Also renames `forgot_password` translation key to
`forgot_password_title` and `forget_password` to
`forgot_password`
Includes entry in CHANGELOG about the breaking change
(and some markdown fixes in there)
It's helpful when you forgot your password thus cannot change it
(can happen if you log in via OAuth2 or OpenID)
Also make sure that both the delete-account and password-change
links to forgot-password will have the primary email pre-filled
* fixes#1050 where linking an account to a 2fa enabled account failed because we forgot to really link the account when 2fa is completed
* handle errors
* initial stuff for oauth2 login, fails on:
* login button on the signIn page to start the OAuth2 flow and a callback for each provider
Only GitHub is implemented for now
* show login button only when the OAuth2 consumer is configured (and activated)
* create macaron group for oauth2 urls
* prevent net/http in modules (other then oauth2)
* use a new data sessions oauth2 folder for storing the oauth2 session data
* add missing 2FA when this is enabled on the user
* add password option for OAuth2 user , for use with git over http and login to the GUI
* add tip for registering a GitHub OAuth application
* at startup of Gitea register all configured providers and also on adding/deleting of new providers
* custom handling of errors in oauth2 request init + show better tip
* add ExternalLoginUser model and migration script to add it to database
* link a external account to an existing account (still need to handle wrong login and signup) and remove if user is removed
* remove the linked external account from the user his settings
* if user is unknown we allow him to register a new account or link it to some existing account
* sign up with button on signin page (als change OAuth2Provider structure so we can store basic stuff about providers)
* from gorilla/sessions docs:
"Important Note: If you aren't using gorilla/mux, you need to wrap your handlers with context.ClearHandler as or else you will leak memory!"
(we're using gorilla/sessions for storing oauth2 sessions)
* use updated goth lib that now supports getting the OAuth2 user if the AccessToken is still valid instead of re-authenticating (prevent flooding the OAuth2 provider)
* Remove unused custom-alphabet feature of random string generator
Fix random string generator
Random string generator should return error if it fails to read random data via crypto/rand
* Fixes variable (un)initialization mixed assign
Update test GetRandomString
* golint fixed for parts of routers root, dev and org dirs
* add user/auth.go golint fixed
* rename unnecessary exported to unexported and user dir golint fixed