", err)
+	}
+	err = keyOut.Close()
+	if err != nil {
+		log.Fatalf("Failed to write key: %v", err)
+	}
 	log.Println("Written key.pem")
-
 	return nil
 }
--- a/cmd/convert.go
+++ b/cmd/convert.go
@@ -0,0 +1,49 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package cmd
+
+import (
+	"fmt"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/setting"
+
+	"github.com/urfave/cli"
+)
+
+// CmdConvert represents the available convert sub-command.
+var CmdConvert = cli.Command{
+	Name:        "convert",
+	Usage:       "Convert the database",
+	Description: "A command to convert an existing MySQL database from utf8 to utf8mb4",
+	Action:      runConvert,
+}
+
+func runConvert(ctx *cli.Context) error {
+	if err := initDB(); err != nil {
+		return err
+	}
+
+	log.Trace("AppPath: %s", setting.AppPath)
+	log.Trace("AppWorkPath: %s", setting.AppWorkPath)
+	log.Trace("Custom path: %s", setting.CustomPath)
+	log.Trace("Log path: %s", setting.LogRootPath)
+	models.LoadConfigs()
+
+	if models.DbCfg.Type != "mysql" {
+		fmt.Println("This command can only be used with a MySQL database")
+		return nil
+	}
+
+	if err := models.ConvertUtf8ToUtf8mb4(); err != nil {
+		log.Fatal("Failed to convert database from utf8 to utf8mb4: %v", err)
+		return err
+	}
+
+	fmt.Println("Converted successfully, please confirm your database's character set is now utf8mb4")
+
+	return nil
+}
--- a/cmd/dump.go
+++ b/cmd/dump.go
@@ -31,12 +31,12 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 	Action: runDump,
 	Flags: []cli.Flag{
 		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
+			Name:  "file, f",
+			Value: fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix()),
+			Usage: "Name of the dump file which will be created.",
 		},
 		cli.BoolFlag{
-			Name:  "verbose, v",
+			Name:  "verbose, V",
 			Usage: "Show process details",
 		},
 		cli.StringFlag{
@@ -56,9 +56,6 @@ It can be used for backup and capture Gitea server image to send to maintainer`,
 }

 func runDump(ctx *cli.Context) error {
-	if ctx.IsSet("config") {
-		setting.CustomConf = ctx.String("config")
-	}
 	setting.NewContext()
 	setting.NewServices() // cannot access session settings otherwise
 	models.LoadConfigs()
@@ -85,7 +82,7 @@ func runDump(ctx *cli.Context) error {

 	dbDump := path.Join(tmpWorkDir, "gitea-db.sql")

-	fileName := fmt.Sprintf("gitea-dump-%d.zip", time.Now().Unix())
+	fileName := ctx.String("file")
 	log.Printf("Packing dump files...")
 	z, err := zip.Create(fileName)
 	if err != nil {
@@ -120,6 +117,14 @@ func runDump(ctx *cli.Context) error {
 	if err := z.AddFile("gitea-db.sql", dbDump); err != nil {
 		log.Fatalf("Failed to include gitea-db.sql: %v", err)
 	}
+
+	if len(setting.CustomConf) > 0 {
+		log.Printf("Adding custom configuration file from %s", setting.CustomConf)
+		if err := z.AddFile("app.ini", setting.CustomConf); err != nil {
+			log.Fatalf("Failed to include specified app.ini: %v", err)
+		}
+	}
+
 	customDir, err := os.Stat(setting.CustomPath)
 	if err == nil && customDir.IsDir() {
 		if err := z.AddDir("custom", setting.CustomPath); err != nil {
--- a/cmd/generate.go
+++ b/cmd/generate.go
@@ -40,9 +40,10 @@ var (
 	}

 	microcmdGenerateLfsJwtSecret = cli.Command{
-		Name:   "LFS_JWT_SECRET",
-		Usage:  "Generate a new LFS_JWT_SECRET",
-		Action: runGenerateLfsJwtSecret,
+		Name:    "JWT_SECRET",
+		Aliases: []string{"LFS_JWT_SECRET"},
+		Usage:   "Generate a new JWT_SECRET",
+		Action:  runGenerateLfsJwtSecret,
 	}

 	microcmdGenerateSecretKey = cli.Command{
--- a/cmd/hook.go
+++ b/cmd/hook.go
@@ -8,16 +8,14 @@ import (
 	"bufio"
 	"bytes"
 	"fmt"
+	"net/http"
 	"os"
 	"strconv"
 	"strings"

-	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/git"
 	"code.gitea.io/gitea/modules/private"
-	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"

 	"github.com/urfave/cli"
 )
@@ -28,13 +26,6 @@ var (
 		Name:        "hook",
 		Usage:       "Delegate commands to corresponding Git hooks",
 		Description: "This should only be called by Git",
-		Flags: []cli.Flag{
-			cli.StringFlag{
-				Name:  "config, c",
-				Value: "custom/conf/app.ini",
-				Usage: "Custom configuration file path",
-			},
-		},
 		Subcommands: []cli.Command{
 			subcmdHookPreReceive,
 			subcmdHookUpdate,
@@ -67,21 +58,14 @@ func runHookPreReceive(c *cli.Context) error {
 		return nil
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
-	}
-
 	setup("hooks/pre-receive.log")

 	// the environment setted on serv command
-	repoID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchRepoID), 10, 64)
 	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
 	username := os.Getenv(models.EnvRepoUsername)
 	reponame := os.Getenv(models.EnvRepoName)
-	userIDStr := os.Getenv(models.EnvPusherID)
-	repoPath := models.RepoPath(username, reponame)
+	userID, _ := strconv.ParseInt(os.Getenv(models.EnvPusherID), 10, 64)
+	prID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchPRID), 10, 64)

 	buf := bytes.NewBuffer(nil)
 	scanner := bufio.NewScanner(os.Stdin)
@@ -103,34 +87,22 @@ func runHookPreReceive(c *cli.Context) error {
 		newCommitID := string(fields[1])
 		refFullName := string(fields[2])

-		branchName := strings.TrimPrefix(refFullName, git.BranchPrefix)
-		protectBranch, err := private.GetProtectedBranchBy(repoID, branchName)
-		if err != nil {
-			fail("Internal error", fmt.Sprintf("retrieve protected branches information failed: %v", err))
-		}
-
-		if protectBranch != nil && protectBranch.IsProtected() {
-			// check and deletion
-			if newCommitID == git.EmptySHA {
-				fail(fmt.Sprintf("branch %s is protected from deletion", branchName), "")
-			}
-
-			// detect force push
-			if git.EmptySHA != oldCommitID {
-				output, err := git.NewCommand("rev-list", "--max-count=1", oldCommitID, "^"+newCommitID).RunInDir(repoPath)
-				if err != nil {
-					fail("Internal error", "Fail to detect force push: %v", err)
-				} else if len(output) > 0 {
-					fail(fmt.Sprintf("branch %s is protected from force push", branchName), "")
-				}
-			}
-
-			userID, _ := strconv.ParseInt(userIDStr, 10, 64)
-			canPush, err := private.CanUserPush(protectBranch.ID, userID)
-			if err != nil {
-				fail("Internal error", "Fail to detect user can push: %v", err)
-			} else if !canPush {
-				fail(fmt.Sprintf("protected branch %s can not be pushed to", branchName), "")
+		// If the ref is a branch, check if it's protected
+		if strings.HasPrefix(refFullName, git.BranchPrefix) {
+			statusCode, msg := private.HookPreReceive(username, reponame, private.HookOptions{
+				OldCommitID:                     oldCommitID,
+				NewCommitID:                     newCommitID,
+				RefFullName:                     refFullName,
+				UserID:                          userID,
+				GitAlternativeObjectDirectories: os.Getenv(private.GitAlternativeObjectDirectories),
+				GitObjectDirectory:              os.Getenv(private.GitObjectDirectory),
+				ProtectedBranchID:               prID,
+			})
+			switch statusCode {
+			case http.StatusInternalServerError:
+				fail("Internal Server Error", msg)
+			case http.StatusForbidden:
+				fail(msg, "")
 			}
 		}
 	}
@@ -143,12 +115,6 @@ func runHookUpdate(c *cli.Context) error {
 		return nil
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
-	}
-
 	setup("hooks/update.log")

 	return nil
@@ -159,16 +125,9 @@ func runHookPostReceive(c *cli.Context) error {
 		return nil
 	}

-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	} else if c.GlobalIsSet("config") {
-		setting.CustomConf = c.GlobalString("config")
-	}
-
 	setup("hooks/post-receive.log")

 	// the environment setted on serv command
-	repoID, _ := strconv.ParseInt(os.Getenv(models.ProtectedBranchRepoID), 10, 64)
 	repoUser := os.Getenv(models.EnvRepoUsername)
 	isWiki := (os.Getenv(models.EnvRepoIsWiki) == "true")
 	repoName := os.Getenv(models.EnvRepoName)
@@ -195,58 +154,31 @@ func runHookPostReceive(c *cli.Context) error {
 		newCommitID := string(fields[1])
 		refFullName := string(fields[2])

-		if err := private.PushUpdate(models.PushUpdateOptions{
-			RefFullName:  refFullName,
-			OldCommitID:  oldCommitID,
-			NewCommitID:  newCommitID,
-			PusherID:     pusherID,
-			PusherName:   pusherName,
-			RepoUserName: repoUser,
-			RepoName:     repoName,
-		}); err != nil {
-			log.GitLogger.Error(2, "Update: %v", err)
+		res, err := private.HookPostReceive(repoUser, repoName, private.HookOptions{
+			OldCommitID: oldCommitID,
+			NewCommitID: newCommitID,
+			RefFullName: refFullName,
+			UserID:      pusherID,
+			UserName:    pusherName,
+		})
+
+		if res == nil {
+			fail("Internal Server Error", err)
 		}

-		if newCommitID != git.EmptySHA && strings.HasPrefix(refFullName, git.BranchPrefix) {
-			branch := strings.TrimPrefix(refFullName, git.BranchPrefix)
-			repo, pullRequestAllowed, err := private.GetRepository(repoID)
-			if err != nil {
-				log.GitLogger.Error(2, "get repo: %v", err)
-				break
-			}
-			if !pullRequestAllowed {
-				break
-			}
-
-			baseRepo := repo
-			if repo.IsFork {
-				baseRepo = repo.BaseRepo
-			}
-
-			if !repo.IsFork && branch == baseRepo.DefaultBranch {
-				break
-			}
-
-			pr, err := private.ActivePullRequest(baseRepo.ID, repo.ID, baseRepo.DefaultBranch, branch)
-			if err != nil {
-				log.GitLogger.Error(2, "get active pr: %v", err)
-				break
-			}
-
-			fmt.Fprintln(os.Stderr, "")
-			if pr == nil {
-				if repo.IsFork {
-					branch = fmt.Sprintf("%s:%s", repo.OwnerName, branch)
-				}
-				fmt.Fprintf(os.Stderr, "Create a new pull request for '%s':\n", branch)
-				fmt.Fprintf(os.Stderr, "  %s/compare/%s...%s\n", baseRepo.HTMLURL(), util.PathEscapeSegments(baseRepo.DefaultBranch), util.PathEscapeSegments(branch))
-			} else {
-				fmt.Fprint(os.Stderr, "Visit the existing pull request:\n")
-				fmt.Fprintf(os.Stderr, "  %s/pulls/%d\n", baseRepo.HTMLURL(), pr.Index)
-			}
-			fmt.Fprintln(os.Stderr, "")
+		if res["message"] == false {
+			continue
 		}

+		fmt.Fprintln(os.Stderr, "")
+		if res["create"] == true {
+			fmt.Fprintf(os.Stderr, "Create a new pull request for '%s':\n", res["branch"])
+			fmt.Fprintf(os.Stderr, "  %s\n", res["url"])
+		} else {
+			fmt.Fprint(os.Stderr, "Visit the existing pull request:\n")
+			fmt.Fprintf(os.Stderr, "  %s\n", res["url"])
+		}
+		fmt.Fprintln(os.Stderr, "")
 	}

 	return nil
--- a/cmd/keys.go
+++ b/cmd/keys.go
@@ -10,7 +10,6 @@ import (
 	"strings"

 	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/setting"

 	"github.com/urfave/cli"
 )
@@ -41,19 +40,10 @@ var CmdKeys = cli.Command{
 			Value: "",
 			Usage: "Base64 encoded content of the SSH key provided to the SSH Server (requires type to be provided too)",
 		},
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
-		},
 	},
 }

 func runKeys(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
-
 	if !c.IsSet("username") {
 		return errors.New("No username provided")
 	}
--- a/cmd/migrate.go
+++ b/cmd/migrate.go
@@ -19,20 +19,9 @@ var CmdMigrate = cli.Command{
 	Usage:       "Migrate the database",
 	Description: "This is a command for migrating the database, so that you can run gitea admin create-user before starting the server.",
 	Action:      runMigrate,
-	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
-		},
-	},
 }

 func runMigrate(ctx *cli.Context) error {
-	if ctx.IsSet("config") {
-		setting.CustomConf = ctx.String("config")
-	}
-
 	if err := initDB(); err != nil {
 		return err
 	}
@@ -44,7 +33,7 @@ func runMigrate(ctx *cli.Context) error {
 	models.LoadConfigs()

 	if err := models.NewEngine(migrations.Migrate); err != nil {
-		log.Fatal(4, "Failed to initialize ORM engine: %v", err)
+		log.Fatal("Failed to initialize ORM engine: %v", err)
 		return err
 	}

--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -8,13 +8,14 @@ package cmd
 import (
 	"encoding/json"
 	"fmt"
+	"net/http"
+	"net/url"
 	"os"
 	"os/exec"
-	"path/filepath"
+	"strconv"
 	"strings"
 	"time"

-	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/pprof"
@@ -23,12 +24,10 @@ import (

 	"github.com/Unknwon/com"
 	"github.com/dgrijalva/jwt-go"
-	version "github.com/mcuadros/go-version"
 	"github.com/urfave/cli"
 )

 const (
-	accessDenied        = "Repository does not exist or you do not have access"
 	lfsAuthenticateVerb = "git-lfs-authenticate"
 )

@@ -39,41 +38,15 @@ var CmdServ = cli.Command{
 	Description: `Serv provide access auth for repositories`,
 	Action:      runServ,
 	Flags: []cli.Flag{
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
-		},
 		cli.BoolFlag{
 			Name: "enable-pprof",
 		},
 	},
 }

-func checkLFSVersion() {
-	if setting.LFS.StartServer {
-		//Disable LFS client hooks if installed for the current OS user
-		//Needs at least git v2.1.2
-		binVersion, err := git.BinVersion()
-		if err != nil {
-			fail(fmt.Sprintf("Error retrieving git version: %v", err), fmt.Sprintf("Error retrieving git version: %v", err))
-		}
-
-		if !version.Compare(binVersion, "2.1.2", ">=") {
-			setting.LFS.StartServer = false
-			println("LFS server support needs at least Git v2.1.2, disabled")
-		} else {
-			git.GlobalCommandArgs = append(git.GlobalCommandArgs, "-c", "filter.lfs.required=",
-				"-c", "filter.lfs.smudge=", "-c", "filter.lfs.clean=")
-		}
-	}
-}
-
 func setup(logPath string) {
-	log.DelLogger("console")
+	_ = log.DelLogger("console")
 	setting.NewContext()
-	checkLFSVersion()
-	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
 }

 func parseCmd(cmd string) (string, string) {
@@ -100,18 +73,14 @@ func fail(userMessage, logMessage string, args ...interface{}) {
 		if !setting.ProdMode {
 			fmt.Fprintf(os.Stderr, logMessage+"\n", args...)
 		}
-		log.GitLogger.Fatal(3, logMessage, args...)
 		return
 	}

-	log.GitLogger.Close()
 	os.Exit(1)
 }

 func runServ(c *cli.Context) error {
-	if c.IsSet("config") {
-		setting.CustomConf = c.String("config")
-	}
+	// FIXME: This needs to internationalised
 	setup("serv.log")

 	if setting.SSH.Disabled {
@@ -120,13 +89,29 @@ func runServ(c *cli.Context) error {
 	}

 	if len(c.Args()) < 1 {
-		cli.ShowSubcommandHelp(c)
+		if err := cli.ShowSubcommandHelp(c); err != nil {
+			fmt.Printf("error showing subcommand help: %v\n", err)
+		}
 		return nil
 	}

+	keys := strings.Split(c.Args()[0], "-")
+	if len(keys) != 2 || keys[0] != "key" {
+		fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
+	}
+	keyID := com.StrTo(keys[1]).MustInt64()
+
 	cmd := os.Getenv("SSH_ORIGINAL_COMMAND")
 	if len(cmd) == 0 {
-		println("Hi there, You've successfully authenticated, but Gitea does not provide shell access.")
+		key, user, err := private.ServNoCommand(keyID)
+		if err != nil {
+			fail("Internal error", "Failed to check provided key: %v", err)
+		}
+		if key.Type == models.KeyTypeDeploy {
+			println("Hi there! You've successfully authenticated with the deploy key named " + key.Name + ", but Gitea does not provide shell access.")
+		} else {
+			println("Hi there: " + user.Name + "! You've successfully authenticated with the key named " + key.Name + ", but Gitea does not provide shell access.")
+		}
 		println("If this is unexpected, please log in with password and setup Gitea under another user.")
 		return nil
 	}
@@ -160,41 +145,19 @@ func runServ(c *cli.Context) error {
 			fail("Error while trying to create PPROF_DATA_PATH", "Error while trying to create PPROF_DATA_PATH: %v", err)
 		}

-		stopCPUProfiler := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
+		stopCPUProfiler, err := pprof.DumpCPUProfileForUsername(setting.PprofDataPath, username)
+		if err != nil {
+			fail("Internal Server Error", "Unable to start CPU profile: %v", err)
+		}
 		defer func() {
 			stopCPUProfiler()
-			pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
+			err := pprof.DumpMemProfileForUsername(setting.PprofDataPath, username)
+			if err != nil {
+				fail("Internal Server Error", "Unable to dump Mem Profile: %v", err)
+			}
 		}()
 	}

-	var (
-		isWiki   bool
-		unitType = models.UnitTypeCode
-		unitName = "code"
-	)
-	if strings.HasSuffix(reponame, ".wiki") {
-		isWiki = true
-		unitType = models.UnitTypeWiki
-		unitName = "wiki"
-		reponame = reponame[:len(reponame)-5]
-	}
-
-	os.Setenv(models.EnvRepoUsername, username)
-	if isWiki {
-		os.Setenv(models.EnvRepoIsWiki, "true")
-	} else {
-		os.Setenv(models.EnvRepoIsWiki, "false")
-	}
-	os.Setenv(models.EnvRepoName, reponame)
-
-	repo, err := private.GetRepositoryByOwnerAndName(username, reponame)
-	if err != nil {
-		if strings.Contains(err.Error(), "Failed to get repository: repository does not exist") {
-			fail(accessDenied, "Repository does not exist: %s/%s", username, reponame)
-		}
-		fail("Internal error", "Failed to get repository: %v", err)
-	}
-
 	requestedMode, has := allowedCommands[verb]
 	if !has {
 		fail("Unknown git command", "Unknown git command %s", verb)
@@ -210,97 +173,37 @@ func runServ(c *cli.Context) error {
 		}
 	}

-	// Prohibit push to mirror repositories.
-	if requestedMode > models.AccessModeRead && repo.IsMirror {
-		fail("mirror repository is read-only", "")
-	}
-
-	// Allow anonymous clone for public repositories.
-	var (
-		keyID int64
-		user  *models.User
-	)
-	if requestedMode == models.AccessModeWrite || repo.IsPrivate || setting.Service.RequireSignInView {
-		keys := strings.Split(c.Args()[0], "-")
-		if len(keys) != 2 {
-			fail("Key ID format error", "Invalid key argument: %s", c.Args()[0])
-		}
-
-		key, err := private.GetPublicKeyByID(com.StrTo(keys[1]).MustInt64())
-		if err != nil {
-			fail("Invalid key ID", "Invalid key ID[%s]: %v", c.Args()[0], err)
-		}
-		keyID = key.ID
-
-		// Check deploy key or user key.
-		if key.Type == models.KeyTypeDeploy {
-			// Now we have to get the deploy key for this repo
-			deployKey, err := private.GetDeployKey(key.ID, repo.ID)
-			if err != nil {
-				fail("Key access denied", "Failed to access internal api: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
-			}
-
-			if deployKey == nil {
-				fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
-			}
-
-			if deployKey.Mode < requestedMode {
-				fail("Key permission denied", "Cannot push with read-only deployment key: %d to repo_id: %d", key.ID, repo.ID)
-			}
-
-			// Update deploy key activity.
-			if err = private.UpdateDeployKeyUpdated(key.ID, repo.ID); err != nil {
-				fail("Internal error", "UpdateDeployKey: %v", err)
-			}
-
-			// FIXME: Deploy keys aren't really the owner of the repo pushing changes
-			// however we don't have good way of representing deploy keys in hook.go
-			// so for now use the owner
-			os.Setenv(models.EnvPusherName, username)
-			os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", repo.OwnerID))
-		} else {
-			user, err = private.GetUserByKeyID(key.ID)
-			if err != nil {
-				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
-			}
-
-			if !user.IsActive || user.ProhibitLogin {
-				fail("Your account is not active or has been disabled by Administrator",
-					"User %s is disabled and have no access to repository %s",
-					user.Name, repoPath)
-			}
-
-			mode, err := private.CheckUnitUser(user.ID, repo.ID, user.IsAdmin, unitType)
-			if err != nil {
-				fail("Internal error", "Failed to check access: %v", err)
-			} else if *mode < requestedMode {
-				clientMessage := accessDenied
-				if *mode >= models.AccessModeRead {
-					clientMessage = "You do not have sufficient authorization for this action"
-				}
-				fail(clientMessage,
-					"User %s does not have level %v access to repository %s's "+unitName,
-					user.Name, requestedMode, repoPath)
-			}
-
-			os.Setenv(models.EnvPusherName, user.Name)
-			os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", user.ID))
-		}
+	results, err := private.ServCommand(keyID, username, reponame, requestedMode, verb, lfsVerb)
+	if err != nil {
+		if private.IsErrServCommand(err) {
+			errServCommand := err.(private.ErrServCommand)
+			if errServCommand.StatusCode != http.StatusInternalServerError {
+				fail("Unauthorized", "%s", errServCommand.Error())
+			} else {
+				fail("Internal Server Error", "%s", errServCommand.Error())
+			}
+		}
+		fail("Internal Server Error", "%s", err.Error())
 	}
+	os.Setenv(models.EnvRepoIsWiki, strconv.FormatBool(results.IsWiki))
+	os.Setenv(models.EnvRepoName, results.RepoName)
+	os.Setenv(models.EnvRepoUsername, results.OwnerName)
+	os.Setenv(models.EnvPusherName, results.UserName)
+	os.Setenv(models.EnvPusherID, strconv.FormatInt(results.UserID, 10))
+	os.Setenv(models.ProtectedBranchRepoID, strconv.FormatInt(results.RepoID, 10))
+	os.Setenv(models.ProtectedBranchPRID, fmt.Sprintf("%d", 0))

 	//LFS token authentication
 	if verb == lfsAuthenticateVerb {
-		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, username, repo.Name)
+		url := fmt.Sprintf("%s%s/%s.git/info/lfs", setting.AppURL, url.PathEscape(results.OwnerName), url.PathEscape(results.RepoName))

 		now := time.Now()
 		claims := jwt.MapClaims{
-			"repo": repo.ID,
+			"repo": results.RepoID,
 			"op":   lfsVerb,
 			"exp":  now.Add(setting.LFS.HTTPAuthExpiry).Unix(),
 			"nbf":  now.Unix(),
-		}
-		if user != nil {
-			claims["user"] = user.ID
+			"user": results.UserID,
 		}
 		token := jwt.NewWithClaims(jwt.SigningMethodHS256, claims)

@@ -321,7 +224,6 @@ func runServ(c *cli.Context) error {
 		if err != nil {
 			fail("Internal error", "Failed to encode LFS json response: %v", err)
 		}
-
 		return nil
 	}

@@ -337,13 +239,6 @@ func runServ(c *cli.Context) error {
 	} else {
 		gitcmd = exec.Command(verb, repoPath)
 	}
-	if isWiki {
-		if err = private.InitWiki(repo.ID); err != nil {
-			fail("Internal error", "Failed to init wiki repo: %v", err)
-		}
-	}
-
-	os.Setenv(models.ProtectedBranchRepoID, fmt.Sprintf("%d", repo.ID))

 	gitcmd.Dir = setting.RepoRootPath
 	gitcmd.Stdout = os.Stdout
@@ -354,9 +249,9 @@ func runServ(c *cli.Context) error {
 	}

 	// Update user key activity.
-	if keyID > 0 {
-		if err = private.UpdatePublicKeyUpdated(keyID); err != nil {
-			fail("Internal error", "UpdatePublicKey: %v", err)
+	if results.KeyID > 0 {
+		if err = private.UpdatePublicKeyInRepo(results.KeyID, results.RepoID); err != nil {
+			fail("Internal error", "UpdatePublicKeyInRepo: %v", err)
 		}
 	}

--- a/cmd/web.go
+++ b/cmd/web.go
@@ -5,7 +5,6 @@
 package cmd

 import (
-	"crypto/tls"
 	"fmt"
 	"net"
 	"net/http"
@@ -15,7 +14,6 @@ import (
 	"strings"

 	"code.gitea.io/gitea/modules/log"
-	"code.gitea.io/gitea/modules/markup/external"
 	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/routes"
@@ -40,11 +38,6 @@ and it takes care of all the other things for you`,
 			Value: "3000",
 			Usage: "Temporary port number to prevent conflict",
 		},
-		cli.StringFlag{
-			Name:  "config, c",
-			Value: "custom/conf/app.ini",
-			Usage: "Custom configuration file path",
-		},
 		cli.StringFlag{
 			Name:  "pid, P",
 			Value: "/var/run/gitea.pid",
@@ -69,7 +62,7 @@ func runHTTPRedirector() {
 	var err = runHTTP(source, context2.ClearHandler(handler))

 	if err != nil {
-		log.Fatal(4, "Failed to start port redirection: %v", err)
+		log.Fatal("Failed to start port redirection: %v", err)
 	}
 }

@@ -84,15 +77,13 @@ func runLetsEncrypt(listenAddr, domain, directory, email string, m http.Handler)
 		log.Info("Running Let's Encrypt handler on %s", setting.HTTPAddr+":"+setting.PortToRedirect)
 		var err = http.ListenAndServe(setting.HTTPAddr+":"+setting.PortToRedirect, certManager.HTTPHandler(http.HandlerFunc(runLetsEncryptFallbackHandler))) // all traffic coming into HTTP will be redirect to HTTPS automatically (LE HTTP-01 validation happens here)
 		if err != nil {
-			log.Fatal(4, "Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
+			log.Fatal("Failed to start the Let's Encrypt handler on port %s: %v", setting.PortToRedirect, err)
 		}
 	}()
 	server := &http.Server{
-		Addr:    listenAddr,
-		Handler: m,
-		TLSConfig: &tls.Config{
-			GetCertificate: certManager.GetCertificate,
-		},
+		Addr:      listenAddr,
+		Handler:   m,
+		TLSConfig: certManager.TLSConfig(),
 	}
 	return server.ListenAndServeTLS("", "")
 }
@@ -110,18 +101,12 @@ func runLetsEncryptFallbackHandler(w http.ResponseWriter, r *http.Request) {
 }

 func runWeb(ctx *cli.Context) error {
-	if ctx.IsSet("config") {
-		setting.CustomConf = ctx.String("config")
-	}
-
 	if ctx.IsSet("pid") {
 		setting.CustomPID = ctx.String("pid")
 	}

 	routers.GlobalInit()

-	external.RegisterParsers()
-
 	m := routes.NewMacaron()
 	routes.RegisterRoutes(m)

@@ -190,15 +175,20 @@ func runWeb(ctx *cli.Context) error {
 		}
 		err = runHTTPS(listenAddr, setting.CertFile, setting.KeyFile, context2.ClearHandler(m))
 	case setting.FCGI:
-		listener, err := net.Listen("tcp", listenAddr)
+		var listener net.Listener
+		listener, err = net.Listen("tcp", listenAddr)
 		if err != nil {
-			log.Fatal(4, "Failed to bind %s", listenAddr, err)
+			log.Fatal("Failed to bind %s: %v", listenAddr, err)
 		}
-		defer listener.Close()
+		defer func() {
+			if err := listener.Close(); err != nil {
+				log.Fatal("Failed to stop server: %v", err)
+			}
+		}()
 		err = fcgi.Serve(listener, context2.ClearHandler(m))
 	case setting.UnixSocket:
 		if err := os.Remove(listenAddr); err != nil && !os.IsNotExist(err) {
-			log.Fatal(4, "Failed to remove unix socket directory %s: %v", listenAddr, err)
+			log.Fatal("Failed to remove unix socket directory %s: %v", listenAddr, err)
 		}
 		var listener *net.UnixListener
 		listener, err = net.ListenUnix("unix", &net.UnixAddr{Name: listenAddr, Net: "unix"})
@@ -209,15 +199,15 @@ func runWeb(ctx *cli.Context) error {
 		// FIXME: add proper implementation of signal capture on all protocols
 		// execute this on SIGTERM or SIGINT: listener.Close()
 		if err = os.Chmod(listenAddr, os.FileMode(setting.UnixSocketPermission)); err != nil {
-			log.Fatal(4, "Failed to set permission of unix socket: %v", err)
+			log.Fatal("Failed to set permission of unix socket: %v", err)
 		}
 		err = http.Serve(listener, context2.ClearHandler(m))
 	default:
-		log.Fatal(4, "Invalid protocol: %s", setting.Protocol)
+		log.Fatal("Invalid protocol: %s", setting.Protocol)
 	}

 	if err != nil {
-		log.Fatal(4, "Failed to start server: %v", err)
+		log.Fatal("Failed to start server: %v", err)
 	}

 	return nil
--- a/cmd/web_graceful.go
+++ b/cmd/web_graceful.go
@@ -34,7 +34,7 @@ func runHTTPS(listenAddr, certFile, keyFile string, m http.Handler) error {
 	var err error
 	config.Certificates[0], err = tls.LoadX509KeyPair(certFile, keyFile)
 	if err != nil {
-		log.Fatal(4, "Failed to load https cert file %s: %v", listenAddr, err)
+		log.Fatal("Failed to load https cert file %s: %v", listenAddr, err)
 	}

 	return gracehttp.Serve(&http.Server{
--- a/contrib/fhs-compliant-script/gitea
+++ b/contrib/fhs-compliant-script/gitea
@@ -0,0 +1,42 @@
+#!/bin/bash
+
+########################################################################
+# This script some defaults for gitea to run in a FHS compliant manner #
+########################################################################
+
+# It assumes that you place this script as gitea in /usr/bin
+#
+# And place the original in /usr/lib/gitea with working files in /var/lib/gitea
+# and main configuration in /etc/gitea/app.ini
+GITEA="/usr/lib/gitea/gitea"
+WORK_DIR="/var/lib/gitea"
+APP_INI="/etc/gitea/app.ini"
+
+APP_INI_SET=""
+for i in "$@"; do
+	case "$i" in
+	"-c")
+		APP_INI_SET=1
+		;;
+	"-c="*)
+		APP_INI_SET=1
+		;;
+	"--config")
+		APP_INI_SET=1
+		;;
+	"--config="*)
+		APP_INI_SET=1
+		;;
+	*)
+	;;
+	esac
+done
+
+if [ -z "$APP_INI_SET" ]; then
+	CONF_ARG="-c \"$APP_INI\""
+fi
+
+# Provide FHS compliant defaults to
+GITEA_WORK_DIR="${GITEA_WORK_DIR:-$WORK_DIR}" "$GITEA" $CONF_ARG "$@"
+
+
--- a/contrib/pr/checkout.go
+++ b/contrib/pr/checkout.go
@@ -20,9 +20,13 @@ import (
 	"strconv"
 	"time"

+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/markup"
 	"code.gitea.io/gitea/modules/markup/external"
+	"code.gitea.io/gitea/modules/setting"
 	"code.gitea.io/gitea/routers"
 	"code.gitea.io/gitea/routers/routes"
+
 	"github.com/Unknwon/com"
 	"github.com/go-xorm/xorm"
 	context2 "github.com/gorilla/context"
@@ -30,9 +34,6 @@ import (
 	"gopkg.in/src-d/go-git.v4/config"
 	"gopkg.in/src-d/go-git.v4/plumbing"
 	"gopkg.in/testfixtures.v2"
-
-	"code.gitea.io/gitea/models"
-	"code.gitea.io/gitea/modules/setting"
 )

 var codeFilePath = "contrib/pr/checkout.go"
@@ -43,6 +44,7 @@ func runPR() {
 	if err != nil {
 		log.Fatal(err)
 	}
+	setting.SetCustomPathAndConf("", "", "")
 	setting.NewContext()

 	setting.RepoRootPath, err = ioutil.TempDir(os.TempDir(), "repos")
@@ -89,8 +91,7 @@ func runPR() {
 	routers.NewServices()
 	//x, err = xorm.NewEngine("sqlite3", "file::memory:?cache=shared")

-	var helper testfixtures.Helper
-	helper = &testfixtures.SQLite{}
+	var helper testfixtures.Helper = &testfixtures.SQLite{}
 	models.NewEngine(func(_ *xorm.Engine) error {
 		return nil
 	})
@@ -107,12 +108,12 @@ func runPR() {
 	models.LoadFixtures()
 	os.RemoveAll(setting.RepoRootPath)
 	os.RemoveAll(models.LocalCopyPath())
-	os.RemoveAll(models.LocalWikiPath())
 	com.CopyDir(path.Join(curDir, "integrations/gitea-repositories-meta"), setting.RepoRootPath)

 	log.Printf("[PR] Setting up router\n")
 	//routers.GlobalInit()
 	external.RegisterParsers()
+	markup.Init()
 	m := routes.NewMacaron()
 	routes.RegisterRoutes(m)

--- a/custom/conf/app.ini.sample
+++ b/custom/conf/app.ini.sample
@@ -1,3 +1,4 @@
+
 ; This file lists the default values used by Gitea
 ; Copy required sections to your own app.ini (default is custom/conf/app.ini)
 ; and modify as needed.
@@ -33,7 +34,7 @@ PREFERRED_LICENSES = Apache License 2.0,MIT License
 DISABLE_HTTP_GIT = false
 ; Value for Access-Control-Allow-Origin header, default is not to present
 ; WARNING: This maybe harmful to you website if you do not give it a right value.
-ACCESS_CONTROL_ALLOW_ORIGIN = 
+ACCESS_CONTROL_ALLOW_ORIGIN =
 ; Force ssh:// clone url instead of scp-style uri when default SSH port is used
 USE_COMPAT_SSH_URI = false
 ; Close issues as long as a commit on any branch marks it as fixed
@@ -73,6 +74,23 @@ WORK_IN_PROGRESS_PREFIXES=WIP:,[WIP]
 ; List of reasons why a Pull Request or Issue can be locked
 LOCK_REASONS=Too heated,Off-topic,Resolved,Spam

+[cors]
+; More information about CORS can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#The_HTTP_response_headers
+; enable cors headers (disabled by default)
+ENABLED=false
+; scheme of allowed requests
+SCHEME=http
+; list of requesting domains that are allowed
+ALLOW_DOMAIN=*
+; allow subdomains of headers listed above to request
+ALLOW_SUBDOMAIN=false
+; list of methods allowed to request
+METHODS=GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS
+; max time to cache response
+MAX_AGE=10m
+; allow request with credentials
+ALLOW_CREDENTIALS=false
+
 [ui]
 ; Number of repositories that are displayed on one explore page
 EXPLORE_PAGING_NUM = 20
@@ -96,6 +114,8 @@ SHOW_USER_EMAIL = true
 DEFAULT_THEME = gitea
 ; All available themes. Allow users select personalized themes regardless of the value of `DEFAULT_THEME`.
 THEMES = gitea,arc-green
+; Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.
+DEFAULT_SHOW_FULL_NAME = false

 [ui.admin]
 ; Number of users that are displayed on one page
@@ -240,6 +260,9 @@ PASSWD =
 ; For Postgres, either "disable" (default), "require", or "verify-full"
 ; For MySQL, either "false" (default), "true", or "skip-verify"
 SSL_MODE = disable
+; For MySQL only, either "utf8" or "utf8mb4", default is "utf8".
+; NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
+CHARSET = utf8
 ; For "sqlite3" and "tidb", use an absolute path when you start gitea as service
 PATH = data/gitea.db
 ; For "sqlite3" only. Query timeout
@@ -260,9 +283,11 @@ ISSUE_INDEXER_TYPE = bleve
 ISSUE_INDEXER_PATH = indexers/issues.bleve
 ; Issue indexer queue, currently support: channel or levelqueue, default is levelqueue
 ISSUE_INDEXER_QUEUE_TYPE = levelqueue
-; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path, 
+; When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path,
 ; default is indexers/issues.queue
 ISSUE_INDEXER_QUEUE_DIR = indexers/issues.queue
+; When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+ISSUE_INDEXER_QUEUE_CONN_STR = "addrs=127.0.0.1:6379 db=0"
 ; Batch queue number, default is 20
 ISSUE_INDEXER_QUEUE_BATCH_NUMBER = 20

@@ -359,6 +384,8 @@ CAPTCHA_TYPE = image
 ; Go to https://www.google.com/recaptcha/admin to sign up for a key
 RECAPTCHA_SECRET  =
 RECAPTCHA_SITEKEY =
+; Change this to use recaptcha.net or other recaptcha service
+RECAPTCHA_URL = https://www.google.com/recaptcha/
 ; Default value for KeepEmailPrivate
 ; Each new user will get the value of this setting copied into their profile
 DEFAULT_KEEP_EMAIL_PRIVATE = false
@@ -390,8 +417,8 @@ NO_REPLY_ADDRESS = noreply.example.org
 ; Show Registration button
 SHOW_REGISTRATION_BUTTON = true
 ; Default value for AutoWatchNewRepos
-; When adding a repo to a team or creating a new repo all team members will watch the 
-; repo automatically if enabled 
+; When adding a repo to a team or creating a new repo all team members will watch the
+; repo automatically if enabled
 AUTO_WATCH_NEW_REPOS = true

 [webhook]
@@ -408,8 +435,8 @@ PAGING_NUM = 10
 ENABLED = false
 ; Buffer length of channel, keep it as it is if you don't know what it is.
 SEND_BUFFER_LEN = 100
-; Name displayed in mail title
-SUBJECT = %(APP_NAME)s
+; Prefix displayed before subject in mail
+SUBJECT_PREFIX =
 ; Mail server
 ; Gmail: smtp.gmail.com:587
 ; QQ: smtp.qq.com:465
@@ -477,10 +504,18 @@ SESSION_LIFE_TIME = 86400

 [picture]
 AVATAR_UPLOAD_PATH = data/avatars
-; Max Width and Height of uploaded avatars. This is to limit the amount of RAM
-; used when resizing the image.
+REPOSITORY_AVATAR_UPLOAD_PATH = data/repo-avatars
+; How Gitea deals with missing repository avatars
+; none = no avatar will be displayed; random = random avatar will be displayed; image = default image will be used
+REPOSITORY_AVATAR_FALLBACK = none
+REPOSITORY_AVATAR_FALLBACK_IMAGE = /img/repo_default.png
+; Max Width and Height of uploaded avatars.
+; This is to limit the amount of RAM used when resizing the image.
 AVATAR_MAX_WIDTH = 4096
 AVATAR_MAX_HEIGHT = 3072
+; Maximum alloved file size for uploaded avatars.
+; This is to limit the amount of RAM used when resizing the image.
+AVATAR_MAX_FILE_SIZE = 1048576
 ; Chinese users can choose "duoshuo"
 ; or a custom avatar source, like: http://cn.gravatar.com/avatar/
 GRAVATAR_SOURCE = gravatar
@@ -516,17 +551,37 @@ ROOT_PATH =
 MODE = console
 ; Buffer length of the channel, keep it as it is if you don't know what it is.
 BUFFER_LEN = 10000
-; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
-LEVEL = Trace
 REDIRECT_MACARON_LOG = false
+MACARON = file
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Info"
+ROUTER_LOG_LEVEL = Info
+ROUTER = console
+ENABLE_ACCESS_LOG = false
+ACCESS_LOG_TEMPLATE = {{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"
+ACCESS = file
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "Trace"
+LEVEL = Info
+; Either "Trace", "Debug", "Info", "Warn", "Error", "Critical", default is "None"
+STACKTRACE_LEVEL = None
+
+; Generic log modes
+[log.x]
+FLAGS = stdflags
+EXPRESSION =
+PREFIX =
+COLORIZE = false

 ; For "console" mode only
 [log.console]
 LEVEL =
+STDERR = false

 ; For "file" mode only
 [log.file]
 LEVEL =
+; Set the file_name for the logger. If this is a relative path this
+; will be relative to ROOT_PATH
+FILE_NAME =
 ; This enables automated log rotate(switch of following options), default is true
 LOG_ROTATE = true
 ; Max number of lines in a single file, default is 1000000
@@ -537,6 +592,10 @@ MAX_SIZE_SHIFT = 28
 DAILY_ROTATE = true
 ; delete the log file after n days, default is 7
 MAX_DAYS = 7
+; compress logs with gzip
+COMPRESS = true
+; compression level see godoc for compress/gzip
+COMPRESSION_LEVEL = -1

 ; For "conn" mode only
 [log.conn]
@@ -564,14 +623,6 @@ PASSWD =
 ; Receivers, can be one or more, e.g. 1@example.com,2@example.com
 RECEIVERS =

-; For "database" mode only
-[log.database]
-LEVEL =
-; Either "mysql" or "postgres"
-DRIVER =
-; Based on xorm, e.g.: root:root@localhost/gitea?charset=utf8
-CONN =
-
 [cron]
 ; Enable running cron tasks periodically.
 ENABLED = true
@@ -628,6 +679,8 @@ MAX_GIT_DIFF_FILES = 100
 ; Arguments for command 'git gc', e.g. "--aggressive --auto"
 ; see more on http://git-scm.com/docs/git-gc/
 GC_ARGS =
+; If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1
+EnableAutoGitWireProtocol = true

 ; Operation timeout in seconds
 [git.timeout]
@@ -653,14 +706,18 @@ MAX_RESPONSE_ITEMS = 50
 DEFAULT_PAGING_NUM = 30
 ; Default and maximum number of items per page for git trees api
 DEFAULT_GIT_TREES_PER_PAGE = 1000
+; Default size of a blob returned by the blobs API (default is 10MiB)
+DEFAULT_MAX_BLOB_SIZE = 10485760

 [oauth2]
 ; Enables OAuth2 provider
-ENABLED = true
+ENABLE = true
 ; Lifetime of an OAuth2 access token in seconds
 ACCESS_TOKEN_EXPIRATION_TIME=3600
 ; Lifetime of an OAuth2 access token in hours
 REFRESH_TOKEN_EXPIRATION_TIME=730
+; Check if refresh token got already used
+INVALIDATE_REFRESH_TOKENS=false
 ; OAuth2 authentication secret for access and refresh tokens, change this a unique string.
 JWT_SECRET=Bk0yK7Y9g_p56v86KaHqjSbxvNvu3SbKoOdOt2ZcXvU

--- a/docker/Makefile
+++ b/docker/Makefile
@@ -4,7 +4,6 @@ DOCKER_IMAGE ?= gitea/gitea
 DOCKER_TAG ?= latest
 DOCKER_REF := $(DOCKER_IMAGE):$(DOCKER_TAG)

-
 .PHONY: docker
 docker:
 	docker build --disable-content-trust=false -t $(DOCKER_REF) .
@@ -12,4 +11,4 @@ docker:

 .PHONY: docker-build
 docker-build:
-	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" webhippie/golang:edge make clean generate build
+	docker run -ti --rm -v $(CURDIR):/srv/app/src/code.gitea.io/gitea -w /srv/app/src/code.gitea.io/gitea -e TAGS="bindata $(TAGS)" LDFLAGS="$(LDFLAGS)" webhippie/golang:edge make clean generate build
--- a/docker/etc/profile.d/gitea.sh
+++ b/docker/etc/profile.d/gitea.sh
@@ -1,2 +0,0 @@
-#!/bin/bash
-export GITEA_CUSTOM=/data/gitea
--- a/docker/etc/s6/syslogd/finish
+++ b/docker/etc/s6/syslogd/finish
@@ -1,2 +0,0 @@
-#!/bin/bash
-exit 0
--- a/docker/etc/s6/syslogd/run
+++ b/docker/etc/s6/syslogd/run
@@ -1,6 +0,0 @@
-#!/bin/bash
-[[ -f ./setup ]] && source ./setup
-
-pushd /root > /dev/null
-    exec su-exec root /sbin/syslogd -nS -O-
-popd
--- a/docker/etc/s6/syslogd/setup
+++ b/docker/etc/s6/syslogd/setup
@@ -1 +0,0 @@
-#!/bin/bash
--- a/docker/root/etc/nsswitch.conf
+++ b/docker/root/etc/nsswitch.conf
--- a/docker/root/etc/s6/.s6-svscan/finish
+++ b/docker/root/etc/s6/.s6-svscan/finish
--- a/docker/root/etc/s6/gitea/finish
+++ b/docker/root/etc/s6/gitea/finish
--- a/docker/root/etc/s6/gitea/run
+++ b/docker/root/etc/s6/gitea/run
--- a/docker/root/etc/s6/gitea/setup
+++ b/docker/root/etc/s6/gitea/setup
@@ -6,12 +6,16 @@ if [ ! -d /data/git/.ssh ]; then
 fi

 if [ ! -f /data/git/.ssh/environment ]; then
-    echo "GITEA_CUSTOM=/data/gitea" >| /data/git/.ssh/environment
+    echo "GITEA_CUSTOM=$GITEA_CUSTOM" >| /data/git/.ssh/environment
    chmod 600 /data/git/.ssh/environment
+
+elif ! grep -q "^GITEA_CUSTOM=$GITEA_CUSTOM$" /data/git/.ssh/environment; then
+    sed -i /^GITEA_CUSTOM=/d /data/git/.ssh/environment
+    echo "GITEA_CUSTOM=$GITEA_CUSTOM" >> /data/git/.ssh/environment
 fi

-if [ ! -f /data/gitea/conf/app.ini ]; then
-    mkdir -p /data/gitea/conf
+if [ ! -f ${GITEA_CUSTOM}/conf/app.ini ]; then
+    mkdir -p ${GITEA_CUSTOM}/conf

    # Set INSTALL_LOCK to true only if SECRET_KEY is not empty and
    # INSTALL_LOCK is empty
@@ -27,6 +31,7 @@ if [ ! -f /data/gitea/conf/app.ini ]; then
    ROOT_URL=${ROOT_URL:-""} \
    DISABLE_SSH=${DISABLE_SSH:-"false"} \
    SSH_PORT=${SSH_PORT:-"22"} \
+    LFS_START_SERVER=${LFS_START_SERVER:-"false"} \
    DB_TYPE=${DB_TYPE:-"sqlite3"} \
    DB_HOST=${DB_HOST:-"localhost:3306"} \
    DB_NAME=${DB_NAME:-"gitea"} \
@@ -36,7 +41,9 @@ if [ ! -f /data/gitea/conf/app.ini ]; then
    DISABLE_REGISTRATION=${DISABLE_REGISTRATION:-"false"} \
    REQUIRE_SIGNIN_VIEW=${REQUIRE_SIGNIN_VIEW:-"false"} \
    SECRET_KEY=${SECRET_KEY:-""} \
-    envsubst < /etc/templates/app.ini > /data/gitea/conf/app.ini
+    envsubst < /etc/templates/app.ini > ${GITEA_CUSTOM}/conf/app.ini
+
+    chown ${USER}:git ${GITEA_CUSTOM}/conf/app.ini
 fi

 # only chown if current owner is not already the gitea ${USER}. No recursive check to save time
--- a/docker/root/etc/s6/openssh/finish
+++ b/docker/root/etc/s6/openssh/finish
--- a/docker/root/etc/s6/openssh/run
+++ b/docker/root/etc/s6/openssh/run
@@ -2,5 +2,5 @@
 [[ -f ./setup ]] && source ./setup

 pushd /root > /dev/null
-    exec su-exec root /usr/sbin/sshd -D
+    exec su-exec root /usr/sbin/sshd -D -e 2>&1
 popd
--- a/docker/root/etc/s6/openssh/setup
+++ b/docker/root/etc/s6/openssh/setup
@@ -6,7 +6,7 @@ fi

 if [ ! -f /data/ssh/ssh_host_ed25519_key ]; then
    echo "Generating /data/ssh/ssh_host_ed25519_key..."
-    ssh-keygen -t ed25519 -b 4096 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
+    ssh-keygen -t ed25519 -f /data/ssh/ssh_host_ed25519_key -N "" > /dev/null
 fi

 if [ ! -f /data/ssh/ssh_host_rsa_key ]; then
--- a/docker/root/etc/ssh/sshd_config
+++ b/docker/root/etc/ssh/sshd_config
--- a/docker/root/etc/templates/app.ini
+++ b/docker/root/etc/templates/app.ini
@@ -17,6 +17,7 @@ HTTP_PORT        = $HTTP_PORT
 ROOT_URL         = $ROOT_URL
 DISABLE_SSH      = $DISABLE_SSH
 SSH_PORT         = $SSH_PORT
+LFS_START_SERVER = $LFS_START_SERVER
 LFS_CONTENT_PATH = /data/git/lfs

 [database]
@@ -35,6 +36,7 @@ PROVIDER_CONFIG = /data/gitea/sessions

 [picture]
 AVATAR_UPLOAD_PATH = /data/gitea/avatars
+REPOSITORY_AVATAR_UPLOAD_PATH = /data/gitea/repo-avatars

 [attachment]
 PATH = /data/gitea/attachments
--- a/docker/root/usr/bin/entrypoint
+++ b/docker/root/usr/bin/entrypoint
--- a/docs/config.yaml
+++ b/docs/config.yaml
@@ -6,6 +6,7 @@ theme: gitea
 defaultContentLanguage: en-us
 defaultContentLanguageInSubdir: true
 enableMissingTranslationPlaceholders: true
+enableEmoji: true

 permalinks:
  post: /:year/:month/:title/
--- a/docs/content/doc/advanced/api-usage.en-us.md
+++ b/docs/content/doc/advanced/api-usage.en-us.md
@@ -39,6 +39,14 @@ Gitea parses queries and headers to find the token in
 You can create an API key token via your Gitea installation's web interface:
 `Settings | Applications | Generate New Token`.

+### OAuth2
+
+Access tokens obtained from Gitea's [OAuth2 provider](https://docs.gitea.io/en-us/oauth2-provider) are accepted by these methods:
+
+- `Authorization bearer ...` header in HTTP headers
+- `token=...` parameter in URL query string
+- `access_token=...` parameter in URL query string
+
 ### More on the `Authorization:` header

 For historical reasons, Gitea needs the word `token` included before
@@ -74,6 +82,12 @@ $ curl --request GET --url https://yourusername:yourpassword@gitea.your.host/api
 [{"name":"test","sha1":"..."},{"name":"dev","sha1":"..."}]
 ```

+As of v1.8.0 of Gitea, if using basic authentication with the API and your user has two factor authentication enabled, you'll need to send an additional header that contains the one time password (6 digit rotating token). An example of the header is `X-Gitea-OTP: 123456` where `123456` is where you'd place the code from your authenticator. Here is how the request would look like in curl:
+
+```
+$ curl -H "X-Gitea-OTP: 123456" --request GET --url https://yourusername:yourpassword@gitea.your.host/api/v1/users/yourusername/tokens
+```
+
 ## Sudo

 The API allows admin users to sudo API requests as another user. Simply add either a `sudo=` parameter or `Sudo:` request header with the username of the user to sudo.
--- a/docs/content/doc/advanced/config-cheat-sheet.en-us.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.en-us.md
@@ -15,8 +15,8 @@ menu:

 # Configuration Cheat Sheet

-This is a cheat sheet for the Gitea configuration file. It contains most settings
-that can configured as well as their default values.
+This is a cheat sheet for the Gitea configuration file. It contains most of the settings
+that can be configured as well as their default values.

 Any changes to the Gitea configuration file should be made in `custom/conf/app.ini`
 or any corresponding location. When installing from a distribution, this will
@@ -68,12 +68,24 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `DEFAULT_CLOSE_ISSUES_VIA_COMMITS_IN_ANY_BRANCH`:  **false**: Close an issue if a commit on a non default branch marks it as closed.

 ### Repository - Pull Request (`repository.pull-request`)
+
 - `WORK_IN_PROGRESS_PREFIXES`: **WIP:,\[WIP\]**: List of prefixes used in Pull Request
 title to mark them as Work In Progress

 ### Repository - Issue (`repository.issue`)
+
 - `LOCK_REASONS`: **Too heated,Off-topic,Resolved,Spam**: A list of reasons why a Pull Request or Issue can be locked

+## CORS (`cors`)
+
+- `ENABLED`: **false**: enable cors headers (disabled by default)
+- `SCHEME`: **http**: scheme of allowed requests
+- `ALLOW_DOMAIN`: **\***: list of requesting domains that are allowed
+- `ALLOW_SUBDOMAIN`: **false**: allow subdomains of headers listed above to request
+- `METHODS`: **GET,HEAD,POST,PUT,PATCH,DELETE,OPTIONS**: list of methods allowed to request
+- `MAX_AGE`: **10m**: max time to cache response
+- `ALLOW_CREDENTIALS`: **false**: allow request with credentials
+
 ## UI (`ui`)

 - `EXPLORE_PAGING_NUM`: **20**: Number of repositories that are shown in one explore page.
@@ -83,6 +95,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `DEFAULT_THEME`: **gitea**: \[gitea, arc-green\]: Set the default theme for the Gitea install.
 - `THEMES`:  **gitea,arc-green**: All available themes. Allow users select personalized themes
  regardless of the value of `DEFAULT_THEME`.
+- `DEFAULT_SHOW_FULL_NAME`: false: Whether the full name of the users should be shown where possible. If the full name isn't set, the username will be used.

 ### UI - Admin (`ui.admin`)

@@ -147,6 +160,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `USER`: **root**: Database username.
 - `PASSWD`: **\<empty\>**: Database user password. Use \`your password\` for quoting if you use special characters in the password.
 - `SSL_MODE`: **disable**: For PostgreSQL and MySQL only.
+- `CHARSET`: **utf8**: For MySQL only, either "utf8" or "utf8mb4", default is "utf8". NOTICE: for "utf8mb4" you must use MySQL InnoDB > 5.6. Gitea is unable to check this.
 - `PATH`: **data/gitea.db**: For SQLite3 only, the database file path.
 - `LOG_SQL`: **true**: Log the executed SQL.
 - `DB_RETRIES`: **10**: How many ORM init / DB connect attempts allowed.
@@ -156,9 +170,10 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.

 - `ISSUE_INDEXER_TYPE`: **bleve**: Issue indexer type, currently support: bleve or db, if it's db, below issue indexer item will be invalid.
 - `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: Index file used for issue search.
- `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently support: channel or levelqueue
- `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: When ISSUE_INDEXER_QUEUE_TYPE is levelqueue, this will be the queue will be saved path
- `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: Batch queue number
+- `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: Issue indexer queue, currently supports:`channel`, `levelqueue`, `redis`.
+- `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: When `ISSUE_INDEXER_QUEUE_TYPE` is `levelqueue`, this will be the queue will be saved path.
+- `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: When `ISSUE_INDEXER_QUEUE_TYPE` is `redis`, this will store the redis connection string.
+- `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: Batch queue number.

 - `REPO_INDEXER_ENABLED`: **false**: Enables code search (uses a lot of disk space, about 6 times more than the repository size).
 - `REPO_INDEXER_PATH`: **indexers/repos.bleve**: Index file used for code search.
@@ -180,6 +195,8 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `DISABLE_GIT_HOOKS`: **false**: Set to `true` to prevent all users (including admin) from creating custom
   git hooks.
 - `IMPORT_LOCAL_PATHS`: **false**: Set to `false` to prevent all users (including admin) from importing local path on server.
+- `INTERNAL_TOKEN`: **\<random at every install if no uri set\>**: Secret used to validate communication within Gitea binary.
+- `INTERNAL_TOKEN_URI`: **<empty>**: Instead of defining internal token in the configuration, this configuration option can be used to give Gitea a path to a file that contains the internal token (example value: `file:/etc/gitea/internal_token`)

 ## OpenID (`openid`)

@@ -199,6 +216,9 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
   Requires `Mailer` to be enabled.
 - `DISABLE_REGISTRATION`: **false**: Disable registration, after which only admin can create
   accounts for users.
+- `REQUIRE_EXTERNAL_REGISTRATION_PASSWORD`: **false**: Enable this to force externally created
+   accounts (via GitHub, OpenID Connect, etc) to create a password. Warning: enabling this will
+   decrease security, so you should only enable it if you know what you're doing.
 - `REQUIRE_SIGNIN_VIEW`: **false**: Enable this to force users to log in to view any page.
 - `ENABLE_NOTIFY_MAIL`: **false**: Enable this to send e-mail to watchers of a repository when
   something happens, like creating issues. Requires `Mailer` to be enabled.
@@ -208,9 +228,12 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `ENABLE_REVERSE_PROXY_EMAIL`: **false**: Enable this to allow to auto-registration with a
   provided email rather than a generated email.
 - `ENABLE_CAPTCHA`: **false**: Enable this to use captcha validation for registration.
+- `REQUIRE_EXTERNAL_REGISTRATION_CAPTCHA`: **false**: Enable this to force captcha validation
+   even for External Accounts (i.e. GitHub, OpenID Connect, etc). You must `ENABLE_CAPTCHA` also.
 - `CAPTCHA_TYPE`: **image**: \[image, recaptcha\]
 - `RECAPTCHA_SECRET`: **""**: Go to https://www.google.com/recaptcha/admin to get a secret for recaptcha.
 - `RECAPTCHA_SITEKEY`: **""**: Go to https://www.google.com/recaptcha/admin to get a sitekey for recaptcha.
+- `RECAPTCHA_URL`: **https://www.google.com/recaptcha/**: Set the recaptcha url - allows the use of recaptcha net.
 - `DEFAULT_ENABLE_DEPENDENCIES`: **true**: Enable this to have dependencies enabled by default.
 - `ENABLE_USER_HEATMAP`: **true**: Enable this to display the heatmap on users profiles.
 - `EMAIL_DOMAIN_WHITELIST`: **\<empty\>**: If non-empty, list of domain names that can only be used to register
@@ -238,14 +261,15 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `PASSWD`: **\<empty\>**: Password of mailing user.  Use \`your password\` for quoting if you use special characters in the password.
 - `SKIP_VERIFY`: **\<empty\>**: Do not verify the self-signed certificates.
   - **Note:** Gitea only supports SMTP with STARTTLS.
+- `SUBJECT_PREFIX`: **\<empty\>**: Prefix to be placed before e-mail subject lines.
 - `MAILER_TYPE`: **smtp**: \[smtp, sendmail, dummy\]
   - **smtp** Use SMTP to send mail
   - **sendmail** Use the operating system's `sendmail` command instead of SMTP.
   This is common on linux systems.
   - **dummy** Send email messages to the log as a testing phase.
   - Note that enabling sendmail will ignore all other `mailer` settings except `ENABLED`,
-     `FROM` and `SENDMAIL_PATH`.
-   - Enabling dummy will ignore all settings except `ENABLED` and `FROM`.
+     `FROM`, `SUBJECT_PREFIX` and `SENDMAIL_PATH`.
+   - Enabling dummy will ignore all settings except `ENABLED`, `SUBJECT_PREFIX` and `FROM`.
 - `SENDMAIL_PATH`: **sendmail**: The location of sendmail on the operating system (can be
   command or full path).
 - ``IS_TLS_ENABLED`` :  **false** : Decide if SMTP connections should use TLS.
@@ -273,7 +297,16 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `DISABLE_GRAVATAR`: **false**: Enable this to use local avatars only.
 - `ENABLE_FEDERATED_AVATAR`: **false**: Enable support for federated avatars (see
   [http://www.libravatar.org](http://www.libravatar.org)).
- `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store local and cached files.
+- `AVATAR_UPLOAD_PATH`: **data/avatars**: Path to store user avatar image files.
+- `REPOSITORY_AVATAR_UPLOAD_PATH`: **data/repo-avatars**: Path to store repository avatar image files.
+- `REPOSITORY_AVATAR_FALLBACK`: **none**: How Gitea deals with missing repository avatars
+  - none = no avatar will be displayed
+  - random = random avatar will be generated
+  - image = default image will be used (which is set in `REPOSITORY_AVATAR_DEFAULT_IMAGE`)
+- `REPOSITORY_AVATAR_FALLBACK_IMAGE`: **/img/repo_default.png**: Image used as default repository avatar (if `REPOSITORY_AVATAR_FALLBACK` is set to image and none was uploaded)
+- `AVATAR_MAX_WIDTH`: **4096**: Maximum avatar image width in pixels.
+- `AVATAR_MAX_HEIGHT`: **3072**: Maximum avatar image height in pixels.
+- `AVATAR_MAX_FILE_SIZE`: **1048576** (1Mb): Maximum avatar image file size in bytes.

 ## Attachment (`attachment`)

@@ -287,9 +320,64 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 ## Log (`log`)

 - `ROOT_PATH`: **\<empty\>**: Root path for log files.
- `MODE`: **console**: Logging mode. For multiple modes, use a comma to separate values.
- `LEVEL`: **Trace**: General log level. \[Trace, Debug, Info, Warn, Error, Critical\]
- `REDIRECT_MACARON_LOG`: **false**: Redirects the Macaron log to the Gitea logger.
+- `MODE`: **console**: Logging mode. For multiple modes, use a comma to separate values. You can configure each mode in per mode log subsections `\[log.modename\]`. By default the file mode will log to `$ROOT_PATH/gitea.log`.
+- `LEVEL`: **Info**: General log level. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
+- `STACKTRACE_LEVEL`: **None**: Default log level at which to log create stack traces. \[Trace, Debug, Info, Warn, Error, Critical, Fatal, None\]
+- `REDIRECT_MACARON_LOG`: **false**: Redirects the Macaron log to its own logger or the default logger.
+- `MACARON`: **file**: Logging mode for the macaron logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.macaron\]`. By default the file mode will log to `$ROOT_PATH/macaron.log`. (If you set this to `,` it will log to default gitea logger.)
+- `ROUTER_LOG_LEVEL`: **Info**: The log level that the router should log at. (If you are setting the access log, its recommended to place this at Debug.)
+- `ROUTER`: **console**: The mode or name of the log the router should log to. (If you set this to `,` it will log to default gitea logger.)
+NB: You must `REDIRECT_MACARON_LOG` and have `DISABLE_ROUTER_LOG` set to `false` for this option to take effect. Configure each mode in per mode log subsections `\[log.modename.router\]`.
+- `ENABLE_ACCESS_LOG`: **false**: Creates an access.log in NCSA common log format, or as per the following template
+- `ACCESS`: **file**: Logging mode for the access logger, use a comma to separate values. Configure each mode in per mode log subsections `\[log.modename.access\]`. By default the file mode will log to `$ROOT_PATH/access.log`. (If you set this to `,` it will log to the default gitea logger.)
+- `ACCESS_LOG_TEMPLATE`: **`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`**: Sets the template used to create the access log.
+  - The following variables are available:
+  - `Ctx`: the `macaron.Context` of the request.
+  - `Identity`: the SignedUserName or `"-"` if not logged in.
+  - `Start`: the start time of the request.
+  - `ResponseWriter`: the responseWriter from the request.
+  - You must be very careful to ensure that this template does not throw errors or panics as this template runs outside of the panic/recovery script.
+- `ENABLE_XORM_LOG`: **true**: Set whether to perform XORM logging. Please note SQL statement logging can be disabled by setting `LOG_SQL` to false in the `[database]` section.
+
+### Log subsections (`log.name`, `log.name.*`)
+
+- `LEVEL`: **log.LEVEL**: Sets the log-level of this sublogger. Defaults to the `LEVEL` set in the global `[log]` section.
+- `STACKTRACE_LEVEL`: **log.STACKTRACE_LEVEL**: Sets the log level at which to log stack traces.
+- `MODE`: **name**: Sets the mode of this sublogger - Defaults to the provided subsection name. This allows you to have two different file loggers at different levels.
+- `EXPRESSION`: **""**: A regular expression to match either the function name, file or message. Defaults to empty. Only log messages that match the expression will be saved in the logger.
+- `FLAGS`: **stdflags**: A comma separated string representing the log flags. Defaults to `stdflags` which represents the prefix: `2009/01/23 01:23:23 ...a/b/c/d.go:23:runtime.Caller() [I]: message`. `none` means don't prefix log lines. See `modules/log/base.go` for more information.
+- `PREFIX`: **""**: An additional prefix for every log line in this logger. Defaults to empty.
+- `COLORIZE`: **false**: Colorize the log lines by default
+
+### Console log mode (`log.console`, `log.console.*`, or `MODE=console`)
+
+- For the console logger `COLORIZE` will default to `true` if not on windows or the terminal is determined to be able to color.
+- `STDERR`: **false**: Use Stderr instead of Stdout.
+
+### File log mode (`log.file`, `log.file.*` or `MODE=file`)
+
+- `FILE_NAME`: Set the file name for this logger. Defaults as described above. If relative will be relative to the `ROOT_PATH`
+- `LOG_ROTATE`: **true**: Rotate the log files.
+- `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file, 28 represents 256Mb.
+- `DAILY_ROTATE`: **true**: Rotate logs daily.
+- `MAX_DAYS`: **7**: Delete the log file after n days
+- `COMPRESS`: **true**: Compress old log files by default with gzip
+- `COMPRESSION_LEVEL`: **-1**: Compression level
+
+### Conn log mode (`log.conn`, `log.conn.*` or `MODE=conn`)
+
+- `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
+- `RECONNECT`: **false**: Try to reconnect when connection is lost.
+- `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
+- `ADDR`: **:7020**: Sets the address to connect to.
+
+### SMTP log mode (`log.smtp`, `log.smtp.*` or `MODE=smtp`)
+
+- `USER`: User email address to send from.
+- `PASSWD`: Password for the smtp server.
+- `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
+- `RECEIVERS`: Email addresses to send to.
+- `SUBJECT`: **Diagnostic message from Gitea**

 ## Cron (`cron`)

@@ -324,6 +412,7 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.
 - `MAX_GIT_DIFF_LINE_CHARACTERS`: **5000**: Max character count per line highlighted in diff view.
 - `MAX_GIT_DIFF_FILES`: **100**: Max number of files shown in diff view.
 - `GC_ARGS`: **\<empty\>**: Arguments for command `git gc`, e.g. `--aggressive --auto`. See more on http://git-scm.com/docs/git-gc/
+- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: If use git wire protocol version 2 when git version >= 2.18, default is true, set to false when you always want git wire protocol version 1

 ## Git - Timeout settings (`git.timeout`)
 - `DEFAUlT`: **360**: Git operations default timeout seconds.
@@ -335,21 +424,23 @@ Values containing `#` or `;` must be quoted using `` ` `` or `"""`.

 ## Metrics (`metrics`)

- `ENABLED`: **false**: Enables /metrics endpoint for prometheus. 
+- `ENABLED`: **false**: Enables /metrics endpoint for prometheus.
 - `TOKEN`: **\<empty\>**: You need to specify the token, if you want to include in the authorization the metrics . The same token need to be used in prometheus parameters `bearer_token` or `bearer_token_file`.

 ## API (`api`)

 - `ENABLE_SWAGGER`: **true**: Enables /api/swagger, /api/v1/swagger etc. endpoints. True or false; default is true.
 - `MAX_RESPONSE_ITEMS`: **50**: Max number of items in a page.
- `DEFAULT_PAGING_NUM`: **30**: Default paging number of api.
- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Default and maximum number of items per page for git trees api.
+- `DEFAULT_PAGING_NUM`: **30**: Default paging number of API.
+- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: Default and maximum number of items per page for git trees API.
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: Default max size of a blob that can be return by the blobs API.

 ## OAuth2 (`oauth2`)

- `ENABLED`: **true**: Enables OAuth2 provider.
+- `ENABLE`: **true**: Enables OAuth2 provider.
 - `ACCESS_TOKEN_EXPIRATION_TIME`: **3600**: Lifetime of an OAuth2 access token in seconds
 - `REFRESH_TOKEN_EXPIRATION_TIME`: **730**: Lifetime of an OAuth2 access token in hours
+- `INVALIDATE_REFRESH_TOKEN`: **false**: Check if refresh token got already used
 - `JWT_SECRET`: **\<empty\>**: OAuth2 authentication secret for access and refresh tokens, change this a unique string.

 ## i18n (`i18n`)
--- a/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
+++ b/docs/content/doc/advanced/config-cheat-sheet.zh-cn.md
@@ -78,17 +78,18 @@ menu:
 - `NAME`: 数据库名称。
 - `USER`: 数据库用户名。
 - `PASSWD`: 数据库用户密码。
- `SSL_MODE`: PostgreSQL数据库是否启用SSL模式。
+- `SSL_MODE`: MySQL 或 PostgreSQL数据库是否启用SSL模式。
+- `CHARSET`: **utf8**: 仅当数据库为 MySQL 时有效, 可以为 "utf8" 或 "utf8mb4"。注意：如果使用 "utf8mb4"，你的 MySQL InnoDB 版本必须在 5.6 以上。
 - `PATH`: Tidb 或者 SQLite3 数据文件存放路径。
 - `LOG_SQL`: **true**: 显示生成的SQL，默认为真。

-
 ## Indexer (`indexer`)

 - `ISSUE_INDEXER_TYPE`: **bleve**: 工单索引类型，当前支持 `bleve` 或 `db`，当为 `db` 时其它工单索引项可不用设置。
 - `ISSUE_INDEXER_PATH`: **indexers/issues.bleve**: 工单索引文件存放路径，当索引类型为 `bleve` 时有效。
- `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: 工单索引队列类型，当前支持 `channel` 或 `levelqueue`。
+- `ISSUE_INDEXER_QUEUE_TYPE`: **levelqueue**: 工单索引队列类型，当前支持 `channel`， `levelqueue` 或 `redis`。
 - `ISSUE_INDEXER_QUEUE_DIR`: **indexers/issues.queue**: 当 `ISSUE_INDEXER_QUEUE_TYPE` 为 `levelqueue` 时，保存索引队列的磁盘路径。
+- `ISSUE_INDEXER_QUEUE_CONN_STR`: **addrs=127.0.0.1:6379 db=0**: 当 `ISSUE_INDEXER_QUEUE_TYPE` 为 `redis` 时，保存Redis队列的连接字符串。
 - `ISSUE_INDEXER_QUEUE_BATCH_NUMBER`: **20**: 队列处理中批量提交数量。

 - `REPO_INDEXER_ENABLED`: **false**: 是否启用代码搜索（启用后会占用比较大的磁盘空间）。
@@ -209,13 +210,15 @@ menu:
 - `CLONE`: **300**: 内部仓库间克隆的超时时间，单位秒
 - `PULL`: **300**: 内部仓库间拉取的超时时间，单位秒
 - `GC`: **60**: git仓库GC的超时时间，单位秒
+- `ENABLE_AUTO_GIT_WIRE_PROTOCOL`: **true**: 是否根据 Git Wire Protocol协议支持情况自动切换版本，当 git 版本在 2.18 及以上时会自动切换到版本2。为 `false` 则不切换。

 ## API (`api`)

 - `ENABLE_SWAGGER`: **true**: 是否启用swagger路由 /api/swagger, /api/v1/swagger etc. endpoints. True 或 false; 默认是  true.
 - `MAX_RESPONSE_ITEMS`: **50**: 一个页面最大的项目数。
 - `DEFAULT_PAGING_NUM`: **30**: API中默认分页条数。
- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: GIT TREES API每页的默认和最大项数.
+- `DEFAULT_GIT_TREES_PER_PAGE`: **1000**: GIT TREES API每页的默认最大项数.
+- `DEFAULT_MAX_BLOB_SIZE`: **10485760**: BLOBS API默认最大大小.

 ## Markup (`markup`)

--- a/docs/content/doc/advanced/customizing-gitea.en-us.md
+++ b/docs/content/doc/advanced/customizing-gitea.en-us.md
@@ -15,19 +15,28 @@ menu:

 # Customizing Gitea

-Customizing Gitea is typically done using the `custom` folder. This is the central
-place to override configuration settings, templates, etc.
+Customizing Gitea is typically done using the `CustomPath` folder - by default this is
+the `custom` folder from the running directory, but may be different if your build has
+set this differently. This is the central place to override configuration settings,
+templates, etc. You can check the `CustomPath` using `gitea help`. You can override
+the `CustomPath` by setting either the `GITEA_CUSTOM` environment variable or by
+using the `--custom-path` option on the `gitea` binary. (The option will override the
+environment variable.)

 If Gitea is deployed from binary, all default paths will be relative to the Gitea
 binary. If installed from a distribution, these paths will likely be modified to
-the Linux Filesystem Standard. Gitea will create required folders, including `custom/`.
-Application settings are configured in `custom/conf/app.ini`. Distributions may
-provide a symlink for `custom` using `/etc/gitea/`.
+the Linux Filesystem Standard. Gitea will attempt to create required folders, including
+`custom/`. Distributions may provide a symlink for `custom` using `/etc/gitea/`.
+
+Application settings can be found in file `CustomConf` which is by default,
+`CustomPath/conf/app.ini` but may be different if your build has set this differently.
+Again `gitea help` will allow you review this variable and you can override it using the
+`--config` option on the `gitea` binary.

 - [Quick Cheat Sheet](https://docs.gitea.io/en-us/config-cheat-sheet/)
 - [Complete List](https://github.com/go-gitea/gitea/blob/master/custom/conf/app.ini.sample)

-If the `custom` folder can't be found next to the binary, check the `GITEA_CUSTOM`
+If the `CustomPath` folder can't be found despite checking `gitea help`, check the `GITEA_CUSTOM`
 environment variable; this can be used to override the default path to something else.
 `GITEA_CUSTOM` might, for example, be set by an init script.

@@ -38,7 +47,8 @@ environment variable; this can be used to override the default path to something
 ## Customizing /robots.txt

 To make Gitea serve a custom `/robots.txt` (default: empty 404), create a file called
-`robots.txt` in the `custom` folder with [expected contents](http://www.robotstxt.org/).
+`robots.txt` in the `custom` folder (or `CustomPath`) with
+[expected contents](http://www.robotstxt.org/).

 ## Serving custom public files

--- a/docs/content/doc/advanced/hacking-on-gitea.en-us.md
+++ b/docs/content/doc/advanced/hacking-on-gitea.en-us.md
@@ -136,31 +136,24 @@ You should lint, vet and spell-check with:
 make vet lint misspell-check
 ```

-### Updating the stylesheets
+### Updating CSS

-To generate the stylsheets, you will need [Node.js](https://nodejs.org/) at version 8.0 or above.
+To generate the CSS, you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. At present we use [less](http://lesscss.org/) and [postcss](https://postcss.org) to generate our CSS. Do **not** edit the files in `public/css` directly, as they are generated from `lessc` from the files in `public/less`.

-At present we use [less](http://lesscss.org/) and [postcss](https://postcss.org) to generate our stylesheets. Do
-**not** edit the files in `public/css/` directly, as they are generated from
-`lessc` from the files in `public/less/`.
-
-If you wish to work on the stylesheets, you will need to install `lessc` the
-less compiler and `postcss`. The recommended way to do this is using `npm install`:
+Edit files in `public/less`, run the linter, regenerate the CSS and commit all changed files:

 ```bash
-cd "$GOPATH/src/code.gitea.io/gitea"
-npm install
+make css
 ```

-You can then edit the less stylesheets and regenerate the stylesheets using:
+### Updating JS
+
+To run the JavaScript linter you will need [Node.js](https://nodejs.org/) 8.0 or greater with npm. Edit files in `public/js` and run the linter:

 ```bash
-make generate-stylesheets
+make js
 ```

-You should commit both the changes to the css and the less files when making
-PRs.
-
 ### Updating the API

 When creating new API routes or modifying existing API routes, you **MUST**
@@ -203,7 +196,7 @@ OpenAPI 3 documentation.
 When creating new configuration options, it is not enough to add them to the
 `modules/setting` files. You should add information to `custom/conf/app.ini`
 and to the
-<a href='{{ relref "doc/advanced/config-cheat-sheet.en-us.md"}}'>configuration cheat sheet</a>
+<a href='{{< relref "doc/advanced/config-cheat-sheet.en-us.md" >}}'>configuration cheat sheet</a>
 found in `docs/content/doc/advanced/config-cheat-sheet.en-us.md`

 ### Changing the logo
@@ -244,7 +237,7 @@ TAGS="bindata sqlite sqlite_unlock_notify" make generate build test-sqlite
 ```

 will run the integration tests in an sqlite environment. Other database tests
-are available but may need adjustment to the local environment. 
+are available but may need adjustment to the local environment.

 Look at
 [`integrations/README.md`](https://github.com/go-gitea/gitea/blob/master/integrations/README.md)
--- a/docs/content/doc/advanced/logging-documentation.en-us.md
+++ b/docs/content/doc/advanced/logging-documentation.en-us.md
@@ -0,0 +1,390 @@
+---
+date: "2019-04-02T17:06:00+01:00"
+title: "Advanced: Logging Configuration"
+slug: "logging-configuration"
+weight: 55
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Logging Configuration"
+    weight: 55
+    identifier: "logging-configuration"
+---
+
+# Logging Configuration
+
+The logging framework has been revamped in Gitea 1.9.0.
+
+## Log Groups
+
+The fundamental thing to be aware of in Gitea is that there are several
+log groups:
+
+* The "Default" logger
+* The Macaron logger
+* The Router logger
+* The Access logger
+* The XORM logger
+
+There is also the go log logger.
+
+### The go log logger
+
+Go provides its own extremely basic logger in the `log` package,
+however, this is not sufficient for our purposes as it does not provide
+a way of logging at multiple levels, nor does it provide a good way of
+controlling where these logs are logged except through setting of a
+writer.
+
+We have therefore redirected this logger to our Default logger, and we
+will log anything that is logged using the go logger at the INFO level.
+
+### The "Default" logger
+
+Calls to `log.Info`, `log.Debug`, `log.Error` etc. from the `code.gitea.io/gitea/modules/log` package will log to this logger.
+
+You can configure the outputs of this logger by setting the `MODE`
+value in the `[log]` section of the configuration.
+
+Each output sublogger is configured in a separate `[log.sublogger]`
+section, but there are certain default values. These will not be inherited from the `[log]` section:
+
+* `FLAGS` is `stdflags` (Equal to
+`date,time,medfile,shortfuncname,levelinitial`)
+* `FILE_NAME` will default to `%(ROOT_PATH)/gitea.log`
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+The provider type of the sublogger can be set using the `MODE` value in
+its subsection, but will default to the name. This allows you to have
+multiple subloggers that will log to files.
+
+### The "Macaron" logger
+
+By default Macaron will log to its own go `log` instance. This writes
+to `os.Stdout`. You can redirect this log to a Gitea configurable logger
+through setting the `REDIRECT_MACARON_LOG` setting in the `[log]`
+section which you can configure the outputs of by setting the `MACARON`
+value in the `[log]` section of the configuration. `MACARON` defaults
+to `file` if unset.
+
+Each output sublogger for this logger is configured in
+`[log.sublogger.macaron]` sections. There are certain default values
+which will not be inherited from the `[log]` or relevant
+`[log.sublogger]` sections:
+
+* `FLAGS` is `stdflags` (Equal to
+`date,time,medfile,shortfuncname,levelinitial`)
+* `FILE_NAME` will default to `%(ROOT_PATH)/macaron.log`
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+NB: You can redirect the macaron logger to send its events to the gitea
+log using the value: `MACARON = ,`
+
+### The "Router" logger
+
+There are two types of Router log. By default Macaron send its own
+router log which will be directed to Macaron's go `log`, however if you
+`REDIRECT_MACARON_LOG` you will enable Gitea's router log. You can
+disable both types of Router log by setting `DISABLE_ROUTER_LOG`.
+
+If you enable the redirect, you can configure the outputs of this
+router log by setting the `ROUTER` value in the `[log]` section of the
+configuration. `ROUTER` will default to `console` if unset. The Gitea
+Router logs the same data as the Macaron log but has slightly different
+coloring. It logs at the `Info` level by default, but this can be
+changed if desired by setting the `ROUTER_LOG_LEVEL` value.
+
+Each output sublogger for this logger is configured in
+`[log.sublogger.router]` sections. There are certain default values
+which will not be inherited from the `[log]` or relevant
+`[log.sublogger]` sections:
+
+* `FILE_NAME` will default to `%(ROOT_PATH)/router.log`
+* `FLAGS` defaults to `date,time`
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+NB: You can redirect the router logger to send its events to the Gitea
+log using the value: `ROUTER = ,`
+
+### The "Access" logger
+
+The Access logger is a new logger for version 1.9. It provides a NCSA
+Common Log compliant log format. It's highly configurable but caution
+should be taken when changing its template. The main benefit of this
+logger is that Gitea can now log accesses in a standard log format so
+standard tools may be used.
+
+You can enable this logger using `ENABLE_ACCESS_LOG`. Its outputs are
+configured by setting the `ACCESS` value in the `[log]` section of the
+configuration. `ACCESS` defaults to `file` if unset.
+
+Each output sublogger for this logger is configured in
+`[log.sublogger.access]` sections. There are certain default values
+which will not be inherited from the `[log]` or relevant
+`[log.sublogger]` sections:
+
+* `FILE_NAME` will default to `%(ROOT_PATH)/access.log`
+* `FLAGS` defaults to `` or None
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+If desired the format of the Access logger can be changed by changing
+the value of the `ACCESS_LOG_TEMPLATE`.
+
+NB: You can redirect the access logger to send its events to the Gitea
+log using the value: `ACCESS = ,`
+
+#### The ACCESS_LOG_TEMPLATE
+
+This value represent a go template. It's default value is:
+
+`{{.Ctx.RemoteAddr}} - {{.Identity}} {{.Start.Format "[02/Jan/2006:15:04:05 -0700]" }} "{{.Ctx.Req.Method}} {{.Ctx.Req.RequestURI}} {{.Ctx.Req.Proto}}" {{.ResponseWriter.Status}} {{.ResponseWriter.Size}} "{{.Ctx.Req.Referer}}\" \"{{.Ctx.Req.UserAgent}}"`
+
+The template is passed following options:
+
+* `Ctx` is the `macaron.Context`
+* `Identity` is the `SignedUserName` or `"-"` if the user is not logged
+in
+* `Start` is the start time of the request
+* `ResponseWriter` is the `macaron.ResponseWriter`
+
+Caution must be taken when changing this template as it runs outside of
+the standard panic recovery trap. The template should also be as simple
+as it runs for every request.
+
+### The "XORM" logger
+
+The XORM logger is a long-standing logger that exists to collect XORM
+log events. It is enabled by default but can be switched off by setting
+`ENABLE_XORM_LOG` to `false` in the `[log]` section. Its outputs are
+configured by setting the `XORM` value in the `[log]` section of the
+configuration. `XORM` defaults to `,` if unset, meaning it is redirected
+to the main Gitea log.
+
+XORM will log SQL events by default. This can be changed by setting
+the `LOG_SQL` value to `false` in the `[database]` section.
+
+Each output sublogger for this logger is configured in
+`[log.sublogger.xorm]` sections. There are certain default values
+which will not be inherited from the `[log]` or relevant
+`[log.sublogger]` sections:
+
+* `FILE_NAME` will default to `%(ROOT_PATH)/xorm.log`
+* `FLAGS` defaults to `date,time`
+* `EXPRESSION` will default to `""`
+* `PREFIX` will default to `""`
+
+## Log outputs
+
+Gitea provides 4 possible log outputs:
+
+* `console` - Log to `os.Stdout` or `os.Stderr`
+* `file` - Log to a file
+* `conn` - Log to a keep-alive TCP connection
+* `smtp` - Log via email
+
+Certain configuration is common to all modes of log output:
+
+* `LEVEL` is the lowest level that this output will log. This value
+is inherited from `[log]` and in the case of the non-default loggers
+from `[log.sublogger]`.
+* `STACKTRACE_LEVEL` is the lowest level that this output will print
+a stacktrace. This value is inherited.
+* `MODE` is the mode of the log output. It will default to the sublogger
+name. Thus `[log.console.macaron]` will default to `MODE = console`.
+* `COLORIZE` will default to `true` for `console` as
+described, otherwise it will default to `false`.
+
+### Non-inherited default values
+
+There are several values which are not inherited as described above but
+rather default to those specific to type of logger, these are:
+`EXPRESSION`, `FLAGS`, `PREFIX` and `FILE_NAME`.
+
+#### `EXPRESSION`
+
+`EXPRESSION` represents a regular expression that log events must match to be logged by the sublogger. Either the log message, (with colors removed), must match or the `longfilename:linenumber:functionname` must match. NB: the whole message or string doesn't need to completely match.
+
+Please note this expression will be run in the sublogger's goroutine
+not the logging event subroutine. Therefore it can be complicated.
+
+#### `FLAGS`
+
+`FLAGS` represents the preceding logging context information that is
+printed before each message. It is a comma-separated string set. The order of values does not matter.
+
+Possible values are:
+
+* `none` or `,` - No flags.
+* `date` - the date in the local time zone: `2009/01/23`.
+* `time` - the time in the local time zone: `01:23:23`.
+* `microseconds` - microsecond resolution: `01:23:23.123123`. Assumes
+time.
+* `longfile` - full file name and line number: `/a/b/c/d.go:23`.
+* `shortfile` - final file name element and line number: `d.go:23`.
+* `funcname` - function name of the caller: `runtime.Caller()`.
+* `shortfuncname` - last part of the function name. Overrides
+`funcname`.
+* `utc` - if date or time is set, use UTC rather than the local time
+zone.
+* `levelinitial` - Initial character of the provided level in brackets eg. `[I]` for info.
+* `level` - Provided level in brackets `[INFO]`
+* `medfile` - Last 20 characters of the filename - equivalent to
+`shortfile,longfile`.
+* `stdflags` - Equivalent to `date,time,medfile,shortfuncname,levelinitial`
+
+### Console mode
+
+For loggers in console mode, `COLORIZE` will default to `true` if not
+on windows, or the windows terminal can be set into ANSI mode or is a
+cygwin or Msys pipe.
+
+If `STDERR` is set to `true` the logger will use `os.Stderr` instead of
+`os.Stdout`.
+
+### File mode
+
+The `FILE_NAME` defaults as described above. If set it will be relative
+to the provided `ROOT_PATH` in the master `[log]` section.
+
+Other values:
+
+* `LOG_ROTATE`: **true**: Rotate the log files.
+* `MAX_SIZE_SHIFT`: **28**: Maximum size shift of a single file, 28 represents 256Mb.
+* `DAILY_ROTATE`: **true**: Rotate logs daily.
+* `MAX_DAYS`: **7**: Delete the log file after n days
+* `COMPRESS`: **true**: Compress old log files by default with gzip
+* `COMPRESSION_LEVEL`: **-1**: Compression level
+
+### Conn mode
+
+* `RECONNECT_ON_MSG`: **false**: Reconnect host for every single message.
+* `RECONNECT`: **false**: Try to reconnect when connection is lost.
+* `PROTOCOL`: **tcp**: Set the protocol, either "tcp", "unix" or "udp".
+* `ADDR`: **:7020**: Sets the address to connect to.
+
+### SMTP mode
+
+It is not recommended to use this logger to send general logging
+messages. However, you could perhaps set this logger to work on `FATAL`.
+
+* `USER`: User email address to send from.
+* `PASSWD`: Password for the smtp server.
+* `HOST`: **127.0.0.1:25**: The SMTP host to connect to.
+* `RECEIVERS`: Email addresses to send to.
+* `SUBJECT`: **Diagnostic message from Gitea**
+
+## Default Configuration
+
+The default empty configuration is equivalent to:
+
+```ini
+[log]
+ROOT_PATH = %(GITEA_WORK_DIR)/log
+MODE = console
+LEVEL = Info
+STACKTRACE_LEVEL = None
+REDIRECT_MACARON_LOG = false
+ENABLE_ACCESS_LOG = false
+ENABLE_XORM_LOG = true
+XORM = ,
+
+[log.console]
+MODE = console
+LEVEL = %(LEVEL)
+STACKTRACE_LEVEL = %(STACKTRACE_LEVEL)
+FLAGS = stdflags
+PREFIX =
+COLORIZE = true # Or false if your windows terminal cannot color
+```
+
+This is equivalent to sending all logs to the console, with default go log being sent to the console log too.
+
+## Log colorization
+
+Logs to the console will be colorized by default when not running on
+Windows. Terminal sniffing will occur on Windows and if it is
+determined that we are running on a terminal capable of color we will
+colorize.
+
+Further, on *nix it is becoming common to have file logs that are
+colored by default. Therefore file logs will be colorised by default
+when not running on Windows.
+
+You can switch on or off colorization by using the `COLORIZE` value.
+
+From a development point of view. If you write
+`log.Info("A %s string", "formatted")` the `formatted` part of the log
+message will be Bolded on colorized logs.
+
+You can change this by either rendering the formatted string yourself.
+Or you can wrap the value in a `log.ColoredValue` struct.
+
+The `log.ColoredValue` struct contains a pointer to value, a pointer to
+string of bytes which should represent a color and second set of reset
+bytes. Pointers were chosen to prevent copying of large numbers of
+values. There are several helper methods:
+
+* `log.NewColoredValue` takes a value and 0 or more color attributes
+that represent the color. If 0 are provided it will default to a cached
+bold. Note, it is recommended that color bytes constructed from
+attributes should be cached if this is a commonly used log message.
+* `log.NewColoredValuePointer` takes a pointer to a value, and
+0 or more color attributes that represent the color.
+* `log.NewColoredValueBytes` takes a value and a pointer to an array
+of bytes representing the color.
+
+These functions will not double wrap a `log.ColoredValue`. They will
+also set the `resetBytes` to the cached `resetBytes`.
+
+The `colorBytes` and `resetBytes` are not exported to prevent
+accidental overwriting of internal values.
+
+## ColorFormat & ColorFormatted
+
+Structs may implement the `log.ColorFormatted` interface by implementing the `ColorFormat(fmt.State)` function.
+
+If a `log.ColorFormatted` struct is logged with `%-v` format, its `ColorFormat` will be used instead of the usual `%v`. The full `fmt.State` will be passed to allow implementers to look at additional flags.
+
+In order to help implementers provide `ColorFormat` methods. There is a
+`log.ColorFprintf(...)` function in the log module that will wrap values in `log.ColoredValue` and recognise `%-v`.
+
+In general it is recommended not to make the results of this function too verbose to help increase its versatility. Usually this should simply be an `ID`:`Name`. If you wish to make a more verbose result, it is recommended to use `%-+v` as your marker.
+
+## Log Spoofing protection
+
+In order to protect the logs from being spoofed with cleverly
+constructed messages. Newlines are now prefixed with a tab and control
+characters except those used in an ANSI CSI are escaped with a
+preceding `\` and their octal value.
+
+## Creating a new named logger group
+
+Should a developer wish to create a new named logger, `NEWONE`. It is
+recommended to add an `ENABLE_NEWONE_LOG` value to the `[log]`
+section, and to add a new `NEWONE` value for the modes.
+
+A function like `func newNewOneLogService()` is recommended to manage
+construction of the named logger. e.g.
+
+```go
+func newNewoneLogService() {
+	EnableNewoneLog = Cfg.Section("log").Key("ENABLE_NEWONE_LOG").MustBool(false)
+	Cfg.Section("log").Key("NEWONE").MustString("file") // or console? or "," if you want to send this to default logger by default
+	if EnableNewoneLog {
+		options := newDefaultLogOptions()
+		options.filename = filepath.Join(LogRootPath, "newone.log")
+		options.flags = "stdflags"
+		options.bufferLength = Cfg.Section("log").Key("BUFFER_LEN").MustInt64(10000)
+		generateNamedLogger("newone", options)
+	}
+}
+```
+
+You should then add `newOneLogService` to `NewServices()` in
+`modules/setting/setting.go`
--- a/docs/content/doc/advanced/migrations.en-us.md
+++ b/docs/content/doc/advanced/migrations.en-us.md
@@ -0,0 +1,72 @@
+---
+date: "2019-04-15T17:29:00+08:00"
+title: "Advanced: Migrations Interfaces"
+slug: "migrations-interfaces"
+weight: 30
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "Migrations Interfaces"
+    weight: 55
+    identifier: "migrations-interfaces"
+---
+
+# Migration Features
+
+The new migration features were introduced in Gitea 1.9.0. It defines two interfaces to support migrating 
+repositories data from other git host platforms to gitea or, in the future migrating gitea data to other 
+git host platforms. Currently, only the migrations from github via APIv3 to Gitea is implemented.
+
+First of all, Gitea defines some standard objects in packages `modules/migrations/base`. They are
+ `Repository`, `Milestone`, `Release`, `Label`, `Issue`, `Comment`, `PullRequest`.
+
+## Downloader Interfaces
+
+To migrate from a new git host platform, there are two steps to be updated.
+
+- You should implement a `Downloader` which will get all kinds of repository informations.
+- You should implement a `DownloaderFactory` which is used to detect if the URL matches and 
+create a Downloader.
+- You'll need to register the `DownloaderFactory` via `RegisterDownloaderFactory` on init.
+
+```Go
+type Downloader interface {
+	GetRepoInfo() (*Repository, error)
+	GetMilestones() ([]*Milestone, error)
+	GetReleases() ([]*Release, error)
+	GetLabels() ([]*Label, error)
+	GetIssues(start, limit int) ([]*Issue, error)
+	GetComments(issueNumber int64) ([]*Comment, error)
+	GetPullRequests(start, limit int) ([]*PullRequest, error)
+}
+```
+
+```Go
+type DownloaderFactory interface {
+	Match(opts MigrateOptions) (bool, error)
+	New(opts MigrateOptions) (Downloader, error)
+}
+```
+
+## Uploader Interface
+
+Currently, only a `GiteaLocalUploader` is implemented, so we only save downloaded 
+data via this `Uploader` on the local Gitea instance. Other uploaders are not supported
+and will be implemented in future.
+
+```Go
+// Uploader uploads all the informations
+type Uploader interface {
+	CreateRepo(repo *Repository, includeWiki bool) error
+	CreateMilestone(milestone *Milestone) error
+	CreateRelease(release *Release) error
+	CreateLabel(label *Label) error
+	CreateIssue(issue *Issue) error
+	CreateComment(issueNumber int64, comment *Comment) error
+	CreatePullRequest(pr *PullRequest) error
+	Rollback() error
+}
+
+```
--- a/docs/content/doc/advanced/oauth2-provider.md
+++ b/docs/content/doc/advanced/oauth2-provider.md
@@ -0,0 +1,92 @@
+---
+date: "2019-04-19:44:00+01:00"
+title: "OAuth2 provider"
+slug: "oauth2-provider"
+weight: 41
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "advanced"
+    name: "OAuth2 Provider"
+    weight: 41
+    identifier: "oauth2-provider"
+---
+
+
+# OAuth2 provider
+
+Gitea supports acting as an OAuth2 provider to allow third party applications to access its resources with the user's consent. This feature is available since release 1.8.0.
+
+## Endpoints
+
+
+Endpoint               | URL
+-----------------------|----------------------------
+Authorization Endpoint | `/login/oauth/authorize`
+Access Token Endpoint  | `/login/oauth/access_token`
+
+
+## Supported OAuth2 Grants
+
+At the moment Gitea only supports the [**Authorization Code Grant**](https://tools.ietf.org/html/rfc6749#section-1.3.1) standard with additional support of the [Proof Key for Code Exchange (PKCE)](https://tools.ietf.org/html/rfc7636) extension.
+ 
+
+To use the Authorization Code Grant as a third party application it is required to register a new application via the "Settings" (`/user/settings/applications`) section of the settings.
+
+## Scopes
+
+Currently Gitea does not support scopes (see [#4300](https://github.com/go-gitea/gitea/issues/4300)) and all third party applications will be granted access to all resources of the user and his/her organizations.
+
+## Example
+
+**Note:** This example does not use PKCE.
+
+1. Redirect to user to the authorization endpoint in order to get his/her consent for accessing the resources:
+
+```curl
+https://[YOUR-GITEA-URL]/login/oauth/authorize?client_id=CLIENT_ID&redirect_uri=REDIRECT_URI& response_type=code&state=STATE
+``` 
+
+The `CLIENT_ID` can be obtained by registering an application in the settings. The `STATE` is a random string that will be send back to your application after the user authorizes. The `state` parameter is optional but should be used to prevent CSRF attacks.
+
+
+![Authorization Page](/authorize.png)
+
+The user will now be asked to authorize your application. If they authorize it, the user will be redirected to the `REDIRECT_URL`, for example:
+
+```curl
+https://[REDIRECT_URI]?code=RETURNED_CODE&state=STATE
+```
+
+2. Using the provided `code` from the redirect, you can request a new application and refresh token. The access token endpoints accepts POST requests with  `application/json` and `application/x-www-form-urlencoded` body, for example:
+
+```curl
+POST https://[YOUR-GITEA-URL]/login/oauth/access_token
+```
+
+```json
+{
+	"client_id": "YOUR_CLIENT_ID",
+	"client_secret": "YOUR_CLIENT_SECRET",
+	"code": "RETURNED_CODE",
+	"grant_type": "authorization_code",
+	"redirect_uri": "REDIRECT_URI"
+}
+```
+
+Response:
+```json
+{  
+"access_token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjowLCJleHAiOjE1NTUxNzk5MTIsImlhdCI6MTU1NTE3NjMxMn0.0-iFsAwBtxuckA0sNZ6QpBQmywVPz129u75vOM7wPJecw5wqGyBkmstfJHAjEOqrAf_V5Z-1QYeCh_Cz4RiKug",  
+"token_type":"bearer",  
+"expires_in":3600,  
+"refresh_token":"eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJnbnQiOjIsInR0IjoxLCJjbnQiOjEsImV4cCI6MTU1NzgwNDMxMiwiaWF0IjoxNTU1MTc2MzEyfQ.S_HZQBy4q9r5SEzNGNIoFClT43HPNDbUdHH-GYNYYdkRfft6XptJBkUQscZsGxOW975Yk6RbgtGvq1nkEcklOw"  
+}
+```
+
+The `CLIENT_SECRET` is the unique secret code generated for this application. Please note that the secret will only be visible after you created/registered the application with Gitea and cannot be recovered. If you lose the secret you must regenerate the secret via the application's settings.
+
+The `REDIRECT_URI` in the `access_token` request must match the `REDIRECT_URI` in the `authorize` request.
+
+3. Use the  `access_token` to make [API requests](https://docs.gitea.io/en-us/api-usage#oauth2) to access the user's resources.
--- a/docs/content/doc/features/authentication.en-us.md
+++ b/docs/content/doc/features/authentication.en-us.md
@@ -115,6 +115,10 @@ Both the LDAP via BindDN and the simple auth LDAP share the following fields:
  - Example: `cn=%s,ou=Users,dc=mydomain,dc=com`
  - Example: `uid=%s,ou=Users,dc=mydomain,dc=com`

+- User Search Base  (optional)
+  - The LDAP base at which user accounts will be searched for.
+  - Example: `ou=Users,dc=mydomain,dc=com`
+
 - User Filter **(required)**
  - An LDAP filter declaring when a user should be allowed to log in. The `%s`
    matching parameter will be substituted with login name given on sign-in
--- a/docs/content/doc/features/comparison.en-us.md
+++ b/docs/content/doc/features/comparison.en-us.md
@@ -40,11 +40,11 @@ _Symbols used in table:_
 | Orgmode support | ✓ | ✘ | ✓ | ✘ | ✘ | ✘ | ? |
 | CSV support | ✓ | ✘ | ✓ | ✘ | ✘ | ✓ | ? |
 | Third-party render tool support | ✓ | ✘ | ✘ | ✘ | ✘ | ✓ | ? |
-| Static Git-powered pages | ✘ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
+| Static Git-powered pages | [✘](https://github.com/go-gitea/gitea/issues/302) | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Integrated Git-powered wiki | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Deploy Tokens | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
 | Repository Tokens with write rights | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✓ |
-| Built-in Container Registry | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
+| Built-in Container Registry | [✘](https://github.com/go-gitea/gitea/issues/2316) | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | External git mirroring | ✓ | ✓ | ✘ | ✘ | ✓ | ✓ | ✓ |
 | FIDO U2F (2FA) | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Built-in CI/CD | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
@@ -83,10 +83,10 @@ _Symbols used in table:_
 | Comment reactions | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Lock Discussion | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
 | Batch issue handling | ✓ | ✘ | ✓ | ✓ | ✓ | ✘ | ✘ |
-| Issue Boards | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
+| Issue Boards | [✘](https://github.com/go-gitea/gitea/issues/3476) | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Create new branches from issues | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
 | Issue search | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
-| Global issue search | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
+| Global issue search | [✘](https://github.com/go-gitea/gitea/issues/2434) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Issue dependency | ✓ | ✘ | ✘ | ✘ | ✘ | ✘ | ✘ |
 | Create issue via email | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘ | ✘ | ✓ | ✓ | ✘ |
 | Service Desk | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘ | ✘ | ✘ | ✓ | ✘ | ✘ |
@@ -100,11 +100,11 @@ _Symbols used in table:_
 | Rebase merging | ✓ | ✓ | ✓ | ✘ | ⁄ | ✘ | ✓ |
 | Pull/Merge request inline comments | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
 | Pull/Merge request approval | ✓ | ✘ | ⁄ | ✓ | ✓ | ✓ | ✓ |
-| Merge conflict resolution | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
+| Merge conflict resolution | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Restrict push and merge access to certain users | ✓ | ✘ | ✓ | ⁄ | ✓ | ✓ | ✓ |
-| Revert specific commits or a merge request | ✘ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
+| Revert specific commits or a merge request | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Pull/Merge requests templates | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ | ✘ |
-| Cherry-picking changes | ✘ | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |
+| Cherry-picking changes | [✘](https://github.com/go-gitea/gitea/issues/5158) | ✘ | ✘ | ✓ | ✓ | ✘ | ✘ |


 #### 3rd-party integrations
@@ -122,4 +122,5 @@ _Symbols used in table:_
 | Two factor authentication (2FA) | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | Mattermost/Slack integration | ✓ | ✓ | ⁄ | ✓ | ✓ | ⁄ | ✓ |
 | Discord integration | ✓ | ✓ | ✓ | ✓ | ✓ | ✘ | ✘ |
+| Microsoft Teams integration | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✘ |
 | External CI/CD status display | ✓ | ✘ | ✓ | ✓ | ✓ | ✓ | ✓ |
--- a/docs/content/doc/features/comparison.zh-cn.md
+++ b/docs/content/doc/features/comparison.zh-cn.md
@@ -90,6 +90,8 @@ _表格中的符号含义:_
 | Issue 搜索           | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
 | 全局 Issue 搜索      | ✘     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
 | Issue 依赖           | ✓     | ✘    | ✘         | ✘         | ✘         | ✘         | ✘            |
+| 通过 Email 创建工单 | [✘](https://github.com/go-gitea/gitea/issues/6226) | [✘](https://github.com/gogs/gogs/issues/2602) | ✘ | ✘ | ✓ | ✓ | ✘ |
+| Service Desk | [✘](https://github.com/go-gitea/gitea/issues/6219) | ✘ | ✘ | ✘ | ✓ | ✘ | ✘ |

 #### Pull/Merge requests

@@ -118,7 +120,7 @@ _表格中的符号含义:_
 | LDAP 用户同步              | ✓     | ✘    | ✓         | ✓         | ✓         | ✓         | ✓            |
 | 支持 OpenId 连接           | ✓     | ✘    | ✓         | ✓         | ✓         | ?         | ✘            |
 | 集成 OAuth 2.0（外部授权） | ✓     | ✘    | ⁄         | ✓         | ✓         | ?         | ✓            |
-| 作为 OAuth 2.0 provider    | ✘     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
+| 作为 OAuth 2.0 provider    | [✓](https://github.com/go-gitea/gitea/pull/5378)     | ✘    | ✓         | ✓         | ✓         | ✓         | ✘            |
 | 二次验证 (2FA)             | ✓     | ✓    | ✓         | ✓         | ✓         | ✓         | ✘            |
 | 集成 Mattermost/Slack      | ✓     | ✓    | ⁄         | ✓         | ✓         | ⁄         | ✓            |
 | 集成 Discord               | ✓     | ✓    | ✓         | ✓         | ✓         | ✘         | ✘            |
--- a/docs/content/doc/help/faq.en-us.md
+++ b/docs/content/doc/help/faq.en-us.md
@@ -0,0 +1,270 @@
+---
+date: "2019-04-05T16:00:00+02:00"
+title: "FAQ"
+slug: "faq"
+weight: 5
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "help"
+    name: "FAQ"
+    weight: 5
+    identifier: "faq"
+---
+
+# Frequently Asked Questions
+
+This page contains some common questions and answers.  
+Also see [Support Options]({{< relref "doc/help/seek-help.en-us.md" >}})
+
+* [Difference between 1.x and 1.x.x downloads](#difference-between-1-x-and-1-x-x-downloads)
+* [How to migrate from Gogs/GitHub/etc. to Gitea](#how-to-migrate-from-gogs-github-etc-to-gitea)
+* [Where does Gitea store "x" file](#where-does-gitea-store-x-file)
+* [Not seeing a clone URL or the clone URL being incorrect](#not-seeing-a-clone-url-or-the-clone-url-being-incorrect)
+* [Custom Templates not loading or working incorrectly](#custom-templates-not-loading-or-working-incorrectly)
+* [Active user vs login prohibited user](#active-user-vs-login-prohibited-user)
+* [Setting up logging](#setting-up-logging)
+* [What is Swagger?](#what-is-swagger)
+* [Adjusting your server for public/private use](#adjusting-your-server-for-public-private-use)
+  * [Preventing spammers](#preventing-spammers)
+  * [Only allow/block certain email domains](#only-allow-block-certain-email-domains)
+  * [Issue only users](#issue-only-users)
+  * [Enable Fail2ban](#enable-fail2ban)
+* [Adding custom themes](#how-to-add-use-custom-themes)
+* [SSHD vs built-in SSH](#sshd-vs-built-in-ssh)
+* [Gitea is running slow](#gitea-is-running-slow)
+* [Can't create repositories/files](#cant-create-repositories-files)
+* [Translation is incorrect/how to add more translations](#translation-is-incorrect-how-to-add-more-translations)
+* [Hooks aren't running](#hooks-aren-t-running)
+* [SSH Issues](#ssh-issues)
+  * [SSH Common Errors](#ssh-common-errors)
+* [Missing releases after migration repository with tags](#missing-releases-after-migrating-repository-with-tags)
+* [LFS Issues](#lfs-issues)
+
+
+## Difference between 1.x and 1.x.x downloads
+Version 1.7.x will be used for this example.  
+**NOTE:** this example applies to Docker images as well!  
+
+On our [downloads page](https://dl.gitea.io/gitea/) you will see a 1.7 directory, as well as directories for 1.7.0, 1.7.1, 1.7.2, 1.7.3, 1.7.4, 1.7.5, and 1.7.6.  
+The 1.7 and 1.7.0 directories are **not** the same. The 1.7 directory is built on each merged commit to the [`release/v1.7`](https://github.com/go-gitea/gitea/tree/release/v1.7) branch.  
+The 1.7.0 directory, however, is a build that was created when the [`v1.7.0`](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) tag was created.  
+
+This means that 1.x downloads will change as commits are merged to their respective branch (think of it as a separate "master" branch for each release).  
+On the other hand, 1.x.x downloads should never change.
+
+## How to migrate from Gogs/GitHub/etc. to Gitea
+To migrate from Gogs to Gitea:
+
+* [Gogs version 0.9.146 or less]({{< relref "doc/upgrade/from-gogs.en-us.md" >}})
+* [Gogs version 0.11.46.0418](https://github.com/go-gitea/gitea/issues/4286)
+
+To migrate from GitHub to Gitea, you can use Gitea's [Migrator tool](https://gitea.com/gitea/migrator)
+
+To migrate from Gitlab to Gitea, you can use this non-affiliated tool:  
+https://github.com/loganinak/MigrateGitlabToGogs
+
+## Where does Gitea store "x" file
+* WorkPath
+  * Environment variable `GITEA_WORK_DIR`
+  * Else binary location
+* AppDataPath (default for database, indexers, etc.)
+  * `APP_DATA_PATH` from `app.ini`
+  * Else `%(WorkPath)/data`
+* CustomPath (custom templates)
+  * Environment variable `GITEA_CUSTOM`
+  * Else `%(WorkPath)/custom`
+* HomeDir
+  * Unix: Environment variable `HOME`
+  * Windows: Environment variable `USERPROFILE`, else environment variables `HOMEDRIVE`+`HOMEPATH`
+* RepoRootPath
+  * `ROOT` in `app.ini`
+  * Else `%(HomeDir)/gitea-repositories`
+* INI (config file)
+  * `-c` flag
+  * Else `%(CustomPath)/conf/app.ini`
+* SQLite Database 
+  * `PATH` in `database` section of `app.ini`
+  * Else `%(AppDataPath)/gitea.db`
+
+## Not seeing a clone URL or the clone URL being incorrect
+There are a few places that could make this show incorrectly.
+
+1. If using a reverse proxy, make sure you have followed the correction directions in the [reverse proxy guide]({{< relref "doc/usage/reverse-proxies.en-us.md" >}})
+2. Make sure you have correctly set `ROOT_URL` in the `server` section of your `app.ini`
+
+If certain clone options aren't showing up (HTTP/S or SSH), the following options can be checked in your `app.ini`
+
+`DISABLE_HTTP_GIT`: if set to true, there will be no HTTP/HTTPS link  
+`DISABLE_SSH`: if set to true, there will be no SSH link  
+`SSH_EXPOSE_ANONYMOUS`: if set to false, SSH links will be hidden for anonymous users  
+
+
+## Custom Templates not loading or working incorrectly
+Gitea's custom templates must be added to the correct location or Gitea will not find and use them.  
+The correct path for the template(s) will be relative to the `CustomPath`
+
+1. To find `CustomPath`, look for Custom File Root Path in Site Administration -> Configuration 
+  * If that doesn't exist, you can try `echo $GITEA_CUSTOM`
+2. If you are still unable to find a path, the default can be [calculated above](#where-does-gitea-store-x-file)
+3. Once you have figured out the correct custom path, you can refer to the [customizing Gitea]({{< relref "doc/advanced/customizing-gitea.en-us.md" >}}) page to add your template to the correct location.
+
+## Active user vs login prohibited user
+In Gitea, an "active" user refers to a user that has activated their account via email.  
+A "login prohibited" user is a user that is not allowed to log in to Gitea anymore
+
+## Setting up logging 
+* [Official Docs]({{< relref "doc/advanced/logging-documentation.en-us.md" >}})
+
+## What is Swagger?
+[Swagger](https://swagger.io/) is what Gitea uses for its API.  
+All Gitea instances have the built-in API, though it can be disabled by setting `ENABLE_SWAGGER` to `false` in the `api` section of your `app.ini`  
+For more information, refer to Gitea's [API docs]({{< relref "doc/advanced/api-usage.en-us.md" >}})
+
+[Swagger Example](https://try.gitea.io/api/swagger)
+
+## Adjusting your server for public/private use
+
+### Preventing spammers
+There are multiple things you can combine to prevent spammers.  
+
+1. By only whitelisting certain domains with OpenID (see below)
+2. Setting `ENABLE_CAPTCHA` to `true` in your `app.ini` and properly configuring `RECAPTCHA_SECRET` and `RECAPTCHA_SITEKEY`
+3. Settings `DISABLE_REGISTRATION` to `true` and creating new users via the [CLI]({{< relref "doc/usage/command-line.en-us.md" >}}), [API]({{< relref "doc/advanced/api-usage.en-us.md" >}}), or Gitea's Admin UI  
+
+### Only allow/block certain email domains
+If using OpenID, you can configure `WHITELISTED_URIS` or `BLACKLISTED_URIS` in your `app.ini`  
+**NOTE:** whitelisted takes precedence, so if it is non-blank then blacklisted is ignored
+
+### Issue only users
+The current way to achieve this is to create/modify a user with a max repo creation limit of 0.
+
+### Enable Fail2ban
+
+Use [Fail2Ban]({{ relref "doc/usage/fail2ban-setup.md" >}}) to monitor and stop automated login attempts or other malicious behavior based on log patterns
+
+## How to add/use custom themes
+Gitea supports two official themes right now, `gitea` and `arc-green` (`light` and `dark` respectively)  
+To add your own theme, currently the only way is to provide a complete theme (not just color overrides)  
+  
+As an example, let's say our theme is `arc-blue` (this is a real theme, and can be found [in this issue](https://github.com/go-gitea/gitea/issues/6011))  
+Name the `.css` file `theme-arc-blue.css` and add it to your custom folder in `custom/pulic/css`  
+Allow users to use it by adding `arc-blue` to the list of `THEMES` in your `app.ini`
+
+## SSHD vs built-in SSH
+SSHD is the built-in SSH server on most Unix systems.  
+Gitea also provides its own SSH server, for usage when SSHD is not available.
+
+## Gitea is running slow
+The most common culprit for this is loading federated avatars.  
+This can be turned off by setting `ENABLE_FEDERATED_AVATAR` to `false` in your `app.ini`  
+Another option that may need to be changed is setting `DISABLE_GRAVATAR` to `true` in your `app.ini`
+
+## Can't create repositories/files
+Make sure that Gitea has sufficient permissions to write to its home directory and data directory.  
+See [AppDataPath and RepoRootPath](#where-does-gitea-store-x-file)
+
+**Note for Arch users:** At the time of writing this, there is an issue with the Arch package's systemd file including this line:
+`ReadWritePaths=/etc/gitea/app.ini`  
+Which makes all other paths non-writeable to Gitea.
+
+## Translation is incorrect/how to add more translations
+Our translations are currently crowd-sourced on our [Crowdin project](https://crowdin.com/project/gitea)  
+Whether you want to change a translation or add a new one, it will need to be there as all translations are overwritten in our CI via the Crowdin integration.
+
+## Hooks aren't running
+If Gitea is not running hooks, a common cause is incorrect setup of SSH keys.  
+See [SSH Issues](#ssh-issues) for more information.  
+  
+You can also try logging into the administration panel and running the `Resynchronize pre-receive, update and post-receive hooks of all repositories.` option.
+
+## SSH issues
+If you cannot reach repositories over `ssh`, but `https` works fine, consider looking into the following.
+
+First, make sure you can access Gitea via SSH.  
+`ssh git@myremote.example`  
+
+If the connection is successful, you should receive an error message like the following:
+```
+Hi there, You've successfully authenticated, but Gitea does not provide shell access.
+If this is unexpected, please log in with password and setup Gitea under another user.
+```
+
+If you do not get the above message but still connect, it means your SSH key is **not** being managed by Gitea. This means hooks won't run, among other potential problems.
+
+If you cannot connect at all, your SSH key may not be configured correctly locally. 
+This is specific to SSH and not Gitea, so will not be covered here. 
+
+### SSH Common Errors
+
+```
+Permission denied (publickey).
+fatal: Could not read from remote repository.
+```
+
+This error signifies that the server rejected a log in attempt, check the
+following things:
+
+* On the client:
+  * Ensure the public and private ssh keys are added to the correct Gitea user.
+  * Make sure there are no issues in the remote url. In particular, ensure the name of the
+    git user (before the `@`) is spelled correctly.
+  * Ensure public and private ssh keys are correct on client machine.
+* On the server:
+  * Make sure the repository exists and is correctly named.
+  * Check the permissions of the `.ssh` directory in the system user's home directory.
+  * Verify that the correct public keys are added to `.ssh/authorized_keys`.  
+    Try to run `Rewrite '.ssh/authorized_keys' file (for Gitea SSH keys)` on the
+    Gitea admin panel.
+  * Read Gitea logs.
+  * Read /var/log/auth (or similar).
+  * Check permissions of repositories.
+
+The following is an example of a missing public SSH key where authentication
+succeeded, but some other setting is preventing SSH from reaching the correct
+repository.
+
+```
+fatal: Could not read from remote repository.
+
+Please make sure you have the correct access rights
+and the repository exists.
+```
+
+In this case, look into the following settings:
+
+* On the server:
+  * Make sure that the `git` system user has a usable shell set
+    * Verify this with `getent passwd git | cut -d: -f7`
+    * `usermod` or `chsh` can be used to modify this.
+  * Ensure that the `gitea serv` command in `.ssh/authorized_keys` uses the
+    correct configuration file.
+
+## Missing releases after migrating repository with tags
+
+To migrate an repository *with* all tags, you need to do two things:
+
+* Push tags to the repository:
+```
+ git push --tags
+ ```
+ 
+ * (Re-)sync tags of all repositories within Gitea:
+ ```
+ gitea admin repo-sync-releases
+ ```
+
+## LFS Issues
+
+For issues concerning LFS data upload
+
+```
+batch response: Authentication required: Authorization error: <GITEA_LFS_URL>/info/lfs/objects/batch                                                                                                              
+Check that you have proper access to the repository
+error: failed to push some refs to '<GIT_REPO_URL>'
+```
+Check the value of `LFS_HTTP_AUTH_EXPIRY` in your `app.ini` file.  
+By default, your LFS token will expire after 20 minutes. If you have a slow connection or a large file (or both), it may not finish uploading within the time limit. 
+
+You may want to set this value to `60m` or `120m`.
--- a/docs/content/doc/help/seek-help.en-us.md
+++ b/docs/content/doc/help/seek-help.en-us.md
@@ -15,9 +15,18 @@ menu:

 # Support Options

- [Discord](https://discord.gg/NsatcWJ)
+- [Discord](https://discord.gg/Gitea)
 - [Discourse Forum](https://discourse.gitea.io/)

+**NOTE:** When asking for support, it may be a good idea to have the following available so that the person helping has all the info they need:
+
+1. Your `app.ini` (with any sensitive data scrubbed as necessary)
+2. The `gitea.log` (and any other appropriate log files for the situation)
+  * e.g. If the error is related to the database, the `xorm.log` might be helpful
+3. Any error messages you are seeing
+4. When possible, try to replicate the issue on [try.gitea.io](https://try.gitea.io) and include steps so that others can reproduce the issue.
+  * This will greatly improve the chance that the root of the issue can be quickly discovered and resolved.
+
 ## Bugs

 If you found a bug, please create an [issue on GitHub](https://github.com/go-gitea/gitea/issues).
--- a/docs/content/doc/help/troubleshooting.en-us.md
+++ b/docs/content/doc/help/troubleshooting.en-us.md
@@ -1,96 +0,0 @@
---
-date: "2016-11-08T16:00:00+02:00"
-title: "Troubleshooting"
-slug: "troubleshooting"
-weight: 10
-toc: true
-draft: false
-menu:
-  sidebar:
-    parent: "help"
-    name: "Troubleshooting"
-    weight: 20
-    identifier: "troubleshooting"
---
-
-# Troubleshooting
-
-This page contains some common seen issues and their solutions.
-
-## SSH issues
-
-For issues reaching repositories over `ssh` while the Gitea web front-end, but
-`https` based git repository access works fine, consider looking into the following.
-
-```
-Permission denied (publickey).
-fatal: Could not read from remote repository.
-```
-
-This error signifies that the server rejected a log in attempt, check the
-following things:
-
-* On the client:
-  * Ensure the public and private ssh keys are added to the correct Gitea user.
-  * Make sure there are no issues in the remote url. In particular, ensure the name of the
-    git user (before the `@`) is spelled correctly.
-  * Ensure public and private ssh keys are correct on client machine.
-  * Try to connect using ssh (ssh git@myremote.example) to ensure a connection
-    can be made.
-* On the server:
-  * Make sure the repository exists and is correctly named.
-  * Check the permissions of the `.ssh` directory in the system user's home directory.
-  * Verify that the correct public keys are added to `.ssh/authorized_keys`.
-    Try to run `Rewrite '.ssh/authorized_keys' file (for Gitea SSH keys)` on the
-    Gitea admin panel.
-  * Read Gitea logs.
-  * Read /var/log/auth (or similar).
-  * Check permissions of repositories.
-
-The following is an example of a missing public SSH key where authentication
-succeeded, but some other setting is preventing SSH from reaching the correct
-repository.
-
-```
-fatal: Could not read from remote repository.
-
-Please make sure you have the correct access rights
-and the repository exists.
-```
-
-In this case, look into the following settings:
-
-* On the server:
-  * Make sure that the `git` system user has a usable shell set
-    * Verify this with `getent passwd git | cut -d: -f7`
-    * `usermod` or `chsh` can be used to modify this.
-  * Ensure that the `gitea serv` command in `.ssh/authorized_keys` uses the
-    correct configuration file.
-
-## Missing releases after migrating repository with tags
-
-To migrate an repository *with* all tags, you need to do two things:
-
-* Push tags to the repository:
-```
- git push --tags
- ```
- 
- * (Re-)sync tags of all repositories within Gitea:
- ```
- gitea admin repo-sync-releases
- ```
-
-## LFS Issues
-
-For issues concerning LFS data upload
-
-```
-batch response: Authentication required: Authorization error: <GITEA_LFS_URL>/info/lfs/objects/batch                                                                                                              
-Check that you have proper access to the repository
-error: failed to push some refs to '<GIT_REPO_URL>'
-```
-Have you checked the value of `LFS_HTTP_AUTH_EXPIRY` in your `app.ini` file? By default, your LFS token will expire after 20 minutes. If you have a slow connection or a large file (or both), it may not finish uploading within the time limit. 
-
-You may want to set this value to `60m` or `120m`.
-
--- a/docs/content/doc/installation/from-binary.en-us.md
+++ b/docs/content/doc/installation/from-binary.en-us.md
@@ -21,7 +21,7 @@ the destination platform from the [downloads page](https://dl.gitea.io/gitea/),
 the URL and replace the URL within the commands below:

 ```sh
-wget -O gitea https://dl.gitea.io/gitea/1.7.0/gitea-1.7.0-linux-amd64
+wget -O gitea https://dl.gitea.io/gitea/1.8.3/gitea-1.8.3-linux-amd64
 chmod +x gitea
 ```

@@ -30,7 +30,7 @@ Gitea signs all binaries with a [GPG key](https://pgp.mit.edu/pks/lookup?op=vind

 ```sh
 gpg --keyserver pgp.mit.edu --recv 7C9E68152594688862D62AF62D9AE806EC1592E2
-gpg --verify gitea-1.7.0-linux-amd64.asc gitea-1.7.0-linux-amd64
+gpg --verify gitea-1.8.3-linux-amd64.asc gitea-1.8.3-linux-amd64
 ```

 ## Test
@@ -82,6 +82,7 @@ chmod 770 /etc/gitea
 chmod 750 /etc/gitea
 chmod 644 /etc/gitea/app.ini
 ```
+If you don't want the web installer to be able to write the config file at all, it is also possible to make the config file read-only for the gitea user (owner/group `root:root`, mode `0660`), and set `INSTALL_LOCK = true`. In that case all database configuration details must be set beforehand in the config file, as well as the `SECRET_KEY` and `INTERNAL_TOKEN` values. See the [command line documentation]({{< relref "doc/usage/command-line.en-us.md" >}}) for information on using `gitea generate secret INTERNAL_TOKEN`.

 ### Configure Gitea's working directory

@@ -142,6 +143,15 @@ bind: address already in use` Gitea needs to be started on another free port. Th
 is possible using `./gitea web -p $PORT`. It's possible another instance of Gitea
 is already running.

+### Running Gitea on Raspbian
+
+As of v1.8, there is a problem with the arm7 version of Gitea and it doesn't run on Raspberry Pi and similar devices. 
+
+It is therefore recommended to switch to the arm6 version which has been tested and shown to work on Raspberry Pi and similar devices.
+
+<!---
+please remove after fixing the arm7 bug
+--->
 ### Git error after updating to a new version of Gitea

 If the binary file name has been changed during the update to a new version of Gitea, 
--- a/docs/content/doc/installation/from-source.en-us.md
+++ b/docs/content/doc/installation/from-source.en-us.md
@@ -29,7 +29,7 @@ executable path, you will have to manage this yourself.

 **Note 2**: Go version 1.9 or higher is required. However, it is recommended to
 obtain the same version as our continuous integration, see the advice given in
-<a href='{{ relref "docs/advanced/hacking-on-gitea.en-us.md" }}'>Hacking on
+<a href='{{< relref "doc/advanced/hacking-on-gitea.en-us.md" >}}'>Hacking on
 Gitea</a>

 ## Download
@@ -117,3 +117,26 @@ launched manually from command line, it can be killed by pressing `Ctrl + C`.
 ```bash
 ./gitea web
 ```
+
+## Changing the default CustomPath, CustomConf and AppWorkDir
+
+Gitea will search for a number of things from the `CustomPath`. By default this is
+the `custom/` directory in the current working directory when running Gitea. It will also
+look for its configuration file `CustomConf` in `$CustomPath/conf/app.ini`, and will use the
+current working directory as the relative base path `AppWorkDir` for a number configurable
+values.
+
+These values, although useful when developing, may conflict with downstream users preferences.
+
+One option is to use a script file to shadow the `gitea` binary and create an appropriate
+environment before running Gitea. However, when building you can change these defaults
+using the `LDFLAGS` environment variable for `make`. The appropriate settings are as follows
+
+* To set the `CustomPath` use `LDFLAGS="-X \"code.gitea.io/gitea/modules/setting.CustomPath=custom-path\""`
+* For `CustomConf` you should use `-X \"code.gitea.io/gitea/modules/setting.CustomConf=conf.ini\"`
+* For `AppWorkDir` you should use `-X \"code.gitea.io/gitea/modules/setting.AppWorkDir=working-directory\"`
+
+Add as many of the strings with their preceding `-X` to the `LDFLAGS` variable and run `make build`
+with the appropriate `TAGS` as above.
+
+Running `gitea help` will allow you to review what the computed settings will be for your `gitea`.
--- a/docs/content/doc/installation/with-docker.en-us.md
+++ b/docs/content/doc/installation/with-docker.en-us.md
@@ -248,6 +248,7 @@ You can configure some of Gitea's settings via environment variables:
 * `DISABLE_SSH`: **false**: Disable SSH feature when it's not available.
 * `HTTP_PORT`: **3000**: HTTP listen port.
 * `ROOT_URL`: **""**: Overwrite the automatically generated public URL. This is useful if the internal and the external URL don't match (e.g. in Docker).
+* `LFS_START_SERVER`: **false**: Enables git-lfs support.
 * `DB_TYPE`: **sqlite3**: The database type in use \[mysql, postgres, mssql, sqlite3\].
 * `DB_HOST`: **localhost:3306**: Database host address and port.
 * `DB_NAME`: **gitea**: Database name.
@@ -270,7 +271,7 @@ files; for named volumes, this is done through another container or by direct ac

 # Upgrading

-:exclamation::exclamation: **Make sure you have volumed data to somewhere outside Docker container** :exclamation::exclamation:**
+:exclamation::exclamation: **Make sure you have volumed data to somewhere outside Docker container** :exclamation::exclamation:

 To upgrade your installation to the latest release:
 ```
--- a/docs/content/doc/usage/backup-and-restore.en-us.md
+++ b/docs/content/doc/usage/backup-and-restore.en-us.md
@@ -20,10 +20,10 @@ file can be unpacked and used to restore an instance.

 ## Backup Command (`dump`)

-Switch to the user running gitea: `su git`. Run `./gitea dump -c /path/to/app.ini` in the gitea installation
+Switch to the user running Gitea: `su git`. Run `./gitea dump -c /path/to/app.ini` in the Gitea installation
 directory. There should be some output similar to the following:

-```
+```none
 2016/12/27 22:32:09 Creating tmp work dir: /tmp/gitea-dump-417443001
 2016/12/27 22:32:09 Dumping local repositories.../home/git/gitea-repositories
 2016/12/27 22:32:22 Dumping database...
@@ -34,7 +34,8 @@ directory. There should be some output similar to the following:

 Inside the `gitea-dump-1482906742.zip` file, will be the following:

-* `custom` - All config or customerize files in `custom/`.
+* `app.ini` - Optional copy of configuration file if originally stored outside of the default `custom/` directory
+* `custom` - All config or customization files in `custom/`.
 * `data` - Data directory in <GITEA_WORK_DIR>, except sessions if you are using file session. This directory includes `attachments`, `avatars`, `lfs`, `indexers`, sqlite file if you are using sqlite.
 * `gitea-db.sql` - SQL dump of database
 * `gitea-repo.zip` - Complete copy of the repository directory.
@@ -43,17 +44,34 @@ Inside the `gitea-dump-1482906742.zip` file, will be the following:
 Intermediate backup files are created in a temporary directory specified either with the
 `--tempdir` command-line parameter or the `TMPDIR` environment variable.

+### Using Docker (`dump`)
+
+There are a few caveats for using the `dump` command with Docker.
+
+The command has to be executed with the `RUN_USER = <OS_USERNAME>` specified in `gitea/conf/app.ini`; and, for the zipping of the backup folder to occur without permission error the command `docker exec` must be executed inside of the `--tempdir`.
+
+Example:
+
+```none
+docker exec -u <OS_USERNAME> -it -w <--tempdir> $(docker ps -qf "name=<NAME_OF_DOCKER_CONTAINER>") bash -c '/app/gitea/gitea dump -c </path/to/app.ini>'
+```
+
+*Note: `--tempdir` refers to the temporary directory of the docker environment used by Gitea; if you have not specified a custom `--tempdir`, then Gitea uses `/tmp` or the `TMPDIR` environment variable of the docker container. For `--tempdir` adjust your `docker exec` command options accordingly.
+
+The result should be a file, stored in the `--tempdir` specified, along the lines of: `gitea-dump-1482906742.zip`
+
 ## Restore Command (`restore`)

 There is currently no support for a recovery command. It is a manual process that mostly
 involves moving files to their correct locations and restoring a database dump.

 Example:
-```
+
+```none
 apt-get install gitea
 unzip gitea-dump-1482906742.zip
 cd gitea-dump-1482906742
-mv custom/conf/app.ini /etc/gitea/conf/app.ini
+mv custom/conf/app.ini /etc/gitea/conf/app.ini # or mv app.ini /etc/gitea/conf/app.ini
 unzip gitea-repo.zip
 mv gitea-repo/* /var/lib/gitea/repositories/
 chown -R gitea:gitea /etc/gitea/conf/app.ini /var/lib/gitea/repositories/
--- a/docs/content/doc/usage/command-line.en-us.md
+++ b/docs/content/doc/usage/command-line.en-us.md
@@ -0,0 +1,283 @@
+---
+date: "2017-01-01T16:00:00+02:00"
+title: "Usage: Command Line"
+slug: "command-line"
+weight: 10
+toc: true
+draft: false
+menu:
+  sidebar:
+    parent: "usage"
+    name: "Command Line"
+    weight: 10
+    identifier: "command-line"
+---
+
+## Command Line
+
+### Usage
+
+`gitea [global options] command [command or global options] [arguments...]`
+
+### Global options
+
+All global options can be placed at the command level.
+
+- `--help`, `-h`: Show help text and exit. Optional.
+- `--version`, `-v`: Show version and exit. Optional. (example: `Gitea version 1.1.0+218-g7b907ed built with: bindata, sqlite`).
+- `--custom-path path`, `-C path`: Location of the Gitea custom folder. Optional. (default: `AppWorkPath`/custom or `$GITEA_CUSTOM`).
+- `--config path`, `-c path`: Gitea configuration file path. Optional. (default: `custom`/conf/app.ini).
+- `--work-path path`, `-w path`: Gitea `AppWorkPath`. Optional. (default: LOCATION_OF_GITEA_BINARY or `$GITEA_WORK_DIR`)
+
+NB: The defaults custom-path, config and work-path can also be
+changed at build time (if preferred).
+
+### Commands
+
+#### web
+
+Starts the server:
+
+- Options:
+    - `--port number`, `-p number`: Port number. Optional. (default: 3000). Overrides configuration file.
+    - `--pid path`, `-P path`: Pidfile path. Optional.
+- Examples:
+    - `gitea web`
+    - `gitea web --port 80`
+    - `gitea web --config /etc/gitea.ini --pid /var/run/gitea.pid`
+- Notes:
+    - Gitea should not be run as root. To bind to a port below 1000, you can use setcap on
+      Linux: `sudo setcap 'cap_net_bind_service=+ep' /path/to/gitea`. This will need to be
+      redone every time you update Gitea.
+
+#### admin
+
+Admin operations:
+
+- Commands:
+    - `create-user`
+        - Options:
+            - `--name value`: Username. Required. As of gitea 1.9.0, use the `--username` flag instead.
+            - `--username value`: Username. Required. New in gitea 1.9.0.
+            - `--password value`: Password. Required.
+            - `--email value`: Email. Required.
+            - `--admin`: If provided, this makes the user an admin. Optional.
+            - `--access-token`: If provided, an access token will be created for the user. Optional. (default: false).
+            - `--must-change-password`: If provided, the created user will be required to choose a newer password after
+	    the initial login. Optional. (default: true).
+            - ``--random-password``: If provided, a randomly generated password will be used as the password of
+	    the created user. The value of `--password` will be discarded. Optional.
+            - `--random-password-length`: If provided, it will be used to configure the length of the randomly
+	    generated password. Optional. (default: 12)
+        - Examples:
+            - `gitea admin create-user --username myname --password asecurepassword --email me@example.com`
+    - `change-password`
+        - Options:
+            - `--username value`, `-u value`: Username. Required.
+            - `--password value`, `-p value`: New password. Required.
+        - Examples:
+            - `gitea admin change-password --username myname --password asecurepassword`
+    - `regenerate`
+        - Options:
+            - `hooks`: Regenerate git-hooks for all repositories
+            - `keys`: Regenerate authorized_keys file
+        - Examples:
+            - `gitea admin regenerate hooks`
+            - `gitea admin regenerate keys`
+    - `auth`:
+        - `list`:
+            - Description: lists all external authentication sources that exist
+            - Examples:
+                - `gitea admin auth list`
+        - `delete`:
+            - Options:
+                - `--id`: ID of source to be deleted. Required.
+            - Examples:
+                - `gitea admin auth delete --id 1`
+        - `add-oauth`:
+            - Options:
+                - `--name`: Application Name.
+                - `--provider`: OAuth2 Provider.
+                - `--key`: Client ID (Key).
+                - `--secret`: Client Secret.
+                - `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider).
+                - `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints.
+                - `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub).
+                - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
+                - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
+                - `--custom-email-url`: Use a custom Email URL (option for GitHub).
+            - Examples:
+                - `gitea admin auth add-oauth --name external-github --provider github --key OBTAIN_FROM_SOURCE --secret OBTAIN_FROM_SOURCE`
+        - `update-oauth`:
+            - Options:
+                - `--id`: ID of source to be updated. Required.
+                - `--name`: Application Name.
+                - `--provider`: OAuth2 Provider.
+                - `--key`: Client ID (Key).
+                - `--secret`: Client Secret.
+                - `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider).
+                - `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints.
+                - `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub).
+                - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
+                - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
+                - `--custom-email-url`: Use a custom Email URL (option for GitHub).
+            - Examples:
+                - `gitea admin auth update-oauth --id 1 --name external-github-updated`
+        - `add-ldap`: Add new LDAP (via Bind DN) authentication source
+            - Options:
+                - `--name value`: Authentication name. Required.
+                - `--not-active`: Deactivate the authentication source.
+                - `--security-protocol value`: Security protocol name. Required.
+                - `--skip-tls-verify`: Disable TLS verification.
+                - `--host value`: The address where the LDAP server can be reached. Required.
+                - `--port value`: The port to use when connecting to the LDAP server. Required.
+                - `--user-search-base value`: The LDAP base at which user accounts will be searched for. Required.
+                - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required.
+                - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
+                - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
+                - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
+                - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
+                - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. Required.
+                - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
+                - `--bind-dn value`: The DN to bind to the LDAP server with when searching for the user.
+                - `--bind-password value`: The password for the Bind DN, if any.
+                - `--attributes-in-bind`: Fetch attributes in bind DN context.
+                - `--synchronize-users`: Enable user synchronization.
+                - `--page-size value`: Search page size.
+            - Examples:
+                - `gitea admin auth add-ldap --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-search-base "ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(uid=%s))" --email-attribute mail`
+        - `update-ldap`: Update existing LDAP (via Bind DN) authentication source
+            - Options:
+                - `--id value`: ID of authentication source. Required.
+                - `--name value`: Authentication name.
+                - `--not-active`: Deactivate the authentication source.
+                - `--security-protocol value`: Security protocol name.
+                - `--skip-tls-verify`: Disable TLS verification.
+                - `--host value`: The address where the LDAP server can be reached.
+                - `--port value`: The port to use when connecting to the LDAP server.
+                - `--user-search-base value`: The LDAP base at which user accounts will be searched for.
+                - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate.
+                - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
+                - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
+                - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
+                - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
+                - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address.
+                - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
+                - `--bind-dn value`: The DN to bind to the LDAP server with when searching for the user.
+                - `--bind-password value`: The password for the Bind DN, if any.
+                - `--attributes-in-bind`: Fetch attributes in bind DN context.
+                - `--synchronize-users`: Enable user synchronization.
+                - `--page-size value`: Search page size.
+            - Examples:
+                - `gitea admin auth update-ldap --id 1 --name "my ldap auth source"`
+                - `gitea admin auth update-ldap --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`
+        - `add-ldap-simple`: Add new LDAP (simple auth) authentication source
+            - Options:
+                - `--name value`: Authentication name. Required.
+                - `--not-active`: Deactivate the authentication source.
+                - `--security-protocol value`: Security protocol name. Required.
+                - `--skip-tls-verify`: Disable TLS verification.
+                - `--host value`: The address where the LDAP server can be reached. Required.
+                - `--port value`: The port to use when connecting to the LDAP server. Required.
+                - `--user-search-base value`: The LDAP base at which user accounts will be searched for.
+                - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate. Required.
+                - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
+                - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
+                - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
+                - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
+                - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address. Required.
+                - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
+                - `--user-dn value`: The user’s DN. Required.
+            - Examples:
+                - `gitea admin auth add-ldap-simple --name ldap --security-protocol unencrypted --host mydomain.org --port 389 --user-dn "cn=%s,ou=Users,dc=mydomain,dc=org" --user-filter "(&(objectClass=posixAccount)(cn=%s))" --email-attribute mail`
+        - `update-ldap-simple`: Update existing LDAP (simple auth) authentication source
+            - Options:
+                - `--id value`: ID of authentication source. Required.
+                - `--name value`: Authentication name.
+                - `--not-active`: Deactivate the authentication source.
+                - `--security-protocol value`: Security protocol name.
+                - `--skip-tls-verify`: Disable TLS verification.
+                - `--host value`: The address where the LDAP server can be reached.
+                - `--port value`: The port to use when connecting to the LDAP server.
+                - `--user-search-base value`: The LDAP base at which user accounts will be searched for.
+                - `--user-filter value`: An LDAP filter declaring how to find the user record that is attempting to authenticate.
+                - `--admin-filter value`: An LDAP filter specifying if a user should be given administrator privileges.
+                - `--username-attribute value`: The attribute of the user’s LDAP record containing the user name.
+                - `--firstname-attribute value`: The attribute of the user’s LDAP record containing the user’s first name.
+                - `--surname-attribute value`: The attribute of the user’s LDAP record containing the user’s surname.
+                - `--email-attribute value`: The attribute of the user’s LDAP record containing the user’s email address.
+                - `--public-ssh-key-attribute value`: The attribute of the user’s LDAP record containing the user’s public ssh key.
+                - `--user-dn value`: The user’s DN.
+            - Examples:
+                - `gitea admin auth update-ldap-simple --id 1 --name "my ldap auth source"`
+                - `gitea admin auth update-ldap-simple --id 1 --username-attribute uid --firstname-attribute givenName --surname-attribute sn`
+
+#### cert
+
+Generates a self-signed SSL certificate. Outputs to `cert.pem` and `key.pem` in the current
+directory and will overwrite any existing files.
+
+- Options:
+    - `--host value`: Comma seperated hostnames and ips which this certificate is valid for.
+      Wildcards are supported. Required.
+    - `--ecdsa-curve value`: ECDSA curve to use to generate a key. Optional. Valid options
+      are P224, P256, P384, P521.
+    - `--rsa-bits value`: Size of RSA key to generate. Optional. Ignored if --ecdsa-curve is
+      set. (default: 2048).
+    - `--start-date value`: Creation date. Optional. (format: `Jan 1 15:04:05 2011`).
+    - `--duration value`: Duration which the certificate is valid for. Optional. (default: 8760h0m0s)
+    - `--ca`: If provided, this cert generates it's own certificate authority. Optional.
+- Examples:
+    - `gitea cert --host git.example.com,example.com,www.example.com --ca`
+
+#### dump
+
+Dumps all files and databases into a zip file. Outputs into a file like `gitea-dump-1482906742.zip`
+in the current directory.
+
+- Options:
+    - `--file name`, `-f name`: Name of the dump file with will be created. Optional. (default: gitea-dump-[timestamp].zip).
+    - `--tempdir path`, `-t path`: Path to the temporary directory used. Optional. (default: /tmp).
+    - `--skip-repository`, `-R`: Skip the repository dumping. Optional.
+    - `--database`, `-d`: Specify the database SQL syntax. Optional.
+    - `--verbose`, `-V`: If provided, shows additional details. Optional.
+- Examples:
+    - `gitea dump`
+    - `gitea dump --verbose`
+
+#### generate
+
+Generates random values and tokens for usage in configuration file. Useful for generating values
+for automatic deployments.
+
+- Commands:
+    - `secret`:
+        - Options:
+            - `INTERNAL_TOKEN`: Token used for an internal API call authentication.
+            - `JWT_SECRET`: LFS & OAUTH2 JWT authentication secret (LFS_JWT_SECRET is aliased to this option for backwards compatibility).
+            - `SECRET_KEY`: Global secret key.
+        - Examples:
+            - `gitea generate secret INTERNAL_TOKEN`
+            - `gitea generate secret JWT_SECRET`
+            - `gitea generate secret SECRET_KEY`
+
+#### keys
+
+Provides an SSHD AuthorizedKeysCommand. Needs to be configured in the sshd config file:
+
+```ini
+...
+# The value of -e and the AuthorizedKeysCommandUser should match the
+# username running gitea
+AuthorizedKeysCommandUser git
+AuthorizedKeysCommand /path/to/gitea keys -e git -u %u -t %t -k %k
+```
+
+The command will return the appropriate authorized_keys line for the
+provided key. You should also set the value
+`SSH_CREATE_AUTHORIZED_KEYS_FILE=false` in the `[server]` section of
+`app.ini`.
+
+NB: opensshd requires the gitea program to be owned by root and not
+writable by group or others. The program must be specified by an absolute
+path.
--- a/docs/content/doc/usage/command-line.md
+++ b/docs/content/doc/usage/command-line.md
@@ -1,194 +0,0 @@
---
-date: "2017-01-01T16:00:00+02:00"
-title: "Usage: Command Line"
-slug: "command-line"
-weight: 10
-toc: true
-draft: false
-menu:
-  sidebar:
-    parent: "usage"
-    name: "Command Line"
-    weight: 10
-    identifier: "command-line"
---
-
-## Command Line
-
-### Usage
-
-`gitea [global options] command [command options] [arguments...]`
-
-### Global options
- - `--help`, `-h`: Show help text and exit. Optional. This can be used with any of the
-   subcommands to see help text for it.
- - `--version`, `-v`: Show version and exit. Optional. (example: `Gitea version
-   1.1.0+218-g7b907ed built with: bindata, sqlite`).
-
-### Commands
-
-#### web
-
-Starts the server:
-
- Options:
-    - `--port number`, `-p number`: Port number. Optional. (default: 3000). Overrides configuration file.
-    - `--config path`, `-c path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
-    - `--pid path`, `-P path`: Pidfile path. Optional.
- Examples:
-    - `gitea web`
-    - `gitea web --port 80`
-    - `gitea web --config /etc/gitea.ini --pid /var/run/gitea.pid`
- Notes:
-    - Gitea should not be run as root. To bind to a port below 1000, you can use setcap on
-      Linux: `sudo setcap 'cap_net_bind_service=+ep' /path/to/gitea`. This will need to be
-      redone every time you update Gitea.
-
-#### admin
-
-Admin operations:
-
- Commands:
-    - `create-user`
-        - Options:
-            - `--name value`: Username. Required.
-            - `--password value`: Password. Required.
-            - `--email value`: Email. Required.
-            - `--admin`: If provided, this makes the user an admin. Optional.
-            - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
-            - `--must-change-password`: If provided, the created user will be required to choose a newer password after
-	    the initial login. Optional. (default: true).
-            - ``--random-password``: If provided, a randomly generated password will be used as the password of
-	    the created user. The value of `--password` will be discarded. Optional.
-            - `--random-password-length`: If provided, it will be used to configure the length of the randomly
-	    generated password. Optional. (default: 12)
-        - Examples:
-            - `gitea admin create-user --name myname --password asecurepassword --email me@example.com`
-    - `change-password`
-        - Options:
-            - `--username value`, `-u value`: Username. Required.
-            - `--password value`, `-p value`: New password. Required.
-            - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
-        - Examples:
-            - `gitea admin change-password --username myname --password asecurepassword`
-    - `regenerate`
-        - Options:
-            - `hooks`: Regenerate git-hooks for all repositories
-            - `keys`: Regenerate authorized_keys file
-        - Examples:
-            - `gitea admin regenerate hooks`
-            - `gitea admin regenerate keys`
-    - `auth`:
-        - `list`:
-            - Description: lists all external authentication sources that exist
-            - Options:
-                - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
-            - Examples:
-                - `gitea auth list`
-        - `delete`:
-            - Options:
-                - `--id`: ID of source to be deleted. Required.
-                - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
-            - Examples:
-                - `gitea auth delete --id 1`
-        - `add-oauth`:
-            - Options:
-                - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
-                - `--name`: Application Name.
-                - `--provider`: OAuth2 Provider.
-                - `--key`: Client ID (Key).
-                - `--secret`: Client Secret.
-                - `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider).
-                - `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints.
-                - `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub).
-                - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
-                - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
-                - `--custom-email-url`: Use a custom Email URL (option for GitHub).
-            - Examples:
-                - `gitea auth add-oauth --name external-github --provider github --key OBTAIN_FROM_SOURCE --secret OBTAIN_FROM_SOURCE`
-        - `update-oauth`:
-            - Options:
-                - `--id`: ID of source to be updated. Required.
-                - `--config path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
-                - `--name`: Application Name.
-                - `--provider`: OAuth2 Provider.
-                - `--key`: Client ID (Key).
-                - `--secret`: Client Secret.
-                - `--auto-discover-url`: OpenID Connect Auto Discovery URL (only required when using OpenID Connect as provider).
-                - `--use-custom-urls`: Use custom URLs for GitLab/GitHub OAuth endpoints.
-                - `--custom-auth-url`: Use a custom Authorization URL (option for GitLab/GitHub).
-                - `--custom-token-url`: Use a custom Token URL (option for GitLab/GitHub).
-                - `--custom-profile-url`: Use a custom Profile URL (option for GitLab/GitHub).
-                - `--custom-email-url`: Use a custom Email URL (option for GitHub).
-            - Examples:
-                - `gitea auth update-oauth --id 1 --name external-github-updated`
-
-#### cert
-
-Generates a self-signed SSL certificate. Outputs to `cert.pem` and `key.pem` in the current
-directory and will overwrite any existing files.
-
- Options:
-    - `--host value`: Comma seperated hostnames and ips which this certificate is valid for.
-      Wildcards are supported. Required.
-    - `--ecdsa-curve value`: ECDSA curve to use to generate a key. Optional. Valid options
-      are P224, P256, P384, P521.
-    - `--rsa-bits value`: Size of RSA key to generate. Optional. Ignored if --ecdsa-curve is
-      set. (default: 2048).
-    - `--start-date value`: Creation date. Optional. (format: `Jan 1 15:04:05 2011`).
-    - `--duration value`: Duration which the certificate is valid for. Optional. (default: 8760h0m0s)
-    - `--ca`: If provided, this cert generates it's own certificate authority. Optional.
- Examples:
-    - `gitea cert --host git.example.com,example.com,www.example.com --ca`
-
-#### dump
-
-Dumps all files and databases into a zip file. Outputs into a file like `gitea-dump-1482906742.zip`
-in the current directory.
-
- Options:
-    - `--config path`, `-c path`: Gitea configuration file path. Optional. (default: custom/conf/app.ini).
-    - `--tempdir path`, `-t path`: Path to the temporary directory used. Optional. (default: /tmp).
-    - `--skip-repository`, `-R`: Skip the repository dumping. Optional.
-    - `--database`, `-d`: Specify the database SQL syntax. Optional.
-    - `--verbose`, `-v`: If provided, shows additional details. Optional.
- Examples:
-    - `gitea dump`
-    - `gitea dump --verbose`
-
-#### generate
-
-Generates random values and tokens for usage in configuration file. Useful for generating values
-for automatic deployments.
-
- Commands:
-    - `secret`:
-        - Options:
-            - `INTERNAL_TOKEN`: Token used for an internal API call authentication.
-            - `LFS_JWT_SECRET`: LFS authentication secret.
-            - `SECRET_KEY`: Global secret key.
-        - Examples:
-            - `gitea generate secret INTERNAL_TOKEN`
-            - `gitea generate secret LFS_JWT_SECRET`
-            - `gitea generate secret SECRET_KEY`
-
-#### keys
-
-Provides an SSHD AuthorizedKeysCommand. Needs to be configured in the sshd config file:
-
-```ini
-...
-# The value of -e and the AuthorizedKeysCommandUser should match the
-# username running gitea
-AuthorizedKeysCommandUser git
-AuthorizedKeysCommand /path/to/gitea keys -e git -u %u -t %t -k %k
-```
-
-The command will return the appropriate authorized_keys line for the
-provided key. You should also set the value
-`SSH_CREATE_AUTHORIZED_KEYS_FILE=false` in the `[server]` section of
-`app.ini`.
-
-NB: opensshd requires the gitea program to be owned by root and not
-writable by group or others. The program must be specified by an absolute
-path.
--- a/docs/static/authorize.png
+++ b/docs/static/authorize.png
--- a/go.mod
+++ b/go.mod
@@ -0,0 +1,138 @@
+module code.gitea.io/gitea
+
+go 1.12
+
+require (
+	github.com/BurntSushi/toml v0.3.1 // indirect
+	github.com/PuerkitoBio/goquery v0.0.0-20170324135448-ed7d758e9a34
+	github.com/RoaringBitmap/roaring v0.4.7 // indirect
+	github.com/Unknwon/cae v0.0.0-20160715032808-c6aac99ea2ca
+	github.com/Unknwon/com v0.0.0-20190321035513-0fed4efef755
+	github.com/Unknwon/i18n v0.0.0-20171114194641-b64d33658966
+	github.com/Unknwon/paginater v0.0.0-20151104151617-7748a72e0141
+	github.com/andybalholm/cascadia v0.0.0-20161224141413-349dd0209470 // indirect
+	github.com/bgentry/speakeasy v0.1.0 // indirect
+	github.com/blevesearch/bleve v0.0.0-20190214220507-05d86ea8f6e3
+	github.com/blevesearch/blevex v0.0.0-20180227211930-4b158bb555a3 // indirect
+	github.com/blevesearch/go-porterstemmer v0.0.0-20141230013033-23a2c8e5cf1f // indirect
+	github.com/blevesearch/segment v0.0.0-20160105220820-db70c57796cc // indirect
+	github.com/boombuler/barcode v0.0.0-20161226211916-fe0f26ff6d26 // indirect
+	github.com/bradfitz/gomemcache v0.0.0-20160117192205-fb1f79c6b65a // indirect
+	github.com/chaseadamsio/goorgeous v0.0.0-20170901132237-098da33fde5f
+	github.com/couchbase/gomemcached v0.0.0-20181122193126-5125a94a666c // indirect
+	github.com/couchbase/goutils v0.0.0-20180530154633-e865a1461c8a // indirect
+	github.com/couchbase/vellum v0.0.0-20190111184608-e91b68ff3efe // indirect
+	github.com/couchbaselabs/go-couchbase v0.0.0-20190117181324-d904413d884d // indirect
+	github.com/cznic/b v0.0.0-20181122101859-a26611c4d92d // indirect
+	github.com/cznic/mathutil v0.0.0-20181122101859-297441e03548 // indirect
+	github.com/cznic/strutil v0.0.0-20181122101858-275e90344537 // indirect
+	github.com/denisenkom/go-mssqldb v0.0.0-20190121005146-b04fd42d9952
+	github.com/dgrijalva/jwt-go v3.2.0+incompatible
+	github.com/edsrzf/mmap-go v0.0.0-20170320065105-0bce6a688712 // indirect
+	github.com/emirpasic/gods v1.12.0
+	github.com/etcd-io/bbolt v1.3.2 // indirect
+	github.com/ethantkoenig/rupture v0.0.0-20180203182544-0a76f03a811a
+	github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a // indirect
+	github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 // indirect
+	github.com/facebookgo/freeport v0.0.0-20150612182905-d4adf43b75b9 // indirect
+	github.com/facebookgo/grace v0.0.0-20160926231715-5729e484473f
+	github.com/facebookgo/httpdown v0.0.0-20160323221027-a3b1354551a2 // indirect
+	github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 // indirect
+	github.com/facebookgo/stats v0.0.0-20151006221625-1b76add642e4 // indirect
+	github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870 // indirect
+	github.com/gliderlabs/ssh v0.1.4 // indirect
+	github.com/glycerine/go-unsnap-stream v0.0.0-20180323001048-9f0cb55181dd // indirect
+	github.com/glycerine/goconvey v0.0.0-20190315024820-982ee783a72e // indirect
+	github.com/go-macaron/binding v0.0.0-20160711225916-9440f336b443
+	github.com/go-macaron/cache v0.0.0-20151013081102-561735312776
+	github.com/go-macaron/captcha v0.0.0-20151123225153-8aa5919789ab
+	github.com/go-macaron/cors v0.0.0-20190309005821-6fd6a9bfe14e9
+	github.com/go-macaron/csrf v0.0.0-20180426211211-503617c6b372
+	github.com/go-macaron/i18n v0.0.0-20160612092837-ef57533c3b0f
+	github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191
+	github.com/go-macaron/session v0.0.0-20190131233854-0a0a789bf193
+	github.com/go-macaron/toolbox v0.0.0-20180818072302-a77f45a7ce90
+	github.com/go-redis/redis v6.15.2+incompatible
+	github.com/go-sql-driver/mysql v1.4.1
+	github.com/go-xorm/core v0.6.0 // indirect
+	github.com/go-xorm/xorm v0.7.3-0.20190620151208-f1b4f8368459
+	github.com/gogits/chardet v0.0.0-20150115103509-2404f7772561
+	github.com/gogits/cron v0.0.0-20160810035002-7f3990acf183
+	github.com/google/go-cmp v0.3.0 // indirect
+	github.com/google/go-github/v24 v24.0.1
+	github.com/gorilla/context v1.1.1
+	github.com/issue9/assert v1.3.2 // indirect
+	github.com/issue9/identicon v0.0.0-20160320065130-d36b54562f4c
+	github.com/jaytaylor/html2text v0.0.0-20160923191438-8fb95d837f7d
+	github.com/jmhodges/levigo v1.0.0 // indirect
+	github.com/joho/godotenv v1.3.0 // indirect
+	github.com/kballard/go-shellquote v0.0.0-20170619183022-cd60e84ee657
+	github.com/keybase/go-crypto v0.0.0-20170605145657-00ac4db533f6
+	github.com/klauspost/compress v0.0.0-20161025140425-8df558b6cb6f
+	github.com/klauspost/cpuid v0.0.0-20160302075316-09cded8978dc // indirect
+	github.com/klauspost/crc32 v0.0.0-20161016154125-cb6bfca970f6 // indirect
+	github.com/lafriks/xormstore v1.0.0
+	github.com/lib/pq v1.1.0
+	github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96
+	github.com/lunny/levelqueue v0.0.0-20190217115915-02b525a4418e
+	github.com/lunny/log v0.0.0-20160921050905-7887c61bf0de // indirect
+	github.com/lunny/nodb v0.0.0-20160621015157-fc1ef06ad4af // indirect
+	github.com/markbates/goth v1.49.0
+	github.com/mattn/go-isatty v0.0.7
+	github.com/mattn/go-oci8 v0.0.0-20190320171441-14ba190cf52d // indirect
+	github.com/mattn/go-sqlite3 v1.10.0
+	github.com/mcuadros/go-version v0.0.0-20190308113854-92cdf37c5b75
+	github.com/microcosm-cc/bluemonday v0.0.0-20161012083705-f77f16ffc87a
+	github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae // indirect
+	github.com/msteinert/pam v0.0.0-20151204160544-02ccfbfaf0cc
+	github.com/nfnt/resize v0.0.0-20160724205520-891127d8d1b5
+	github.com/oliamb/cutter v0.2.2
+	github.com/philhofer/fwd v1.0.0 // indirect
+	github.com/pquerna/otp v0.0.0-20160912161815-54653902c20e
+	github.com/prometheus/client_golang v0.9.3
+	github.com/remyoudompheng/bigfft v0.0.0-20190321074620-2f0d2b0e0001 // indirect
+	github.com/russross/blackfriday v0.0.0-20180428102519-11635eb403ff
+	github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca // indirect
+	github.com/satori/go.uuid v1.2.0
+	github.com/sergi/go-diff v1.0.0
+	github.com/shurcooL/httpfs v0.0.0-20190527155220-6a4d4a70508b // indirect
+	github.com/shurcooL/sanitized_anchor_name v0.0.0-20160918041101-1dba4b3954bc // indirect
+	github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd
+	github.com/siddontang/go-snappy v0.0.0-20140704025258-d8f7bb82a96d // indirect
+	github.com/smartystreets/goconvey v0.0.0-20190306220146-200a235640ff // indirect
+	github.com/steveyen/gtreap v0.0.0-20150807155958-0abe01ef9be2 // indirect
+	github.com/stretchr/testify v1.3.0
+	github.com/tecbot/gorocksdb v0.0.0-20181010114359-8752a9433481 // indirect
+	github.com/tinylib/msgp v0.0.0-20180516164116-c8cf64dff200 // indirect
+	github.com/tstranex/u2f v1.0.0
+	github.com/urfave/cli v1.20.0
+	github.com/willf/bitset v0.0.0-20180426185212-8ce1146b8621 // indirect
+	github.com/yohcop/openid-go v0.0.0-20160914080427-2c050d2dae53
+	go.etcd.io/bbolt v1.3.2 // indirect
+	golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443
+	golang.org/x/net v0.0.0-20190613194153-d28f0bde5980
+	golang.org/x/oauth2 v0.0.0-20181101160152-c453e0c75759
+	golang.org/x/sys v0.0.0-20190618155005-516e3c20635f
+	golang.org/x/text v0.3.2
+	golang.org/x/tools v0.0.0-20190618163018-fdf1049a943a // indirect
+	gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc // indirect
+	gopkg.in/asn1-ber.v1 v1.0.0-20150924051756-4e86f4367175 // indirect
+	gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e // indirect
+	gopkg.in/editorconfig/editorconfig-core-go.v1 v1.2.0
+	gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df
+	gopkg.in/ini.v1 v1.42.0
+	gopkg.in/ldap.v3 v3.0.2
+	gopkg.in/macaron.v1 v1.3.2
+	gopkg.in/redis.v2 v2.3.2 // indirect
+	gopkg.in/src-d/go-billy.v4 v4.3.0
+	gopkg.in/src-d/go-git.v4 v4.12.0
+	gopkg.in/stretchr/testify.v1 v1.2.2 // indirect
+	gopkg.in/testfixtures.v2 v2.5.0
+	gopkg.in/yaml.v2 v2.2.2 // indirect
+	mvdan.cc/xurls/v2 v2.0.0
+	strk.kbt.io/projects/go/libravatar v0.0.0-20160628055650-5eed7bff870a
+	xorm.io/builder v0.3.5
+	xorm.io/core v0.6.3
+)
+
+replace github.com/denisenkom/go-mssqldb => github.com/denisenkom/go-mssqldb v0.0.0-20180314172330-6a30f4e59a44
--- a/go.sum
+++ b/go.sum
@@ -0,0 +1,461 @@
+cloud.google.com/go v0.30.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+cloud.google.com/go v0.34.0 h1:eOI3/cP2VTU6uZLDYAoic+eyzzB9YyGmJ7eIjl8rOPg=
+cloud.google.com/go v0.34.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw=
+github.com/BurntSushi/toml v0.3.1 h1:WXkYYl6Yr3qBf1K79EBnL4mak0OimBfB0XUf9Vl28OQ=
+github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU=
+github.com/OneOfOne/xxhash v1.2.2/go.mod h1:HSdplMjZKSmBqAxg5vPj2TmRDmfkzw+cTzAElWljhcU=
+github.com/PuerkitoBio/goquery v0.0.0-20170324135448-ed7d758e9a34 h1:UsHpWO0Elp6NaWVARdZHjiYwkhrspHVEGsyIKPb9OI8=
+github.com/PuerkitoBio/goquery v0.0.0-20170324135448-ed7d758e9a34/go.mod h1:T9ezsOHcCrDCgA8aF1Cqr3sSYbO/xgdy8/R/XiIMAhA=
+github.com/RoaringBitmap/roaring v0.4.7 h1:eGUudvFzvF7Kxh7JjYvXfI1f7l22/2duFby7r5+d4oc=
+github.com/RoaringBitmap/roaring v0.4.7/go.mod h1:8khRDP4HmeXns4xIj9oGrKSz7XTQiJx2zgh7AcNke4w=
+github.com/Unknwon/cae v0.0.0-20160715032808-c6aac99ea2ca h1:xU8R31tsvj6TesCBog973+UgI3TXjh/LqN5clki6hcc=
+github.com/Unknwon/cae v0.0.0-20160715032808-c6aac99ea2ca/go.mod h1:IRSre9/SEhVuy972TVuJLyaPTS73+8Owhe0Y0l9NXHc=
+github.com/Unknwon/com v0.0.0-20190321035513-0fed4efef755 h1:1B7wb36fHLSwZfHg6ngZhhtIEHQjiC5H4p7qQGBEffg=
+github.com/Unknwon/com v0.0.0-20190321035513-0fed4efef755/go.mod h1:voKvFVpXBJxdIPeqjoJuLK+UVcRlo/JLjeToGxPYu68=
+github.com/Unknwon/i18n v0.0.0-20171114194641-b64d33658966 h1:Mp8GNJ/tdTZIEdLdZfykEJaL3mTyEYrSzYNcdoQKpJk=
+github.com/Unknwon/i18n v0.0.0-20171114194641-b64d33658966/go.mod h1:SFtfq0zFPsENI7DpE87QM2hcYu5QQ0fRdCgP+P1Hrqo=
+github.com/Unknwon/paginater v0.0.0-20151104151617-7748a72e0141 h1:SSvHGK7iMpeypcHjI8UzNMz7zW/K8/dcgqk/82lCYP0=
+github.com/Unknwon/paginater v0.0.0-20151104151617-7748a72e0141/go.mod h1:fw0McLecf/G5NFwddCRmDckU6yovtk1YsgWIoepMbYo=
+github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7 h1:uSoVVbwJiQipAclBbw+8quDsfcvFjOpI5iCf4p/cqCs=
+github.com/alcortesm/tgz v0.0.0-20161220082320-9c5fe88206d7/go.mod h1:6zEj6s6u/ghQa61ZWa/C2Aw3RkjiTBOix7dkqa1VLIs=
+github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
+github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
+github.com/andybalholm/cascadia v0.0.0-20161224141413-349dd0209470 h1:4jHLmof+Hba81591gfH5xYA8QXzuvgksxwPNrmjR2BA=
+github.com/andybalholm/cascadia v0.0.0-20161224141413-349dd0209470/go.mod h1:3I+3V7B6gTBYfdpYgIG2ymALS9H+5VDKUl3lHH7ToM4=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239 h1:kFOfPq6dUM1hTo4JG6LR5AXSUEsOjtdm0kw0FtQtMJA=
+github.com/anmitsu/go-shlex v0.0.0-20161002113705-648efa622239/go.mod h1:2FmKhYUyUczH0OGQWaF5ceTx0UBShxjsH6f8oGKYe2c=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPdPJAN/hZIm0C4OItdklCFmMRWYpio=
+github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973 h1:xJ4a3vCFaGF/jqvzLMYoU8P317H5OQ+Via4RmuPwCS0=
+github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
+github.com/beorn7/perks v1.0.0 h1:HWo1m869IqiPhD389kmkxeTalrjNbbJTC8LXupb+sl0=
+github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
+github.com/bgentry/speakeasy v0.1.0 h1:ByYyxL9InA1OWqxJqqp2A5pYHUrCiAL6K3J+LKSsQkY=
+github.com/bgentry/speakeasy v0.1.0/go.mod h1:+zsyZBPWlz7T6j88CTgSN5bM796AkVf0kBD4zp0CCIs=
+github.com/blevesearch/bleve v0.0.0-20190214220507-05d86ea8f6e3 h1:vinCy/rcjbtxWnMiw11CbMKcuyNi+y4L4MbZUpk7m4M=
+github.com/blevesearch/bleve v0.0.0-20190214220507-05d86ea8f6e3/go.mod h1:Y2lmIkzV6mcNfAnAdOd+ZxHkHchhBfU/xroGIp61wfw=
+github.com/blevesearch/blevex v0.0.0-20180227211930-4b158bb555a3 h1:U6vnxZrTfItfiUiYx0lf/LgHjRSfaKK5QHSom3lEbnA=
+github.com/blevesearch/blevex v0.0.0-20180227211930-4b158bb555a3/go.mod h1:WH+MU2F4T0VmSdaPX+Wu5GYoZBrYWdOZWSjzvYcDmqQ=
+github.com/blevesearch/go-porterstemmer v0.0.0-20141230013033-23a2c8e5cf1f h1:J9ZVHbB2X6JNxbKw/f3Y4E9Xq+Ro+zPiivzgmi3RTvg=
+github.com/blevesearch/go-porterstemmer v0.0.0-20141230013033-23a2c8e5cf1f/go.mod h1:haWQqFT3RdOGz7PJuM3or/pWNJS1pKkoZJWCkWu0DVA=
+github.com/blevesearch/segment v0.0.0-20160105220820-db70c57796cc h1:7OfDAkuAGx71ruzOIFqCkHqGIsVZU0C7PMw5u1bIrwU=
+github.com/blevesearch/segment v0.0.0-20160105220820-db70c57796cc/go.mod h1:IInt5XRvpiGE09KOk9mmCMLjHhydIhNPKPPFLFBB7L8=
+github.com/boombuler/barcode v0.0.0-20161226211916-fe0f26ff6d26 h1:NGpwhs9FOwddM6TptNrq2ycby4s24TcppSe5uG4DA/Q=
+github.com/boombuler/barcode v0.0.0-20161226211916-fe0f26ff6d26/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8=
+github.com/bradfitz/gomemcache v0.0.0-20160117192205-fb1f79c6b65a h1:k5TuEkqEYCRs8+66WdOkswWOj+L/YbP5ruainvn94wg=
+github.com/bradfitz/gomemcache v0.0.0-20160117192205-fb1f79c6b65a/go.mod h1:PmM6Mmwb0LSuEubjR8N7PtNe1KxZLtOUHtbeikc5h60=
+github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc=
+github.com/chaseadamsio/goorgeous v0.0.0-20170901132237-098da33fde5f h1:REH9VH5ubNR0skLaOxK7TRJeRbE2dDfvaouQo8FsRcA=
+github.com/chaseadamsio/goorgeous v0.0.0-20170901132237-098da33fde5f/go.mod h1:6QaC0vFoKWYDth94dHFNgRT2YkT5FHdQp/Yx15aAAi0=
+github.com/cockroachdb/apd v1.1.0 h1:3LFP3629v+1aKXU5Q37mxmRxX/pIu1nijXydLShEq5I=
+github.com/cockroachdb/apd v1.1.0/go.mod h1:8Sl8LxpKi29FqWXR16WEFZRNSz3SoPzUzeMeY4+DwBQ=
+github.com/couchbase/gomemcached v0.0.0-20181122193126-5125a94a666c h1:K4FIibkr4//ziZKOKmt4RL0YImuTjLLBtwElf+F2lSQ=
+github.com/couchbase/gomemcached v0.0.0-20181122193126-5125a94a666c/go.mod h1:srVSlQLB8iXBVXHgnqemxUXqN6FCvClgCMPCsjBDR7c=
+github.com/couchbase/goutils v0.0.0-20180530154633-e865a1461c8a h1:Y5XsLCEhtEI8qbD9RP3Qlv5FXdTDHxZM9UPUnMRgBp8=
+github.com/couchbase/goutils v0.0.0-20180530154633-e865a1461c8a/go.mod h1:BQwMFlJzDjFDG3DJUdU0KORxn88UlsOULuxLExMh3Hs=
+github.com/couchbase/vellum v0.0.0-20190111184608-e91b68ff3efe h1:2o6Y7KMjJNsuMTF8f2H2eTKRhqH7+bQbjr+D+LnhE5M=
+github.com/couchbase/vellum v0.0.0-20190111184608-e91b68ff3efe/go.mod h1:prYTC8EgTu3gwbqJihkud9zRXISvyulAplQ6exdCo1g=
+github.com/couchbaselabs/go-couchbase v0.0.0-20190117181324-d904413d884d h1:lsBRLJe/ET6DjCaRblGwls80dOcOzhFVNJrO6uaMrMQ=
+github.com/couchbaselabs/go-couchbase v0.0.0-20190117181324-d904413d884d/go.mod h1:mby/05p8HE5yHEAKiIH/555NoblMs7PtW6NrYshDruc=
+github.com/cznic/b v0.0.0-20181122101859-a26611c4d92d h1:SwD98825d6bdB+pEuTxWOXiSjBrHdOl/UVp75eI7JT8=
+github.com/cznic/b v0.0.0-20181122101859-a26611c4d92d/go.mod h1:URriBxXwVq5ijiJ12C7iIZqlA69nTlI+LgI6/pwftG8=
+github.com/cznic/mathutil v0.0.0-20181122101859-297441e03548 h1:iwZdTE0PVqJCos1vaoKsclOGD3ADKpshg3SRtYBbwso=
+github.com/cznic/mathutil v0.0.0-20181122101859-297441e03548/go.mod h1:e6NPNENfs9mPDVNRekM7lKScauxd5kXTr1Mfyig6TDM=
+github.com/cznic/strutil v0.0.0-20181122101858-275e90344537 h1:MZRmHqDBd0vxNwenEbKSQqRVT24d3C05ft8kduSwlqM=
+github.com/cznic/strutil v0.0.0-20181122101858-275e90344537/go.mod h1:AHHPPPXTw0h6pVabbcbyGRK1DckRn7r/STdZEeIDzZc=
+github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
+github.com/denisenkom/go-mssqldb v0.0.0-20180314172330-6a30f4e59a44 h1:x0uHqLQTSEL9LKic8sWDt3ASkq07ve5ojIIUl5uF64M=
+github.com/denisenkom/go-mssqldb v0.0.0-20180314172330-6a30f4e59a44/go.mod h1:xN/JuLBIz4bjkxNmByTiV1IbhfnYb6oo99phBn4Eqhc=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible h1:7qlOGliEKZXTDg6OTjfoBKDXWrumCAMpl/TFQ4/5kLM=
+github.com/dgrijalva/jwt-go v3.2.0+incompatible/go.mod h1:E3ru+11k8xSBh+hMPgOLZmtrrCbhqsmaPHjLKYnJCaQ=
+github.com/dgryski/go-sip13 v0.0.0-20181026042036-e10d5fee7954/go.mod h1:vAd38F8PWV+bWy6jNmig1y/TA+kYO4g3RSRF0IAv0no=
+github.com/edsrzf/mmap-go v0.0.0-20170320065105-0bce6a688712 h1:aaQcKT9WumO6JEJcRyTqFVq4XUZiUcKR2/GI31TOcz8=
+github.com/edsrzf/mmap-go v0.0.0-20170320065105-0bce6a688712/go.mod h1:YO35OhQPt3KJa3ryjFM5Bs14WD66h8eGKpfaBNrHW5M=
+github.com/emirpasic/gods v1.12.0 h1:QAUIPSaCu4G+POclxeqb3F+WPpdKqFGlw36+yOzGlrg=
+github.com/emirpasic/gods v1.12.0/go.mod h1:YfzfFFoVP/catgzJb4IKIqXjX78Ha8FMSDh3ymbK86o=
+github.com/etcd-io/bbolt v1.3.2 h1:RLRQ0TKLX7DlBRXAJHvbmXL17Q3KNnTBtZ9B6Qo+/Y0=
+github.com/etcd-io/bbolt v1.3.2/go.mod h1:ZF2nL25h33cCyBtcyWeZ2/I3HQOfTP+0PIEvHjkjCrw=
+github.com/ethantkoenig/rupture v0.0.0-20180203182544-0a76f03a811a h1:M1bRpaZAn4GSsqu3hdK2R8H0AH9O6vqCTCbm2oAFGfE=
+github.com/ethantkoenig/rupture v0.0.0-20180203182544-0a76f03a811a/go.mod h1:MkKY/CB98aVE4VxO63X5vTQKUgcn+3XP15LMASe3lYs=
+github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a h1:yDWHCSQ40h88yih2JAcL6Ls/kVkSE8GFACTGVnMPruw=
+github.com/facebookgo/clock v0.0.0-20150410010913-600d898af40a/go.mod h1:7Ga40egUymuWXxAe151lTNnCv97MddSOVsjpPPkityA=
+github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51 h1:0JZ+dUmQeA8IIVUMzysrX4/AKuQwWhV2dYQuPZdvdSQ=
+github.com/facebookgo/ensure v0.0.0-20160127193407-b4ab57deab51/go.mod h1:Yg+htXGokKKdzcwhuNDwVvN+uBxDGXJ7G/VN1d8fa64=
+github.com/facebookgo/freeport v0.0.0-20150612182905-d4adf43b75b9 h1:wWke/RUCl7VRjQhwPlR/v0glZXNYzBHdNUzf/Am2Nmg=
+github.com/facebookgo/freeport v0.0.0-20150612182905-d4adf43b75b9/go.mod h1:uPmAp6Sws4L7+Q/OokbWDAK1ibXYhB3PXFP1kol5hPg=
+github.com/facebookgo/grace v0.0.0-20160926231715-5729e484473f h1:0mlfEUWnUDVZnqWEVHGerL5bKYDKMEmT/Qk/W/3nGuo=
+github.com/facebookgo/grace v0.0.0-20160926231715-5729e484473f/go.mod h1:KigFdumBXUPSwzLDbeuzyt0elrL7+CP7TKuhrhT4bcU=
+github.com/facebookgo/httpdown v0.0.0-20160323221027-a3b1354551a2 h1:3Zvf9wRhl1cOhckN1oRGWPOkIhOketmEcrQ4TeFAoR4=
+github.com/facebookgo/httpdown v0.0.0-20160323221027-a3b1354551a2/go.mod h1:TUV/fX3XrTtBQb5+ttSUJzcFgLNpILONFTKmBuk5RSw=
+github.com/facebookgo/stack v0.0.0-20160209184415-751773369052 h1:JWuenKqqX8nojtoVVWjGfOF9635RETekkoH6Cc9SX0A=
+github.com/facebookgo/stack v0.0.0-20160209184415-751773369052/go.mod h1:UbMTZqLaRiH3MsBH8va0n7s1pQYcu3uTb8G4tygF4Zg=
+github.com/facebookgo/stats v0.0.0-20151006221625-1b76add642e4 h1:0YtRCqIZs2+Tz49QuH6cJVw/IFqzo39gEqZ0iYLxD2M=
+github.com/facebookgo/stats v0.0.0-20151006221625-1b76add642e4/go.mod h1:vsJz7uE339KUCpBXx3JAJzSRH7Uk4iGGyJzR529qDIA=
+github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870 h1:E2s37DuLxFhQDg5gKsWoLBOB0n+ZW8s599zru8FJ2/Y=
+github.com/facebookgo/subset v0.0.0-20150612182917-8dac2c3c4870/go.mod h1:5tD+neXqOorC30/tWg0LCSkrqj/AR6gu8yY8/fpw1q0=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 h1:BHsljHzVlRcyQhjrss6TZTdY2VfCqZPbv5k3iBFa2ZQ=
+github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568/go.mod h1:xEzjJPgXI435gkrCt3MPfRiAkVrwSbHsst4LCFVfpJc=
+github.com/fsnotify/fsnotify v1.4.7 h1:IXs+QLmnXW2CcXuY+8Mzv/fWEsPGWxqefPtCP5CnV9I=
+github.com/fsnotify/fsnotify v1.4.7/go.mod h1:jwhsz4b93w/PPRr/qN1Yymfu8t87LnFCMoQvtojpjFo=
+github.com/gliderlabs/ssh v0.1.3/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/gliderlabs/ssh v0.1.4 h1:5N8AYXpaQAPy0L7linKa5aI+WRfyYagAhjksVzxh+mI=
+github.com/gliderlabs/ssh v0.1.4/go.mod h1:U7qILu1NlMHj9FlMhZLlkCdDnU1DBEAqr0aevW3Awn0=
+github.com/glycerine/go-unsnap-stream v0.0.0-20180323001048-9f0cb55181dd h1:r04MMPyLHj/QwZuMJ5+7tJcBr1AQjpiAK/rZWRrQT7o=
+github.com/glycerine/go-unsnap-stream v0.0.0-20180323001048-9f0cb55181dd/go.mod h1:/20jfyN9Y5QPEAprSgKAUr+glWDY39ZiUEAYOEv5dsE=
+github.com/glycerine/goconvey v0.0.0-20190315024820-982ee783a72e h1:SiEs4J3BKVIeaWrH3tKaz3QLZhJ68iJ/A4xrzIoE5+Y=
+github.com/glycerine/goconvey v0.0.0-20190315024820-982ee783a72e/go.mod h1:Ogl1Tioa0aV7gstGFO7KhffUsb9M4ydbEbbxpcEDc24=
+github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
+github.com/go-logfmt/logfmt v0.3.0/go.mod h1:Qt1PoO58o5twSAckw1HlFXLmHsOX5/0LbT9GBnD5lWE=
+github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk=
+github.com/go-macaron/binding v0.0.0-20160711225916-9440f336b443 h1:i801KPR7j76uRMLLlGVyb0hiYbgX1FM5+ur81TJWzIw=
+github.com/go-macaron/binding v0.0.0-20160711225916-9440f336b443/go.mod h1:u+H6rwW+HQwUL+w5uaEJSpIlVZDye1o9MB4Su0JfRfM=
+github.com/go-macaron/cache v0.0.0-20151013081102-561735312776 h1:UYIHS1r0WotqB5cIa0PAiV0m6GzD9rDBcn4alp5JgCw=
+github.com/go-macaron/cache v0.0.0-20151013081102-561735312776/go.mod h1:hHAsZm/oBZVcY+S7qdQL6Vbg5VrXF6RuKGuqsszt3Ok=
+github.com/go-macaron/captcha v0.0.0-20151123225153-8aa5919789ab h1:4VFhsA3GE5Wwq1Ymr8KWCmrOWi1wRLEgdj48LPfQjxI=
+github.com/go-macaron/captcha v0.0.0-20151123225153-8aa5919789ab/go.mod h1:j9TJ+0nwUOWBvNnm0bheHIPFf3cC62EQo7n7O6PbjZA=
+github.com/go-macaron/cors v0.0.0-20190309005821-6fd6a9bfe14e9 h1:A0QGzY6UHHEil0I2e7C21JenNNG0mmrj5d9SFWTlgr8=
+github.com/go-macaron/cors v0.0.0-20190309005821-6fd6a9bfe14e9/go.mod h1:utmMRnVIrXPSfA9MFcpIYKEpKawjKxf62vv62k4707E=
+github.com/go-macaron/csrf v0.0.0-20180426211211-503617c6b372 h1:acrx8CnDmlKl+BPoOOLEK9Ko+SrWFB5pxRuGkKj4iqo=
+github.com/go-macaron/csrf v0.0.0-20180426211211-503617c6b372/go.mod h1:oZGMxI7MBnicI0jJqJvH4qQzyrWKhtiKxLSJKHC+ydc=
+github.com/go-macaron/i18n v0.0.0-20160612092837-ef57533c3b0f h1:wDKrZFc9pYJlqFOf7EzGbFMrSFFtyHt3plr2uTdo8Rg=
+github.com/go-macaron/i18n v0.0.0-20160612092837-ef57533c3b0f/go.mod h1:MePM/dStkAh+PNzAdNSNl4SGDM2EZvZGken+KpJhM7s=
+github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191 h1:NjHlg70DuOkcAMqgt0+XA+NHwtu66MkTVVgR4fFWbcI=
+github.com/go-macaron/inject v0.0.0-20160627170012-d8a0b8677191/go.mod h1:VFI2o2q9kYsC4o7VP1HrEVosiZZTd+MVT3YZx4gqvJw=
+github.com/go-macaron/session v0.0.0-20190131233854-0a0a789bf193 h1:z/nqwd+ql/r6Q3QGnwNd6B89UjPytM0be5pDQV9TuWw=
+github.com/go-macaron/session v0.0.0-20190131233854-0a0a789bf193/go.mod h1:ScEJm9Gk+ez5JJTml5WlBIqavAfuE5nF8e4Gvyz/X+A=
+github.com/go-macaron/toolbox v0.0.0-20180818072302-a77f45a7ce90 h1:3wYKrRg9IjUMfaf3H0Hh7M5Li9ge79Y7aw2yujHa2jQ=
+github.com/go-macaron/toolbox v0.0.0-20180818072302-a77f45a7ce90/go.mod h1:Ut/NmkIMGVYlEdJBzEZgWVWG5ZpYS9BLmUgXfAgi+qM=
+github.com/go-redis/redis v6.15.2+incompatible h1:9SpNVG76gr6InJGxoZ6IuuxaCOQwDAhzyXg+Bs+0Sb4=
+github.com/go-redis/redis v6.15.2+incompatible/go.mod h1:NAIEuMOZ/fxfXJIrKDQDz8wamY7mA7PouImQ2Jvg6kA=
+github.com/go-sql-driver/mysql v1.4.1 h1:g24URVg0OFbNUTx9qqY1IRZ9D9z3iPyi5zKhQZpNwpA=
+github.com/go-sql-driver/mysql v1.4.1/go.mod h1:zAC/RDZ24gD3HViQzih4MyKcchzm+sOG5ZlKdlhCg5w=
+github.com/go-stack/stack v1.8.0 h1:5SgMzNM5HxrEjV0ww2lTmX6E2Izsfxas4+YHWRs3Lsk=
+github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
+github.com/go-xorm/core v0.6.0 h1:tp6hX+ku4OD9khFZS8VGBDRY3kfVCtelPfmkgCyHxL0=
+github.com/go-xorm/core v0.6.0/go.mod h1:d8FJ9Br8OGyQl12MCclmYBuBqqxsyeedpXciV5Myih8=
+github.com/go-xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a h1:9wScpmSP5A3Bk8V3XHWUcJmYTh+ZnlHVyc+A4oZYS3Y=
+github.com/go-xorm/sqlfiddle v0.0.0-20180821085327-62ce714f951a/go.mod h1:56xuuqnHyryaerycW3BfssRdxQstACi0Epw/yC5E2xM=
+github.com/go-xorm/xorm v0.7.3-0.20190620151208-f1b4f8368459 h1:JGEuhH169J7Wtm1hN/HFOGENsAq+6FDHfuhGEZj/1e4=
+github.com/go-xorm/xorm v0.7.3-0.20190620151208-f1b4f8368459/go.mod h1:UK1YDlWscDspd23xW9HC24749jhvwO6riZ/HUt3gbHQ=
+github.com/gogits/chardet v0.0.0-20150115103509-2404f7772561 h1:deE7ritpK04PgtpyVOS2TYcQEld9qLCD5b5EbVNOuLA=
+github.com/gogits/chardet v0.0.0-20150115103509-2404f7772561/go.mod h1:YgYOrVn3Nj9Tq0EvjmFbphRytDj7JNRoWSStJZWDJTQ=
+github.com/gogits/cron v0.0.0-20160810035002-7f3990acf183 h1:EBTlva3AOSb80G3JSwY6ZMdILEZJ1JKuewrbqrNjWuE=
+github.com/gogits/cron v0.0.0-20160810035002-7f3990acf183/go.mod h1:pX+V62FFmklia2fhP3P4YSY6iJdPO5jIDKFQ5fEd5QE=
+github.com/gogo/protobuf v1.1.1/go.mod h1:r8qH/GZQm5c6nD/R0oafs1akxWv10x8SbQlK7atdtwQ=
+github.com/golang/protobuf v1.2.0 h1:P3YflyNX/ehuJFLhxviNdFxQPkGK5cDcApsge1SqnvM=
+github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
+github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
+github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db h1:woRePGFeVFfLKN/pOkfl+p/TAqKOfFu+7KPlMVpok/w=
+github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
+github.com/google/go-cmp v0.2.0 h1:+dTQ8DZQJz0Mb/HjFlkptS1FeQ4cWSnN941F8aEG4SQ=
+github.com/google/go-cmp v0.2.0/go.mod h1:oXzfMopK8JAjlY9xF4vHSVASa0yLyX7SntLO5aqRK0M=
+github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
+github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-github v17.0.0+incompatible h1:N0LgJ1j65A7kfXrZnUDaYCs/Sf4rEjNlfyDHW9dolSY=
+github.com/google/go-github v17.0.0+incompatible/go.mod h1:zLgOLi98H3fifZn+44m+umXrS52loVEgC2AApnigrVQ=
+github.com/google/go-github/v24 v24.0.1 h1:KCt1LjMJEey1qvPXxa9SjaWxwTsCWSq6p2Ju57UR4Q4=
+github.com/google/go-github/v24 v24.0.1/go.mod h1:CRqaW1Uns1TCkP0wqTpxYyRxRjxwvKU/XSS44u6X74M=
+github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
+github.com/google/go-querystring v1.0.0/go.mod h1:odCYkC5MyYFN7vkCjXpyrEuKhc/BUO6wN/zVPAxq5ck=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1 h1:EGx4pi6eqNxGaHF6qqu48+N2wcFQ5qg5FXgOdqsJ5d8=
+github.com/gopherjs/gopherjs v0.0.0-20181017120253-0766667cb4d1/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e h1:JKmoR8x90Iww1ks85zJ1lfDGgIiMDuIptTOhJq+zKyg=
+github.com/gopherjs/gopherjs v0.0.0-20181103185306-d547d1d9531e/go.mod h1:wJfORRmW1u3UXTncJ5qlYoELFm8eSnnEO6hX4iZ3EWY=
+github.com/gorilla/context v1.1.1 h1:AWwleXJkX/nhcU9bZSnZoi3h/qGYqQAGhq6zZe/aQW8=
+github.com/gorilla/context v1.1.1/go.mod h1:kBGZzfjB9CEq2AlWe17Uuf7NDRt0dE0s8S51q0aT7Yg=
+github.com/gorilla/mux v1.6.2 h1:Pgr17XVTNXAk3q/r4CpKzC5xBM/qW1uVLV+IhRZpIIk=
+github.com/gorilla/mux v1.6.2/go.mod h1:1lud6UwP+6orDFRuTfBEV8e9/aOM/c4fVVCaMa2zaAs=
+github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1 h1:LqbZZ9sNMWVjeXS4NN5oVvhMjDyLhmA1LG86oSo+IqY=
+github.com/gorilla/pat v0.0.0-20180118222023-199c85a7f6d1/go.mod h1:YeAe0gNeiNT5hoiZRI4yiOky6jVdNvfO2N6Kav/HmxY=
+github.com/gorilla/securecookie v1.1.1 h1:miw7JPhV+b/lAHSXz4qd/nN9jRiAFV5FwjeKyCS8BvQ=
+github.com/gorilla/securecookie v1.1.1/go.mod h1:ra0sb63/xPlUeL+yeDciTfxMRAA+MP+HVt/4epWDjd4=
+github.com/gorilla/sessions v1.1.1 h1:YMDmfaK68mUixINzY/XjscuJ47uXFWSSHzFbBQM0PrE=
+github.com/gorilla/sessions v1.1.1/go.mod h1:8KCfur6+4Mqcc6S0FEfKuN15Vl5MgXW92AE8ovaJD0w=
+github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
+github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
+github.com/issue9/assert v1.3.2 h1:IaTa37u4m1fUuTH9K9ldO5IONKVDXjLiUO1T9vj0OF0=
+github.com/issue9/assert v1.3.2/go.mod h1:9Ger+iz8X7r1zMYYwEhh++2wMGWcNN2oVI+zIQXxcio=
+github.com/issue9/identicon v0.0.0-20160320065130-d36b54562f4c h1:A/PDn117UYld5mlxe58EpMguqpkeTMw5/FCo0ZPS/Ko=
+github.com/issue9/identicon v0.0.0-20160320065130-d36b54562f4c/go.mod h1:5mTb/PQNkqmq2x3IxlQZE0aSnTksJg7fg/oWmJ5SKXQ=
+github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 h1:vr3AYkKovP8uR8AvSGGUK1IDqRa5lAAvEkZG1LKaCRc=
+github.com/jackc/fake v0.0.0-20150926172116-812a484cc733/go.mod h1:WrMFNQdiFJ80sQsxDoMokWK1W5TQtxBFNpzWTD84ibQ=
+github.com/jackc/pgx v3.3.0+incompatible h1:Wa90/+qsITBAPkAZjiByeIGHFcj3Ztu+VzrrIpHjL90=
+github.com/jackc/pgx v3.3.0+incompatible/go.mod h1:0ZGrqGqkRlliWnWB4zKnWtjbSWbGkVEFm4TeybAXq+I=
+github.com/jarcoal/httpmock v0.0.0-20180424175123-9c70cfe4a1da/go.mod h1:ks+b9deReOc7jgqp+e7LuFiCBH6Rm5hL32cLcEAArb4=
+github.com/jaytaylor/html2text v0.0.0-20160923191438-8fb95d837f7d h1:ig/iUfDDg06RVW8OMby+GrmW6K2nPO3AFHlEIdvJSd4=
+github.com/jaytaylor/html2text v0.0.0-20160923191438-8fb95d837f7d/go.mod h1:CVKlgaMiht+LXvHG173ujK6JUhZXKb2u/BQtjPDIvyk=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99 h1:BQSFePA1RWJOlocH6Fxy8MmwDt+yVQYULKfN0RoTN8A=
+github.com/jbenet/go-context v0.0.0-20150711004518-d14ea06fba99/go.mod h1:1lJo3i6rXxKeerYnT8Nvf0QmHCRC1n8sfWVwXF2Frvo=
+github.com/jessevdk/go-flags v1.4.0 h1:4IU2WS7AumrZ/40jfhf4QVDMsQwqA7VEHozFRrGARJA=
+github.com/jessevdk/go-flags v1.4.0/go.mod h1:4FA24M0QyGHXBuZZK/XkWh8h0e1EYbRYJSGM75WSRxI=
+github.com/jmhodges/levigo v1.0.0 h1:q5EC36kV79HWeTBWsod3mG11EgStG3qArTKcvlksN1U=
+github.com/jmhodges/levigo v1.0.0/go.mod h1:Q6Qx+uH3RAqyK4rFQroq9RL7mdkABMcfhEI+nNuzMJQ=
+github.com/joho/godotenv v1.3.0 h1:Zjp+RcGpHhGlrMbJzXTrZZPrWj+1vfm90La1wgB6Bhc=
+github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
+github.com/jtolds/gls v4.2.1+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
+github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
+github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
+github.com/kballard/go-shellquote v0.0.0-20170619183022-cd60e84ee657 h1:vE7J1m7cCpiRVEIr1B5ccDxRpbPsWT5JU3if2Di5nE4=
+github.com/kballard/go-shellquote v0.0.0-20170619183022-cd60e84ee657/go.mod h1:CzGEWj7cYgsdH8dAjBGEr58BoE7ScuLd+fwFZ44+/x8=
+github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e h1:RgQk53JHp/Cjunrr1WlsXSZpqXn+uREuHvUVcK82CV8=
+github.com/kevinburke/ssh_config v0.0.0-20180830205328-81db2a75821e/go.mod h1:CT57kijsi8u/K/BOFA39wgDQJ9CxiF4nAY/ojJ6r6mM=
+github.com/keybase/go-crypto v0.0.0-20170605145657-00ac4db533f6 h1:9mszGwKDxHEY2cy+9XxCQKWIfkGPSAEFrcN8ghzyAKg=
+github.com/keybase/go-crypto v0.0.0-20170605145657-00ac4db533f6/go.mod h1:ghbZscTyKdM07+Fw3KSi0hcJm+AlEUWj8QLlPtijN/M=
+github.com/klauspost/compress v0.0.0-20161025140425-8df558b6cb6f h1:tCnZKEmDovgV4jmsclh6CuKk9AMzTzyVWfejgkgccVg=
+github.com/klauspost/compress v0.0.0-20161025140425-8df558b6cb6f/go.mod h1:RyIbtBH6LamlWaDj8nUwkbUhJ87Yi3uG0guNDohfE1A=
+github.com/klauspost/cpuid v0.0.0-20160302075316-09cded8978dc h1:WW8B7p7QBnFlqRVv/k6ro/S8Z7tCnYjJHcQNScx9YVs=
+github.com/klauspost/cpuid v0.0.0-20160302075316-09cded8978dc/go.mod h1:Pj4uuM528wm8OyEC2QMXAi2YiTZ96dNQPGgoMS4s3ek=
+github.com/klauspost/crc32 v0.0.0-20161016154125-cb6bfca970f6 h1:KAZ1BW2TCmT6PRihDPpocIy1QTtsAsrx6TneU/4+CMg=
+github.com/klauspost/crc32 v0.0.0-20161016154125-cb6bfca970f6/go.mod h1:+ZoRqAPRLkC4NPOvfYeR5KNOrY6TD+/sAC3HXPZgDYg=
+github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ=
+github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc=
+github.com/kr/pretty v0.1.0 h1:L/CwN0zerZDmRFUapSPitk6f+Q3+0za1rQkzVuMiMFI=
+github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo=
+github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ=
+github.com/kr/text v0.1.0 h1:45sCR5RtlFHMR4UwH9sdQ5TC8v0qDQCHnXt+kaKSTVE=
+github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI=
+github.com/lafriks/xormstore v1.0.0 h1:P/IJzNSIpjXl/Up3o2Td5ZU/x4v6DEKLMaPQJGtmJCk=
+github.com/lafriks/xormstore v1.0.0/go.mod h1:dD8vHNRfEp3Uy+JvX9cMi2SXcRKJ0x4pYKsZuy843Ic=
+github.com/lib/pq v1.0.0 h1:X5PMW56eZitiTeO7tKzZxFCSpbFZJtkMMooicw2us9A=
+github.com/lib/pq v1.0.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lib/pq v1.1.0 h1:/5u4a+KGJptBRqGzPvYQL9p0d/tPR4S31+Tnzj9lEO4=
+github.com/lib/pq v1.1.0/go.mod h1:5WUZQaWbwv1U+lTReE5YruASi9Al49XbQIvNi/34Woo=
+github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96 h1:uNwtsDp7ci48vBTTxDuwcoTXz4lwtDTe7TjCQ0noaWY=
+github.com/lunny/dingtalk_webhook v0.0.0-20171025031554-e3534c89ef96/go.mod h1:mmIfjCSQlGYXmJ95jFN84AkQFnVABtKuJL8IrzwvUKQ=
+github.com/lunny/levelqueue v0.0.0-20190217115915-02b525a4418e h1:GSprKUrG9wNgwQgROvjPGXmcZrg4OLslOuZGB0uJjx8=
+github.com/lunny/levelqueue v0.0.0-20190217115915-02b525a4418e/go.mod h1:rQZVENnBOiVakCs97XvclbwJRTAv77CRFWcYVNDkVf8=
+github.com/lunny/log v0.0.0-20160921050905-7887c61bf0de h1:nyxwRdWHAVxpFcDThedEgQ07DbcRc5xgNObtbTp76fk=
+github.com/lunny/log v0.0.0-20160921050905-7887c61bf0de/go.mod h1:3q8WtuPQsoRbatJuy3nvq/hRSvuBJrHHr+ybPPiNvHQ=
+github.com/lunny/nodb v0.0.0-20160621015157-fc1ef06ad4af h1:UaWHNBdukWrSG3DRvHFR/hyfg681fceqQDYVTBncKfQ=
+github.com/lunny/nodb v0.0.0-20160621015157-fc1ef06ad4af/go.mod h1:Cqz6pqow14VObJ7peltM+2n3PWOz7yTrfUuGbVFkzN0=
+github.com/markbates/going v1.0.0/go.mod h1:I6mnB4BPnEeqo85ynXIx1ZFLLbtiLHNXVgWeFO9OGOA=
+github.com/markbates/goth v1.49.0 h1:qQ4Ti4WaqAxNAggOC+4s5M85sMVfMJwQn/Xkp73wfgI=
+github.com/markbates/goth v1.49.0/go.mod h1:zZmAw0Es0Dpm7TT/4AdN14QrkiWLMrrU9Xei1o+/mdA=
+github.com/mattn/go-isatty v0.0.7 h1:UvyT9uN+3r7yLEYSlJsbQGdsaB/a0DlgWP3pql6iwOc=
+github.com/mattn/go-isatty v0.0.7/go.mod h1:Iq45c/XA43vh69/j3iqttzPXn0bhXyGjM0Hdxcsrc5s=
+github.com/mattn/go-oci8 v0.0.0-20190320171441-14ba190cf52d h1:m+dSK37rFf2fqppZhg15yI2IwC9BtucBiRwSDm9VL8g=
+github.com/mattn/go-oci8 v0.0.0-20190320171441-14ba190cf52d/go.mod h1:/M9VLO+lUPmxvoOK2PfWRZ8mTtB4q1Hy9lEGijv9Nr8=
+github.com/mattn/go-sqlite3 v1.10.0 h1:jbhqpg7tQe4SupckyijYiy0mJJ/pRyHvXf7JdWK860o=
+github.com/mattn/go-sqlite3 v1.10.0/go.mod h1:FPy6KqzDD04eiIsT53CuJW3U88zkxoIYsOqkbpncsNc=
+github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
+github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
+github.com/mcuadros/go-version v0.0.0-20190308113854-92cdf37c5b75 h1:Pijfgr7ZuvX7QIQiEwLdRVr3RoMG+i0SbBO1Qu+7yVk=
+github.com/mcuadros/go-version v0.0.0-20190308113854-92cdf37c5b75/go.mod h1:76rfSfYPWj01Z85hUf/ituArm797mNKcvINh1OlsZKo=
+github.com/microcosm-cc/bluemonday v0.0.0-20161012083705-f77f16ffc87a h1:d18LCO3ctH2kugUqt0pEyKKP8L+IYrocaPqGFilhTKk=
+github.com/microcosm-cc/bluemonday v0.0.0-20161012083705-f77f16ffc87a/go.mod h1:hsXNsILzKxV+sX77C5b8FSuKF00vh2OMYv+xgHpAMF4=
+github.com/mitchellh/go-homedir v1.1.0 h1:lukF9ziXFxDFPkA1vsr5zpc1XuPDn/wFntq5mG+4E0Y=
+github.com/mitchellh/go-homedir v1.1.0/go.mod h1:SfyaCUpYCn1Vlf4IUYiD9fPX4A5wJrkLzIz1N1q0pr0=
+github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c h1:3wkDRdxK92dF+c1ke2dtj7ZzemFWBHB9plnJOtlwdFA=
+github.com/mrjones/oauth v0.0.0-20180629183705-f4e24b6d100c/go.mod h1:skjdDftzkFALcuGzYSklqYd8gvat6F1gZJ4YPVbkZpM=
+github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae h1:VeRdUYdCw49yizlSbMEn2SZ+gT+3IUKx8BqxyQdz+BY=
+github.com/mschoch/smat v0.0.0-20160514031455-90eadee771ae/go.mod h1:qAyveg+e4CE+eKJXWVjKXM4ck2QobLqTDytGJbLLhJg=
+github.com/msteinert/pam v0.0.0-20151204160544-02ccfbfaf0cc h1:z1PgdCCmYYVL0BoJTUgmAq1p7ca8fzYIPsNyfsN3xAU=
+github.com/msteinert/pam v0.0.0-20151204160544-02ccfbfaf0cc/go.mod h1:np1wUFZ6tyoke22qDJZY40URn9Ae51gX7ljIWXN5TJs=
+github.com/mwitkow/go-conntrack v0.0.0-20161129095857-cc309e4a2223/go.mod h1:qRWi+5nqEBWmkhHvq77mSJWrCKwh8bxhgT7d/eI7P4U=
+github.com/nfnt/resize v0.0.0-20160724205520-891127d8d1b5 h1:BvoENQQU+fZ9uukda/RzCAL/191HHwJA5b13R6diVlY=
+github.com/nfnt/resize v0.0.0-20160724205520-891127d8d1b5/go.mod h1:jpp1/29i3P1S/RLdc7JQKbRpFeM1dOBd8T9ki5s+AY8=
+github.com/oklog/ulid v1.3.1/go.mod h1:CirwcVhetQ6Lv90oh/F+FBtV6XMibvdAFo93nm5qn4U=
+github.com/oliamb/cutter v0.2.2 h1:Lfwkya0HHNU1YLnGv2hTkzHfasrSMkgv4Dn+5rmlk3k=
+github.com/oliamb/cutter v0.2.2/go.mod h1:4BenG2/4GuRBDbVm/OPahDVqbrOemzpPiG5mi1iryBU=
+github.com/onsi/ginkgo v1.6.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/ginkgo v1.7.0 h1:WSHQ+IS43OoUrWtD1/bbclrwK8TTH5hzp+umCiuxHgs=
+github.com/onsi/ginkgo v1.7.0/go.mod h1:lLunBs/Ym6LB5Z9jYTR76FiuTmxDTDusOGeTQH+WWjE=
+github.com/onsi/gomega v1.4.3 h1:RE1xgDvH7imwFD45h+u2SgIfERHlS2yNG4DObb5BSKU=
+github.com/onsi/gomega v1.4.3/go.mod h1:ex+gbHU/CVuBBDIJjb2X0qEXbFg53c61hWP/1CpauHY=
+github.com/pelletier/go-buffruneio v0.2.0 h1:U4t4R6YkofJ5xHm3dJzuRpPZ0mr5MMCoAWooScCR7aA=
+github.com/pelletier/go-buffruneio v0.2.0/go.mod h1:JkE26KsDizTr40EUHkXVtNPvgGtbSNq5BcowyYOWdKo=
+github.com/philhofer/fwd v1.0.0 h1:UbZqGr5Y38ApvM/V/jEljVxwocdweyH+vmYvRPBnbqQ=
+github.com/philhofer/fwd v1.0.0/go.mod h1:gk3iGcWd9+svBvR0sR+KPcfE+RNWozjowpeBVG3ZVNU=
+github.com/pkg/errors v0.8.0/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pkg/errors v0.8.1 h1:iURUrRGxPUNPdy5/HRSm+Yj6okJ6UtLINN0Q9M4+h3I=
+github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
+github.com/pquerna/otp v0.0.0-20160912161815-54653902c20e h1:ApqncJ84HYN8x8x5WV1T1YWDuPRF/0aXZhr91LnRMCQ=
+github.com/pquerna/otp v0.0.0-20160912161815-54653902c20e/go.mod h1:Zad1CMQfSQZI5KLpahDiSUX4tMMREnXw98IvL1nhgMk=
+github.com/prometheus/client_golang v0.9.1/go.mod h1:7SWBe2y4D6OKWSNQJUaRYU/AaXPKyh/dDVn+NZz0KFw=
+github.com/prometheus/client_golang v0.9.3 h1:9iH4JKXLzFbOAdtqv/a+j8aewx2Y8lAjAydhbaScPF8=
+github.com/prometheus/client_golang v0.9.3/go.mod h1:/TN21ttK/J9q6uSwhBd54HahCDft0ttaMvbicHlPoso=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910 h1:idejC8f05m9MGOsuEi1ATq9shN03HrxNkD/luQvxCv8=
+github.com/prometheus/client_model v0.0.0-20180712105110-5c3871d89910/go.mod h1:MbSGuTsp3dbXC40dX6PRTWyKYBIrTGTE9sqQNg2J8bo=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90 h1:S/YWwWx/RA8rT8tKFRuGUZhuA90OyIBpPCXkcbwU8DE=
+github.com/prometheus/client_model v0.0.0-20190129233127-fd36f4220a90/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA=
+github.com/prometheus/common v0.0.0-20181113130724-41aa239b4cce/go.mod h1:daVV7qP5qjZbuso7PdcryaAu0sAZbrN9i7WWcTMWvro=
+github.com/prometheus/common v0.4.0 h1:7etb9YClo3a6HjLzfl6rIQaU+FDfi0VSX39io3aQ+DM=
+github.com/prometheus/common v0.4.0/go.mod h1:TNfzLD0ON7rHzMJeJkieUDPYmFC7Snx/y86RQel1bk4=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d h1:GoAlyOgbOEIFdaDqxJVlbOQ1DtGmZWs/Qau0hIlk+WQ=
+github.com/prometheus/procfs v0.0.0-20181005140218-185b4288413d/go.mod h1:c3At6R/oaqEKCNdg8wHV1ftS6bRYblBhIjjI8uT2IGk=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084 h1:sofwID9zm4tzrgykg80hfFph1mryUeLRsUfoocVVmRY=
+github.com/prometheus/procfs v0.0.0-20190507164030-5867b95ac084/go.mod h1:TjEm7ze935MbeOT/UhFTIMYKhuLP4wbCsTZCD3I8kEA=
+github.com/prometheus/tsdb v0.7.1/go.mod h1:qhTCs0VvXwvX/y3TZrWD7rabWM+ijKTux40TwIPHuXU=
+github.com/remyoudompheng/bigfft v0.0.0-20190321074620-2f0d2b0e0001 h1:YDeskXpkNDhPdWN3REluVa46HQOVuVkjkd2sWnrABNQ=
+github.com/remyoudompheng/bigfft v0.0.0-20190321074620-2f0d2b0e0001/go.mod h1:qqbHyh8v60DhA7CoWK5oRCqLrMHRGoxYCSS9EjAz6Eo=
+github.com/russross/blackfriday v0.0.0-20180428102519-11635eb403ff h1:g9ZlAHmkc/h5So+OjNCkZWh+FjuKEOOOoyRkqlGA8+c=
+github.com/russross/blackfriday v0.0.0-20180428102519-11635eb403ff/go.mod h1:JO/DiYxRf+HjHt06OyowR9PTA263kcR/rfWxYHBV53g=
+github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca h1:NugYot0LIVPxTvN8n+Kvkn6TrbMyxQiuvKdEwFdR9vI=
+github.com/saintfish/chardet v0.0.0-20120816061221-3af4cd4741ca/go.mod h1:uugorj2VCxiV1x+LzaIdVa9b4S4qGAcH6cbhh4qVxOU=
+github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
+github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
+github.com/sergi/go-diff v1.0.0 h1:Kpca3qRNrduNnOQeazBd0ysaKrUJiIuISHxogkT9RPQ=
+github.com/sergi/go-diff v1.0.0/go.mod h1:0CfEIISq7TuYL3j771MWULgwwjU+GofnZX9QAmXWZgo=
+github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24 h1:pntxY8Ary0t43dCZ5dqY4YTJCObLY1kIXl0uzMv+7DE=
+github.com/shopspring/decimal v0.0.0-20180709203117-cd690d0c9e24/go.mod h1:M+9NzErvs504Cn4c5DxATwIqPbtswREoFCre64PpcG4=
+github.com/shurcooL/httpfs v0.0.0-20190527155220-6a4d4a70508b h1:4kg1wyftSKxLtnPAvcRWakIPpokB9w780/KwrNLnfPA=
+github.com/shurcooL/httpfs v0.0.0-20190527155220-6a4d4a70508b/go.mod h1:ZY1cvUeJuFPAdZ/B6v7RHavJWZn2YPVFQ1OSXhCGOkg=
+github.com/shurcooL/sanitized_anchor_name v0.0.0-20160918041101-1dba4b3954bc h1:3wIrJvFb3Pf6B/2mDBnN1G5IfUVev4X5apadQlWOczE=
+github.com/shurcooL/sanitized_anchor_name v0.0.0-20160918041101-1dba4b3954bc/go.mod h1:1NzhyTcUVG4SuEtjjoZeVRXNmyL/1OwPU0+IJeTBvfc=
+github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd h1:ug7PpSOB5RBPK1Kg6qskGBoP3Vnj/aNYFTznWvlkGo0=
+github.com/shurcooL/vfsgen v0.0.0-20181202132449-6a9ea43bcacd/go.mod h1:TrYk7fJVaAttu97ZZKrO9UbRa8izdowaMIZcxYMbVaw=
+github.com/siddontang/go-snappy v0.0.0-20140704025258-d8f7bb82a96d h1:qQWKKOvHN7Q9c6GdmUteCef2F9ubxMpxY1IKwpIKz68=
+github.com/siddontang/go-snappy v0.0.0-20140704025258-d8f7bb82a96d/go.mod h1:vq0tzqLRu6TS7Id0wMo2N5QzJoKedVeovOpHjnykSzY=
+github.com/sirupsen/logrus v1.2.0/go.mod h1:LxeOpSwHxABJmUn/MG1IvRgCAasNZTLOkJPxbbu5VWo=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykElWQ6/NYmHa3jpm/yHnI4xSofP+UP6SpjHcSeM=
+github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304 h1:Jpy1PXuP99tXNrhbq2BaPz9B+jNAvH1JPQQpG/9GCXY=
+github.com/smartystreets/assertions v0.0.0-20190116191733-b6c0e53d7304/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
+github.com/smartystreets/goconvey v0.0.0-20181108003508-044398e4856c/go.mod h1:XDJAKZRPZ1CvBcN2aX5YOUTYGHki24fSF0Iv48Ibg0s=
+github.com/smartystreets/goconvey v0.0.0-20190306220146-200a235640ff h1:86HlEv0yBCry9syNuylzqznKXDK11p6D0DT596yNMys=
+github.com/smartystreets/goconvey v0.0.0-20190306220146-200a235640ff/go.mod h1:KSQcGKpxUMHk3nbYzs/tIBAM2iDooCn0BmttHOJEbLs=
+github.com/spaolacci/murmur3 v0.0.0-20180118202830-f09979ecbc72/go.mod h1:JwIasOWyU6f++ZhiEuf87xNszmSA2myDM2Kzu9HwQUA=
+github.com/src-d/gcfg v1.4.0 h1:xXbNR5AlLSA315x2UO+fTSSAXCDf+Ar38/6oyGbDKQ4=
+github.com/src-d/gcfg v1.4.0/go.mod h1:p/UMsR43ujA89BJY9duynAwIpvqEujIH/jFlfL7jWoI=
+github.com/steveyen/gtreap v0.0.0-20150807155958-0abe01ef9be2 h1:JNEGSiWg6D3lcBCMCBqN3ELniXujt+0QNHLhNnO0w3s=
+github.com/steveyen/gtreap v0.0.0-20150807155958-0abe01ef9be2/go.mod h1:mjqs7N0Q6m5HpR7QfXVBZXZWSqTjQLeTujjA/xUp2uw=
+github.com/stretchr/objx v0.1.0 h1:4G4v2dO3VZwixGIRoQ5Lfboy6nUhCyYzaqnIAPPhYs4=
+github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
+github.com/stretchr/testify v1.2.2 h1:bSDNvY7ZPG5RlJ8otE/7V6gMiyenm9RtJ7IUVIAoJ1w=
+github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
+github.com/stretchr/testify v1.3.0 h1:TivCn/peBQ7UY8ooIcPgZFpTNSz0Q2U6UrFlUfqbe0Q=
+github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
+github.com/syndtr/goleveldb v0.0.0-20190203031304-2f17a3356c66 h1:AwmkkZT+TucFotNCL+aNJ/0KCMsRtlXN9fs8uoOMSRk=
+github.com/syndtr/goleveldb v0.0.0-20190203031304-2f17a3356c66/go.mod h1:ZVVdQEZoIme9iO1Ch2Jdy24qqXrMMOU6lpPAyBWyWuQ=
+github.com/tecbot/gorocksdb v0.0.0-20181010114359-8752a9433481 h1:HOxvxvnntLiPn123Fk+twfUhCQdMDaqmb0cclArW0T0=
+github.com/tecbot/gorocksdb v0.0.0-20181010114359-8752a9433481/go.mod h1:ahpPrc7HpcfEWDQRZEmnXMzHY03mLDYMCxeDzy46i+8=
+github.com/tinylib/msgp v0.0.0-20180516164116-c8cf64dff200 h1:ZVvr38DYEyOPyelySqvF0I9I++85NnUMsWkroBDS4fs=
+github.com/tinylib/msgp v0.0.0-20180516164116-c8cf64dff200/go.mod h1:+d+yLhGm8mzTaHzB+wgMYrodPfmZrzkirds8fDWklFE=
+github.com/tstranex/u2f v1.0.0 h1:HhJkSzDDlVSVIVt7pDJwCHQj67k7A5EeBgPmeD+pVsQ=
+github.com/tstranex/u2f v1.0.0/go.mod h1:eahSLaqAS0zsIEv80+vXT7WanXs7MQQDg3j3wGBSayo=
+github.com/urfave/cli v1.20.0 h1:fDqGv3UG/4jbVl/QkFwEdddtEDjh/5Ov6X+0B/3bPaw=
+github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
+github.com/willf/bitset v0.0.0-20180426185212-8ce1146b8621 h1:E8u341JM/N8LCnPXBV6ZFD1RKo/j+qHl1XOqSV+GstA=
+github.com/willf/bitset v0.0.0-20180426185212-8ce1146b8621/go.mod h1:RjeCKbqT1RxIR/KWY6phxZiaY1IyutSBfGjNPySAYV4=
+github.com/xanzy/ssh-agent v0.2.1 h1:TCbipTQL2JiiCprBWx9frJ2eJlCYT00NmctrHxVAr70=
+github.com/xanzy/ssh-agent v0.2.1/go.mod h1:mLlQY/MoOhWBj+gOGMQkOeiEvkx+8pJSI+0Bx9h2kr4=
+github.com/yohcop/openid-go v0.0.0-20160914080427-2c050d2dae53 h1:HsIQ6yAjfjQ3IxPGrTusxp6Qxn92gNVq2x5CbvQvx3w=
+github.com/yohcop/openid-go v0.0.0-20160914080427-2c050d2dae53/go.mod h1:f6elajwZV+xceiaqgRL090YzLEDGSbqr3poGL3ZgXYo=
+github.com/ziutek/mymysql v1.5.4 h1:GB0qdRGsTwQSBVYuVShFBKaXSnSnYYC2d9knnE1LHFs=
+github.com/ziutek/mymysql v1.5.4/go.mod h1:LMSpPZ6DbqWFxNCHW77HeMg9I646SAhApZ/wKdgO/C0=
+go.etcd.io/bbolt v1.3.2 h1:Z/90sZLPOeCy2PwprqkFa25PdkusRzaj9P8zm/KNyvk=
+go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
+golang.org/x/crypto v0.0.0-20180820150726-614d502a4dac/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20180904163835-0709b304e793/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190122013713-64072686203f/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190219172222-a4c6cb3142f2/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
+golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
+golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480 h1:O5YqonU5IWby+w98jVUG9h7zlCWCcH4RHyPVReBmhzk=
+golang.org/x/crypto v0.0.0-20190418165655-df01cb2cc480/go.mod h1:WFFai1msRO1wXaEeE5yQxYXgSfI8pQAWXbQop6sCtWE=
+golang.org/x/crypto v0.0.0-20190422183909-d864b10871cd/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443 h1:IcSOAf4PyMp3U3XbIEj1/xJ2BjNN2jWv7JoyOsMxXUU=
+golang.org/x/crypto v0.0.0-20190618222545-ea8f1a30c443/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
+golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20181114220301-adae6a3d119a/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
+golang.org/x/net v0.0.0-20190311183353-d8887717615a/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190502183928-7f726cade0ab/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980 h1:dfGZHvZk057jK2MCeWus/TowKpJ8y4AmooUzdBSR9GU=
+golang.org/x/net v0.0.0-20190613194153-d28f0bde5980/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/oauth2 v0.0.0-20180620175406-ef147856a6dd/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/oauth2 v0.0.0-20181101160152-c453e0c75759 h1:TMrx+Qdx7uJAeUbv15N72h5Hmyb5+VDjEiMufAEAM04=
+golang.org/x/oauth2 v0.0.0-20181101160152-c453e0c75759/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f h1:wMNYb4v58l5UBM7MYRLPG6ZhfOqbKu7X5eyFl8ZhKvA=
+golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58 h1:8gQV6CLnAEikrhgkHFbMAEhagSSnXWGV915qUMm9mrU=
+golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
+golang.org/x/sys v0.0.0-20180824143301-4910a1d54f87/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180903190138-2b024373dcd9/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181107165924-66b7b1311ac8/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20181116152217-5ac8a444bdc5/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190221075227-b4e8571b14e0/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223 h1:DH4skfRX4EBpamg7iV4ZlCpblAHI6s6TDM39bFZumv8=
+golang.org/x/sys v0.0.0-20190222072716-a9d3bda3a223/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
+golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e h1:nFYrTHrdrAOpShe27kaFHjsqYSEQ0KWqdWLu3xuZJts=
+golang.org/x/sys v0.0.0-20190403152447-81d4e9dc473e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20190618155005-516e3c20635f h1:dHNZYIYdq2QuU6w73vZ/DzesPbVlZVYZTtTZmrnsbQ8=
+golang.org/x/sys v0.0.0-20190618155005-516e3c20635f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/text v0.3.0 h1:g61tztE5qeGQ89tm6NTjjM9VPIm088od1l6aSorWRWg=
+golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
+golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
+golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
+golang.org/x/tools v0.0.0-20190618163018-fdf1049a943a h1:aQmaYPOmKItb96VioBrTlYay5tSNUdKAFEhPCWMeLSM=
+golang.org/x/tools v0.0.0-20190618163018-fdf1049a943a/go.mod h1:/rFqwRUd4F7ZHNgwSSTFct+R/Kf4OFW1sUzUTQQTgfc=
+google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
+google.golang.org/appengine v1.2.0 h1:S0iUepdCWODXRvtE+gcRDd15L+k+k1AiHlMiMjefH24=
+google.golang.org/appengine v1.2.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+google.golang.org/appengine v1.4.0 h1:/wp5JvzpHIxhs/dumFmF7BXTf3Z+dd4uXta4kVyO508=
+google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
+gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
+gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc h1:2gGKlE2+asNV9m7xrywl36YYNnBG5ZQ0r/BOOxqPpmk=
+gopkg.in/alexcesaro/quotedprintable.v3 v3.0.0-20150716171945-2caba252f4dc/go.mod h1:m7x9LTH6d71AHyAX77c9yqWCCa3UKHcVEj9y7hAtKDk=
+gopkg.in/asn1-ber.v1 v1.0.0-20150924051756-4e86f4367175 h1:nn6Zav2sOQHCFJHEspya8KqxhFwKci30UxHy3HXPTyQ=
+gopkg.in/asn1-ber.v1 v1.0.0-20150924051756-4e86f4367175/go.mod h1:cuepJuh7vyXfUyUwEgHQXw849cJrilpS5NeIjOWESAw=
+gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e h1:wGA78yza6bu/mWcc4QfBuIEHEtc06xdiU0X8sY36yUU=
+gopkg.in/bufio.v1 v1.0.0-20140618132640-567b2bfa514e/go.mod h1:xsQCaysVCudhrYTfzYWe577fCe7Ceci+6qjO2Rdc0Z4=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127 h1:qIbj1fsPNlZgppZ+VLlY7N33q108Sa+fhmuc+sWQYwY=
+gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/editorconfig/editorconfig-core-go.v1 v1.2.0 h1:CO465/foR4+bY1xNYjZEl6l8By1g/iMsImoruxfEt84=
+gopkg.in/editorconfig/editorconfig-core-go.v1 v1.2.0/go.mod h1:s2mQFI9McjArkyCwyEwU//+luQENTnD/Lfb/7Sj3/kQ=
+gopkg.in/fsnotify.v1 v1.4.7 h1:xOHLXZwVvI9hhs+cLKq5+I5onOuwQLhQwiu63xxlHs4=
+gopkg.in/fsnotify.v1 v1.4.7/go.mod h1:Tz8NjZHkW78fSQdbUxIjBTcgA1z1m8ZHf0WmKUhAMys=
+gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df h1:n7WqCuqOuCbNr617RXOY0AWRXxgwEyPp2z+p0+hgMuE=
+gopkg.in/gomail.v2 v2.0.0-20160411212932-81ebce5c23df/go.mod h1:LRQQ+SO6ZHR7tOkpBDuZnXENFzX8qRjMDMyPD6BRkCw=
+gopkg.in/ini.v1 v1.42.0 h1:7N3gPTt50s8GuLortA00n8AqRTk75qOP98+mTPpgzRk=
+gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ldap.v3 v3.0.2 h1:R6RBtabK6e1GO0eQKtkyOFbAHO73QesLzI2w2DZ6b9w=
+gopkg.in/ldap.v3 v3.0.2/go.mod h1:oxD7NyBuxchC+SgJDE1Q5Od05eGt29SDQVBmV+HYbzw=
+gopkg.in/macaron.v1 v1.3.2 h1:AvWIaPmwBUA87/OWzePkoxeaw6YJWDfBt1pDFPBnLf8=
+gopkg.in/macaron.v1 v1.3.2/go.mod h1:PrsiawTWAGZs6wFbT5hlr7SQ2Ns9h7cUVtcUu4lQOVo=
+gopkg.in/redis.v2 v2.3.2 h1:GPVIIB/JnL1wvfULefy3qXmPu1nfNu2d0yA09FHgwfs=
+gopkg.in/redis.v2 v2.3.2/go.mod h1:4wl9PJ/CqzeHk3LVq1hNLHH8krm3+AXEgut4jVc++LU=
+gopkg.in/src-d/go-billy.v4 v4.3.0 h1:KtlZ4c1OWbIs4jCv5ZXrTqG8EQocr0g/d4DjNg70aek=
+gopkg.in/src-d/go-billy.v4 v4.3.0/go.mod h1:tm33zBoOwxjYHZIE+OV8bxTWFMJLrconzFMd38aARFk=
+gopkg.in/src-d/go-git-fixtures.v3 v3.5.0 h1:ivZFOIltbce2Mo8IjzUHAFoq/IylO9WHhNOAJK+LsJg=
+gopkg.in/src-d/go-git-fixtures.v3 v3.5.0/go.mod h1:dLBcvytrw/TYZsNTWCnkNF2DSIlzWYqTe3rJR56Ac7g=
+gopkg.in/src-d/go-git.v4 v4.12.0 h1:CKgvBCJCcdfNnyXPYI4Cp8PaDDAmAPEN0CtfEdEAbd8=
+gopkg.in/src-d/go-git.v4 v4.12.0/go.mod h1:zjlNnzc1Wjn43v3Mtii7RVxiReNP0fIu9npcXKzuNp4=
+gopkg.in/stretchr/testify.v1 v1.2.2 h1:yhQC6Uy5CqibAIlk1wlusa/MJ3iAN49/BsR/dCCKz3M=
+gopkg.in/stretchr/testify.v1 v1.2.2/go.mod h1:QI5V/q6UbPmuhtm10CaFZxED9NreB8PnFYN9JcR6TxU=
+gopkg.in/testfixtures.v2 v2.5.0 h1:N08B7l2GzFQenyYbzqthDnKAA+cmb17iAZhhFxr7JHw=
+gopkg.in/testfixtures.v2 v2.5.0/go.mod h1:vyAq+MYCgNpR29qitQdLZhdbLFf4mR/2MFJRFoQZZ2M=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 h1:uRGJdciOHaEIrze2W8Q3AKkepLTh2hOroT7a+7czfdQ=
+gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7/go.mod h1:dt/ZhP58zS4L8KSrWDmTeBkI65Dw0HsyUHuEVlX15mw=
+gopkg.in/warnings.v0 v0.1.2 h1:wFXVbFY8DY5/xOe1ECiWdKCzZlxgshcYVNkBHstARME=
+gopkg.in/warnings.v0 v0.1.2/go.mod h1:jksf8JmL6Qr/oQM2OXTHunEvvTAsrWBLb6OOjuVWRNI=
+gopkg.in/yaml.v2 v2.2.1 h1:mUhvW9EsL+naU5Q3cakzfE91YhliOondGd6ZrsDBHQE=
+gopkg.in/yaml.v2 v2.2.1/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+gopkg.in/yaml.v2 v2.2.2 h1:ZCJp+EgiOT7lHqUV2J862kp8Qj64Jo6az82+3Td9dZw=
+gopkg.in/yaml.v2 v2.2.2/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
+mvdan.cc/xurls/v2 v2.0.0 h1:r1zSOSNS/kqtpmATyMMMvaZ4/djsesbYz5kr0+qMRWc=
+mvdan.cc/xurls/v2 v2.0.0/go.mod h1:2/webFPYOXN9jp/lzuj0zuAVlF+9g4KPFJANH1oJhRU=
+strk.kbt.io/projects/go/libravatar v0.0.0-20160628055650-5eed7bff870a h1:8q33ShxKXRwQ7JVd1ZnhIU3hZhwwn0Le+4fTeAackuM=
+strk.kbt.io/projects/go/libravatar v0.0.0-20160628055650-5eed7bff870a/go.mod h1:FJGmPh3vz9jSos1L/F91iAgnC/aejc0wIIrF2ZwJxdY=
+xorm.io/builder v0.3.5 h1:EilU39fvWDxjb1cDaELpYhsF+zziRBhew8xk4pngO+A=
+xorm.io/builder v0.3.5/go.mod h1:ZFbByS/KxZI1FKRjL05PyJ4YrK2bcxlUaAxdum5aTR8=
+xorm.io/core v0.6.3 h1:n1NhVZt1s2oLw1BZfX2ocIJsHyso259uPgg63BGr37M=
+xorm.io/core v0.6.3/go.mod h1:8kz/C6arVW/O9vk3PgCiMJO2hIAm1UcuOL3dSPyZ2qo=
--- a/integrations/api_admin_org_test.go
+++ b/integrations/api_admin_org_test.go
@@ -0,0 +1,86 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"net/url"
+	"strings"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPIAdminOrgCreate(t *testing.T) {
+	onGiteaRun(t, func(*testing.T, *url.URL) {
+		session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session)
+
+		var org = api.CreateOrgOption{
+			UserName:    "user2_org",
+			FullName:    "User2's organization",
+			Description: "This organization created by admin for user2",
+			Website:     "https://try.gitea.io",
+			Location:    "Shanghai",
+			Visibility:  "private",
+		}
+		req := NewRequestWithJSON(t, "POST", "/api/v1/admin/users/user2/orgs?token="+token, &org)
+		resp := session.MakeRequest(t, req, http.StatusCreated)
+
+		var apiOrg api.Organization
+		DecodeJSON(t, resp, &apiOrg)
+
+		assert.Equal(t, org.UserName, apiOrg.UserName)
+		assert.Equal(t, org.FullName, apiOrg.FullName)
+		assert.Equal(t, org.Description, apiOrg.Description)
+		assert.Equal(t, org.Website, apiOrg.Website)
+		assert.Equal(t, org.Location, apiOrg.Location)
+		assert.Equal(t, org.Visibility, apiOrg.Visibility)
+
+		models.AssertExistsAndLoadBean(t, &models.User{
+			Name:      org.UserName,
+			LowerName: strings.ToLower(org.UserName),
+			FullName:  org.FullName,
+		})
+	})
+}
+
+func TestAPIAdminOrgCreateBadVisibility(t *testing.T) {
+	onGiteaRun(t, func(*testing.T, *url.URL) {
+		session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session)
+
+		var org = api.CreateOrgOption{
+			UserName:    "user2_org",
+			FullName:    "User2's organization",
+			Description: "This organization created by admin for user2",
+			Website:     "https://try.gitea.io",
+			Location:    "Shanghai",
+			Visibility:  "notvalid",
+		}
+		req := NewRequestWithJSON(t, "POST", "/api/v1/admin/users/user2/orgs?token="+token, &org)
+		session.MakeRequest(t, req, http.StatusUnprocessableEntity)
+	})
+}
+
+func TestAPIAdminOrgCreateNotAdmin(t *testing.T) {
+	prepareTestEnv(t)
+	nonAdminUsername := "user2"
+	session := loginUser(t, nonAdminUsername)
+	token := getTokenForLoggedInUser(t, session)
+	var org = api.CreateOrgOption{
+		UserName:    "user2_org",
+		FullName:    "User2's organization",
+		Description: "This organization created by admin for user2",
+		Website:     "https://try.gitea.io",
+		Location:    "Shanghai",
+		Visibility:  "public",
+	}
+	req := NewRequestWithJSON(t, "POST", "/api/v1/admin/users/user2/orgs?token="+token, &org)
+	session.MakeRequest(t, req, http.StatusForbidden)
+}
--- a/integrations/api_admin_test.go
+++ b/integrations/api_admin_test.go
@@ -10,7 +10,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
@@ -106,3 +106,41 @@ func TestAPISudoUserForbidden(t *testing.T) {
 	req := NewRequest(t, "GET", urlStr)
 	session.MakeRequest(t, req, http.StatusForbidden)
 }
+
+func TestAPIListUsers(t *testing.T) {
+	prepareTestEnv(t)
+	adminUsername := "user1"
+	session := loginUser(t, adminUsername)
+	token := getTokenForLoggedInUser(t, session)
+
+	urlStr := fmt.Sprintf("/api/v1/admin/users?token=%s", token)
+	req := NewRequest(t, "GET", urlStr)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	var users []api.User
+	DecodeJSON(t, resp, &users)
+
+	found := false
+	for _, user := range users {
+		if user.UserName == adminUsername {
+			found = true
+		}
+	}
+	assert.True(t, found)
+	numberOfUsers := models.GetCount(t, &models.User{}, "type = 0")
+	assert.Equal(t, numberOfUsers, len(users))
+}
+
+func TestAPIListUsersNotLoggedIn(t *testing.T) {
+	prepareTestEnv(t)
+	req := NewRequest(t, "GET", "/api/v1/admin/users")
+	MakeRequest(t, req, http.StatusUnauthorized)
+}
+
+func TestAPIListUsersNonAdmin(t *testing.T) {
+	prepareTestEnv(t)
+	nonAdminUsername := "user2"
+	session := loginUser(t, nonAdminUsername)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/admin/users?token=%s", token)
+	session.MakeRequest(t, req, http.StatusForbidden)
+}
--- a/integrations/api_branch_test.go
+++ b/integrations/api_branch_test.go
@@ -8,7 +8,7 @@ import (
 	"net/http"
 	"testing"

-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
--- a/integrations/api_comment_test.go
+++ b/integrations/api_comment_test.go
@@ -10,7 +10,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
--- a/integrations/api_fork_test.go
+++ b/integrations/api_fork_test.go
@@ -8,7 +8,7 @@ import (
 	"net/http"
 	"testing"

-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"
 )

 func TestCreateForkNoLogin(t *testing.T) {
--- a/integrations/api_gpg_keys_test.go
+++ b/integrations/api_gpg_keys_test.go
@@ -10,7 +10,7 @@ import (
 	"strconv"
 	"testing"

-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
--- a/integrations/api_helper_for_declarative_test.go
+++ b/integrations/api_helper_for_declarative_test.go
@@ -5,12 +5,15 @@
 package integrations

 import (
+	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"net/http"
 	"testing"

-	api "code.gitea.io/sdk/gitea"
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/auth"
+	api "code.gitea.io/gitea/modules/structs"
 	"github.com/stretchr/testify/assert"
 )

@@ -63,6 +66,44 @@ func doAPICreateRepository(ctx APITestContext, empty bool, callback ...func(*tes
 	}
 }

+func doAPIAddCollaborator(ctx APITestContext, username string, mode models.AccessMode) func(*testing.T) {
+	return func(t *testing.T) {
+		permission := "read"
+
+		if mode == models.AccessModeAdmin {
+			permission = "admin"
+		} else if mode > models.AccessModeRead {
+			permission = "write"
+		}
+		addCollaboratorOption := &api.AddCollaboratorOption{
+			Permission: &permission,
+		}
+		req := NewRequestWithJSON(t, "PUT", fmt.Sprintf("/api/v1/repos/%s/%s/collaborators/%s?token=%s", ctx.Username, ctx.Reponame, username, ctx.Token), addCollaboratorOption)
+		if ctx.ExpectedCode != 0 {
+			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
+			return
+		}
+		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
+	}
+}
+
+func doAPIForkRepository(ctx APITestContext, username string, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
+	return func(t *testing.T) {
+		createForkOption := &api.CreateForkOption{}
+		req := NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/repos/%s/%s/forks?token=%s", username, ctx.Reponame, ctx.Token), createForkOption)
+		if ctx.ExpectedCode != 0 {
+			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
+			return
+		}
+		resp := ctx.Session.MakeRequest(t, req, http.StatusAccepted)
+		var repository api.Repository
+		DecodeJSON(t, resp, &repository)
+		if len(callback) > 0 {
+			callback[0](t, repository)
+		}
+	}
+}
+
 func doAPIGetRepository(ctx APITestContext, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
 	return func(t *testing.T) {
 		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
@@ -150,3 +191,42 @@ func doAPICreateDeployKey(ctx APITestContext, keyname, keyFile string, readOnly
 		ctx.Session.MakeRequest(t, req, http.StatusCreated)
 	}
 }
+
+func doAPICreatePullRequest(ctx APITestContext, owner, repo, baseBranch, headBranch string) func(*testing.T) (api.PullRequest, error) {
+	return func(t *testing.T) (api.PullRequest, error) {
+		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/pulls?token=%s",
+			owner, repo, ctx.Token)
+		req := NewRequestWithJSON(t, http.MethodPost, urlStr, &api.CreatePullRequestOption{
+			Head:  headBranch,
+			Base:  baseBranch,
+			Title: fmt.Sprintf("create a pr from %s to %s", headBranch, baseBranch),
+		})
+
+		expected := 201
+		if ctx.ExpectedCode != 0 {
+			expected = ctx.ExpectedCode
+		}
+		resp := ctx.Session.MakeRequest(t, req, expected)
+		decoder := json.NewDecoder(resp.Body)
+		pr := api.PullRequest{}
+		err := decoder.Decode(&pr)
+		return pr, err
+	}
+}
+
+func doAPIMergePullRequest(ctx APITestContext, owner, repo string, index int64) func(*testing.T) {
+	return func(t *testing.T) {
+		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/pulls/%d/merge?token=%s",
+			owner, repo, index, ctx.Token)
+		req := NewRequestWithJSON(t, http.MethodPost, urlStr, &auth.MergePullRequestForm{
+			MergeMessageField: "doAPIMergePullRequest Merge",
+			Do:                string(models.MergeStyleMerge),
+		})
+
+		if ctx.ExpectedCode != 0 {
+			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
+			return
+		}
+		ctx.Session.MakeRequest(t, req, 200)
+	}
+}
--- a/integrations/api_issue_label_test.go
+++ b/integrations/api_issue_label_test.go
@@ -10,7 +10,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
--- a/integrations/api_issue_test.go
+++ b/integrations/api_issue_test.go
@@ -10,7 +10,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
--- a/integrations/api_keys_test.go
+++ b/integrations/api_keys_test.go
@@ -13,7 +13,7 @@ import (
 	"github.com/stretchr/testify/assert"

 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"
 )

 func TestViewDeployKeysNoLogin(t *testing.T) {
--- a/integrations/api_org_test.go
+++ b/integrations/api_org_test.go
@@ -6,43 +6,133 @@ package integrations

 import (
 	"net/http"
+	"net/url"
 	"strings"
 	"testing"

 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	"code.gitea.io/gitea/modules/setting"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )

-func TestAPIOrg(t *testing.T) {
-	prepareTestEnv(t)
+func TestAPIOrgCreate(t *testing.T) {
+	onGiteaRun(t, func(*testing.T, *url.URL) {
+		session := loginUser(t, "user1")

-	session := loginUser(t, "user1")
+		token := getTokenForLoggedInUser(t, session)
+		var org = api.CreateOrgOption{
+			UserName:    "user1_org",
+			FullName:    "User1's organization",
+			Description: "This organization created by user1",
+			Website:     "https://try.gitea.io",
+			Location:    "Shanghai",
+			Visibility:  "limited",
+		}
+		req := NewRequestWithJSON(t, "POST", "/api/v1/orgs?token="+token, &org)
+		resp := session.MakeRequest(t, req, http.StatusCreated)

-	token := getTokenForLoggedInUser(t, session)
-	var org = api.CreateOrgOption{
-		UserName:    "user1_org",
-		FullName:    "User1's organization",
-		Description: "This organization created by user1",
-		Website:     "https://try.gitea.io",
-		Location:    "Shanghai",
-	}
-	req := NewRequestWithJSON(t, "POST", "/api/v1/orgs?token="+token, &org)
-	resp := session.MakeRequest(t, req, http.StatusCreated)
+		var apiOrg api.Organization
+		DecodeJSON(t, resp, &apiOrg)

-	var apiOrg api.Organization
-	DecodeJSON(t, resp, &apiOrg)
+		assert.Equal(t, org.UserName, apiOrg.UserName)
+		assert.Equal(t, org.FullName, apiOrg.FullName)
+		assert.Equal(t, org.Description, apiOrg.Description)
+		assert.Equal(t, org.Website, apiOrg.Website)
+		assert.Equal(t, org.Location, apiOrg.Location)
+		assert.Equal(t, org.Visibility, apiOrg.Visibility)

-	assert.Equal(t, org.UserName, apiOrg.UserName)
-	assert.Equal(t, org.FullName, apiOrg.FullName)
-	assert.Equal(t, org.Description, apiOrg.Description)
-	assert.Equal(t, org.Website, apiOrg.Website)
-	assert.Equal(t, org.Location, apiOrg.Location)
+		models.AssertExistsAndLoadBean(t, &models.User{
+			Name:      org.UserName,
+			LowerName: strings.ToLower(org.UserName),
+			FullName:  org.FullName,
+		})

-	models.AssertExistsAndLoadBean(t, &models.User{
-		Name:      org.UserName,
-		LowerName: strings.ToLower(org.UserName),
-		FullName:  org.FullName,
+		req = NewRequestf(t, "GET", "/api/v1/orgs/%s", org.UserName)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &apiOrg)
+		assert.EqualValues(t, org.UserName, apiOrg.UserName)
+
+		req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", org.UserName)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+
+		var repos []*api.Repository
+		DecodeJSON(t, resp, &repos)
+		for _, repo := range repos {
+			assert.False(t, repo.Private)
+		}
+
+		req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members", org.UserName)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+
+		// user1 on this org is public
+		var users []*api.User
+		DecodeJSON(t, resp, &users)
+		assert.EqualValues(t, 1, len(users))
+		assert.EqualValues(t, "user1", users[0].UserName)
+	})
+}
+
+func TestAPIOrgEdit(t *testing.T) {
+	onGiteaRun(t, func(*testing.T, *url.URL) {
+		session := loginUser(t, "user1")
+
+		token := getTokenForLoggedInUser(t, session)
+		var org = api.EditOrgOption{
+			FullName:    "User3 organization new full name",
+			Description: "A new description",
+			Website:     "https://try.gitea.io/new",
+			Location:    "Beijing",
+			Visibility:  "private",
+		}
+		req := NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/user3?token="+token, &org)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+
+		var apiOrg api.Organization
+		DecodeJSON(t, resp, &apiOrg)
+
+		assert.Equal(t, "user3", apiOrg.UserName)
+		assert.Equal(t, org.FullName, apiOrg.FullName)
+		assert.Equal(t, org.Description, apiOrg.Description)
+		assert.Equal(t, org.Website, apiOrg.Website)
+		assert.Equal(t, org.Location, apiOrg.Location)
+		assert.Equal(t, org.Visibility, apiOrg.Visibility)
+	})
+}
+
+func TestAPIOrgEditBadVisibility(t *testing.T) {
+	onGiteaRun(t, func(*testing.T, *url.URL) {
+		session := loginUser(t, "user1")
+
+		token := getTokenForLoggedInUser(t, session)
+		var org = api.EditOrgOption{
+			FullName:    "User3 organization new full name",
+			Description: "A new description",
+			Website:     "https://try.gitea.io/new",
+			Location:    "Beijing",
+			Visibility:  "badvisibility",
+		}
+		req := NewRequestWithJSON(t, "PATCH", "/api/v1/orgs/user3?token="+token, &org)
+		session.MakeRequest(t, req, http.StatusUnprocessableEntity)
+	})
+}
+
+func TestAPIOrgDeny(t *testing.T) {
+	onGiteaRun(t, func(*testing.T, *url.URL) {
+		setting.Service.RequireSignInView = true
+		defer func() {
+			setting.Service.RequireSignInView = false
+		}()
+
+		var orgName = "user1_org"
+		req := NewRequestf(t, "GET", "/api/v1/orgs/%s", orgName)
+		MakeRequest(t, req, http.StatusNotFound)
+
+		req = NewRequestf(t, "GET", "/api/v1/orgs/%s/repos", orgName)
+		MakeRequest(t, req, http.StatusNotFound)
+
+		req = NewRequestf(t, "GET", "/api/v1/orgs/%s/members", orgName)
+		MakeRequest(t, req, http.StatusNotFound)
 	})
 }
--- a/integrations/api_pull_test.go
+++ b/integrations/api_pull_test.go
@@ -12,7 +12,7 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/auth"
 	"code.gitea.io/gitea/modules/setting"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
@@ -56,3 +56,39 @@ func TestAPIMergePullWIP(t *testing.T) {

 	session.MakeRequest(t, req, http.StatusMethodNotAllowed)
 }
+
+func TestAPICreatePullSuccess1(t *testing.T) {
+	prepareTestEnv(t)
+	repo10 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 10}).(*models.Repository)
+	// repo10 have code, pulls units.
+	repo11 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 11}).(*models.Repository)
+	// repo11 only have code unit but should still create pulls
+	owner10 := models.AssertExistsAndLoadBean(t, &models.User{ID: repo10.OwnerID}).(*models.User)
+	owner11 := models.AssertExistsAndLoadBean(t, &models.User{ID: repo11.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner11.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls?token=%s", owner10.Name, repo10.Name, token), &api.CreatePullRequestOption{
+		Head:  fmt.Sprintf("%s:master", owner11.Name),
+		Base:  "master",
+		Title: "create a failure pr",
+	})
+
+	session.MakeRequest(t, req, 201)
+}
+
+func TestAPICreatePullSuccess2(t *testing.T) {
+	prepareTestEnv(t)
+	repo10 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 10}).(*models.Repository)
+	owner10 := models.AssertExistsAndLoadBean(t, &models.User{ID: repo10.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner10.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestWithJSON(t, http.MethodPost, fmt.Sprintf("/api/v1/repos/%s/%s/pulls?token=%s", owner10.Name, repo10.Name, token), &api.CreatePullRequestOption{
+		Head:  "develop",
+		Base:  "master",
+		Title: "create a success pr",
+	})
+
+	session.MakeRequest(t, req, 201)
+}
--- a/integrations/api_releases_test.go
+++ b/integrations/api_releases_test.go
@@ -9,9 +9,9 @@ import (
 	"net/http"
 	"testing"

-	"code.gitea.io/git"
 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	"code.gitea.io/gitea/modules/git"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
--- a/integrations/api_repo_edit_test.go
+++ b/integrations/api_repo_edit_test.go
@@ -0,0 +1,225 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+// getRepoEditOptionFromRepo gets the options for an existing repo exactly as is
+func getRepoEditOptionFromRepo(repo *models.Repository) *api.EditRepoOption {
+	name := repo.Name
+	description := repo.Description
+	website := repo.Website
+	private := repo.IsPrivate
+	hasIssues := false
+	if _, err := repo.GetUnit(models.UnitTypeIssues); err == nil {
+		hasIssues = true
+	}
+	hasWiki := false
+	if _, err := repo.GetUnit(models.UnitTypeWiki); err == nil {
+		hasWiki = true
+	}
+	defaultBranch := repo.DefaultBranch
+	hasPullRequests := false
+	ignoreWhitespaceConflicts := false
+	allowMerge := false
+	allowRebase := false
+	allowRebaseMerge := false
+	allowSquash := false
+	if unit, err := repo.GetUnit(models.UnitTypePullRequests); err == nil {
+		config := unit.PullRequestsConfig()
+		hasPullRequests = true
+		ignoreWhitespaceConflicts = config.IgnoreWhitespaceConflicts
+		allowMerge = config.AllowMerge
+		allowRebase = config.AllowRebase
+		allowRebaseMerge = config.AllowRebaseMerge
+		allowSquash = config.AllowSquash
+	}
+	archived := repo.IsArchived
+	return &api.EditRepoOption{
+		Name:                      &name,
+		Description:               &description,
+		Website:                   &website,
+		Private:                   &private,
+		HasIssues:                 &hasIssues,
+		HasWiki:                   &hasWiki,
+		DefaultBranch:             &defaultBranch,
+		HasPullRequests:           &hasPullRequests,
+		IgnoreWhitespaceConflicts: &ignoreWhitespaceConflicts,
+		AllowMerge:                &allowMerge,
+		AllowRebase:               &allowRebase,
+		AllowRebaseMerge:          &allowRebaseMerge,
+		AllowSquash:               &allowSquash,
+		Archived:                  &archived,
+	}
+}
+
+// getNewRepoEditOption Gets the options to change everything about an existing repo by adding to strings or changing
+// the boolean
+func getNewRepoEditOption(opts *api.EditRepoOption) *api.EditRepoOption {
+	// Gives a new property to everything
+	name := *opts.Name + "renamed"
+	description := "new description"
+	website := "http://wwww.newwebsite.com"
+	private := !*opts.Private
+	hasIssues := !*opts.HasIssues
+	hasWiki := !*opts.HasWiki
+	defaultBranch := "master"
+	hasPullRequests := !*opts.HasPullRequests
+	ignoreWhitespaceConflicts := !*opts.IgnoreWhitespaceConflicts
+	allowMerge := !*opts.AllowMerge
+	allowRebase := !*opts.AllowRebase
+	allowRebaseMerge := !*opts.AllowRebaseMerge
+	allowSquash := !*opts.AllowSquash
+	archived := !*opts.Archived
+
+	return &api.EditRepoOption{
+		Name:                      &name,
+		Description:               &description,
+		Website:                   &website,
+		Private:                   &private,
+		DefaultBranch:             &defaultBranch,
+		HasIssues:                 &hasIssues,
+		HasWiki:                   &hasWiki,
+		HasPullRequests:           &hasPullRequests,
+		IgnoreWhitespaceConflicts: &ignoreWhitespaceConflicts,
+		AllowMerge:                &allowMerge,
+		AllowRebase:               &allowRebase,
+		AllowRebaseMerge:          &allowRebaseMerge,
+		AllowSquash:               &allowSquash,
+		Archived:                  &archived,
+	}
+}
+
+func TestAPIRepoEdit(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)               // owner of the repo1 & repo16
+		user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)               // owner of the repo3, is an org
+		user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)               // owner of neither repos
+		repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)   // public repo
+		repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)   // public repo
+		repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
+
+		// Get user2's token
+		session := loginUser(t, user2.Name)
+		token2 := getTokenForLoggedInUser(t, session)
+		session = emptyTestSession(t)
+		// Get user4's token
+		session = loginUser(t, user4.Name)
+		token4 := getTokenForLoggedInUser(t, session)
+		session = emptyTestSession(t)
+
+		// Test editing a repo1 which user2 owns, changing name and many properties
+		origRepoEditOption := getRepoEditOptionFromRepo(repo1)
+		repoEditOption := getNewRepoEditOption(origRepoEditOption)
+		url := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user2.Name, repo1.Name, token2)
+		req := NewRequestWithJSON(t, "PATCH", url, &repoEditOption)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		var repo api.Repository
+		DecodeJSON(t, resp, &repo)
+		assert.NotNil(t, repo)
+		// check response
+		assert.Equal(t, *repoEditOption.Name, repo.Name)
+		assert.Equal(t, *repoEditOption.Description, repo.Description)
+		assert.Equal(t, *repoEditOption.Website, repo.Website)
+		assert.Equal(t, *repoEditOption.Archived, repo.Archived)
+		// check repo1 from database
+		repo1edited := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+		repo1editedOption := getRepoEditOptionFromRepo(repo1edited)
+		assert.Equal(t, *repoEditOption.Name, *repo1editedOption.Name)
+		assert.Equal(t, *repoEditOption.Description, *repo1editedOption.Description)
+		assert.Equal(t, *repoEditOption.Website, *repo1editedOption.Website)
+		assert.Equal(t, *repoEditOption.Archived, *repo1editedOption.Archived)
+		assert.Equal(t, *repoEditOption.Private, *repo1editedOption.Private)
+		assert.Equal(t, *repoEditOption.HasWiki, *repo1editedOption.HasWiki)
+		// reset repo in db
+		url = fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user2.Name, *repoEditOption.Name, token2)
+		req = NewRequestWithJSON(t, "PATCH", url, &origRepoEditOption)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+
+		// Test editing a non-existing repo
+		name := "repodoesnotexist"
+		url = fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user2.Name, name, token2)
+		req = NewRequestWithJSON(t, "PATCH", url, &api.EditRepoOption{Name: &name})
+		resp = session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Test editing repo16 by user4 who does not have write access
+		origRepoEditOption = getRepoEditOptionFromRepo(repo16)
+		repoEditOption = getNewRepoEditOption(origRepoEditOption)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user2.Name, repo16.Name, token4)
+		req = NewRequestWithJSON(t, "PATCH", url, &repoEditOption)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Tests a repo with no token given so will fail
+		origRepoEditOption = getRepoEditOptionFromRepo(repo16)
+		repoEditOption = getNewRepoEditOption(origRepoEditOption)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s", user2.Name, repo16.Name)
+		req = NewRequestWithJSON(t, "PATCH", url, &repoEditOption)
+		resp = session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Test using access token for a private repo that the user of the token owns
+		origRepoEditOption = getRepoEditOptionFromRepo(repo16)
+		repoEditOption = getNewRepoEditOption(origRepoEditOption)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user2.Name, repo16.Name, token2)
+		req = NewRequestWithJSON(t, "PATCH", url, &repoEditOption)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		// reset repo in db
+		url = fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user2.Name, *repoEditOption.Name, token2)
+		req = NewRequestWithJSON(t, "PATCH", url, &origRepoEditOption)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+
+		// Test making a repo public that is private
+		repo16 = models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository)
+		assert.True(t, repo16.IsPrivate)
+		private := false
+		repoEditOption = &api.EditRepoOption{
+			Private: &private,
+		}
+		url = fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user2.Name, repo16.Name, token2)
+		req = NewRequestWithJSON(t, "PATCH", url, &repoEditOption)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		repo16 = models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository)
+		assert.False(t, repo16.IsPrivate)
+		// Make it private again
+		private = true
+		repoEditOption.Private = &private
+		req = NewRequestWithJSON(t, "PATCH", url, &repoEditOption)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+
+		// Test using org repo "user3/repo3" where user2 is a collaborator
+		origRepoEditOption = getRepoEditOptionFromRepo(repo3)
+		repoEditOption = getNewRepoEditOption(origRepoEditOption)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user3.Name, repo3.Name, token2)
+		req = NewRequestWithJSON(t, "PATCH", url, &repoEditOption)
+		session.MakeRequest(t, req, http.StatusOK)
+		// reset repo in db
+		url = fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user3.Name, *repoEditOption.Name, token2)
+		req = NewRequestWithJSON(t, "PATCH", url, &origRepoEditOption)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+
+		// Test using org repo "user3/repo3" with no user token
+		origRepoEditOption = getRepoEditOptionFromRepo(repo3)
+		repoEditOption = getNewRepoEditOption(origRepoEditOption)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s", user3.Name, repo3.Name)
+		req = NewRequestWithJSON(t, "PATCH", url, &repoEditOption)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Test using repo "user2/repo1" where user4 is a NOT collaborator
+		origRepoEditOption = getRepoEditOptionFromRepo(repo1)
+		repoEditOption = getNewRepoEditOption(origRepoEditOption)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", user2.Name, repo1.Name, token4)
+		req = NewRequestWithJSON(t, "PATCH", url, &repoEditOption)
+		session.MakeRequest(t, req, http.StatusForbidden)
+	})
+}
--- a/integrations/api_repo_file_create_test.go
+++ b/integrations/api_repo_file_create_test.go
@@ -0,0 +1,237 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"net/url"
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/setting"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func getCreateFileOptions() api.CreateFileOptions {
+	content := "This is new text"
+	contentEncoded := base64.StdEncoding.EncodeToString([]byte(content))
+	return api.CreateFileOptions{
+		FileOptions: api.FileOptions{
+			BranchName:    "master",
+			NewBranchName: "master",
+			Message:       "Making this new file new/file.txt",
+			Author: api.Identity{
+				Name:  "John Doe",
+				Email: "johndoe@example.com",
+			},
+			Committer: api.Identity{
+				Name:  "Jane Doe",
+				Email: "janedoe@example.com",
+			},
+		},
+		Content: contentEncoded,
+	}
+}
+
+func getExpectedFileResponseForCreate(commitID, treePath string) *api.FileResponse {
+	sha := "a635aa942442ddfdba07468cf9661c08fbdf0ebf"
+	encoding := "base64"
+	content := "VGhpcyBpcyBuZXcgdGV4dA=="
+	selfURL := setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath + "?ref=master"
+	htmlURL := setting.AppURL + "user2/repo1/src/branch/master/" + treePath
+	gitURL := setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha
+	downloadURL := setting.AppURL + "user2/repo1/raw/branch/master/" + treePath
+	return &api.FileResponse{
+		Content: &api.ContentsResponse{
+			Name:        filepath.Base(treePath),
+			Path:        treePath,
+			SHA:         sha,
+			Size:        16,
+			Type:        "file",
+			Encoding:    &encoding,
+			Content:     &content,
+			URL:         &selfURL,
+			HTMLURL:     &htmlURL,
+			GitURL:      &gitURL,
+			DownloadURL: &downloadURL,
+			Links: &api.FileLinksResponse{
+				Self:    &selfURL,
+				GitURL:  &gitURL,
+				HTMLURL: &htmlURL,
+			},
+		},
+		Commit: &api.FileCommitResponse{
+			CommitMeta: api.CommitMeta{
+				URL: setting.AppURL + "api/v1/repos/user2/repo1/git/commits/" + commitID,
+				SHA: commitID,
+			},
+			HTMLURL: setting.AppURL + "user2/repo1/commit/" + commitID,
+			Author: &api.CommitUser{
+				Identity: api.Identity{
+					Name:  "Jane Doe",
+					Email: "janedoe@example.com",
+				},
+			},
+			Committer: &api.CommitUser{
+				Identity: api.Identity{
+					Name:  "John Doe",
+					Email: "johndoe@example.com",
+				},
+			},
+			Message: "Updates README.md\n",
+		},
+		Verification: &api.PayloadCommitVerification{
+			Verified:  false,
+			Reason:    "unsigned",
+			Signature: "",
+			Payload:   "",
+		},
+	}
+}
+
+func TestAPICreateFile(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)               // owner of the repo1 & repo16
+		user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)               // owner of the repo3, is an org
+		user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)               // owner of neither repos
+		repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)   // public repo
+		repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)   // public repo
+		repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
+		fileID := 0
+
+		// Get user2's token
+		session := loginUser(t, user2.Name)
+		token2 := getTokenForLoggedInUser(t, session)
+		session = emptyTestSession(t)
+		// Get user4's token
+		session = loginUser(t, user4.Name)
+		token4 := getTokenForLoggedInUser(t, session)
+		session = emptyTestSession(t)
+
+		// Test creating a file in repo1 which user2 owns, try both with branch and empty branch
+		for _, branch := range [...]string{
+			"master", // Branch
+			"",       // Empty branch
+		} {
+			createFileOptions := getCreateFileOptions()
+			createFileOptions.BranchName = branch
+			fileID++
+			treePath := fmt.Sprintf("new/file%d.txt", fileID)
+			url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+			req := NewRequestWithJSON(t, "POST", url, &createFileOptions)
+			resp := session.MakeRequest(t, req, http.StatusCreated)
+			gitRepo, _ := git.OpenRepository(repo1.RepoPath())
+			commitID, _ := gitRepo.GetBranchCommitID(createFileOptions.NewBranchName)
+			expectedFileResponse := getExpectedFileResponseForCreate(commitID, treePath)
+			var fileResponse api.FileResponse
+			DecodeJSON(t, resp, &fileResponse)
+			assert.EqualValues(t, expectedFileResponse.Content, fileResponse.Content)
+			assert.EqualValues(t, expectedFileResponse.Commit.SHA, fileResponse.Commit.SHA)
+			assert.EqualValues(t, expectedFileResponse.Commit.HTMLURL, fileResponse.Commit.HTMLURL)
+			assert.EqualValues(t, expectedFileResponse.Commit.Author.Email, fileResponse.Commit.Author.Email)
+			assert.EqualValues(t, expectedFileResponse.Commit.Author.Name, fileResponse.Commit.Author.Name)
+		}
+
+		// Test creating a file in a new branch
+		createFileOptions := getCreateFileOptions()
+		createFileOptions.BranchName = repo1.DefaultBranch
+		createFileOptions.NewBranchName = "new_branch"
+		fileID++
+		treePath := fmt.Sprintf("new/file%d.txt", fileID)
+		url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req := NewRequestWithJSON(t, "POST", url, &createFileOptions)
+		resp := session.MakeRequest(t, req, http.StatusCreated)
+		var fileResponse api.FileResponse
+		DecodeJSON(t, resp, &fileResponse)
+		expectedSHA := "a635aa942442ddfdba07468cf9661c08fbdf0ebf"
+		expectedHTMLURL := fmt.Sprintf(setting.AppURL+"user2/repo1/src/branch/new_branch/new/file%d.txt", fileID)
+		expectedDownloadURL := fmt.Sprintf(setting.AppURL+"user2/repo1/raw/branch/new_branch/new/file%d.txt", fileID)
+		assert.EqualValues(t, expectedSHA, fileResponse.Content.SHA)
+		assert.EqualValues(t, expectedHTMLURL, *fileResponse.Content.HTMLURL)
+		assert.EqualValues(t, expectedDownloadURL, *fileResponse.Content.DownloadURL)
+		assert.EqualValues(t, createFileOptions.Message+"\n", fileResponse.Commit.Message)
+
+		// Test creating a file without a message
+		createFileOptions = getCreateFileOptions()
+		createFileOptions.Message = ""
+		fileID++
+		treePath = fmt.Sprintf("new/file%d.txt", fileID)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
+		resp = session.MakeRequest(t, req, http.StatusCreated)
+		DecodeJSON(t, resp, &fileResponse)
+		expectedMessage := "Add '" + treePath + "'\n"
+		assert.EqualValues(t, expectedMessage, fileResponse.Commit.Message)
+
+		// Test trying to create a file that already exists, should fail
+		createFileOptions = getCreateFileOptions()
+		treePath = "README.md"
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
+		resp = session.MakeRequest(t, req, http.StatusInternalServerError)
+		expectedAPIError := context.APIError{
+			Message: "repository file already exists [path: " + treePath + "]",
+			URL:     setting.API.SwaggerURL,
+		}
+		var apiError context.APIError
+		DecodeJSON(t, resp, &apiError)
+		assert.Equal(t, expectedAPIError, apiError)
+
+		// Test creating a file in repo1 by user4 who does not have write access
+		createFileOptions = getCreateFileOptions()
+		fileID++
+		treePath = fmt.Sprintf("new/file%d.txt", fileID)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
+		req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Tests a repo with no token given so will fail
+		createFileOptions = getCreateFileOptions()
+		fileID++
+		treePath = fmt.Sprintf("new/file%d.txt", fileID)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user2.Name, repo16.Name, treePath)
+		req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Test using access token for a private repo that the user of the token owns
+		createFileOptions = getCreateFileOptions()
+		fileID++
+		treePath = fmt.Sprintf("new/file%d.txt", fileID)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
+		session.MakeRequest(t, req, http.StatusCreated)
+
+		// Test using org repo "user3/repo3" where user2 is a collaborator
+		createFileOptions = getCreateFileOptions()
+		fileID++
+		treePath = fmt.Sprintf("new/file%d.txt", fileID)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
+		session.MakeRequest(t, req, http.StatusCreated)
+
+		// Test using org repo "user3/repo3" with no user token
+		createFileOptions = getCreateFileOptions()
+		fileID++
+		treePath = fmt.Sprintf("new/file%d.txt", fileID)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user3.Name, repo3.Name, treePath)
+		req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Test using repo "user2/repo1" where user4 is a NOT collaborator
+		createFileOptions = getCreateFileOptions()
+		fileID++
+		treePath = fmt.Sprintf("new/file%d.txt", fileID)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token4)
+		req = NewRequestWithJSON(t, "POST", url, &createFileOptions)
+		session.MakeRequest(t, req, http.StatusForbidden)
+	})
+}
--- a/integrations/api_repo_file_delete_test.go
+++ b/integrations/api_repo_file_delete_test.go
@@ -0,0 +1,179 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"fmt"
+	"net/http"
+	"net/url"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func getDeleteFileOptions() *api.DeleteFileOptions {
+	return &api.DeleteFileOptions{
+		FileOptions: api.FileOptions{
+			BranchName:    "master",
+			NewBranchName: "master",
+			Message:       "Removing the file new/file.txt",
+			Author: api.Identity{
+				Name:  "John Doe",
+				Email: "johndoe@example.com",
+			},
+			Committer: api.Identity{
+				Name:  "Jane Doe",
+				Email: "janedoe@example.com",
+			},
+		},
+		SHA: "103ff9234cefeee5ec5361d22b49fbb04d385885",
+	}
+}
+
+func TestAPIDeleteFile(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)               // owner of the repo1 & repo16
+		user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)               // owner of the repo3, is an org
+		user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)               // owner of neither repos
+		repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)   // public repo
+		repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)   // public repo
+		repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
+		fileID := 0
+
+		// Get user2's token
+		session := loginUser(t, user2.Name)
+		token2 := getTokenForLoggedInUser(t, session)
+		session = emptyTestSession(t)
+		// Get user4's token
+		session = loginUser(t, user4.Name)
+		token4 := getTokenForLoggedInUser(t, session)
+		session = emptyTestSession(t)
+
+		// Test deleting a file in repo1 which user2 owns, try both with branch and empty branch
+		for _, branch := range [...]string{
+			"master", // Branch
+			"",       // Empty branch
+		} {
+			fileID++
+			treePath := fmt.Sprintf("delete/file%d.txt", fileID)
+			createFile(user2, repo1, treePath)
+			deleteFileOptions := getDeleteFileOptions()
+			deleteFileOptions.BranchName = branch
+			url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+			req := NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			var fileResponse api.FileResponse
+			DecodeJSON(t, resp, &fileResponse)
+			assert.NotNil(t, fileResponse)
+			assert.Nil(t, fileResponse.Content)
+		}
+
+		// Test deleting file and making the delete in a new branch
+		fileID++
+		treePath := fmt.Sprintf("delete/file%d.txt", fileID)
+		createFile(user2, repo1, treePath)
+		deleteFileOptions := getDeleteFileOptions()
+		deleteFileOptions.BranchName = repo1.DefaultBranch
+		deleteFileOptions.NewBranchName = "new_branch"
+		url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req := NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		var fileResponse api.FileResponse
+		DecodeJSON(t, resp, &fileResponse)
+		assert.NotNil(t, fileResponse)
+		assert.Nil(t, fileResponse.Content)
+		assert.EqualValues(t, deleteFileOptions.Message+"\n", fileResponse.Commit.Message)
+
+		// Test deleting file without a message
+		fileID++
+		treePath = fmt.Sprintf("delete/file%d.txt", fileID)
+		createFile(user2, repo1, treePath)
+		deleteFileOptions = getDeleteFileOptions()
+		deleteFileOptions.Message = ""
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &fileResponse)
+		expectedMessage := "Delete '" + treePath + "'\n"
+		assert.EqualValues(t, expectedMessage, fileResponse.Commit.Message)
+
+		// Test deleting a file with the wrong SHA
+		fileID++
+		treePath = fmt.Sprintf("delete/file%d.txt", fileID)
+		createFile(user2, repo1, treePath)
+		deleteFileOptions = getDeleteFileOptions()
+		correctSHA := deleteFileOptions.SHA
+		deleteFileOptions.SHA = "badsha"
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+		resp = session.MakeRequest(t, req, http.StatusInternalServerError)
+		expectedAPIError := context.APIError{
+			Message: "sha does not match [given: " + deleteFileOptions.SHA + ", expected: " + correctSHA + "]",
+			URL:     setting.API.SwaggerURL,
+		}
+		var apiError context.APIError
+		DecodeJSON(t, resp, &apiError)
+		assert.Equal(t, expectedAPIError, apiError)
+
+		// Test creating a file in repo16 by user4 who does not have write access
+		fileID++
+		treePath = fmt.Sprintf("delete/file%d.txt", fileID)
+		createFile(user2, repo16, treePath)
+		deleteFileOptions = getDeleteFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
+		req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Tests a repo with no token given so will fail
+		fileID++
+		treePath = fmt.Sprintf("delete/file%d.txt", fileID)
+		createFile(user2, repo16, treePath)
+		deleteFileOptions = getDeleteFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user2.Name, repo16.Name, treePath)
+		req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Test using access token for a private repo that the user of the token owns
+		fileID++
+		treePath = fmt.Sprintf("delete/file%d.txt", fileID)
+		createFile(user2, repo16, treePath)
+		deleteFileOptions = getDeleteFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+		session.MakeRequest(t, req, http.StatusOK)
+
+		// Test using org repo "user3/repo3" where user2 is a collaborator
+		fileID++
+		treePath = fmt.Sprintf("delete/file%d.txt", fileID)
+		createFile(user3, repo3, treePath)
+		deleteFileOptions = getDeleteFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+		session.MakeRequest(t, req, http.StatusOK)
+
+		// Test using org repo "user3/repo3" with no user token
+		fileID++
+		treePath = fmt.Sprintf("delete/file%d.txt", fileID)
+		createFile(user3, repo3, treePath)
+		deleteFileOptions = getDeleteFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user3.Name, repo3.Name, treePath)
+		req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Test using repo "user2/repo1" where user4 is a NOT collaborator
+		fileID++
+		treePath = fmt.Sprintf("delete/file%d.txt", fileID)
+		createFile(user2, repo1, treePath)
+		deleteFileOptions = getDeleteFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token4)
+		req = NewRequestWithJSON(t, "DELETE", url, &deleteFileOptions)
+		session.MakeRequest(t, req, http.StatusForbidden)
+	})
+}
--- a/integrations/api_repo_file_helpers.go
+++ b/integrations/api_repo_file_helpers.go
@@ -0,0 +1,27 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/repofiles"
+	api "code.gitea.io/gitea/modules/structs"
+)
+
+func createFileInBranch(user *models.User, repo *models.Repository, treePath, branchName string) (*api.FileResponse, error) {
+	opts := &repofiles.UpdateRepoFileOptions{
+		OldBranch: branchName,
+		TreePath:  treePath,
+		Content:   "This is a NEW file",
+		IsNewFile: true,
+		Author:    nil,
+		Committer: nil,
+	}
+	return repofiles.CreateOrUpdateRepoFile(repo, user, opts)
+}
+
+func createFile(user *models.User, repo *models.Repository, treePath string) (*api.FileResponse, error) {
+	return createFileInBranch(user, repo, treePath, repo.DefaultBranch)
+}
--- a/integrations/api_repo_file_update_test.go
+++ b/integrations/api_repo_file_update_test.go
@@ -0,0 +1,273 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"encoding/base64"
+	"fmt"
+	"net/http"
+	"net/url"
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/setting"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func getUpdateFileOptions() *api.UpdateFileOptions {
+	content := "This is updated text"
+	contentEncoded := base64.StdEncoding.EncodeToString([]byte(content))
+	return &api.UpdateFileOptions{
+		DeleteFileOptions: api.DeleteFileOptions{
+			FileOptions: api.FileOptions{
+				BranchName:    "master",
+				NewBranchName: "master",
+				Message:       "My update of new/file.txt",
+				Author: api.Identity{
+					Name:  "John Doe",
+					Email: "johndoe@example.com",
+				},
+				Committer: api.Identity{
+					Name:  "Jane Doe",
+					Email: "janedoe@example.com",
+				},
+			},
+			SHA: "103ff9234cefeee5ec5361d22b49fbb04d385885",
+		},
+		Content: contentEncoded,
+	}
+}
+
+func getExpectedFileResponseForUpdate(commitID, treePath string) *api.FileResponse {
+	sha := "08bd14b2e2852529157324de9c226b3364e76136"
+	encoding := "base64"
+	content := "VGhpcyBpcyB1cGRhdGVkIHRleHQ="
+	selfURL := setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath + "?ref=master"
+	htmlURL := setting.AppURL + "user2/repo1/src/branch/master/" + treePath
+	gitURL := setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha
+	downloadURL := setting.AppURL + "user2/repo1/raw/branch/master/" + treePath
+	return &api.FileResponse{
+		Content: &api.ContentsResponse{
+			Name:        filepath.Base(treePath),
+			Path:        treePath,
+			SHA:         sha,
+			Type:        "file",
+			Size:        20,
+			Encoding:    &encoding,
+			Content:     &content,
+			URL:         &selfURL,
+			HTMLURL:     &htmlURL,
+			GitURL:      &gitURL,
+			DownloadURL: &downloadURL,
+			Links: &api.FileLinksResponse{
+				Self:    &selfURL,
+				GitURL:  &gitURL,
+				HTMLURL: &htmlURL,
+			},
+		},
+		Commit: &api.FileCommitResponse{
+			CommitMeta: api.CommitMeta{
+				URL: setting.AppURL + "api/v1/repos/user2/repo1/git/commits/" + commitID,
+				SHA: commitID,
+			},
+			HTMLURL: setting.AppURL + "user2/repo1/commit/" + commitID,
+			Author: &api.CommitUser{
+				Identity: api.Identity{
+					Name:  "Jane Doe",
+					Email: "janedoe@example.com",
+				},
+			},
+			Committer: &api.CommitUser{
+				Identity: api.Identity{
+					Name:  "John Doe",
+					Email: "johndoe@example.com",
+				},
+			},
+			Message: "My update of README.md\n",
+		},
+		Verification: &api.PayloadCommitVerification{
+			Verified:  false,
+			Reason:    "unsigned",
+			Signature: "",
+			Payload:   "",
+		},
+	}
+}
+
+func TestAPIUpdateFile(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)               // owner of the repo1 & repo16
+		user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)               // owner of the repo3, is an org
+		user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)               // owner of neither repos
+		repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)   // public repo
+		repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)   // public repo
+		repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
+		fileID := 0
+
+		// Get user2's token
+		session := loginUser(t, user2.Name)
+		token2 := getTokenForLoggedInUser(t, session)
+		session = emptyTestSession(t)
+		// Get user4's token
+		session = loginUser(t, user4.Name)
+		token4 := getTokenForLoggedInUser(t, session)
+		session = emptyTestSession(t)
+
+		// Test updating a file in repo1 which user2 owns, try both with branch and empty branch
+		for _, branch := range [...]string{
+			"master", // Branch
+			"",       // Empty branch
+		} {
+			fileID++
+			treePath := fmt.Sprintf("update/file%d.txt", fileID)
+			createFile(user2, repo1, treePath)
+			updateFileOptions := getUpdateFileOptions()
+			updateFileOptions.BranchName = branch
+			url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+			req := NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+			resp := session.MakeRequest(t, req, http.StatusOK)
+			gitRepo, _ := git.OpenRepository(repo1.RepoPath())
+			commitID, _ := gitRepo.GetBranchCommitID(updateFileOptions.NewBranchName)
+			expectedFileResponse := getExpectedFileResponseForUpdate(commitID, treePath)
+			var fileResponse api.FileResponse
+			DecodeJSON(t, resp, &fileResponse)
+			assert.EqualValues(t, expectedFileResponse.Content, fileResponse.Content)
+			assert.EqualValues(t, expectedFileResponse.Commit.SHA, fileResponse.Commit.SHA)
+			assert.EqualValues(t, expectedFileResponse.Commit.HTMLURL, fileResponse.Commit.HTMLURL)
+			assert.EqualValues(t, expectedFileResponse.Commit.Author.Email, fileResponse.Commit.Author.Email)
+			assert.EqualValues(t, expectedFileResponse.Commit.Author.Name, fileResponse.Commit.Author.Name)
+		}
+
+		// Test updating a file in a new branch
+		updateFileOptions := getUpdateFileOptions()
+		updateFileOptions.BranchName = repo1.DefaultBranch
+		updateFileOptions.NewBranchName = "new_branch"
+		fileID++
+		treePath := fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user2, repo1, treePath)
+		url := fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req := NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		resp := session.MakeRequest(t, req, http.StatusOK)
+		var fileResponse api.FileResponse
+		DecodeJSON(t, resp, &fileResponse)
+		expectedSHA := "08bd14b2e2852529157324de9c226b3364e76136"
+		expectedHTMLURL := fmt.Sprintf(setting.AppURL+"user2/repo1/src/branch/new_branch/update/file%d.txt", fileID)
+		expectedDownloadURL := fmt.Sprintf(setting.AppURL+"user2/repo1/raw/branch/new_branch/update/file%d.txt", fileID)
+		assert.EqualValues(t, expectedSHA, fileResponse.Content.SHA)
+		assert.EqualValues(t, expectedHTMLURL, *fileResponse.Content.HTMLURL)
+		assert.EqualValues(t, expectedDownloadURL, *fileResponse.Content.DownloadURL)
+		assert.EqualValues(t, updateFileOptions.Message+"\n", fileResponse.Commit.Message)
+
+		// Test updating a file and renaming it
+		updateFileOptions = getUpdateFileOptions()
+		updateFileOptions.BranchName = repo1.DefaultBranch
+		fileID++
+		treePath = fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user2, repo1, treePath)
+		updateFileOptions.FromPath = treePath
+		treePath = "rename/" + treePath
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &fileResponse)
+		expectedSHA = "08bd14b2e2852529157324de9c226b3364e76136"
+		expectedHTMLURL = fmt.Sprintf(setting.AppURL+"user2/repo1/src/branch/master/rename/update/file%d.txt", fileID)
+		expectedDownloadURL = fmt.Sprintf(setting.AppURL+"user2/repo1/raw/branch/master/rename/update/file%d.txt", fileID)
+		assert.EqualValues(t, expectedSHA, fileResponse.Content.SHA)
+		assert.EqualValues(t, expectedHTMLURL, *fileResponse.Content.HTMLURL)
+		assert.EqualValues(t, expectedDownloadURL, *fileResponse.Content.DownloadURL)
+
+		// Test updating a file without a message
+		updateFileOptions = getUpdateFileOptions()
+		updateFileOptions.Message = ""
+		updateFileOptions.BranchName = repo1.DefaultBranch
+		fileID++
+		treePath = fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user2, repo1, treePath)
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		resp = session.MakeRequest(t, req, http.StatusOK)
+		DecodeJSON(t, resp, &fileResponse)
+		expectedMessage := "Update '" + treePath + "'\n"
+		assert.EqualValues(t, expectedMessage, fileResponse.Commit.Message)
+
+		// Test updating a file with the wrong SHA
+		fileID++
+		treePath = fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user2, repo1, treePath)
+		updateFileOptions = getUpdateFileOptions()
+		correctSHA := updateFileOptions.SHA
+		updateFileOptions.SHA = "badsha"
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		resp = session.MakeRequest(t, req, http.StatusInternalServerError)
+		expectedAPIError := context.APIError{
+			Message: "sha does not match [given: " + updateFileOptions.SHA + ", expected: " + correctSHA + "]",
+			URL:     setting.API.SwaggerURL,
+		}
+		var apiError context.APIError
+		DecodeJSON(t, resp, &apiError)
+		assert.Equal(t, expectedAPIError, apiError)
+
+		// Test creating a file in repo1 by user4 who does not have write access
+		fileID++
+		treePath = fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user2, repo16, treePath)
+		updateFileOptions = getUpdateFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
+		req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Tests a repo with no token given so will fail
+		fileID++
+		treePath = fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user2, repo16, treePath)
+		updateFileOptions = getUpdateFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user2.Name, repo16.Name, treePath)
+		req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Test using access token for a private repo that the user of the token owns
+		fileID++
+		treePath = fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user2, repo16, treePath)
+		updateFileOptions = getUpdateFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		session.MakeRequest(t, req, http.StatusOK)
+
+		// Test using org repo "user3/repo3" where user2 is a collaborator
+		fileID++
+		treePath = fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user3, repo3, treePath)
+		updateFileOptions = getUpdateFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
+		req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		session.MakeRequest(t, req, http.StatusOK)
+
+		// Test using org repo "user3/repo3" with no user token
+		fileID++
+		treePath = fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user3, repo3, treePath)
+		updateFileOptions = getUpdateFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s", user3.Name, repo3.Name, treePath)
+		req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		session.MakeRequest(t, req, http.StatusNotFound)
+
+		// Test using repo "user2/repo1" where user4 is a NOT collaborator
+		fileID++
+		treePath = fmt.Sprintf("update/file%d.txt", fileID)
+		createFile(user2, repo1, treePath)
+		updateFileOptions = getUpdateFileOptions()
+		url = fmt.Sprintf("/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo1.Name, treePath, token4)
+		req = NewRequestWithJSON(t, "PUT", url, &updateFileOptions)
+		session.MakeRequest(t, req, http.StatusForbidden)
+	})
+}
--- a/integrations/api_repo_get_contents_list_test.go
+++ b/integrations/api_repo_get_contents_list_test.go
@@ -0,0 +1,156 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"net/url"
+	"path/filepath"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/setting"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func getExpectedContentsListResponseForContents(ref, refType string) []*api.ContentsResponse {
+	treePath := "README.md"
+	sha := "4b4851ad51df6a7d9f25c979345979eaeb5b349f"
+	selfURL := setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath + "?ref=" + ref
+	htmlURL := setting.AppURL + "user2/repo1/src/" + refType + "/" + ref + "/" + treePath
+	gitURL := setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha
+	downloadURL := setting.AppURL + "user2/repo1/raw/" + refType + "/" + ref + "/" + treePath
+	return []*api.ContentsResponse{
+		{
+			Name:        filepath.Base(treePath),
+			Path:        treePath,
+			SHA:         sha,
+			Type:        "file",
+			Size:        30,
+			URL:         &selfURL,
+			HTMLURL:     &htmlURL,
+			GitURL:      &gitURL,
+			DownloadURL: &downloadURL,
+			Links: &api.FileLinksResponse{
+				Self:    &selfURL,
+				GitURL:  &gitURL,
+				HTMLURL: &htmlURL,
+			},
+		},
+	}
+}
+
+func TestAPIGetContentsList(t *testing.T) {
+	onGiteaRun(t, testAPIGetContentsList)
+}
+
+func testAPIGetContentsList(t *testing.T, u *url.URL) {
+	/*** SETUP ***/
+	user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)               // owner of the repo1 & repo16
+	user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)               // owner of the repo3, is an org
+	user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)               // owner of neither repos
+	repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)   // public repo
+	repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)   // public repo
+	repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
+	treePath := ""                                                                               // root dir
+
+	// Get user2's token
+	session := loginUser(t, user2.Name)
+	token2 := getTokenForLoggedInUser(t, session)
+	session = emptyTestSession(t)
+	// Get user4's token
+	session = loginUser(t, user4.Name)
+	token4 := getTokenForLoggedInUser(t, session)
+	session = emptyTestSession(t)
+
+	// Make a new branch in repo1
+	newBranch := "test_branch"
+	repo1.CreateNewBranch(user2, repo1.DefaultBranch, newBranch)
+	// Get the commit ID of the default branch
+	gitRepo, _ := git.OpenRepository(repo1.RepoPath())
+	commitID, _ := gitRepo.GetBranchCommitID(repo1.DefaultBranch)
+	// Make a new tag in repo1
+	newTag := "test_tag"
+	gitRepo.CreateTag(newTag, commitID)
+	/*** END SETUP ***/
+
+	// ref is default ref
+	ref := repo1.DefaultBranch
+	refType := "branch"
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	var contentsListResponse []*api.ContentsResponse
+	DecodeJSON(t, resp, &contentsListResponse)
+	assert.NotNil(t, contentsListResponse)
+	expectedContentsListResponse := getExpectedContentsListResponseForContents(ref, refType)
+	assert.EqualValues(t, expectedContentsListResponse, contentsListResponse)
+
+	// No ref
+	refType = "branch"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s", user2.Name, repo1.Name, treePath)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &contentsListResponse)
+	assert.NotNil(t, contentsListResponse)
+	expectedContentsListResponse = getExpectedContentsListResponseForContents(repo1.DefaultBranch, refType)
+	assert.EqualValues(t, expectedContentsListResponse, contentsListResponse)
+
+	// ref is the branch we created above  in setup
+	ref = newBranch
+	refType = "branch"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &contentsListResponse)
+	assert.NotNil(t, contentsListResponse)
+	expectedContentsListResponse = getExpectedContentsListResponseForContents(ref, refType)
+	assert.EqualValues(t, expectedContentsListResponse, contentsListResponse)
+
+	// ref is the new tag we created above in setup
+	ref = newTag
+	refType = "tag"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &contentsListResponse)
+	assert.NotNil(t, contentsListResponse)
+	expectedContentsListResponse = getExpectedContentsListResponseForContents(ref, refType)
+	assert.EqualValues(t, expectedContentsListResponse, contentsListResponse)
+
+	// ref is a commit
+	ref = commitID
+	refType = "commit"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &contentsListResponse)
+	assert.NotNil(t, contentsListResponse)
+	expectedContentsListResponse = getExpectedContentsListResponseForContents(ref, refType)
+	assert.EqualValues(t, expectedContentsListResponse, contentsListResponse)
+
+	// Test file contents a file with a bad ref
+	ref = "badref"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp = session.MakeRequest(t, req, http.StatusInternalServerError)
+	expectedAPIError := context.APIError{
+		Message: "object does not exist [id: " + ref + ", rel_path: ]",
+		URL:     setting.API.SwaggerURL,
+	}
+	var apiError context.APIError
+	DecodeJSON(t, resp, &apiError)
+	assert.Equal(t, expectedAPIError, apiError)
+
+	// Test accessing private ref with user token that does not have access - should fail
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
+	session.MakeRequest(t, req, http.StatusNotFound)
+
+	// Test access private ref of owner of token
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/readme.md?token=%s", user2.Name, repo16.Name, token2)
+	session.MakeRequest(t, req, http.StatusOK)
+
+	// Test access of org user3 private repo file by owner user2
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
+	session.MakeRequest(t, req, http.StatusOK)
+}
--- a/integrations/api_repo_get_contents_test.go
+++ b/integrations/api_repo_get_contents_test.go
@@ -0,0 +1,157 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"net/url"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/git"
+	"code.gitea.io/gitea/modules/setting"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func getExpectedContentsResponseForContents(ref, refType string) *api.ContentsResponse {
+	treePath := "README.md"
+	sha := "4b4851ad51df6a7d9f25c979345979eaeb5b349f"
+	encoding := "base64"
+	content := "IyByZXBvMQoKRGVzY3JpcHRpb24gZm9yIHJlcG8x"
+	selfURL := setting.AppURL + "api/v1/repos/user2/repo1/contents/" + treePath + "?ref=" + ref
+	htmlURL := setting.AppURL + "user2/repo1/src/" + refType + "/" + ref + "/" + treePath
+	gitURL := setting.AppURL + "api/v1/repos/user2/repo1/git/blobs/" + sha
+	downloadURL := setting.AppURL + "user2/repo1/raw/" + refType + "/" + ref + "/" + treePath
+	return &api.ContentsResponse{
+		Name:        treePath,
+		Path:        treePath,
+		SHA:         sha,
+		Type:        "file",
+		Size:        30,
+		Encoding:    &encoding,
+		Content:     &content,
+		URL:         &selfURL,
+		HTMLURL:     &htmlURL,
+		GitURL:      &gitURL,
+		DownloadURL: &downloadURL,
+		Links: &api.FileLinksResponse{
+			Self:    &selfURL,
+			GitURL:  &gitURL,
+			HTMLURL: &htmlURL,
+		},
+	}
+}
+
+func TestAPIGetContents(t *testing.T) {
+	onGiteaRun(t, testAPIGetContents)
+}
+
+func testAPIGetContents(t *testing.T, u *url.URL) {
+	/*** SETUP ***/
+	user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)               // owner of the repo1 & repo16
+	user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)               // owner of the repo3, is an org
+	user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)               // owner of neither repos
+	repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)   // public repo
+	repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)   // public repo
+	repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
+	treePath := "README.md"
+
+	// Get user2's token
+	session := loginUser(t, user2.Name)
+	token2 := getTokenForLoggedInUser(t, session)
+	session = emptyTestSession(t)
+	// Get user4's token
+	session = loginUser(t, user4.Name)
+	token4 := getTokenForLoggedInUser(t, session)
+	session = emptyTestSession(t)
+
+	// Make a new branch in repo1
+	newBranch := "test_branch"
+	repo1.CreateNewBranch(user2, repo1.DefaultBranch, newBranch)
+	// Get the commit ID of the default branch
+	gitRepo, _ := git.OpenRepository(repo1.RepoPath())
+	commitID, _ := gitRepo.GetBranchCommitID(repo1.DefaultBranch)
+	// Make a new tag in repo1
+	newTag := "test_tag"
+	gitRepo.CreateTag(newTag, commitID)
+	/*** END SETUP ***/
+
+	// ref is default ref
+	ref := repo1.DefaultBranch
+	refType := "branch"
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	var contentsResponse api.ContentsResponse
+	DecodeJSON(t, resp, &contentsResponse)
+	assert.NotNil(t, contentsResponse)
+	expectedContentsResponse := getExpectedContentsResponseForContents(ref, refType)
+	assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
+
+	// No ref
+	refType = "branch"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s", user2.Name, repo1.Name, treePath)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &contentsResponse)
+	assert.NotNil(t, contentsResponse)
+	expectedContentsResponse = getExpectedContentsResponseForContents(repo1.DefaultBranch, refType)
+	assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
+
+	// ref is the branch we created above  in setup
+	ref = newBranch
+	refType = "branch"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &contentsResponse)
+	assert.NotNil(t, contentsResponse)
+	expectedContentsResponse = getExpectedContentsResponseForContents(ref, refType)
+	assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
+
+	// ref is the new tag we created above in setup
+	ref = newTag
+	refType = "tag"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &contentsResponse)
+	assert.NotNil(t, contentsResponse)
+	expectedContentsResponse = getExpectedContentsResponseForContents(ref, refType)
+	assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
+
+	// ref is a commit
+	ref = commitID
+	refType = "commit"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &contentsResponse)
+	assert.NotNil(t, contentsResponse)
+	expectedContentsResponse = getExpectedContentsResponseForContents(ref, refType)
+	assert.EqualValues(t, *expectedContentsResponse, contentsResponse)
+
+	// Test file contents a file with a bad ref
+	ref = "badref"
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?ref=%s", user2.Name, repo1.Name, treePath, ref)
+	resp = session.MakeRequest(t, req, http.StatusInternalServerError)
+	expectedAPIError := context.APIError{
+		Message: "object does not exist [id: " + ref + ", rel_path: ]",
+		URL:     setting.API.SwaggerURL,
+	}
+	var apiError context.APIError
+	DecodeJSON(t, resp, &apiError)
+	assert.Equal(t, expectedAPIError, apiError)
+
+	// Test accessing private ref with user token that does not have access - should fail
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?token=%s", user2.Name, repo16.Name, treePath, token4)
+	session.MakeRequest(t, req, http.StatusNotFound)
+
+	// Test access private ref of owner of token
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/readme.md?token=%s", user2.Name, repo16.Name, token2)
+	session.MakeRequest(t, req, http.StatusOK)
+
+	// Test access of org user3 private repo file by owner user2
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/contents/%s?token=%s", user3.Name, repo3.Name, treePath, token2)
+	session.MakeRequest(t, req, http.StatusOK)
+}
--- a/integrations/api_repo_git_blobs_test.go
+++ b/integrations/api_repo_git_blobs_test.go
@@ -0,0 +1,76 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPIReposGitBlobs(t *testing.T) {
+	prepareTestEnv(t)
+	user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)               // owner of the repo1 & repo16
+	user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)               // owner of the repo3
+	user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)               // owner of neither repos
+	repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)   // public repo
+	repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)   // public repo
+	repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
+	repo1ReadmeSHA := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
+	repo3ReadmeSHA := "d56a3073c1dbb7b15963110a049d50cdb5db99fc"
+	repo16ReadmeSHA := "f90451c72ef61a7645293d17b47be7a8e983da57"
+	badSHA := "0000000000000000000000000000000000000000"
+
+	// Login as User2.
+	session := loginUser(t, user2.Name)
+	token := getTokenForLoggedInUser(t, session)
+	session = emptyTestSession(t) // don't want anyone logged in for this
+
+	// Test a public repo that anyone can GET the blob of
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo1.Name, repo1ReadmeSHA)
+	resp := session.MakeRequest(t, req, http.StatusOK)
+	var gitBlobResponse api.GitBlobResponse
+	DecodeJSON(t, resp, &gitBlobResponse)
+	assert.NotNil(t, gitBlobResponse)
+	expectedContent := "dHJlZSAyYTJmMWQ0NjcwNzI4YTJlMTAwNDllMzQ1YmQ3YTI3NjQ2OGJlYWI2CmF1dGhvciB1c2VyMSA8YWRkcmVzczFAZXhhbXBsZS5jb20+IDE0ODk5NTY0NzkgLTA0MDAKY29tbWl0dGVyIEV0aGFuIEtvZW5pZyA8ZXRoYW50a29lbmlnQGdtYWlsLmNvbT4gMTQ4OTk1NjQ3OSAtMDQwMAoKSW5pdGlhbCBjb21taXQK"
+	assert.Equal(t, expectedContent, gitBlobResponse.Content)
+
+	// Tests a private repo with no token so will fail
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo16.Name, repo16ReadmeSHA)
+	session.MakeRequest(t, req, http.StatusNotFound)
+
+	// Test using access token for a private repo that the user of the token owns
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s?token=%s", user2.Name, repo16.Name, repo16ReadmeSHA, token)
+	session.MakeRequest(t, req, http.StatusOK)
+
+	// Test using bad sha
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user2.Name, repo1.Name, badSHA)
+	session.MakeRequest(t, req, http.StatusBadRequest)
+
+	// Test using org repo "user3/repo3" where user2 is a collaborator
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s?token=%s", user3.Name, repo3.Name, repo3ReadmeSHA, token)
+	session.MakeRequest(t, req, http.StatusOK)
+
+	// Test using org repo "user3/repo3" where user2 is a collaborator
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s?token=%s", user3.Name, repo3.Name, repo3ReadmeSHA, token)
+	session.MakeRequest(t, req, http.StatusOK)
+
+	// Test using org repo "user3/repo3" with no user token
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/%s", user3.Name, repo3ReadmeSHA, repo3.Name)
+	session.MakeRequest(t, req, http.StatusNotFound)
+
+	// Login as User4.
+	session = loginUser(t, user4.Name)
+	token4 := getTokenForLoggedInUser(t, session)
+	session = emptyTestSession(t) // don't want anyone logged in for this
+
+	// Test using org repo "user3/repo3" where user4 is a NOT collaborator
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/blobs/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", user3.Name, repo3.Name, token4)
+	session.MakeRequest(t, req, http.StatusNotFound)
+}
--- a/integrations/api_repo_git_hook_test.go
+++ b/integrations/api_repo_git_hook_test.go
@@ -0,0 +1,194 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"fmt"
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	api "code.gitea.io/gitea/modules/structs"
+
+	"github.com/stretchr/testify/assert"
+)
+
+const testHookContent = `#!/bin/bash
+
+echo Hello, World!
+`
+
+func TestAPIListGitHooks(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 37}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git?token=%s",
+		owner.Name, repo.Name, token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHooks []*api.GitHook
+	DecodeJSON(t, resp, &apiGitHooks)
+	assert.Len(t, apiGitHooks, 3)
+	for _, apiGitHook := range apiGitHooks {
+		if apiGitHook.Name == "pre-receive" {
+			assert.True(t, apiGitHook.IsActive)
+			assert.Equal(t, testHookContent, apiGitHook.Content)
+		} else {
+			assert.False(t, apiGitHook.IsActive)
+			assert.Empty(t, apiGitHook.Content)
+		}
+	}
+}
+
+func TestAPIListGitHooksNoHooks(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git?token=%s",
+		owner.Name, repo.Name, token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHooks []*api.GitHook
+	DecodeJSON(t, resp, &apiGitHooks)
+	assert.Len(t, apiGitHooks, 3)
+	for _, apiGitHook := range apiGitHooks {
+		assert.False(t, apiGitHook.IsActive)
+		assert.Empty(t, apiGitHook.Content)
+	}
+}
+
+func TestAPIListGitHooksNoAccess(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git?token=%s",
+		owner.Name, repo.Name, token)
+	MakeRequest(t, req, http.StatusForbidden)
+}
+
+func TestAPIGetGitHook(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 37}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHook *api.GitHook
+	DecodeJSON(t, resp, &apiGitHook)
+	assert.True(t, apiGitHook.IsActive)
+	assert.Equal(t, testHookContent, apiGitHook.Content)
+}
+
+func TestAPIGetGitHookNoAccess(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	MakeRequest(t, req, http.StatusForbidden)
+}
+
+func TestAPIEditGitHook(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	req := NewRequestWithJSON(t, "PATCH", urlStr, &api.EditGitHookOption{
+		Content: testHookContent,
+	})
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHook *api.GitHook
+	DecodeJSON(t, resp, &apiGitHook)
+	assert.True(t, apiGitHook.IsActive)
+	assert.Equal(t, testHookContent, apiGitHook.Content)
+
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	resp = MakeRequest(t, req, http.StatusOK)
+	var apiGitHook2 *api.GitHook
+	DecodeJSON(t, resp, &apiGitHook2)
+	assert.True(t, apiGitHook2.IsActive)
+	assert.Equal(t, testHookContent, apiGitHook2.Content)
+}
+
+func TestAPIEditGitHookNoAccess(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	req := NewRequestWithJSON(t, "PATCH", urlStr, &api.EditGitHookOption{
+		Content: testHookContent,
+	})
+	MakeRequest(t, req, http.StatusForbidden)
+}
+
+func TestAPIDeleteGitHook(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 37}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	// user1 is an admin user
+	session := loginUser(t, "user1")
+	token := getTokenForLoggedInUser(t, session)
+
+	req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	MakeRequest(t, req, http.StatusNoContent)
+
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	resp := MakeRequest(t, req, http.StatusOK)
+	var apiGitHook2 *api.GitHook
+	DecodeJSON(t, resp, &apiGitHook2)
+	assert.False(t, apiGitHook2.IsActive)
+	assert.Empty(t, apiGitHook2.Content)
+}
+
+func TestAPIDeleteGitHookNoAccess(t *testing.T) {
+	prepareTestEnv(t)
+
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	owner := models.AssertExistsAndLoadBean(t, &models.User{ID: repo.OwnerID}).(*models.User)
+
+	session := loginUser(t, owner.Name)
+	token := getTokenForLoggedInUser(t, session)
+	req := NewRequestf(t, "DELETE", "/api/v1/repos/%s/%s/hooks/git/pre-receive?token=%s",
+		owner.Name, repo.Name, token)
+	MakeRequest(t, req, http.StatusForbidden)
+}
--- a/integrations/api_repo_git_tags_test.go
+++ b/integrations/api_repo_git_tags_test.go
@@ -0,0 +1,59 @@
+// Copyright 2018 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/git"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/modules/util"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func TestAPIGitTags(t *testing.T) {
+	prepareTestEnv(t)
+	user := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)
+	repo := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)
+	// Login as User2.
+	session := loginUser(t, user.Name)
+	token := getTokenForLoggedInUser(t, session)
+
+	// Set up git config for the tagger
+	git.NewCommand("config", "user.name", user.Name).RunInDir(repo.RepoPath())
+	git.NewCommand("config", "user.email", user.Email).RunInDir(repo.RepoPath())
+
+	gitRepo, _ := git.OpenRepository(repo.RepoPath())
+	commit, _ := gitRepo.GetBranchCommit("master")
+	lTagName := "lightweightTag"
+	gitRepo.CreateTag(lTagName, commit.ID.String())
+
+	aTagName := "annotatedTag"
+	aTagMessage := "my annotated message"
+	gitRepo.CreateAnnotatedTag(aTagName, aTagMessage, commit.ID.String())
+	aTag, _ := gitRepo.GetTag(aTagName)
+
+	// SHOULD work for annotated tags
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/tags/%s?token=%s", user.Name, repo.Name, aTag.ID.String(), token)
+	res := session.MakeRequest(t, req, http.StatusOK)
+
+	var tag *api.AnnotatedTag
+	DecodeJSON(t, res, &tag)
+
+	assert.Equal(t, aTagName, tag.Tag)
+	assert.Equal(t, aTag.ID.String(), tag.SHA)
+	assert.Equal(t, commit.ID.String(), tag.Object.SHA)
+	assert.Equal(t, aTagMessage, tag.Message)
+	assert.Equal(t, user.Name, tag.Tagger.Name)
+	assert.Equal(t, user.Email, tag.Tagger.Email)
+	assert.Equal(t, util.URLJoin(repo.APIURL(), "git/tags", aTag.ID.String()), tag.URL)
+
+	// Should NOT work for lightweight tags
+	badReq := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/tags/%s?token=%s", user.Name, repo.Name, commit.ID.String(), token)
+	session.MakeRequest(t, badReq, http.StatusBadRequest)
+}
--- a/integrations/api_repo_git_trees_test.go
+++ b/integrations/api_repo_git_trees_test.go
@@ -0,0 +1,74 @@
+// Copyright 2019 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package integrations
+
+import (
+	"net/http"
+	"testing"
+
+	"code.gitea.io/gitea/models"
+)
+
+func TestAPIReposGitTrees(t *testing.T) {
+	prepareTestEnv(t)
+	user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: 2}).(*models.User)               // owner of the repo1 & repo16
+	user3 := models.AssertExistsAndLoadBean(t, &models.User{ID: 3}).(*models.User)               // owner of the repo3
+	user4 := models.AssertExistsAndLoadBean(t, &models.User{ID: 4}).(*models.User)               // owner of neither repos
+	repo1 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 1}).(*models.Repository)   // public repo
+	repo3 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 3}).(*models.Repository)   // public repo
+	repo16 := models.AssertExistsAndLoadBean(t, &models.Repository{ID: 16}).(*models.Repository) // private repo
+	repo1TreeSHA := "65f1bf27bc3bf70f64657658635e66094edbcb4d"
+	repo3TreeSHA := "2a47ca4b614a9f5a43abbd5ad851a54a616ffee6"
+	repo16TreeSHA := "69554a64c1e6030f051e5c3f94bfbd773cd6a324"
+	badSHA := "0000000000000000000000000000000000000000"
+
+	// Login as User2.
+	session := loginUser(t, user2.Name)
+	token := getTokenForLoggedInUser(t, session)
+	session = emptyTestSession(t) // don't want anyone logged in for this
+
+	// Test a public repo that anyone can GET the tree of
+	for _, ref := range [...]string{
+		"master",     // Branch
+		repo1TreeSHA, // Tree SHA
+	} {
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s", user2.Name, repo1.Name, ref)
+		session.MakeRequest(t, req, http.StatusOK)
+	}
+
+	// Tests a private repo with no token so will fail
+	for _, ref := range [...]string{
+		"master",     // Branch
+		repo1TreeSHA, // Tag
+	} {
+		req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s", user2.Name, repo16.Name, ref)
+		session.MakeRequest(t, req, http.StatusNotFound)
+	}
+
+	// Test using access token for a private repo that the user of the token owns
+	req := NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s?token=%s", user2.Name, repo16.Name, repo16TreeSHA, token)
+	session.MakeRequest(t, req, http.StatusOK)
+
+	// Test using bad sha
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s", user2.Name, repo1.Name, badSHA)
+	session.MakeRequest(t, req, http.StatusBadRequest)
+
+	// Test using org repo "user3/repo3" where user2 is a collaborator
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s?token=%s", user3.Name, repo3.Name, repo3TreeSHA, token)
+	session.MakeRequest(t, req, http.StatusOK)
+
+	// Test using org repo "user3/repo3" with no user token
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/%s", user3.Name, repo3TreeSHA, repo3.Name)
+	session.MakeRequest(t, req, http.StatusNotFound)
+
+	// Login as User4.
+	session = loginUser(t, user4.Name)
+	token4 := getTokenForLoggedInUser(t, session)
+	session = emptyTestSession(t) // don't want anyone logged in for this
+
+	// Test using org repo "user3/repo3" where user4 is a NOT collaborator
+	req = NewRequestf(t, "GET", "/api/v1/repos/%s/%s/git/trees/d56a3073c1dbb7b15963110a049d50cdb5db99fc?access=%s", user3.Name, repo3.Name, token4)
+	session.MakeRequest(t, req, http.StatusNotFound)
+}
--- a/integrations/api_repo_lfs_locks_test.go
+++ b/integrations/api_repo_lfs_locks_test.go
@@ -12,7 +12,7 @@ import (

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
--- a/integrations/api_repo_tags_test.go
+++ b/integrations/api_repo_tags_test.go
@@ -6,12 +6,11 @@ package integrations

 import (
 	"net/http"
-	"path"
 	"testing"

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
@@ -32,7 +31,7 @@ func TestAPIReposGetTags(t *testing.T) {
 	assert.EqualValues(t, 1, len(tags))
 	assert.Equal(t, "v1.1", tags[0].Name)
 	assert.Equal(t, "65f1bf27bc3bf70f64657658635e66094edbcb4d", tags[0].Commit.SHA)
-	assert.Equal(t, path.Join(setting.AppSubURL, "/user2/repo1/commit/65f1bf27bc3bf70f64657658635e66094edbcb4d"), tags[0].Commit.URL)
-	assert.Equal(t, path.Join(setting.AppSubURL, "/user2/repo1/archive/v1.1.zip"), tags[0].ZipballURL)
-	assert.Equal(t, path.Join(setting.AppSubURL, "/user2/repo1/archive/v1.1.tar.gz"), tags[0].TarballURL)
+	assert.Equal(t, setting.AppURL+"api/v1/repos/user2/repo1/git/commits/65f1bf27bc3bf70f64657658635e66094edbcb4d", tags[0].Commit.URL)
+	assert.Equal(t, setting.AppURL+"user2/repo1/archive/v1.1.zip", tags[0].ZipballURL)
+	assert.Equal(t, setting.AppURL+"user2/repo1/archive/v1.1.tar.gz", tags[0].TarballURL)
 }
--- a/integrations/api_repo_test.go
+++ b/integrations/api_repo_test.go
@@ -13,7 +13,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"

 	"github.com/stretchr/testify/assert"
 )
@@ -69,40 +69,41 @@ func TestAPISearchRepo(t *testing.T) {
 		name, requestURL string
 		expectedResults
 	}{
-		{name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50", expectedResults: expectedResults{
-			nil:   {count: 19},
-			user:  {count: 19},
-			user2: {count: 19}},
+		{name: "RepositoriesMax50", requestURL: "/api/v1/repos/search?limit=50&private=false", expectedResults: expectedResults{
+			nil:   {count: 21},
+			user:  {count: 21},
+			user2: {count: 21}},
 		},
-		{name: "RepositoriesMax10", requestURL: "/api/v1/repos/search?limit=10", expectedResults: expectedResults{
+		{name: "RepositoriesMax10", requestURL: "/api/v1/repos/search?limit=10&private=false", expectedResults: expectedResults{
 			nil:   {count: 10},
 			user:  {count: 10},
 			user2: {count: 10}},
 		},
-		{name: "RepositoriesDefaultMax10", requestURL: "/api/v1/repos/search?default", expectedResults: expectedResults{
+		{name: "RepositoriesDefaultMax10", requestURL: "/api/v1/repos/search?default&private=false", expectedResults: expectedResults{
 			nil:   {count: 10},
 			user:  {count: 10},
 			user2: {count: 10}},
 		},
-		{name: "RepositoriesByName", requestURL: fmt.Sprintf("/api/v1/repos/search?q=%s", "big_test_"), expectedResults: expectedResults{
+		{name: "RepositoriesByName", requestURL: fmt.Sprintf("/api/v1/repos/search?q=%s&private=false", "big_test_"), expectedResults: expectedResults{
 			nil:   {count: 7, repoName: "big_test_"},
 			user:  {count: 7, repoName: "big_test_"},
 			user2: {count: 7, repoName: "big_test_"}},
 		},
 		{name: "RepositoriesAccessibleAndRelatedToUser", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user.ID), expectedResults: expectedResults{
-			nil:   {count: 4},
-			user:  {count: 8, includesPrivate: true},
-			user2: {count: 4}},
+			nil:   {count: 5},
+			user:  {count: 9, includesPrivate: true},
+			user2: {count: 5, includesPrivate: true}},
 		},
 		{name: "RepositoriesAccessibleAndRelatedToUser2", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user2.ID), expectedResults: expectedResults{
 			nil:   {count: 1},
-			user:  {count: 1},
-			user2: {count: 2, includesPrivate: true}},
+			user:  {count: 2, includesPrivate: true},
+			user2: {count: 2, includesPrivate: true},
+			user4: {count: 1}},
 		},
 		{name: "RepositoriesAccessibleAndRelatedToUser3", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user3.ID), expectedResults: expectedResults{
 			nil:   {count: 1},
-			user:  {count: 1},
-			user2: {count: 1},
+			user:  {count: 4, includesPrivate: true},
+			user2: {count: 2, includesPrivate: true},
 			user3: {count: 4, includesPrivate: true}},
 		},
 		{name: "RepositoriesOwnedByOrganization", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", orgUser.ID), expectedResults: expectedResults{
@@ -112,12 +113,12 @@ func TestAPISearchRepo(t *testing.T) {
 		},
 		{name: "RepositoriesAccessibleAndRelatedToUser4", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d", user4.ID), expectedResults: expectedResults{
 			nil:   {count: 3},
-			user:  {count: 3},
-			user4: {count: 6, includesPrivate: true}}},
+			user:  {count: 4, includesPrivate: true},
+			user4: {count: 7, includesPrivate: true}}},
 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeSource", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "source"), expectedResults: expectedResults{
 			nil:   {count: 0},
-			user:  {count: 0},
-			user4: {count: 0, includesPrivate: true}}},
+			user:  {count: 1, includesPrivate: true},
+			user4: {count: 1, includesPrivate: true}}},
 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeFork", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "fork"), expectedResults: expectedResults{
 			nil:   {count: 1},
 			user:  {count: 1},
@@ -136,8 +137,8 @@ func TestAPISearchRepo(t *testing.T) {
 			user4: {count: 2, includesPrivate: true}}},
 		{name: "RepositoriesAccessibleAndRelatedToUser4/SearchModeCollaborative", requestURL: fmt.Sprintf("/api/v1/repos/search?uid=%d&mode=%s", user4.ID, "collaborative"), expectedResults: expectedResults{
 			nil:   {count: 0},
-			user:  {count: 0},
-			user4: {count: 0, includesPrivate: true}}},
+			user:  {count: 1, includesPrivate: true},
+			user4: {count: 1, includesPrivate: true}}},
 	}

 	for _, testCase := range testCases {
@@ -164,14 +165,19 @@ func TestAPISearchRepo(t *testing.T) {
 					var body api.SearchResults
 					DecodeJSON(t, response, &body)

-					assert.Len(t, body.Data, expected.count)
+					repoNames := make([]string, 0, len(body.Data))
+					for _, repo := range body.Data {
+						repoNames = append(repoNames, fmt.Sprintf("%d:%s:%t", repo.ID, repo.FullName, repo.Private))
+					}
+					assert.Len(t, repoNames, expected.count)
 					for _, repo := range body.Data {
 						r := getRepo(t, repo.ID)
 						hasAccess, err := models.HasAccess(userID, r)
-						assert.NoError(t, err)
-						assert.True(t, hasAccess)
+						assert.NoError(t, err, "Error when checking if User: %d has access to %s: %v", userID, repo.FullName, err)
+						assert.True(t, hasAccess, "User: %d does not have access to %s", userID, repo.FullName)

 						assert.NotEmpty(t, repo.Name)
+						assert.Equal(t, repo.Name, r.Name)

 						if len(expected.repoName) > 0 {
 							assert.Contains(t, repo.Name, expected.repoName)
@@ -182,7 +188,7 @@ func TestAPISearchRepo(t *testing.T) {
 						}

 						if !expected.includesPrivate {
-							assert.False(t, repo.Private)
+							assert.False(t, repo.Private, "User: %d not expecting private repository: %s", userID, repo.FullName)
 						}
 					}
 				})
--- a/integrations/api_team_test.go
+++ b/integrations/api_team_test.go
@@ -5,17 +5,21 @@
 package integrations

 import (
+	"fmt"
 	"net/http"
+	"sort"
 	"testing"

 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"
+	"code.gitea.io/gitea/routers/api/v1/convert"

 	"github.com/stretchr/testify/assert"
 )

 func TestAPITeam(t *testing.T) {
 	prepareTestEnv(t)
+
 	teamUser := models.AssertExistsAndLoadBean(t, &models.TeamUser{}).(*models.TeamUser)
 	team := models.AssertExistsAndLoadBean(t, &models.Team{ID: teamUser.TeamID}).(*models.Team)
 	user := models.AssertExistsAndLoadBean(t, &models.User{ID: teamUser.UID}).(*models.User)
@@ -29,4 +33,77 @@ func TestAPITeam(t *testing.T) {
 	DecodeJSON(t, resp, &apiTeam)
 	assert.EqualValues(t, team.ID, apiTeam.ID)
 	assert.Equal(t, team.Name, apiTeam.Name)
+
+	// non team member user will not access the teams details
+	teamUser2 := models.AssertExistsAndLoadBean(t, &models.TeamUser{ID: 3}).(*models.TeamUser)
+	user2 := models.AssertExistsAndLoadBean(t, &models.User{ID: teamUser2.UID}).(*models.User)
+
+	session = loginUser(t, user2.Name)
+	token = getTokenForLoggedInUser(t, session)
+	req = NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamUser.TeamID)
+	resp = session.MakeRequest(t, req, http.StatusForbidden)
+
+	req = NewRequestf(t, "GET", "/api/v1/teams/%d", teamUser.TeamID)
+	resp = session.MakeRequest(t, req, http.StatusUnauthorized)
+
+	// Get an admin user able to create, update and delete teams.
+	user = models.AssertExistsAndLoadBean(t, &models.User{ID: 1}).(*models.User)
+	session = loginUser(t, user.Name)
+	token = getTokenForLoggedInUser(t, session)
+
+	org := models.AssertExistsAndLoadBean(t, &models.User{ID: 6}).(*models.User)
+
+	// Create team.
+	teamToCreate := &api.CreateTeamOption{
+		Name:        "team1",
+		Description: "team one",
+		Permission:  "write",
+		Units:       []string{"repo.code", "repo.issues"},
+	}
+	req = NewRequestWithJSON(t, "POST", fmt.Sprintf("/api/v1/orgs/%s/teams?token=%s", org.Name, token), teamToCreate)
+	resp = session.MakeRequest(t, req, http.StatusCreated)
+	DecodeJSON(t, resp, &apiTeam)
+	checkTeamResponse(t, &apiTeam, teamToCreate.Name, teamToCreate.Description, teamToCreate.Permission, teamToCreate.Units)
+	checkTeamBean(t, apiTeam.ID, teamToCreate.Name, teamToCreate.Description, teamToCreate.Permission, teamToCreate.Units)
+	teamID := apiTeam.ID
+
+	// Edit team.
+	teamToEdit := &api.EditTeamOption{
+		Name:        "teamone",
+		Description: "team 1",
+		Permission:  "admin",
+		Units:       []string{"repo.code", "repo.pulls", "repo.releases"},
+	}
+	req = NewRequestWithJSON(t, "PATCH", fmt.Sprintf("/api/v1/teams/%d?token=%s", teamID, token), teamToEdit)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &apiTeam)
+	checkTeamResponse(t, &apiTeam, teamToEdit.Name, teamToEdit.Description, teamToEdit.Permission, teamToEdit.Units)
+	checkTeamBean(t, apiTeam.ID, teamToEdit.Name, teamToEdit.Description, teamToEdit.Permission, teamToEdit.Units)
+
+	// Read team.
+	teamRead := models.AssertExistsAndLoadBean(t, &models.Team{ID: teamID}).(*models.Team)
+	req = NewRequestf(t, "GET", "/api/v1/teams/%d?token="+token, teamID)
+	resp = session.MakeRequest(t, req, http.StatusOK)
+	DecodeJSON(t, resp, &apiTeam)
+	checkTeamResponse(t, &apiTeam, teamRead.Name, teamRead.Description, teamRead.Authorize.String(), teamRead.GetUnitNames())
+
+	// Delete team.
+	req = NewRequestf(t, "DELETE", "/api/v1/teams/%d?token="+token, teamID)
+	session.MakeRequest(t, req, http.StatusNoContent)
+	models.AssertNotExistsBean(t, &models.Team{ID: teamID})
+}
+
+func checkTeamResponse(t *testing.T, apiTeam *api.Team, name, description string, permission string, units []string) {
+	assert.Equal(t, name, apiTeam.Name, "name")
+	assert.Equal(t, description, apiTeam.Description, "description")
+	assert.Equal(t, permission, apiTeam.Permission, "permission")
+	sort.StringSlice(units).Sort()
+	sort.StringSlice(apiTeam.Units).Sort()
+	assert.EqualValues(t, units, apiTeam.Units, "units")
+}
+
+func checkTeamBean(t *testing.T, id int64, name, description string, permission string, units []string) {
+	team := models.AssertExistsAndLoadBean(t, &models.Team{ID: id}).(*models.Team)
+	assert.NoError(t, team.GetUnits(), "GetUnits")
+	checkTeamResponse(t, convert.ToTeam(team), name, description, permission, units)
 }
--- a/integrations/api_token_test.go
+++ b/integrations/api_token_test.go
@@ -9,7 +9,7 @@ import (
 	"testing"

 	"code.gitea.io/gitea/models"
-	api "code.gitea.io/sdk/gitea"
+	api "code.gitea.io/gitea/modules/structs"
 )

 // TestAPICreateAndDeleteToken tests that token that was just created can be deleted
@@ -26,10 +26,10 @@ func TestAPICreateAndDeleteToken(t *testing.T) {
 	var newAccessToken api.AccessToken
 	DecodeJSON(t, resp, &newAccessToken)
 	models.AssertExistsAndLoadBean(t, &models.AccessToken{
-		ID:   newAccessToken.ID,
-		Name: newAccessToken.Name,
-		Sha1: newAccessToken.Sha1,
-		UID:  user.ID,
+		ID:    newAccessToken.ID,
+		Name:  newAccessToken.Name,
+		Token: newAccessToken.Token,
+		UID:   user.ID,
 	})

 	req = NewRequestf(t, "DELETE", "/api/v1/users/user1/tokens/%d", newAccessToken.ID)
--- a/Show More
+++ b/Show More