Documentation: Clarity for HTTPS setups (#5626 )

[https-setup] - Made it clearer that HTTP redirection is possible [config-cheat-sheet] - Clarified the behavihour of the redirection-related config keys
2025-11-05 18:32:41 +09:00 · 2019-01-03 16:46:07 +01:00
75 changed files with 446 additions and 1548 deletions
--- a/.drone.yml
+++ b/.drone.yml
@@ -211,7 +211,7 @@ pipeline:
      branch: [ master ]

  static:
-    image: techknowlogick/xgo:latest
+    image: karalabe/xgo-latest:latest
    pull: true
    environment:
      TAGS: bindata sqlite sqlite_unlock_notify
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,48 +4,7 @@ This changelog goes through all the changes that have been made in each release
 without substantial changes to our git log; to see the highlights of what has
 been added to each release, please refer to the [blog](https://blog.gitea.io).

-## [1.7.2](https://github.com/go-gitea/gitea/releases/tag/v1.7.2) - 2019-02-14
-* BUGFIXES
-  * Remove all CommitStatus when a repo is deleted (#5940) (#5941)
-  * Fix notifications on pushing with deploy keys by setting hook environment variables (#5935) (#5944)
-  * Silence console logger in gitea serv (#5887) (#5943) 
-  * Handle milestone webhook events for issues and PR (#5947) (#5955)
-  * Show user who created the repository instead of the organization in action feed (#5948) (#5956)
-  * Fix ssh deploy and user key constraints (#1357) (#5939) (#5966)
-  * Fix bug when deleting a linked account will removed all (#5989) (#5990)
-  * Fix empty ssh key importing in ldap (#5984) (#6009)
-  * Fix metrics auth token detection (#6006) (#6017)
-  * Create repository on organisation by default on its dashboard (#6026) (#6048)
-  * Make sure labels are actually returned in API (#6053) (#6059)
-  * Switch to more recent build of xgo (#6070) (#6072)
-  * In basic auth check for tokens before call UserSignIn (#5725) (#6083)
-
-## [1.7.1](https://github.com/go-gitea/gitea/releases/tag/v1.7.1) - 2019-01-31
-* SECURITY
-  * Disable redirect for i18n (#5910) (#5916)
-  * Only allow local login if password is non-empty (#5906) (#5908)
-  * Fix go-get URL generation (#5905) (#5907)
-* BUGFIXES
-  * Fix TLS errors when using acme/autocert for local connections (#5820) (#5826)
-  * Request for public keys only if LDAP attribute is set (#5816) (#5819)
-  * Fix delete correct temp directory (#5840) (#5839)
-  * Fix an error while adding a dependency via UI (#5862) (#5876)
-  * Fix null pointer in attempt to Sudo if not logged in (#5872) (#5884)
-  * When creating new repository fsck option should be enabled (#5817) (#5885)
-  * Prevent nil dereference in mailIssueCommentToParticipants (#5891) (#5895) (#5894)
-  * Fix bug when read public repo lfs file (#5913) (#5912)
-  * Respect value of REQUIRE_SIGNIN_VIEW (#5901) (#5915)
-  * Fix compare button on upstream repo leading to 404 (#5877) (#5914)
-* DOCS
-  * Added docs for the tree api (#5835)
-* MISC
-  * Include Go toolchain to --version (#5832) (#5830)
-
-## [1.7.0](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-22
-* SECURITY
-  * Do not display the raw OpenID error in the UI (#5705) (#5712)
-  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5679)
-  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
+## [1.7.0-rc1](https://github.com/go-gitea/gitea/releases/tag/v1.7.0) - 2019-01-02
 * BREAKING
  * Restrict permission check on repositories and fix some problems (#5314)
  * Show only opened milestones on issues page milestone filter (#5051)
@@ -64,13 +23,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Give user a link to create PR after push (#4716)
  * Add rebase with merge commit merge style (#3844) (#4052)
 * BUGFIXES
-  * Disallow empty titles (#5785) (#5794) 
-  * Fix sqlite deadlock when assigning to a PR (#5640) (#5642)
-  * Don't close issues via commits on non-default branch. (#5622) (#5643)
-  * Fix commit page showing status for current default branch (#5650) (#5653)
-  * Only count users own actions for heatmap contributions (#5647) (#5655)
-  * Update xorm to fix issue postgresql dumping issues (#5680) (#5692)
-  * Use correct value for "MSpan Structures Obtained" (#5706) (#5716)
  * Fix bug on modifying sshd username (#5624)
  * Delete tags in mirror which are removed for original repo. (#5609)
  * Fix wrong text getting saved on editing second comment on an issue. (#5608)
@@ -197,18 +149,6 @@ been added to each release, please refer to the [blog](https://blog.gitea.io).
  * Git-Trees API (#5403)
  * Only chown directories during docker setup if necessary. Fix #4425 (#5064)

-## [1.6.4](https://github.com/go-gitea/gitea/releases/tag/v1.6.4) - 2019-01-15
-* BUGFIX
-  * Fix SSH key now can be reused as public key after deleting as deploy key (#5671) (#5685)
-  * When redirecting clean the path to avoid redirecting to external site (#5669) (#5703)
-  * Fix to use correct value for "MSpan Structures Obtained" (#5706) (#5715)
-
-## [1.6.3](https://github.com/go-gitea/gitea/releases/tag/v1.6.3) - 2019-01-04
-* SECURITY
-  * Prevent DeleteFilePost doing arbitrary deletion (#5631)
-* BUGFIX
-  * Fix wrong text getting saved on editing second comment on an issue (#5608)
-
 ## [1.6.2](https://github.com/go-gitea/gitea/releases/tag/v1.6.2) - 2018-12-21
 * SECURITY
  * Sanitize uploaded file names (#5571) (#5573)
--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -406,11 +406,11 @@
  version = "v0.6.0"

 [[projects]]
-  digest = "1:d366480c27ab51b3f7e995f25503063e7a6ebc7feb269df2499c33471f35cd62"
+  digest = "1:931a62a1aacc37a5e4c309a111642ec4da47b4dc453cd4ba5481b12eedb04a5d"
  name = "github.com/go-xorm/xorm"
  packages = ["."]
  pruneopts = "NUT"
-  revision = "1cd2662be938bfee0e34af92fe448513e0560fb1"
+  revision = "401f4ee8ff8cbc40a4754cb12192fbe4f02f3979"

 [[projects]]
  branch = "master"
@@ -1005,12 +1005,12 @@
  version = "v1.31.1"

 [[projects]]
-  digest = "1:7e1c00b9959544fa1ccca7cf0407a5b29ac6d5201059c4fac6f599cb99bfd24d"
+  digest = "1:01f4ac37c52bda6f7e1bd73680a99f88733c0408aaa159ecb1ba53a1ade9423c"
  name = "gopkg.in/ldap.v2"
  packages = ["."]
  pruneopts = "NUT"
-  revision = "bb7a9ca6e4fbc2129e3db588a34bc970ffe811a9"
-  version = "v2.5.1"
+  revision = "d0a5ced67b4dc310b9158d63a2c6f9c5ec13f105"
+  version = "v2.4.1"

 [[projects]]
  digest = "1:cfe1730a152ff033ad7d9c115d22e36b19eec6d5928c06146b9119be45d39dc0"
@@ -1173,7 +1173,6 @@
    "github.com/keybase/go-crypto/openpgp",
    "github.com/keybase/go-crypto/openpgp/armor",
    "github.com/keybase/go-crypto/openpgp/packet",
-    "github.com/klauspost/compress/gzip",
    "github.com/lafriks/xormstore",
    "github.com/lib/pq",
    "github.com/lunny/dingtalk_webhook",
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -38,7 +38,7 @@ ignored = ["google.golang.org/appengine*"]

 [[override]]
  name = "github.com/go-xorm/xorm"
-  revision = "1cd2662be938bfee0e34af92fe448513e0560fb1"
+  revision = "401f4ee8ff8cbc40a4754cb12192fbe4f02f3979"

 [[override]]
  name = "github.com/go-xorm/builder"
--- a/cmd/cmd.go
+++ b/cmd/cmd.go
@@ -9,11 +9,10 @@ package cmd
 import (
 	"errors"
 	"fmt"
+	"strings"

 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"
-
 	"github.com/urfave/cli"
 )

@@ -25,7 +24,7 @@ func argsSet(c *cli.Context, args ...string) error {
 			return errors.New(a + " is not set")
 		}

-		if util.IsEmptyString(a) {
+		if len(strings.TrimSpace(c.String(a))) == 0 {
 			return errors.New(a + " is required")
 		}
 	}
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -70,7 +70,6 @@ func checkLFSVersion() {
 }

 func setup(logPath string) {
-	log.DelLogger("console")
 	setting.NewContext()
 	checkLFSVersion()
 	log.NewGitLogger(filepath.Join(setting.LogRootPath, logPath))
@@ -234,30 +233,23 @@ func runServ(c *cli.Context) error {

 		// Check deploy key or user key.
 		if key.Type == models.KeyTypeDeploy {
-			// Now we have to get the deploy key for this repo
-			deployKey, err := private.GetDeployKey(key.ID, repo.ID)
+			if key.Mode < requestedMode {
+				fail("Key permission denied", "Cannot push with deployment key: %d", key.ID)
+			}
+
+			// Check if this deploy key belongs to current repository.
+			has, err := private.HasDeployKey(key.ID, repo.ID)
 			if err != nil {
 				fail("Key access denied", "Failed to access internal api: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
 			}
-
-			if deployKey == nil {
+			if !has {
 				fail("Key access denied", "Deploy key access denied: [key_id: %d, repo_id: %d]", key.ID, repo.ID)
 			}

-			if deployKey.Mode < requestedMode {
-				fail("Key permission denied", "Cannot push with read-only deployment key: %d to repo_id: %d", key.ID, repo.ID)
-			}
-
 			// Update deploy key activity.
 			if err = private.UpdateDeployKeyUpdated(key.ID, repo.ID); err != nil {
 				fail("Internal error", "UpdateDeployKey: %v", err)
 			}
-
-			// FIXME: Deploy keys aren't really the owner of the repo pushing changes
-			// however we don't have good way of representing deploy keys in hook.go
-			// so for now use the owner
-			os.Setenv(models.EnvPusherName, username)
-			os.Setenv(models.EnvPusherID, fmt.Sprintf("%d", repo.OwnerID))
 		} else {
 			user, err = private.GetUserByKeyID(key.ID)
 			if err != nil {
--- a/integrations/api_helper_for_declarative_test.go
+++ b/integrations/api_helper_for_declarative_test.go
@@ -1,152 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package integrations
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"testing"
-
-	api "code.gitea.io/sdk/gitea"
-	"github.com/stretchr/testify/assert"
-)
-
-type APITestContext struct {
-	Reponame     string
-	Session      *TestSession
-	Token        string
-	Username     string
-	ExpectedCode int
-}
-
-func NewAPITestContext(t *testing.T, username, reponame string) APITestContext {
-	session := loginUser(t, username)
-	token := getTokenForLoggedInUser(t, session)
-	return APITestContext{
-		Session:  session,
-		Token:    token,
-		Username: username,
-		Reponame: reponame,
-	}
-}
-
-func (ctx APITestContext) GitPath() string {
-	return fmt.Sprintf("%s/%s.git", ctx.Username, ctx.Reponame)
-}
-
-func doAPICreateRepository(ctx APITestContext, empty bool, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
-	return func(t *testing.T) {
-		createRepoOption := &api.CreateRepoOption{
-			AutoInit:    !empty,
-			Description: "Temporary repo",
-			Name:        ctx.Reponame,
-			Private:     true,
-			Gitignores:  "",
-			License:     "WTFPL",
-			Readme:      "Default",
-		}
-		req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+ctx.Token, createRepoOption)
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
-
-		var repository api.Repository
-		DecodeJSON(t, resp, &repository)
-		if len(callback) > 0 {
-			callback[0](t, repository)
-		}
-	}
-}
-
-func doAPIGetRepository(ctx APITestContext, callback ...func(*testing.T, api.Repository)) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
-
-		req := NewRequest(t, "GET", urlStr)
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		resp := ctx.Session.MakeRequest(t, req, http.StatusOK)
-
-		var repository api.Repository
-		DecodeJSON(t, resp, &repository)
-		if len(callback) > 0 {
-			callback[0](t, repository)
-		}
-	}
-}
-
-func doAPIDeleteRepository(ctx APITestContext) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
-
-		req := NewRequest(t, "DELETE", urlStr)
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
-	}
-}
-
-func doAPICreateUserKey(ctx APITestContext, keyname, keyFile string, callback ...func(*testing.T, api.PublicKey)) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/user/keys?token=%s", ctx.Token)
-
-		dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
-		assert.NoError(t, err)
-		req := NewRequestWithJSON(t, "POST", urlStr, &api.CreateKeyOption{
-			Title: keyname,
-			Key:   string(dataPubKey),
-		})
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		resp := ctx.Session.MakeRequest(t, req, http.StatusCreated)
-		var publicKey api.PublicKey
-		DecodeJSON(t, resp, &publicKey)
-		if len(callback) > 0 {
-			callback[0](t, publicKey)
-		}
-	}
-}
-
-func doAPIDeleteUserKey(ctx APITestContext, keyID int64) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/user/keys/%d?token=%s", keyID, ctx.Token)
-
-		req := NewRequest(t, "DELETE", urlStr)
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		ctx.Session.MakeRequest(t, req, http.StatusNoContent)
-	}
-}
-
-func doAPICreateDeployKey(ctx APITestContext, keyname, keyFile string, readOnly bool) func(*testing.T) {
-	return func(t *testing.T) {
-		urlStr := fmt.Sprintf("/api/v1/repos/%s/%s/keys?token=%s", ctx.Username, ctx.Reponame, ctx.Token)
-
-		dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
-		assert.NoError(t, err)
-		req := NewRequestWithJSON(t, "POST", urlStr, api.CreateKeyOption{
-			Title:    keyname,
-			Key:      string(dataPubKey),
-			ReadOnly: readOnly,
-		})
-
-		if ctx.ExpectedCode != 0 {
-			ctx.Session.MakeRequest(t, req, ctx.ExpectedCode)
-			return
-		}
-		ctx.Session.MakeRequest(t, req, http.StatusCreated)
-	}
-}
--- a/integrations/git_helper_for_declarative_test.go
+++ b/integrations/git_helper_for_declarative_test.go
@@ -1,127 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package integrations
-
-import (
-	"context"
-	"fmt"
-	"io/ioutil"
-	"net"
-	"net/http"
-	"net/url"
-	"os"
-	"os/exec"
-	"path/filepath"
-	"testing"
-	"time"
-
-	"code.gitea.io/git"
-	"code.gitea.io/gitea/modules/setting"
-	"github.com/Unknwon/com"
-	"github.com/stretchr/testify/assert"
-)
-
-func withKeyFile(t *testing.T, keyname string, callback func(string)) {
-	keyFile := filepath.Join(setting.AppDataPath, keyname)
-	err := exec.Command("ssh-keygen", "-f", keyFile, "-t", "rsa", "-N", "").Run()
-	assert.NoError(t, err)
-
-	//Setup ssh wrapper
-	os.Setenv("GIT_SSH_COMMAND",
-		"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "+
-			filepath.Join(setting.AppWorkPath, keyFile))
-	os.Setenv("GIT_SSH_VARIANT", "ssh")
-
-	callback(keyFile)
-
-	defer os.RemoveAll(keyFile)
-	defer os.RemoveAll(keyFile + ".pub")
-}
-
-func createSSHUrl(gitPath string, u *url.URL) *url.URL {
-	u2 := *u
-	u2.Scheme = "ssh"
-	u2.User = url.User("git")
-	u2.Host = fmt.Sprintf("%s:%d", setting.SSH.ListenHost, setting.SSH.ListenPort)
-	u2.Path = gitPath
-	return &u2
-}
-
-func onGiteaRun(t *testing.T, callback func(*testing.T, *url.URL)) {
-	prepareTestEnv(t)
-	s := http.Server{
-		Handler: mac,
-	}
-
-	u, err := url.Parse(setting.AppURL)
-	assert.NoError(t, err)
-	listener, err := net.Listen("tcp", u.Host)
-	assert.NoError(t, err)
-
-	defer func() {
-		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
-		s.Shutdown(ctx)
-		cancel()
-	}()
-
-	go s.Serve(listener)
-	//Started by config go ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
-
-	callback(t, u)
-}
-
-func doGitClone(dstLocalPath string, u *url.URL) func(*testing.T) {
-	return func(t *testing.T) {
-		assert.NoError(t, git.Clone(u.String(), dstLocalPath, git.CloneRepoOptions{}))
-		assert.True(t, com.IsExist(filepath.Join(dstLocalPath, "README.md")))
-	}
-}
-
-func doGitCloneFail(dstLocalPath string, u *url.URL) func(*testing.T) {
-	return func(t *testing.T) {
-		assert.Error(t, git.Clone(u.String(), dstLocalPath, git.CloneRepoOptions{}))
-		assert.False(t, com.IsExist(filepath.Join(dstLocalPath, "README.md")))
-	}
-}
-
-func doGitInitTestRepository(dstPath string) func(*testing.T) {
-	return func(t *testing.T) {
-		// Init repository in dstPath
-		assert.NoError(t, git.InitRepository(dstPath, false))
-		assert.NoError(t, ioutil.WriteFile(filepath.Join(dstPath, "README.md"), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s", dstPath)), 0644))
-		assert.NoError(t, git.AddChanges(dstPath, true))
-		signature := git.Signature{
-			Email: "test@example.com",
-			Name:  "test",
-			When:  time.Now(),
-		}
-		assert.NoError(t, git.CommitChanges(dstPath, git.CommitChangesOptions{
-			Committer: &signature,
-			Author:    &signature,
-			Message:   "Initial Commit",
-		}))
-	}
-}
-
-func doGitAddRemote(dstPath, remoteName string, u *url.URL) func(*testing.T) {
-	return func(t *testing.T) {
-		_, err := git.NewCommand("remote", "add", remoteName, u.String()).RunInDir(dstPath)
-		assert.NoError(t, err)
-	}
-}
-
-func doGitPushTestRepository(dstPath, remoteName, branch string) func(*testing.T) {
-	return func(t *testing.T) {
-		_, err := git.NewCommand("push", "-u", remoteName, branch).RunInDir(dstPath)
-		assert.NoError(t, err)
-	}
-}
-
-func doGitPushTestRepositoryFail(dstPath, remoteName, branch string) func(*testing.T) {
-	return func(t *testing.T) {
-		_, err := git.NewCommand("push", "-u", remoteName, branch).RunInDir(dstPath)
-		assert.Error(t, err)
-	}
-}
--- a/integrations/git_test.go
+++ b/integrations/git_test.go
@@ -5,17 +5,25 @@
 package integrations

 import (
+	"context"
 	"crypto/rand"
 	"fmt"
 	"io/ioutil"
+	"net"
+	"net/http"
 	"net/url"
 	"os"
+	"os/exec"
 	"path/filepath"
 	"testing"
 	"time"

 	"code.gitea.io/git"
+	"code.gitea.io/gitea/models"
+	"code.gitea.io/gitea/modules/setting"
+	api "code.gitea.io/sdk/gitea"

+	"github.com/Unknwon/com"
 	"github.com/stretchr/testify/assert"
 )

@@ -24,86 +32,160 @@ const (
 	bigSize    = 128 * 1024 * 1024 //128Mo
 )

-func TestGit(t *testing.T) {
-	onGiteaRun(t, testGit)
+func onGiteaRun(t *testing.T, callback func(*testing.T, *url.URL)) {
+	prepareTestEnv(t)
+	s := http.Server{
+		Handler: mac,
+	}
+
+	u, err := url.Parse(setting.AppURL)
+	assert.NoError(t, err)
+	listener, err := net.Listen("tcp", u.Host)
+	assert.NoError(t, err)
+
+	defer func() {
+		ctx, cancel := context.WithTimeout(context.Background(), 2*time.Minute)
+		s.Shutdown(ctx)
+		cancel()
+	}()
+
+	go s.Serve(listener)
+	//Started by config go ssh.Listen(setting.SSH.ListenHost, setting.SSH.ListenPort, setting.SSH.ServerCiphers, setting.SSH.ServerKeyExchanges, setting.SSH.ServerMACs)
+
+	callback(t, u)
 }

-func testGit(t *testing.T, u *url.URL) {
-	username := "user2"
-	baseAPITestContext := NewAPITestContext(t, username, "repo1")
+func TestGit(t *testing.T) {
+	onGiteaRun(t, func(t *testing.T, u *url.URL) {
+		u.Path = "user2/repo1.git"

-	u.Path = baseAPITestContext.GitPath()
-
-	t.Run("HTTP", func(t *testing.T) {
-		httpContext := baseAPITestContext
-		httpContext.Reponame = "repo-tmp-17"
-
-		dstPath, err := ioutil.TempDir("", httpContext.Reponame)
-		assert.NoError(t, err)
-		defer os.RemoveAll(dstPath)
-		t.Run("Standard", func(t *testing.T) {
-			ensureAnonymousClone(t, u)
-
-			t.Run("CreateRepo", doAPICreateRepository(httpContext, false))
-
-			u.Path = httpContext.GitPath()
-			u.User = url.UserPassword(username, userPassword)
-
-			t.Run("Clone", doGitClone(dstPath, u))
-
-			t.Run("PushCommit", func(t *testing.T) {
-				t.Run("Little", func(t *testing.T) {
-					commitAndPush(t, littleSize, dstPath)
+		t.Run("HTTP", func(t *testing.T) {
+			dstPath, err := ioutil.TempDir("", "repo-tmp-17")
+			assert.NoError(t, err)
+			defer os.RemoveAll(dstPath)
+			t.Run("Standard", func(t *testing.T) {
+				t.Run("CloneNoLogin", func(t *testing.T) {
+					dstLocalPath, err := ioutil.TempDir("", "repo1")
+					assert.NoError(t, err)
+					defer os.RemoveAll(dstLocalPath)
+					err = git.Clone(u.String(), dstLocalPath, git.CloneRepoOptions{})
+					assert.NoError(t, err)
+					assert.True(t, com.IsExist(filepath.Join(dstLocalPath, "README.md")))
 				})
-				t.Run("Big", func(t *testing.T) {
-					commitAndPush(t, bigSize, dstPath)
+
+				t.Run("CreateRepo", func(t *testing.T) {
+					session := loginUser(t, "user2")
+					token := getTokenForLoggedInUser(t, session)
+					req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{
+						AutoInit:    true,
+						Description: "Temporary repo",
+						Name:        "repo-tmp-17",
+						Private:     false,
+						Gitignores:  "",
+						License:     "WTFPL",
+						Readme:      "Default",
+					})
+					session.MakeRequest(t, req, http.StatusCreated)
+				})
+
+				u.Path = "user2/repo-tmp-17.git"
+				u.User = url.UserPassword("user2", userPassword)
+				t.Run("Clone", func(t *testing.T) {
+					err = git.Clone(u.String(), dstPath, git.CloneRepoOptions{})
+					assert.NoError(t, err)
+					assert.True(t, com.IsExist(filepath.Join(dstPath, "README.md")))
+				})
+
+				t.Run("PushCommit", func(t *testing.T) {
+					t.Run("Little", func(t *testing.T) {
+						commitAndPush(t, littleSize, dstPath)
+					})
+					t.Run("Big", func(t *testing.T) {
+						commitAndPush(t, bigSize, dstPath)
+					})
+				})
+			})
+			t.Run("LFS", func(t *testing.T) {
+				t.Run("PushCommit", func(t *testing.T) {
+					//Setup git LFS
+					_, err = git.NewCommand("lfs").AddArguments("install").RunInDir(dstPath)
+					assert.NoError(t, err)
+					_, err = git.NewCommand("lfs").AddArguments("track", "data-file-*").RunInDir(dstPath)
+					assert.NoError(t, err)
+					err = git.AddChanges(dstPath, false, ".gitattributes")
+					assert.NoError(t, err)
+
+					t.Run("Little", func(t *testing.T) {
+						commitAndPush(t, littleSize, dstPath)
+					})
+					t.Run("Big", func(t *testing.T) {
+						commitAndPush(t, bigSize, dstPath)
+					})
+				})
+				t.Run("Locks", func(t *testing.T) {
+					lockTest(t, u.String(), dstPath)
 				})
 			})
 		})
-		t.Run("LFS", func(t *testing.T) {
-			t.Run("PushCommit", func(t *testing.T) {
-				//Setup git LFS
-				_, err = git.NewCommand("lfs").AddArguments("install").RunInDir(dstPath)
-				assert.NoError(t, err)
-				_, err = git.NewCommand("lfs").AddArguments("track", "data-file-*").RunInDir(dstPath)
-				assert.NoError(t, err)
-				err = git.AddChanges(dstPath, false, ".gitattributes")
-				assert.NoError(t, err)
-
-				t.Run("Little", func(t *testing.T) {
-					commitAndPush(t, littleSize, dstPath)
-				})
-				t.Run("Big", func(t *testing.T) {
-					commitAndPush(t, bigSize, dstPath)
-				})
-			})
-			t.Run("Locks", func(t *testing.T) {
-				lockTest(t, u.String(), dstPath)
-			})
-		})
-	})
-	t.Run("SSH", func(t *testing.T) {
-		sshContext := baseAPITestContext
-		sshContext.Reponame = "repo-tmp-18"
-		keyname := "my-testing-key"
-		//Setup key the user ssh key
-		withKeyFile(t, keyname, func(keyFile string) {
-			t.Run("CreateUserKey", doAPICreateUserKey(sshContext, "test-key", keyFile))
-
+		t.Run("SSH", func(t *testing.T) {
 			//Setup remote link
-			sshURL := createSSHUrl(sshContext.GitPath(), u)
+			u.Scheme = "ssh"
+			u.User = url.User("git")
+			u.Host = fmt.Sprintf("%s:%d", setting.SSH.ListenHost, setting.SSH.ListenPort)
+			u.Path = "user2/repo-tmp-18.git"
+
+			//Setup key
+			keyFile := filepath.Join(setting.AppDataPath, "my-testing-key")
+			err := exec.Command("ssh-keygen", "-f", keyFile, "-t", "rsa", "-N", "").Run()
+			assert.NoError(t, err)
+			defer os.RemoveAll(keyFile)
+			defer os.RemoveAll(keyFile + ".pub")
+
+			session := loginUser(t, "user1")
+			keyOwner := models.AssertExistsAndLoadBean(t, &models.User{Name: "user2"}).(*models.User)
+			token := getTokenForLoggedInUser(t, session)
+			urlStr := fmt.Sprintf("/api/v1/admin/users/%s/keys?token=%s", keyOwner.Name, token)
+
+			dataPubKey, err := ioutil.ReadFile(keyFile + ".pub")
+			assert.NoError(t, err)
+			req := NewRequestWithValues(t, "POST", urlStr, map[string]string{
+				"key":   string(dataPubKey),
+				"title": "test-key",
+			})
+			session.MakeRequest(t, req, http.StatusCreated)
+
+			//Setup ssh wrapper
+			os.Setenv("GIT_SSH_COMMAND",
+				"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i "+
+					filepath.Join(setting.AppWorkPath, keyFile))
+			os.Setenv("GIT_SSH_VARIANT", "ssh")

 			//Setup clone folder
-			dstPath, err := ioutil.TempDir("", sshContext.Reponame)
+			dstPath, err := ioutil.TempDir("", "repo-tmp-18")
 			assert.NoError(t, err)
 			defer os.RemoveAll(dstPath)

 			t.Run("Standard", func(t *testing.T) {
-				t.Run("CreateRepo", doAPICreateRepository(sshContext, false))
-
+				t.Run("CreateRepo", func(t *testing.T) {
+					session := loginUser(t, "user2")
+					token := getTokenForLoggedInUser(t, session)
+					req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos?token="+token, &api.CreateRepoOption{
+						AutoInit:    true,
+						Description: "Temporary repo",
+						Name:        "repo-tmp-18",
+						Private:     false,
+						Gitignores:  "",
+						License:     "WTFPL",
+						Readme:      "Default",
+					})
+					session.MakeRequest(t, req, http.StatusCreated)
+				})
 				//TODO get url from api
-				t.Run("Clone", doGitClone(dstPath, sshURL))
-
+				t.Run("Clone", func(t *testing.T) {
+					_, err = git.NewCommand("clone").AddArguments(u.String(), dstPath).Run()
+					assert.NoError(t, err)
+					assert.True(t, com.IsExist(filepath.Join(dstPath, "README.md")))
+				})
 				//time.Sleep(5 * time.Minute)
 				t.Run("PushCommit", func(t *testing.T) {
 					t.Run("Little", func(t *testing.T) {
@@ -135,20 +217,10 @@ func testGit(t *testing.T, u *url.URL) {
 					lockTest(t, u.String(), dstPath)
 				})
 			})
-
 		})
-
 	})
 }

-func ensureAnonymousClone(t *testing.T, u *url.URL) {
-	dstLocalPath, err := ioutil.TempDir("", "repo1")
-	assert.NoError(t, err)
-	defer os.RemoveAll(dstLocalPath)
-	t.Run("CloneAnonymous", doGitClone(dstLocalPath, u))
-
-}
-
 func lockTest(t *testing.T, remote, repoPath string) {
 	_, err := git.NewCommand("remote").AddArguments("set-url", "origin", remote).RunInDir(repoPath) //TODO add test ssh git-lfs-creds
 	assert.NoError(t, err)
--- a/integrations/ssh_key_test.go
+++ b/integrations/ssh_key_test.go
@@ -1,217 +0,0 @@
-// Copyright 2019 The Gitea Authors. All rights reserved.
-// Use of this source code is governed by a MIT-style
-// license that can be found in the LICENSE file.
-
-package integrations
-
-import (
-	"fmt"
-	"io/ioutil"
-	"net/http"
-	"net/url"
-	"os"
-	"path/filepath"
-	"testing"
-	"time"
-
-	"code.gitea.io/git"
-	api "code.gitea.io/sdk/gitea"
-	"github.com/stretchr/testify/assert"
-)
-
-func doCheckRepositoryEmptyStatus(ctx APITestContext, isEmpty bool) func(*testing.T) {
-	return doAPIGetRepository(ctx, func(t *testing.T, repository api.Repository) {
-		assert.Equal(t, isEmpty, repository.Empty)
-	})
-}
-
-func doAddChangesToCheckout(dstPath, filename string) func(*testing.T) {
-	return func(t *testing.T) {
-		assert.NoError(t, ioutil.WriteFile(filepath.Join(dstPath, filename), []byte(fmt.Sprintf("# Testing Repository\n\nOriginally created in: %s at time: %v", dstPath, time.Now())), 0644))
-		assert.NoError(t, git.AddChanges(dstPath, true))
-		signature := git.Signature{
-			Email: "test@example.com",
-			Name:  "test",
-			When:  time.Now(),
-		}
-		assert.NoError(t, git.CommitChanges(dstPath, git.CommitChangesOptions{
-			Committer: &signature,
-			Author:    &signature,
-			Message:   "Initial Commit",
-		}))
-	}
-}
-
-func TestPushDeployKeyOnEmptyRepo(t *testing.T) {
-	onGiteaRun(t, testPushDeployKeyOnEmptyRepo)
-}
-
-func testPushDeployKeyOnEmptyRepo(t *testing.T, u *url.URL) {
-	// OK login
-	ctx := NewAPITestContext(t, "user2", "deploy-key-empty-repo-1")
-	keyname := fmt.Sprintf("%s-push", ctx.Reponame)
-	u.Path = ctx.GitPath()
-
-	t.Run("CreateEmptyRepository", doAPICreateRepository(ctx, true))
-
-	t.Run("CheckIsEmpty", doCheckRepositoryEmptyStatus(ctx, true))
-
-	withKeyFile(t, keyname, func(keyFile string) {
-		t.Run("CreatePushDeployKey", doAPICreateDeployKey(ctx, keyname, keyFile, false))
-
-		// Setup the testing repository
-		dstPath, err := ioutil.TempDir("", "repo-tmp-deploy-key-empty-repo-1")
-		assert.NoError(t, err)
-		defer os.RemoveAll(dstPath)
-
-		t.Run("InitTestRepository", doGitInitTestRepository(dstPath))
-
-		//Setup remote link
-		sshURL := createSSHUrl(ctx.GitPath(), u)
-
-		t.Run("AddRemote", doGitAddRemote(dstPath, "origin", sshURL))
-
-		t.Run("SSHPushTestRepository", doGitPushTestRepository(dstPath, "origin", "master"))
-
-		t.Run("CheckIsNotEmpty", doCheckRepositoryEmptyStatus(ctx, false))
-
-		t.Run("DeleteRepository", doAPIDeleteRepository(ctx))
-	})
-}
-
-func TestKeyOnlyOneType(t *testing.T) {
-	onGiteaRun(t, testKeyOnlyOneType)
-}
-
-func testKeyOnlyOneType(t *testing.T, u *url.URL) {
-	// Once a key is a user key we cannot use it as a deploy key
-	// If we delete it from the user we should be able to use it as a deploy key
-	reponame := "ssh-key-test-repo"
-	username := "user2"
-	u.Path = fmt.Sprintf("%s/%s.git", username, reponame)
-	keyname := fmt.Sprintf("%s-push", reponame)
-
-	// OK login
-	ctx := NewAPITestContext(t, username, reponame)
-
-	otherCtx := ctx
-	otherCtx.Reponame = "ssh-key-test-repo-2"
-
-	failCtx := ctx
-	failCtx.ExpectedCode = http.StatusUnprocessableEntity
-
-	t.Run("CreateRepository", doAPICreateRepository(ctx, false))
-	t.Run("CreateOtherRepository", doAPICreateRepository(otherCtx, false))
-
-	withKeyFile(t, keyname, func(keyFile string) {
-		var userKeyPublicKeyID int64
-		t.Run("KeyCanOnlyBeUser", func(t *testing.T) {
-			dstPath, err := ioutil.TempDir("", ctx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstPath)
-
-			sshURL := createSSHUrl(ctx.GitPath(), u)
-
-			t.Run("FailToClone", doGitCloneFail(dstPath, sshURL))
-
-			t.Run("CreateUserKey", doAPICreateUserKey(ctx, keyname, keyFile, func(t *testing.T, publicKey api.PublicKey) {
-				userKeyPublicKeyID = publicKey.ID
-			}))
-
-			t.Run("FailToAddReadOnlyDeployKey", doAPICreateDeployKey(failCtx, keyname, keyFile, true))
-
-			t.Run("FailToAddDeployKey", doAPICreateDeployKey(failCtx, keyname, keyFile, false))
-
-			t.Run("Clone", doGitClone(dstPath, sshURL))
-
-			t.Run("AddChanges", doAddChangesToCheckout(dstPath, "CHANGES1.md"))
-
-			t.Run("Push", doGitPushTestRepository(dstPath, "origin", "master"))
-
-			t.Run("DeleteUserKey", doAPIDeleteUserKey(ctx, userKeyPublicKeyID))
-		})
-
-		t.Run("KeyCanBeAnyDeployButNotUserAswell", func(t *testing.T) {
-			dstPath, err := ioutil.TempDir("", ctx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstPath)
-
-			sshURL := createSSHUrl(ctx.GitPath(), u)
-
-			t.Run("FailToClone", doGitCloneFail(dstPath, sshURL))
-
-			// Should now be able to add...
-			t.Run("AddReadOnlyDeployKey", doAPICreateDeployKey(ctx, keyname, keyFile, true))
-
-			t.Run("Clone", doGitClone(dstPath, sshURL))
-
-			t.Run("AddChanges", doAddChangesToCheckout(dstPath, "CHANGES2.md"))
-
-			t.Run("FailToPush", doGitPushTestRepositoryFail(dstPath, "origin", "master"))
-
-			otherSSHURL := createSSHUrl(otherCtx.GitPath(), u)
-			dstOtherPath, err := ioutil.TempDir("", otherCtx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstOtherPath)
-
-			t.Run("AddWriterDeployKeyToOther", doAPICreateDeployKey(otherCtx, keyname, keyFile, false))
-
-			t.Run("CloneOther", doGitClone(dstOtherPath, otherSSHURL))
-
-			t.Run("AddChangesToOther", doAddChangesToCheckout(dstOtherPath, "CHANGES3.md"))
-
-			t.Run("PushToOther", doGitPushTestRepository(dstOtherPath, "origin", "master"))
-
-			t.Run("FailToCreateUserKey", doAPICreateUserKey(failCtx, keyname, keyFile))
-		})
-
-		t.Run("DeleteRepositoryShouldReleaseKey", func(t *testing.T) {
-			otherSSHURL := createSSHUrl(otherCtx.GitPath(), u)
-			dstOtherPath, err := ioutil.TempDir("", otherCtx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstOtherPath)
-
-			t.Run("DeleteRepository", doAPIDeleteRepository(ctx))
-
-			t.Run("FailToCreateUserKeyAsStillDeploy", doAPICreateUserKey(failCtx, keyname, keyFile))
-
-			t.Run("MakeSureCloneOtherStillWorks", doGitClone(dstOtherPath, otherSSHURL))
-
-			t.Run("AddChangesToOther", doAddChangesToCheckout(dstOtherPath, "CHANGES3.md"))
-
-			t.Run("PushToOther", doGitPushTestRepository(dstOtherPath, "origin", "master"))
-
-			t.Run("DeleteOtherRepository", doAPIDeleteRepository(otherCtx))
-
-			t.Run("RecreateRepository", doAPICreateRepository(ctx, false))
-
-			t.Run("CreateUserKey", doAPICreateUserKey(ctx, keyname, keyFile, func(t *testing.T, publicKey api.PublicKey) {
-				userKeyPublicKeyID = publicKey.ID
-			}))
-
-			dstPath, err := ioutil.TempDir("", ctx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstPath)
-
-			sshURL := createSSHUrl(ctx.GitPath(), u)
-
-			t.Run("Clone", doGitClone(dstPath, sshURL))
-
-			t.Run("AddChanges", doAddChangesToCheckout(dstPath, "CHANGES1.md"))
-
-			t.Run("Push", doGitPushTestRepository(dstPath, "origin", "master"))
-		})
-
-		t.Run("DeleteUserKeyShouldRemoveAbilityToClone", func(t *testing.T) {
-			dstPath, err := ioutil.TempDir("", ctx.Reponame)
-			assert.NoError(t, err)
-			defer os.RemoveAll(dstPath)
-
-			sshURL := createSSHUrl(ctx.GitPath(), u)
-
-			t.Run("DeleteUserKey", doAPIDeleteUserKey(ctx, userKeyPublicKeyID))
-
-			t.Run("FailToClone", doGitCloneFail(dstPath, sshURL))
-		})
-	})
-}
--- a/main.go
+++ b/main.go
@@ -8,7 +8,6 @@ package main // import "code.gitea.io/gitea"

 import (
 	"os"
-	"runtime"
 	"strings"

 	"code.gitea.io/gitea/cmd"
@@ -62,8 +61,8 @@ arguments - which can alternatively be run by running the subcommand web.`

 func formatBuiltWith(Tags string) string {
 	if len(Tags) == 0 {
-		return " built with " + runtime.Version()
+		return ""
 	}

-	return " built with " + runtime.Version() + " : " + strings.Replace(Tags, " ", ", ", -1)
+	return " built with: " + strings.Replace(Tags, " ", ", ", -1)
 }
--- a/models/action.go
+++ b/models/action.go
@@ -476,34 +476,8 @@ func getIssueFromRef(repo *Repository, ref string) (*Issue, error) {
 	return issue, nil
 }

-func changeIssueStatus(repo *Repository, doer *User, ref string, refMarked map[int64]bool, status bool) error {
-	issue, err := getIssueFromRef(repo, ref)
-	if err != nil {
-		return err
-	}
-
-	if issue == nil || refMarked[issue.ID] {
-		return nil
-	}
-	refMarked[issue.ID] = true
-
-	if issue.RepoID != repo.ID || issue.IsClosed == status {
-		return nil
-	}
-
-	issue.Repo = repo
-	if err = issue.ChangeStatus(doer, status); err != nil {
-		// Don't return an error when dependencies are open as this would let the push fail
-		if IsErrDependenciesLeft(err) {
-			return nil
-		}
-		return err
-	}
-	return nil
-}
-
 // UpdateIssuesCommit checks if issues are manipulated by commit message.
-func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit, branchName string) error {
+func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit) error {
 	// Commits are appended in the reverse order.
 	for i := len(commits) - 1; i >= 0; i-- {
 		c := commits[i]
@@ -526,21 +500,51 @@ func UpdateIssuesCommit(doer *User, repo *Repository, commits []*PushCommit, bra
 			}
 		}

-		// Change issue status only if the commit has been pushed to the default branch.
-		if repo.DefaultBranch != branchName {
-			continue
-		}
-
 		refMarked = make(map[int64]bool)
+		// FIXME: can merge this one and next one to a common function.
 		for _, ref := range issueCloseKeywordsPat.FindAllString(c.Message, -1) {
-			if err := changeIssueStatus(repo, doer, ref, refMarked, true); err != nil {
+			issue, err := getIssueFromRef(repo, ref)
+			if err != nil {
+				return err
+			}
+
+			if issue == nil || refMarked[issue.ID] {
+				continue
+			}
+			refMarked[issue.ID] = true
+
+			if issue.RepoID != repo.ID || issue.IsClosed {
+				continue
+			}
+
+			issue.Repo = repo
+			if err = issue.ChangeStatus(doer, true); err != nil {
+				// Don't return an error when dependencies are open as this would let the push fail
+				if IsErrDependenciesLeft(err) {
+					return nil
+				}
 				return err
 			}
 		}

 		// It is conflict to have close and reopen at same time, so refsMarked doesn't need to reinit here.
 		for _, ref := range issueReopenKeywordsPat.FindAllString(c.Message, -1) {
-			if err := changeIssueStatus(repo, doer, ref, refMarked, false); err != nil {
+			issue, err := getIssueFromRef(repo, ref)
+			if err != nil {
+				return err
+			}
+
+			if issue == nil || refMarked[issue.ID] {
+				continue
+			}
+			refMarked[issue.ID] = true
+
+			if issue.RepoID != repo.ID || !issue.IsClosed {
+				continue
+			}
+
+			issue.Repo = repo
+			if err = issue.ChangeStatus(doer, false); err != nil {
 				return err
 			}
 		}
@@ -605,7 +609,7 @@ func CommitRepoAction(opts CommitRepoActionOptions) error {
 			opts.Commits.CompareURL = repo.ComposeCompareURL(opts.OldCommitID, opts.NewCommitID)
 		}

-		if err = UpdateIssuesCommit(pusher, repo, opts.Commits.Commits, refName); err != nil {
+		if err = UpdateIssuesCommit(pusher, repo, opts.Commits.Commits); err != nil {
 			log.Error(4, "updateIssuesCommit: %v", err)
 		}
 	}
--- a/models/action_test.go
+++ b/models/action_test.go
@@ -227,37 +227,10 @@ func TestUpdateIssuesCommit(t *testing.T) {

 	AssertNotExistsBean(t, commentBean)
 	AssertNotExistsBean(t, &Issue{RepoID: repo.ID, Index: 2}, "is_closed=1")
-	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits, repo.DefaultBranch))
+	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits))
 	AssertExistsAndLoadBean(t, commentBean)
 	AssertExistsAndLoadBean(t, issueBean, "is_closed=1")
 	CheckConsistencyFor(t, &Action{})
-
-	// Test that push to a non-default branch closes no issue.
-	pushCommits = []*PushCommit{
-		{
-			Sha1:           "abcdef1",
-			CommitterEmail: "user2@example.com",
-			CommitterName:  "User Two",
-			AuthorEmail:    "user4@example.com",
-			AuthorName:     "User Four",
-			Message:        "close #1",
-		},
-	}
-	repo = AssertExistsAndLoadBean(t, &Repository{ID: 3}).(*Repository)
-	commentBean = &Comment{
-		Type:      CommentTypeCommitRef,
-		CommitSHA: "abcdef1",
-		PosterID:  user.ID,
-		IssueID:   6,
-	}
-	issueBean = &Issue{RepoID: repo.ID, Index: 1}
-
-	AssertNotExistsBean(t, commentBean)
-	AssertNotExistsBean(t, &Issue{RepoID: repo.ID, Index: 1}, "is_closed=1")
-	assert.NoError(t, UpdateIssuesCommit(user, repo, pushCommits, "non-existing-branch"))
-	AssertExistsAndLoadBean(t, commentBean)
-	AssertNotExistsBean(t, issueBean, "is_closed=1")
-	CheckConsistencyFor(t, &Action{})
 }

 func testCorrectRepoAction(t *testing.T, opts CommitRepoActionOptions, actionBean *Action) {
--- a/models/issue.go
+++ b/models/issue.go
@@ -1402,7 +1402,7 @@ func UpdateIssueMentions(e Engine, issueID int64, mentions []string) error {
 		}

 		memberIDs := make([]int64, 0, user.NumMembers)
-		orgUsers, err := getOrgUsersByOrgID(e, user.ID)
+		orgUsers, err := GetOrgUsersByOrgID(user.ID)
 		if err != nil {
 			return fmt.Errorf("GetOrgUsersByOrgID [%d]: %v", user.ID, err)
 		}
--- a/models/issue_assignees.go
+++ b/models/issue_assignees.go
@@ -44,11 +44,7 @@ func (issue *Issue) loadAssignees(e Engine) (err error) {

 // GetAssigneesByIssue returns everyone assigned to that issue
 func GetAssigneesByIssue(issue *Issue) (assignees []*User, err error) {
-	return getAssigneesByIssue(x, issue)
-}
-
-func getAssigneesByIssue(e Engine, issue *Issue) (assignees []*User, err error) {
-	err = issue.loadAssignees(e)
+	err = issue.loadAssignees(x)
 	if err != nil {
 		return assignees, err
 	}
@@ -177,7 +173,7 @@ func (issue *Issue) changeAssignee(sess *xorm.Session, doer *User, assigneeID in
 		issue.PullRequest.Issue = issue
 		apiPullRequest := &api.PullRequestPayload{
 			Index:       issue.Index,
-			PullRequest: issue.PullRequest.apiFormat(sess),
+			PullRequest: issue.PullRequest.APIFormat(),
 			Repository:  issue.Repo.innerAPIFormat(sess, mode, false),
 			Sender:      doer.APIFormat(),
 		}
--- a/models/issue_comment.go
+++ b/models/issue_comment.go
@@ -748,9 +748,6 @@ func createIssueDependencyComment(e *xorm.Session, doer *User, issue *Issue, dep
 	if !add {
 		cType = CommentTypeRemoveDependency
 	}
-	if err = issue.loadRepo(e); err != nil {
-		return
-	}

 	// Make two comments, one in each issue
 	_, err = createComment(e, &CreateCommentOptions{
--- a/models/issue_dependency_test.go
+++ b/models/issue_dependency_test.go
@@ -19,9 +19,11 @@ func TestCreateIssueDependency(t *testing.T) {

 	issue1, err := GetIssueByID(1)
 	assert.NoError(t, err)
+	issue1.LoadAttributes()

 	issue2, err := GetIssueByID(2)
 	assert.NoError(t, err)
+	issue2.LoadAttributes()

 	// Create a dependency and check if it was successful
 	err = CreateIssueDependency(user1, issue1, issue2)
--- a/models/issue_mail.go
+++ b/models/issue_mail.go
@@ -39,16 +39,16 @@ func mailIssueCommentToParticipants(e Engine, issue *Issue, doer *User, content

 	// In case the issue poster is not watching the repository and is active,
 	// even if we have duplicated in watchers, can be safely filtered out.
-	err = issue.loadPoster(e)
+	poster, err := getUserByID(e, issue.PosterID)
 	if err != nil {
 		return fmt.Errorf("GetUserByID [%d]: %v", issue.PosterID, err)
 	}
-	if issue.PosterID != doer.ID && issue.Poster.IsActive && !issue.Poster.ProhibitLogin {
+	if issue.PosterID != doer.ID && poster.IsActive && !poster.ProhibitLogin {
 		participants = append(participants, issue.Poster)
 	}

 	// Assignees must receive any communications
-	assignees, err := getAssigneesByIssue(e, issue)
+	assignees, err := GetAssigneesByIssue(issue)
 	if err != nil {
 		return err
 	}
@@ -88,10 +88,6 @@ func mailIssueCommentToParticipants(e Engine, issue *Issue, doer *User, content
 		names = append(names, participants[i].Name)
 	}

-	if err := issue.loadRepo(e); err != nil {
-		return err
-	}
-
 	for _, to := range tos {
 		SendIssueCommentMail(issue, doer, content, comment, []string{to})
 	}
--- a/models/issue_user.go
+++ b/models/issue_user.go
@@ -54,7 +54,7 @@ func newIssueUsers(e Engine, repo *Repository, issue *Issue) error {
 func updateIssueAssignee(e *xorm.Session, issue *Issue, assigneeID int64) (removed bool, err error) {

 	// Check if the user exists
-	assignee, err := getUserByID(e, assigneeID)
+	assignee, err := GetUserByID(assigneeID)
 	if err != nil {
 		return false, err
 	}
--- a/models/login_source.go
+++ b/models/login_source.go
@@ -644,7 +644,7 @@ func UserSignIn(username, password string) (*User, error) {
 	if hasUser {
 		switch user.LoginType {
 		case LoginNoType, LoginPlain, LoginOAuth2:
-			if user.IsPasswordSet() && user.ValidatePassword(password) {
+			if user.ValidatePassword(password) {
 				return user, nil
 			}

--- a/models/org.go
+++ b/models/org.go
@@ -393,12 +393,8 @@ func GetOrgUsersByUserID(uid int64, all bool) ([]*OrgUser, error) {

 // GetOrgUsersByOrgID returns all organization-user relations by organization ID.
 func GetOrgUsersByOrgID(orgID int64) ([]*OrgUser, error) {
-	return getOrgUsersByOrgID(x, orgID)
-}
-
-func getOrgUsersByOrgID(e Engine, orgID int64) ([]*OrgUser, error) {
 	ous := make([]*OrgUser, 0, 10)
-	err := e.
+	err := x.
 		Where("org_id=?", orgID).
 		Find(&ous)
 	return ous, err
--- a/models/pull.go
+++ b/models/pull.go
@@ -366,7 +366,7 @@ func (pr *PullRequest) Merge(doer *User, baseGitRepo *git.Repository, mergeStyle
 		return fmt.Errorf("Failed to create dir %s: %v", tmpBasePath, err)
 	}

-	defer os.RemoveAll(tmpBasePath)
+	defer os.RemoveAll(path.Dir(tmpBasePath))

 	var stderr string
 	if _, stderr, err = process.GetManager().ExecTimeout(5*time.Minute,
--- a/models/repo.go
+++ b/models/repo.go
@@ -11,7 +11,6 @@ import (
 	"fmt"
 	"html/template"
 	"io/ioutil"
-	"net/url"
 	"os"
 	"os/exec"
 	"path"
@@ -35,8 +34,8 @@ import (
 	"github.com/Unknwon/com"
 	"github.com/go-xorm/builder"
 	"github.com/go-xorm/xorm"
-	version "github.com/mcuadros/go-version"
-	ini "gopkg.in/ini.v1"
+	"github.com/mcuadros/go-version"
+	"gopkg.in/ini.v1"
 )

 var repoWorkingPool = sync.NewExclusivePool()
@@ -825,7 +824,7 @@ type CloneLink struct {

 // ComposeHTTPSCloneURL returns HTTPS clone URL based on given owner and repository name.
 func ComposeHTTPSCloneURL(owner, repo string) string {
-	return fmt.Sprintf("%s%s/%s.git", setting.AppURL, url.QueryEscape(owner), url.QueryEscape(repo))
+	return fmt.Sprintf("%s%s/%s.git", setting.AppURL, owner, repo)
 }

 func (repo *Repository) cloneLink(e Engine, isWiki bool) *CloneLink {
@@ -1346,27 +1345,26 @@ func createRepository(e *xorm.Session, doer, u *User, repo *Repository) (err err

 	if err = watchRepo(e, doer.ID, repo.ID, true); err != nil {
 		return fmt.Errorf("watchRepo: %v", err)
-	} else if err = newRepoAction(e, doer, repo); err != nil {
+	} else if err = newRepoAction(e, u, repo); err != nil {
 		return fmt.Errorf("newRepoAction: %v", err)
 	}

 	return nil
 }

-// CreateRepository creates a repository for the user/organization.
+// CreateRepository creates a repository for the user/organization u.
 func CreateRepository(doer, u *User, opts CreateRepoOptions) (_ *Repository, err error) {
 	if !doer.IsAdmin && !u.CanCreateRepo() {
 		return nil, ErrReachLimitOfRepo{u.MaxRepoCreation}
 	}

 	repo := &Repository{
-		OwnerID:       u.ID,
-		Owner:         u,
-		Name:          opts.Name,
-		LowerName:     strings.ToLower(opts.Name),
-		Description:   opts.Description,
-		IsPrivate:     opts.IsPrivate,
-		IsFsckEnabled: true,
+		OwnerID:     u.ID,
+		Owner:       u,
+		Name:        opts.Name,
+		LowerName:   strings.ToLower(opts.Name),
+		Description: opts.Description,
+		IsPrivate:   opts.IsPrivate,
 	}

 	sess := x.NewSession()
@@ -1743,17 +1741,6 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 		return ErrRepoNotExist{repoID, uid, "", ""}
 	}

-	// Delete Deploy Keys
-	deployKeys, err := listDeployKeys(sess, repo.ID)
-	if err != nil {
-		return fmt.Errorf("listDeployKeys: %v", err)
-	}
-	for _, dKey := range deployKeys {
-		if err := deleteDeployKey(sess, doer, dKey.ID); err != nil {
-			return fmt.Errorf("deleteDeployKeys: %v", err)
-		}
-	}
-
 	if cnt, err := sess.ID(repoID).Delete(&Repository{}); err != nil {
 		return err
 	} else if cnt != 1 {
@@ -1785,7 +1772,6 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 		&Webhook{RepoID: repoID},
 		&HookTask{RepoID: repoID},
 		&Notification{RepoID: repoID},
-		&CommitStatus{RepoID: repoID},
 	); err != nil {
 		return fmt.Errorf("deleteBeans: %v", err)
 	}
@@ -1896,12 +1882,6 @@ func DeleteRepository(doer *User, uid, repoID int64) error {
 	}

 	if err = sess.Commit(); err != nil {
-		if len(deployKeys) > 0 {
-			// We need to rewrite the public keys because the commit failed
-			if err2 := RewriteAllPublicKeys(); err2 != nil {
-				return fmt.Errorf("Commit: %v SSH Keys: %v", err, err2)
-			}
-		}
 		return fmt.Errorf("Commit: %v", err)
 	}

--- a/models/repo_watch.go
+++ b/models/repo_watch.go
@@ -113,15 +113,15 @@ func notifyWatchers(e Engine, act *Action) error {

 		switch act.OpType {
 		case ActionCommitRepo, ActionPushTag, ActionDeleteTag, ActionDeleteBranch:
-			if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypeCode) {
+			if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypeCode) {
 				continue
 			}
 		case ActionCreateIssue, ActionCommentIssue, ActionCloseIssue, ActionReopenIssue:
-			if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypeIssues) {
+			if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypeIssues) {
 				continue
 			}
 		case ActionCreatePullRequest, ActionMergePullRequest, ActionClosePullRequest, ActionReopenPullRequest:
-			if !act.Repo.checkUnitUser(e, act.UserID, false, UnitTypePullRequests) {
+			if !act.Repo.CheckUnitUser(act.UserID, false, UnitTypePullRequests) {
 				continue
 			}
 		}
--- a/models/ssh_key.go
+++ b/models/ssh_key.go
@@ -51,7 +51,7 @@ type PublicKey struct {
 	ID            int64      `xorm:"pk autoincr"`
 	OwnerID       int64      `xorm:"INDEX NOT NULL"`
 	Name          string     `xorm:"NOT NULL"`
-	Fingerprint   string     `xorm:"INDEX NOT NULL"`
+	Fingerprint   string     `xorm:"NOT NULL"`
 	Content       string     `xorm:"TEXT NOT NULL"`
 	Mode          AccessMode `xorm:"NOT NULL DEFAULT 2"`
 	Type          KeyType    `xorm:"NOT NULL DEFAULT 1"`
@@ -350,6 +350,7 @@ func appendAuthorizedKeysToFile(keys ...*PublicKey) error {
 func checkKeyFingerprint(e Engine, fingerprint string) error {
 	has, err := e.Get(&PublicKey{
 		Fingerprint: fingerprint,
+		Type:        KeyTypeUser,
 	})
 	if err != nil {
 		return err
@@ -400,18 +401,12 @@ func AddPublicKey(ownerID int64, name, content string, LoginSourceID int64) (*Pu
 		return nil, err
 	}

-	sess := x.NewSession()
-	defer sess.Close()
-	if err = sess.Begin(); err != nil {
-		return nil, err
-	}
-
-	if err := checkKeyFingerprint(sess, fingerprint); err != nil {
+	if err := checkKeyFingerprint(x, fingerprint); err != nil {
 		return nil, err
 	}

 	// Key name of same user cannot be duplicated.
-	has, err := sess.
+	has, err := x.
 		Where("owner_id = ? AND name = ?", ownerID, name).
 		Get(new(PublicKey))
 	if err != nil {
@@ -420,6 +415,12 @@ func AddPublicKey(ownerID int64, name, content string, LoginSourceID int64) (*Pu
 		return nil, ErrKeyNameAlreadyUsed{ownerID, name}
 	}

+	sess := x.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return nil, err
+	}
+
 	key := &PublicKey{
 		OwnerID:       ownerID,
 		Name:          name,
@@ -518,7 +519,7 @@ func UpdatePublicKeyUpdated(id int64) error {
 }

 // deletePublicKeys does the actual key deletion but does not update authorized_keys file.
-func deletePublicKeys(e Engine, keyIDs ...int64) error {
+func deletePublicKeys(e *xorm.Session, keyIDs ...int64) error {
 	if len(keyIDs) == 0 {
 		return nil
 	}
@@ -727,28 +728,24 @@ func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey
 		accessMode = AccessModeWrite
 	}

+	pkey := &PublicKey{
+		Fingerprint: fingerprint,
+		Mode:        accessMode,
+		Type:        KeyTypeDeploy,
+	}
+	has, err := x.Get(pkey)
+	if err != nil {
+		return nil, err
+	}
+
 	sess := x.NewSession()
 	defer sess.Close()
 	if err = sess.Begin(); err != nil {
 		return nil, err
 	}

-	pkey := &PublicKey{
-		Fingerprint: fingerprint,
-	}
-	has, err := sess.Get(pkey)
-	if err != nil {
-		return nil, err
-	}
-
-	if has {
-		if pkey.Type != KeyTypeDeploy {
-			return nil, ErrKeyAlreadyExist{0, fingerprint, ""}
-		}
-	} else {
-		// First time use this deploy key.
-		pkey.Mode = accessMode
-		pkey.Type = KeyTypeDeploy
+	// First time use this deploy key.
+	if !has {
 		pkey.Content = content
 		pkey.Name = name
 		if err = addKey(sess, pkey); err != nil {
@@ -766,12 +763,8 @@ func AddDeployKey(repoID int64, name, content string, readOnly bool) (*DeployKey

 // GetDeployKeyByID returns deploy key by given ID.
 func GetDeployKeyByID(id int64) (*DeployKey, error) {
-	return getDeployKeyByID(x, id)
-}
-
-func getDeployKeyByID(e Engine, id int64) (*DeployKey, error) {
 	key := new(DeployKey)
-	has, err := e.ID(id).Get(key)
+	has, err := x.ID(id).Get(key)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -782,15 +775,11 @@ func getDeployKeyByID(e Engine, id int64) (*DeployKey, error) {

 // GetDeployKeyByRepo returns deploy key by given public key ID and repository ID.
 func GetDeployKeyByRepo(keyID, repoID int64) (*DeployKey, error) {
-	return getDeployKeyByRepo(x, keyID, repoID)
-}
-
-func getDeployKeyByRepo(e Engine, keyID, repoID int64) (*DeployKey, error) {
 	key := &DeployKey{
 		KeyID:  keyID,
 		RepoID: repoID,
 	}
-	has, err := e.Get(key)
+	has, err := x.Get(key)
 	if err != nil {
 		return nil, err
 	} else if !has {
@@ -813,19 +802,7 @@ func UpdateDeployKey(key *DeployKey) error {

 // DeleteDeployKey deletes deploy key from its repository authorized_keys file if needed.
 func DeleteDeployKey(doer *User, id int64) error {
-	sess := x.NewSession()
-	defer sess.Close()
-	if err := sess.Begin(); err != nil {
-		return err
-	}
-	if err := deleteDeployKey(sess, doer, id); err != nil {
-		return err
-	}
-	return sess.Commit()
-}
-
-func deleteDeployKey(sess Engine, doer *User, id int64) error {
-	key, err := getDeployKeyByID(sess, id)
+	key, err := GetDeployKeyByID(id)
 	if err != nil {
 		if IsErrDeployKeyNotExist(err) {
 			return nil
@@ -835,11 +812,11 @@ func deleteDeployKey(sess Engine, doer *User, id int64) error {

 	// Check if user has access to delete this key.
 	if !doer.IsAdmin {
-		repo, err := getRepositoryByID(sess, key.RepoID)
+		repo, err := GetRepositoryByID(key.RepoID)
 		if err != nil {
 			return fmt.Errorf("GetRepositoryByID: %v", err)
 		}
-		has, err := isUserRepoAdmin(sess, repo, doer)
+		has, err := IsUserRepoAdmin(repo, doer)
 		if err != nil {
 			return fmt.Errorf("GetUserRepoPermission: %v", err)
 		} else if !has {
@@ -847,6 +824,12 @@ func deleteDeployKey(sess Engine, doer *User, id int64) error {
 		}
 	}

+	sess := x.NewSession()
+	defer sess.Close()
+	if err = sess.Begin(); err != nil {
+		return err
+	}
+
 	if _, err = sess.ID(key.ID).Delete(new(DeployKey)); err != nil {
 		return fmt.Errorf("delete deploy key [%d]: %v", key.ID, err)
 	}
@@ -861,24 +844,15 @@ func deleteDeployKey(sess Engine, doer *User, id int64) error {
 		if err = deletePublicKeys(sess, key.KeyID); err != nil {
 			return err
 		}
-
-		// after deleted the public keys, should rewrite the public keys file
-		if err = rewriteAllPublicKeys(sess); err != nil {
-			return err
-		}
 	}

-	return nil
+	return sess.Commit()
 }

 // ListDeployKeys returns all deploy keys by given repository ID.
 func ListDeployKeys(repoID int64) ([]*DeployKey, error) {
-	return listDeployKeys(x, repoID)
-}
-
-func listDeployKeys(e Engine, repoID int64) ([]*DeployKey, error) {
 	keys := make([]*DeployKey, 0, 5)
-	return keys, e.
+	return keys, x.
 		Where("repo_id = ?", repoID).
 		Find(&keys)
 }
--- a/models/user.go
+++ b/models/user.go
@@ -1461,12 +1461,9 @@ func synchronizeLdapSSHPublicKeys(usr *User, s *LoginSource, SSHPublicKeys []str
 	// Get Public Keys from LDAP and skip duplicate keys
 	var ldapKeys []string
 	for _, v := range SSHPublicKeys {
-		sshKeySplit := strings.Split(v, " ")
-		if len(sshKeySplit) > 1 {
-			ldapKey := strings.Join(sshKeySplit[:2], " ")
-			if !util.ExistsInSlice(ldapKey, ldapKeys) {
-				ldapKeys = append(ldapKeys, ldapKey)
-			}
+		ldapKey := strings.Join(strings.Split(v, " ")[:2], " ")
+		if !util.ExistsInSlice(ldapKey, ldapKeys) {
+			ldapKeys = append(ldapKeys, ldapKey)
 		}
 	}

--- a/models/user_heatmap.go
+++ b/models/user_heatmap.go
@@ -32,22 +32,12 @@ func GetUserHeatmapDataByUser(user *User) ([]*UserHeatmapData, error) {
 		groupByName = groupBy
 	}

-	sess := x.Select(groupBy+" AS timestamp, count(user_id) as contributions").
+	err := x.Select(groupBy+" AS timestamp, count(user_id) as contributions").
 		Table("action").
 		Where("user_id = ?", user.ID).
-		And("created_unix > ?", (util.TimeStampNow() - 31536000))
-
-	// * Heatmaps for individual users only include actions that the user themself
-	//   did.
-	// * For organizations actions by all users that were made in owned
-	//   repositories are counted.
-	if user.Type == UserTypeIndividual {
-		sess = sess.And("act_user_id = ?", user.ID)
-	}
-
-	err := sess.GroupBy(groupByName).
+		And("created_unix > ?", (util.TimeStampNow() - 31536000)).
+		GroupBy(groupByName).
 		OrderBy("timestamp").
 		Find(&hdata)
-
 	return hdata, err
 }
--- a/models/webhook_slack.go
+++ b/models/webhook_slack.go
@@ -160,10 +160,6 @@ func getSlackIssuesPayload(p *api.IssuePayload, slack *SlackMeta) (*SlackPayload
 		text = fmt.Sprintf("[%s] Issue labels cleared: %s by %s", p.Repository.FullName, titleLink, senderLink)
 	case api.HookIssueSynchronized:
 		text = fmt.Sprintf("[%s] Issue synchronized: %s by %s", p.Repository.FullName, titleLink, senderLink)
-	case api.HookIssueMilestoned:
-		text = fmt.Sprintf("[%s] Issue milestoned: #%s %s", p.Repository.FullName, titleLink, senderLink)
-	case api.HookIssueDemilestoned:
-		text = fmt.Sprintf("[%s] Issue milestone cleared: #%s %s", p.Repository.FullName, titleLink, senderLink)
 	}

 	return &SlackPayload{
@@ -316,10 +312,6 @@ func getSlackPullRequestPayload(p *api.PullRequestPayload, slack *SlackMeta) (*S
 		text = fmt.Sprintf("[%s] Pull request labels cleared: %s by %s", p.Repository.FullName, titleLink, senderLink)
 	case api.HookIssueSynchronized:
 		text = fmt.Sprintf("[%s] Pull request synchronized: %s by %s", p.Repository.FullName, titleLink, senderLink)
-	case api.HookIssueMilestoned:
-		text = fmt.Sprintf("[%s] Pull request milestoned: #%s %s", p.Repository.FullName, titleLink, senderLink)
-	case api.HookIssueDemilestoned:
-		text = fmt.Sprintf("[%s] Pull request milestone cleared: #%s %s", p.Repository.FullName, titleLink, senderLink)
 	}

 	return &SlackPayload{
--- a/modules/auth/auth.go
+++ b/modules/auth/auth.go
@@ -135,56 +135,15 @@ func SignedInUser(ctx *macaron.Context, sess session.Store) (*models.User, bool)
 	if len(baHead) > 0 {
 		auths := strings.Fields(baHead)
 		if len(auths) == 2 && auths[0] == "Basic" {
-			var u *models.User
-
 			uname, passwd, _ := base.BasicAuthDecode(auths[1])

-			// Check if username or password is a token
-			isUsernameToken := len(passwd) == 0 || passwd == "x-oauth-basic"
-			// Assume username is token
-			authToken := uname
-			if !isUsernameToken {
-				// Assume password is token
-				authToken = passwd
+			u, err := models.UserSignIn(uname, passwd)
+			if err != nil {
+				if !models.IsErrUserNotExist(err) {
+					log.Error(4, "UserSignIn: %v", err)
+				}
+				return nil, false
 			}
-			token, err := models.GetAccessTokenBySHA(authToken)
-			if err == nil {
-				if isUsernameToken {
-					u, err = models.GetUserByID(token.UID)
-					if err != nil {
-						log.Error(4, "GetUserByID:  %v", err)
-						return nil, false
-					}
-				} else {
-					u, err = models.GetUserByName(uname)
-					if err != nil {
-						log.Error(4, "GetUserByID:  %v", err)
-						return nil, false
-					}
-					if u.ID != token.UID {
-						return nil, false
-					}
-				}
-				token.UpdatedUnix = util.TimeStampNow()
-				if err = models.UpdateAccessToken(token); err != nil {
-					log.Error(4, "UpdateAccessToken:  %v", err)
-				}
-			} else {
-				if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
-					log.Error(4, "GetAccessTokenBySha: %v", err)
-				}
-			}
-
-			if u == nil {
-				u, err = models.UserSignIn(uname, passwd)
-				if err != nil {
-					if !models.IsErrUserNotExist(err) {
-						log.Error(4, "UserSignIn: %v", err)
-					}
-					return nil, false
-				}
-			}
-
 			ctx.Data["IsApiToken"] = true
 			return u, true
 		}
--- a/modules/auth/ldap/ldap.go
+++ b/modules/auth/ldap/ldap.go
@@ -247,17 +247,11 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
 		return nil
 	}

-	var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
-
-	attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
-	if isAttributeSSHPublicKeySet {
-		attribs = append(attribs, ls.AttributeSSHPublicKey)
-	}
-
 	log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, userDN)
 	search := ldap.NewSearchRequest(
 		userDN, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
-		attribs, nil)
+		[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey},
+		nil)

 	sr, err := l.Search(search)
 	if err != nil {
@@ -273,15 +267,11 @@ func (ls *Source) SearchEntry(name, passwd string, directBind bool) *SearchResul
 		return nil
 	}

-	var sshPublicKey []string
-
 	username := sr.Entries[0].GetAttributeValue(ls.AttributeUsername)
 	firstname := sr.Entries[0].GetAttributeValue(ls.AttributeName)
 	surname := sr.Entries[0].GetAttributeValue(ls.AttributeSurname)
 	mail := sr.Entries[0].GetAttributeValue(ls.AttributeMail)
-	if isAttributeSSHPublicKeySet {
-		sshPublicKey = sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey)
-	}
+	sshPublicKey := sr.Entries[0].GetAttributeValues(ls.AttributeSSHPublicKey)
 	isAdmin := checkAdmin(l, ls, userDN)

 	if !directBind && ls.AttributesInBind {
@@ -330,17 +320,11 @@ func (ls *Source) SearchEntries() []*SearchResult {

 	userFilter := fmt.Sprintf(ls.Filter, "*")

-	var isAttributeSSHPublicKeySet = len(strings.TrimSpace(ls.AttributeSSHPublicKey)) > 0
-
-	attribs := []string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail}
-	if isAttributeSSHPublicKeySet {
-		attribs = append(attribs, ls.AttributeSSHPublicKey)
-	}
-
 	log.Trace("Fetching attributes '%v', '%v', '%v', '%v', '%v' with filter %s and base %s", ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey, userFilter, ls.UserBase)
 	search := ldap.NewSearchRequest(
 		ls.UserBase, ldap.ScopeWholeSubtree, ldap.NeverDerefAliases, 0, 0, false, userFilter,
-		attribs, nil)
+		[]string{ls.AttributeUsername, ls.AttributeName, ls.AttributeSurname, ls.AttributeMail, ls.AttributeSSHPublicKey},
+		nil)

 	var sr *ldap.SearchResult
 	if ls.UsePagedSearch() {
@@ -357,14 +341,12 @@ func (ls *Source) SearchEntries() []*SearchResult {

 	for i, v := range sr.Entries {
 		result[i] = &SearchResult{
-			Username: v.GetAttributeValue(ls.AttributeUsername),
-			Name:     v.GetAttributeValue(ls.AttributeName),
-			Surname:  v.GetAttributeValue(ls.AttributeSurname),
-			Mail:     v.GetAttributeValue(ls.AttributeMail),
-			IsAdmin:  checkAdmin(l, ls, v.DN),
-		}
-		if isAttributeSSHPublicKeySet {
-			result[i].SSHPublicKey = v.GetAttributeValues(ls.AttributeSSHPublicKey)
+			Username:     v.GetAttributeValue(ls.AttributeUsername),
+			Name:         v.GetAttributeValue(ls.AttributeName),
+			Surname:      v.GetAttributeValue(ls.AttributeSurname),
+			Mail:         v.GetAttributeValue(ls.AttributeMail),
+			SSHPublicKey: v.GetAttributeValues(ls.AttributeSSHPublicKey),
+			IsAdmin:      checkAdmin(l, ls, v.DN),
 		}
 	}

--- a/modules/context/context.go
+++ b/modules/context/context.go
@@ -209,7 +209,7 @@ func Contexter() macaron.Handler {
 			if err == nil && len(repo.DefaultBranch) > 0 {
 				branchName = repo.DefaultBranch
 			}
-			prefix := setting.AppURL + path.Join(url.QueryEscape(ownerName), url.QueryEscape(repoName), "src", "branch", branchName)
+			prefix := setting.AppURL + path.Join(ownerName, repoName, "src", "branch", branchName)
 			c.Header().Set("Content-Type", "text/html")
 			c.WriteHeader(http.StatusOK)
 			c.Write([]byte(com.Expand(`<!doctype html>
--- a/modules/context/repo.go
+++ b/modules/context/repo.go
@@ -8,7 +8,6 @@ package context
 import (
 	"fmt"
 	"io/ioutil"
-	"net/url"
 	"path"
 	"strings"

@@ -163,7 +162,7 @@ func RetrieveBaseRepo(ctx *Context, repo *models.Repository) {

 // ComposeGoGetImport returns go-get-import meta content.
 func ComposeGoGetImport(owner, repo string) string {
-	return path.Join(setting.Domain, setting.AppSubURL, url.QueryEscape(owner), url.QueryEscape(repo))
+	return path.Join(setting.Domain, setting.AppSubURL, owner, repo)
 }

 // EarlyResponseForGoGetMeta responses appropriate go-get meta with status 200
--- a/modules/lfs/server.go
+++ b/modules/lfs/server.go
@@ -497,15 +497,12 @@ func authenticate(ctx *context.Context, repository *models.Repository, authoriza
 		accessMode = models.AccessModeWrite
 	}

-	// ctx.IsSigned is unnecessary here, this will be checked in perm.CanAccess
 	perm, err := models.GetUserRepoPermission(repository, ctx.User)
 	if err != nil {
 		return false
 	}
-
-	canRead := perm.CanAccess(accessMode, models.UnitTypeCode)
-	if canRead {
-		return true
+	if ctx.IsSigned {
+		return perm.CanAccess(accessMode, models.UnitTypeCode)
 	}

 	user, repo, opStr, err := parseToken(authorization)
@@ -585,7 +582,7 @@ func parseToken(authorization string) (*models.User, *models.Repository, string,
 		if err != nil {
 			return nil, nil, "basic", err
 		}
-		if !u.IsPasswordSet() || !u.ValidatePassword(password) {
+		if !u.ValidatePassword(password) {
 			return nil, nil, "basic", fmt.Errorf("Basic auth failed")
 		}
 		return u, nil, "basic", nil
--- a/modules/private/internal.go
+++ b/modules/private/internal.go
@@ -39,7 +39,6 @@ func decodeJSONError(resp *http.Response) *Response {
 func newInternalRequest(url, method string) *httplib.Request {
 	req := newRequest(url, method).SetTLSClientConfig(&tls.Config{
 		InsecureSkipVerify: true,
-		ServerName:         setting.Domain,
 	})
 	if setting.Protocol == setting.UnixSocket {
 		req.SetTransport(&http.Transport{
--- a/modules/private/key.go
+++ b/modules/private/key.go
@@ -32,31 +32,6 @@ func UpdateDeployKeyUpdated(keyID int64, repoID int64) error {
 	return nil
 }

-// GetDeployKey check if repo has deploy key
-func GetDeployKey(keyID, repoID int64) (*models.DeployKey, error) {
-	reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/keys/%d", repoID, keyID)
-	log.GitLogger.Trace("GetDeployKey: %s", reqURL)
-
-	resp, err := newInternalRequest(reqURL, "GET").Response()
-	if err != nil {
-		return nil, err
-	}
-	defer resp.Body.Close()
-
-	switch resp.StatusCode {
-	case 404:
-		return nil, nil
-	case 200:
-		var dKey models.DeployKey
-		if err := json.NewDecoder(resp.Body).Decode(&dKey); err != nil {
-			return nil, err
-		}
-		return &dKey, nil
-	default:
-		return nil, fmt.Errorf("Failed to get deploy key: %s", decodeJSONError(resp).Err)
-	}
-}
-
 // HasDeployKey check if repo has deploy key
 func HasDeployKey(keyID, repoID int64) (bool, error) {
 	reqURL := setting.LocalURL + fmt.Sprintf("api/internal/repositories/%d/has-keys/%d", repoID, keyID)
--- a/modules/public/public.go
+++ b/modules/public/public.go
@@ -117,7 +117,7 @@ func (opts *Options) handle(ctx *macaron.Context, log *log.Logger, opt *Options)
 	if fi.IsDir() {
 		// Redirect if missing trailing slash.
 		if !strings.HasSuffix(ctx.Req.URL.Path, "/") {
-			http.Redirect(ctx.Resp, ctx.Req.Request, path.Clean(ctx.Req.URL.Path+"/"), http.StatusFound)
+			http.Redirect(ctx.Resp, ctx.Req.Request, ctx.Req.URL.Path+"/", http.StatusFound)
 			return true
 		}

--- a/modules/util/util.go
+++ b/modules/util/util.go
@@ -98,8 +98,3 @@ func Min(a, b int) int {
 	}
 	return a
 }
-
-// IsEmptyString checks if the provided string is empty
-func IsEmptyString(s string) bool {
-	return len(strings.TrimSpace(s)) == 0
-}
--- a/modules/util/util_test.go
+++ b/modules/util/util_test.go
@@ -77,20 +77,3 @@ func TestIsExternalURL(t *testing.T) {
 		assert.Equal(t, test.Expected, IsExternalURL(test.RawURL))
 	}
 }
-
-func TestIsEmptyString(t *testing.T) {
-
-	cases := []struct {
-		s        string
-		expected bool
-	}{
-		{"", true},
-		{" ", true},
-		{"   ", true},
-		{"  a", false},
-	}
-
-	for _, v := range cases {
-		assert.Equal(t, v.expected, IsEmptyString(v.s))
-	}
-}
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -413,7 +413,7 @@ ssh_helper = <strong>Need help?</strong> Have a look at GitHub's guide to <a hre
 gpg_helper = <strong>Need help?</strong> Have a look at GitHub's guide <a href="%s">about GPG</a>.
 add_new_key = Add SSH Key
 add_new_gpg_key = Add GPG Key
-ssh_key_been_used = This SSH key has already been added to the server.
+ssh_key_been_used = This SSH key is already added to your account.
 ssh_key_name_used = An SSH key with same name is already added to your account.
 gpg_key_id_used = A public GPG key with same ID already exists.
 gpg_no_key_email_found = This GPG key is not usable with any email address associated with your account.
@@ -655,7 +655,6 @@ ext_issues.desc = Link to an external issue tracker.

 issues.desc = Organize bug reports, tasks and milestones.
 issues.new = New Issue
-issues.new.title_empty = Title cannot be empty
 issues.new.labels = Labels
 issues.new.no_label = No Label
 issues.new.clear_labels = Clear labels
--- a/options/locale/locale_lv-LV.ini
+++ b/options/locale/locale_lv-LV.ini
@@ -859,7 +859,6 @@ pulls.title_wip_desc=`<a href="#">Sāciet virsrakstu ar <strong>%s</strong></a>,
 pulls.cannot_merge_work_in_progress=Šis izmaiņu pieprasījums ir atzīmēts, ka pie tā vēl notiek izstrāde. Noņemiet <strong>%s</strong> no virsraksta sākuma, kad tas ir pabeigts.
 pulls.data_broken=Izmaiņu pieprasījums ir bojāts, jo dzēsta informācija no atdalītā repozitorija.
 pulls.is_checking=Notiek konfliktu pārbaude, mirkli uzgaidiet un atjaunojiet lapu.
-pulls.blocked_by_approvals=Šim izmaiņu pieprasījumam nav nepieciešamais apstiprinājumu daudzums. %d no %d apstiprinājumi piešķirti.
 pulls.can_auto_merge_desc=Šo izmaiņu pieprasījumu var automātiski sapludināt.
 pulls.cannot_auto_merge_desc=Šis izmaiņu pieprasījums nevar tikt automātiski sapludināts konfliktu dēļ.
 pulls.cannot_auto_merge_helper=Sapludiniet manuāli, lai atrisinātu konfliktus.
@@ -868,7 +867,6 @@ pulls.no_merge_helper=Lai sapludinātu šo izmaiņu pieprasījumu, iespējojiet
 pulls.no_merge_wip=Šo izmaiņu pieprasījumu nav iespējams sapludināt, jo tas ir atzīmēts, ka darbs pie tā vēl nav pabeigts.
 pulls.merge_pull_request=Izmaiņu pieprasījuma sapludināšana
 pulls.rebase_merge_pull_request=Pārbāzēt un sapludināt
-pulls.rebase_merge_commit_pull_request=Pārbāzēt un sapludināt (--no-ff)
 pulls.squash_merge_pull_request=Saspiest un sapludināt
 pulls.invalid_merge_option=Nav iespējams izmantot šādu sapludināšanas veidu šim izmaiņu pieprasījumam.
 pulls.open_unmerged_pull_exists=`Jūs nevarat veikt atkārtotas atvēršanas darbību, jo jau eksistē izmaiņu pieprasījums (#%d) ar šādu sapludināšanas informāciju.`
@@ -1014,7 +1012,6 @@ settings.pulls_desc=Iespējot repozitorija izmaiņu pieprasījumus
 settings.pulls.ignore_whitespace=Pārbaudot konfliktus, ignorēt izmaiņas atstarpēs
 settings.pulls.allow_merge_commits=Iespējot revīziju sapludināšanu
 settings.pulls.allow_rebase_merge=Iespējot pārbāzēšanu sapludinot revīzijas
-settings.pulls.allow_rebase_merge_commit=Iespējot pārbāzēšanu sapludinot revīzijas (--no-ff)
 settings.pulls.allow_squash_commits=Iespējot saspiešanu sapludinot revīzijas
 settings.admin_settings=Administratora iestatījumi
 settings.admin_enable_health_check=Iespējot veselības pārbaudi (git fsck) šim repozitorijam
@@ -1101,7 +1098,6 @@ settings.event_issue_comment_desc=Problēmas komentārs pievienots, labots vai d
 settings.event_release=Laidiens
 settings.event_release_desc=Publicēts, atjaunots vai dzēsts laidiens repozitorijā.
 settings.event_pull_request=Izmaiņu pieprasījums
-settings.event_pull_request_desc=Izmaiņu pieprasījums izveidots, slēgts, atkārtoti atvērts, labots, apstiprināts, noraidīts, recenzēts, piešķirts, pievienots vai noņemts atbildīgais, pievienota etiķete, noņemta etiķete, pievienots vai noņemts atskaites punkts.
 settings.event_push=Izmaiņu nosūtīšana
 settings.event_push_desc=Git izmaiņu nosūtīšana uz repozitoriju.
 settings.event_repository=Repozitorijs
@@ -1152,10 +1148,6 @@ settings.protect_merge_whitelist_committers=Iespējot sapludināšanas ierobežo
 settings.protect_merge_whitelist_committers_desc=Atļaut tikai noteiktiem lietotājiem vai komandām sapludināt izmaiņu pieprasījumus šajā atzarā.
 settings.protect_merge_whitelist_users=Lietotāji, kas var veikt izmaiņu sapludināšanu:
 settings.protect_merge_whitelist_teams=Komandas, kas var veikt izmaiņu sapludināšanu:
-settings.protect_required_approvals=Vajadzīgi apstiprinājumi:
-settings.protect_required_approvals_desc=Atļaut tikai noteiktiem lietotājiem vai komandām sapludināt izmaiņu pieprasījumu, kam veikts noteikts daudzums pozitīvu recenziju.
-settings.protect_approvals_whitelist_users=Lietotāji, kas var veikt recenzijas:
-settings.protect_approvals_whitelist_teams=Komandas, kas var veikt recenzijas:
 settings.add_protected_branch=Iespējot aizsargāšanu
 settings.delete_protected_branch=Atspējot aizsargāšanu
 settings.update_protect_branch_success=Atzara aizsardzība atzaram '%s' tika saglabāta.
@@ -1166,7 +1158,6 @@ settings.default_branch_desc=Norādiet noklusēto repozitorija atzaru izmaiņu p
 settings.choose_branch=Izvēlieties atzaru…
 settings.no_protected_branch=Nav neviena aizsargātā atzara.
 settings.edit_protected_branch=Labot
-settings.protected_branch_required_approvals_min=Pieprasīto recenziju skaits nevar būt negatīvs.

 diff.browse_source=Pārlūkot izejas kodu
 diff.parent=vecāks
--- a/routers/api/v1/api.go
+++ b/routers/api/v1/api.go
@@ -85,7 +85,7 @@ func sudo() macaron.Handler {
 		}

 		if len(sudo) > 0 {
-			if ctx.IsSigned && ctx.User.IsAdmin {
+			if ctx.User.IsAdmin {
 				user, err := models.GetUserByName(sudo)
 				if err != nil {
 					if models.IsErrUserNotExist(err) {
--- a/routers/api/v1/repo/issue_label.go
+++ b/routers/api/v1/repo/issue_label.go
@@ -51,11 +51,6 @@ func ListIssueLabels(ctx *context.APIContext) {
 		return
 	}

-	if err := issue.LoadAttributes(); err != nil {
-		ctx.Error(500, "LoadAttributes", err)
-		return
-	}
-
 	apiLabels := make([]*api.Label, len(issue.Labels))
 	for i := range issue.Labels {
 		apiLabels[i] = issue.Labels[i].APIFormat()
--- a/routers/api/v1/repo/key.go
+++ b/routers/api/v1/repo/key.go
@@ -159,8 +159,6 @@ func HandleCheckKeyStringError(ctx *context.APIContext, err error) {
 // HandleAddKeyError handle add key error
 func HandleAddKeyError(ctx *context.APIContext, err error) {
 	switch {
-	case models.IsErrDeployKeyAlreadyExist(err):
-		ctx.Error(422, "", "This key has already been added to this repository")
 	case models.IsErrKeyAlreadyExist(err):
 		ctx.Error(422, "", "Key content has been used as non-deploy key")
 	case models.IsErrKeyNameAlreadyUsed(err):
--- a/routers/api/v1/repo/tree.go
+++ b/routers/api/v1/repo/tree.go
@@ -16,30 +16,6 @@ import (

 // GetTree get the tree of a repository.
 func GetTree(ctx *context.APIContext) {
-	// swagger:operation GET /repos/{owner}/{repo}/git/trees/{sha} repository GetTree
-	// ---
-	// summary: Gets the tree of a repository.
-	// produces:
-	// - application/json
-	// parameters:
-	// - name: owner
-	//   in: path
-	//   description: owner of the repo
-	//   type: string
-	//   required: true
-	// - name: repo
-	//   in: path
-	//   description: name of the repo
-	//   type: string
-	//   required: true
-	// - name: sha
-	//   in: path
-	//   description: sha of the commit
-	//   type: string
-	//   required: true
-	// responses:
-	//   "200":
-	//     "$ref": "#/responses/GitTreeResponse"
 	sha := ctx.Params("sha")
 	if len(sha) == 0 {
 		ctx.Error(400, "sha not provided", nil)
--- a/routers/api/v1/swagger/repo.go
+++ b/routers/api/v1/swagger/repo.go
@@ -133,10 +133,3 @@ type swaggerResponseAttachment struct {
 	//in: body
 	Body api.Attachment `json:"body"`
 }
-
-// GitTreeResponse
-// swagger:response GitTreeResponse
-type swaggerGitTreeResponse struct {
-	//in: body
-	Body api.GitTreeResponse `json:"body"`
-}
--- a/routers/metrics.go
+++ b/routers/metrics.go
@@ -17,7 +17,7 @@ func Metrics(ctx *context.Context) {
 		promhttp.Handler().ServeHTTP(ctx.Resp, ctx.Req.Request)
 		return
 	}
-	header := ctx.Req.Header.Get("Authorization")
+	header := ctx.Header().Get("Authorization")
 	if header == "" {
 		ctx.Error(401)
 		return
--- a/routers/private/internal.go
+++ b/routers/private/internal.go
@@ -82,7 +82,6 @@ func RegisterRoutes(m *macaron.Macaron) {
 		m.Post("/repositories/:repoid/keys/:keyid/update", UpdateDeployKey)
 		m.Get("/repositories/:repoid/user/:userid/checkunituser", CheckUnitUser)
 		m.Get("/repositories/:repoid/has-keys/:keyid", HasDeployKey)
-		m.Get("/repositories/:repoid/keys/:keyid", GetDeployKey)
 		m.Get("/repositories/:repoid/wiki/init", InitWiki)
 		m.Post("/push/update", PushUpdate)
 		m.Get("/protectedbranch/:pbid/:userid", CanUserPush)
--- a/routers/private/key.go
+++ b/routers/private/key.go
@@ -72,24 +72,6 @@ func GetUserByKeyID(ctx *macaron.Context) {
 	ctx.JSON(200, user)
 }

-//GetDeployKey chainload to models.GetDeployKey
-func GetDeployKey(ctx *macaron.Context) {
-	repoID := ctx.ParamsInt64(":repoid")
-	keyID := ctx.ParamsInt64(":keyid")
-	dKey, err := models.GetDeployKeyByRepo(keyID, repoID)
-	if err != nil {
-		if models.IsErrDeployKeyNotExist(err) {
-			ctx.JSON(404, []byte("not found"))
-			return
-		}
-		ctx.JSON(500, map[string]interface{}{
-			"err": err.Error(),
-		})
-		return
-	}
-	ctx.JSON(200, dKey)
-}
-
 //HasDeployKey chainload to models.HasDeployKey
 func HasDeployKey(ctx *macaron.Context) {
 	repoID := ctx.ParamsInt64(":repoid")
--- a/routers/repo/commit.go
+++ b/routers/repo/commit.go
@@ -201,7 +201,7 @@ func Diff(ctx *context.Context) {
 		commitID = commit.ID.String()
 	}

-	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository, commitID, 0)
+	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository, ctx.Repo.Commit.ID.String(), 0)
 	if err != nil {
 		log.Error(3, "GetLatestCommitStatus: %v", err)
 	}
--- a/routers/repo/editor.go
+++ b/routers/repo/editor.go
@@ -163,11 +163,7 @@ func editFilePost(ctx *context.Context, form auth.EditRepoFileForm, isNewFile bo
 		branchName = form.NewBranchName
 	}

-	form.TreePath = cleanUploadFileName(form.TreePath)
-	if len(form.TreePath) == 0 {
-		ctx.Error(500, "Upload file name is invalid")
-		return
-	}
+	form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
 	treeNames, treePaths := getParentTreeFields(form.TreePath)

 	ctx.Data["TreePath"] = form.TreePath
@@ -377,13 +373,6 @@ func DeleteFile(ctx *context.Context) {
 func DeleteFilePost(ctx *context.Context, form auth.DeleteRepoFileForm) {
 	ctx.Data["PageIsDelete"] = true
 	ctx.Data["BranchLink"] = ctx.Repo.RepoLink + "/src/" + ctx.Repo.BranchNameSubURL()
-
-	ctx.Repo.TreePath = cleanUploadFileName(ctx.Repo.TreePath)
-	if len(ctx.Repo.TreePath) == 0 {
-		ctx.Error(500, "Delete file name is invalid")
-		return
-	}
-
 	ctx.Data["TreePath"] = ctx.Repo.TreePath
 	canCommit := renderCommitRights(ctx)

@@ -488,12 +477,7 @@ func UploadFilePost(ctx *context.Context, form auth.UploadRepoFileForm) {
 		branchName = form.NewBranchName
 	}

-	form.TreePath = cleanUploadFileName(form.TreePath)
-	if len(form.TreePath) == 0 {
-		ctx.Error(500, "Upload file name is invalid")
-		return
-	}
-
+	form.TreePath = strings.Trim(path.Clean("/"+form.TreePath), " /")
 	treeNames, treePaths := getParentTreeFields(form.TreePath)
 	if len(treeNames) == 0 {
 		// We must at least have one element for user to input.
--- a/routers/repo/http.go
+++ b/routers/repo/http.go
@@ -113,24 +113,24 @@ func HTTP(ctx *context.Context) {
 				return
 			}

-			// Check if username or password is a token
-			isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic"
-			// Assume username is token
-			authToken := authUsername
-			if !isUsernameToken {
-				// Assume password is token
-				authToken = authPasswd
+			authUser, err = models.UserSignIn(authUsername, authPasswd)
+			if err != nil {
+				if !models.IsErrUserNotExist(err) {
+					ctx.ServerError("UserSignIn error: %v", err)
+					return
+				}
 			}
-			// Assume password is a token.
-			token, err := models.GetAccessTokenBySHA(authToken)
-			if err == nil {
-				if isUsernameToken {
-					authUser, err = models.GetUserByID(token.UID)
-					if err != nil {
-						ctx.ServerError("GetUserByID", err)
-						return
-					}
-				} else {
+
+			if authUser == nil {
+				isUsernameToken := len(authPasswd) == 0 || authPasswd == "x-oauth-basic"
+
+				// Assume username is token
+				authToken := authUsername
+
+				if !isUsernameToken {
+					// Assume password is token
+					authToken = authPasswd
+
 					authUser, err = models.GetUserByName(authUsername)
 					if err != nil {
 						if models.IsErrUserNotExist(err) {
@@ -140,37 +140,37 @@ func HTTP(ctx *context.Context) {
 						}
 						return
 					}
-					if authUser.ID != token.UID {
+				}
+
+				// Assume password is a token.
+				token, err := models.GetAccessTokenBySHA(authToken)
+				if err != nil {
+					if models.IsErrAccessTokenNotExist(err) || models.IsErrAccessTokenEmpty(err) {
 						ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
+					} else {
+						ctx.ServerError("GetAccessTokenBySha", err)
+					}
+					return
+				}
+
+				if isUsernameToken {
+					authUser, err = models.GetUserByID(token.UID)
+					if err != nil {
+						ctx.ServerError("GetUserByID", err)
 						return
 					}
+				} else if authUser.ID != token.UID {
+					ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
+					return
 				}
+
 				token.UpdatedUnix = util.TimeStampNow()
 				if err = models.UpdateAccessToken(token); err != nil {
 					ctx.ServerError("UpdateAccessToken", err)
 				}
 			} else {
-				if !models.IsErrAccessTokenNotExist(err) && !models.IsErrAccessTokenEmpty(err) {
-					log.Error(4, "GetAccessTokenBySha: %v", err)
-				}
-			}
-
-			if authUser == nil {
-				// Check username and password
-				authUser, err = models.UserSignIn(authUsername, authPasswd)
-				if err != nil {
-					if !models.IsErrUserNotExist(err) {
-						ctx.ServerError("UserSignIn error: %v", err)
-						return
-					}
-				}
-
-				if authUser == nil {
-					ctx.HandleText(http.StatusUnauthorized, "invalid credentials")
-					return
-				}
-
 				_, err = models.GetTwoFactorByUID(authUser.ID)
+
 				if err == nil {
 					// TODO: This response should be changed to "invalid credentials" for security reasons once the expectation behind it (creating an app token to authenticate) is properly documented
 					ctx.HandleText(http.StatusUnauthorized, "Users with two-factor authentication enabled cannot perform HTTP/HTTPS operations via plain username and password. Please create and use a personal access token on the user settings page")
--- a/routers/repo/issue.go
+++ b/routers/repo/issue.go
@@ -355,7 +355,7 @@ func setTemplateIfExists(ctx *context.Context, ctxDataKey string, possibleFiles
 	}
 }

-// NewIssue render creating issue page
+// NewIssue render createing issue page
 func NewIssue(ctx *context.Context) {
 	ctx.Data["Title"] = ctx.Tr("repo.issues.new")
 	ctx.Data["PageIsIssueList"] = true
@@ -494,11 +494,6 @@ func NewIssuePost(ctx *context.Context, form auth.CreateIssueForm) {
 		return
 	}

-	if util.IsEmptyString(form.Title) {
-		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplIssueNew, form)
-		return
-	}
-
 	issue := &models.Issue{
 		RepoID:      repo.ID,
 		Title:       form.Title,
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@@ -22,7 +22,6 @@ import (
 	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/notification"
 	"code.gitea.io/gitea/modules/setting"
-	"code.gitea.io/gitea/modules/util"

 	"github.com/Unknwon/com"
 )
@@ -861,16 +860,6 @@ func CompareAndPullRequestPost(ctx *context.Context, form auth.CreateIssueForm)
 		return
 	}

-	if util.IsEmptyString(form.Title) {
-		PrepareCompareDiff(ctx, headUser, headRepo, headGitRepo, prInfo, baseBranch, headBranch)
-		if ctx.Written() {
-			return
-		}
-
-		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplComparePull, form)
-		return
-	}
-
 	patch, err := headGitRepo.GetPatch(prInfo.MergeBase, headBranch)
 	if err != nil {
 		ctx.ServerError("GetPatch", err)
--- a/routers/repo/setting.go
+++ b/routers/repo/setting.go
@@ -581,9 +581,6 @@ func DeployKeysPost(ctx *context.Context, form auth.AddKeyForm) {
 		case models.IsErrDeployKeyAlreadyExist(err):
 			ctx.Data["Err_Content"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_been_used"), tplDeployKeys, &form)
-		case models.IsErrKeyAlreadyExist(err):
-			ctx.Data["Err_Content"] = true
-			ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplDeployKeys, &form)
 		case models.IsErrKeyNameAlreadyUsed(err):
 			ctx.Data["Err_Title"] = true
 			ctx.RenderWithErr(ctx.Tr("repo.settings.key_name_used"), tplDeployKeys, &form)
--- a/routers/repo/wiki.go
+++ b/routers/repo/wiki.go
@@ -341,11 +341,6 @@ func NewWikiPost(ctx *context.Context, form auth.NewWikiForm) {
 		return
 	}

-	if util.IsEmptyString(form.Title) {
-		ctx.RenderWithErr(ctx.Tr("repo.issues.new.title_empty"), tplWikiNew, form)
-		return
-	}
-
 	wikiName := models.NormalizeWikiName(form.Title)
 	if err := ctx.Repo.Repository.AddWikiPage(ctx.User, wikiName, form.Content, form.Message); err != nil {
 		if models.IsErrWikiReservedName(err) {
--- a/routers/routes/routes.go
+++ b/routers/routes/routes.go
@@ -106,7 +106,7 @@ func NewMacaron() *macaron.Macaron {
 		Langs:       setting.Langs,
 		Names:       setting.Names,
 		DefaultLang: "en-US",
-		Redirect:    false,
+		Redirect:    true,
 	}))
 	m.Use(cache.Cacher(cache.Options{
 		Adapter:       setting.CacheService.Adapter,
@@ -643,7 +643,7 @@ func RegisterRoutes(m *macaron.Macaron) {
 			}
 			ctx.Data["CommitsCount"] = ctx.Repo.CommitsCount
 		})
-	}, ignSignIn, context.RepoAssignment(), context.UnitTypes(), reqRepoReleaseReader)
+	}, context.RepoAssignment(), context.UnitTypes(), reqRepoReleaseReader)

 	m.Group("/:username/:reponame", func() {
 		m.Post("/topics", repo.TopicsPost)
--- a/routers/user/auth_openid.go
+++ b/routers/user/auth_openid.go
@@ -115,8 +115,7 @@ func SignInOpenIDPost(ctx *context.Context, form auth.SignInOpenIDForm) {
 	redirectTo := setting.AppURL + "user/login/openid"
 	url, err := openid.RedirectURL(id, redirectTo, setting.AppURL)
 	if err != nil {
-		log.Error(1, "Error in OpenID redirect URL: %s, %v", redirectTo, err.Error())
-		ctx.RenderWithErr(fmt.Sprintf("Unable to find OpenID provider in %s", redirectTo), tplSignInOpenID, &form)
+		ctx.RenderWithErr(err.Error(), tplSignInOpenID, &form)
 		return
 	}

--- a/routers/user/setting/security.go
+++ b/routers/user/setting/security.go
@@ -34,15 +34,10 @@ func Security(ctx *context.Context) {

 // DeleteAccountLink delete a single account link
 func DeleteAccountLink(ctx *context.Context) {
-	id := ctx.QueryInt64("id")
-	if id <= 0 {
-		ctx.Flash.Error("Account link id is not given")
+	if _, err := models.RemoveAccountLink(ctx.User, ctx.QueryInt64("loginSourceID")); err != nil {
+		ctx.Flash.Error("RemoveAccountLink: " + err.Error())
 	} else {
-		if _, err := models.RemoveAccountLink(ctx.User, id); err != nil {
-			ctx.Flash.Error("RemoveAccountLink: " + err.Error())
-		} else {
-			ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
-		}
+		ctx.Flash.Success(ctx.Tr("settings.remove_account_link_success"))
 	}

 	ctx.JSON(200, map[string]interface{}{
--- a/templates/admin/dashboard.tmpl
+++ b/templates/admin/dashboard.tmpl
@@ -100,7 +100,7 @@
 				<dt>{{.i18n.Tr "admin.dashboard.mspan_structures_usage"}}</dt>
 				<dd>{{.SysStatus.MSpanInuse}}</dd>
 				<dt>{{.i18n.Tr "admin.dashboard.mspan_structures_obtained"}}</dt>
-				<dd>{{.SysStatus.MSpanSys}}</dd>
+				<dd>{{.SysStatus.HeapSys}}</dd>
 				<dt>{{.i18n.Tr "admin.dashboard.mcache_structures_usage"}}</dt>
 				<dd>{{.SysStatus.MCacheInuse}}</dd>
 				<dt>{{.i18n.Tr "admin.dashboard.mcache_structures_obtained"}}</dt>
--- a/templates/repo/home.tmpl
+++ b/templates/repo/home.tmpl
@@ -54,8 +54,8 @@
 		<div class="ui stackable secondary menu mobile--margin-between-items mobile--no-negative-margins">
 			{{if and .PullRequestCtx.Allowed .IsViewBranch}}
 				<div class="fitted item">
-					<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{ if .Repository.IsFork }}{{.Repository.Owner.Name}}{{ else }}{{ .SignedUserName }}{{ end }}:{{.BranchName | EscapePound}}">
-					<button class="ui green tiny compact button"><i class="octicon octicon-git-compare"></i></button>
+					<a href="{{.BaseRepo.Link}}/compare/{{.BaseRepo.DefaultBranch | EscapePound}}...{{.Repository.Owner.Name}}:{{.BranchName | EscapePound}}">
+						<button class="ui green tiny compact button"><i class="octicon octicon-git-compare"></i></button>
 					</a>
 				</div>
 			{{end}}
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -1663,46 +1663,6 @@
        }
      }
    },
-    "/repos/{owner}/{repo}/git/trees/{sha}": {
-      "get": {
-        "produces": [
-          "application/json"
-        ],
-        "tags": [
-          "repository"
-        ],
-        "summary": "Gets the tree of a repository.",
-        "operationId": "GetTree",
-        "parameters": [
-          {
-            "type": "string",
-            "description": "owner of the repo",
-            "name": "owner",
-            "in": "path",
-            "required": true
-          },
-          {
-            "type": "string",
-            "description": "name of the repo",
-            "name": "repo",
-            "in": "path",
-            "required": true
-          },
-          {
-            "type": "string",
-            "description": "sha of the commit",
-            "name": "sha",
-            "in": "path",
-            "required": true
-          }
-        ],
-        "responses": {
-          "200": {
-            "$ref": "#/responses/GitTreeResponse"
-          }
-        }
-      }
-    },
    "/repos/{owner}/{repo}/hooks": {
      "get": {
        "produces": [
@@ -7080,38 +7040,6 @@
      },
      "x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
    },
-    "GitEntry": {
-      "description": "GitEntry represents a git tree",
-      "type": "object",
-      "properties": {
-        "mode": {
-          "type": "string",
-          "x-go-name": "Mode"
-        },
-        "path": {
-          "type": "string",
-          "x-go-name": "Path"
-        },
-        "sha": {
-          "type": "string",
-          "x-go-name": "SHA"
-        },
-        "size": {
-          "type": "integer",
-          "format": "int64",
-          "x-go-name": "Size"
-        },
-        "type": {
-          "type": "string",
-          "x-go-name": "Type"
-        },
-        "url": {
-          "type": "string",
-          "x-go-name": "URL"
-        }
-      },
-      "x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
-    },
    "GitObject": {
      "type": "object",
      "title": "GitObject represents a Git object.",
@@ -7131,32 +7059,6 @@
      },
      "x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
    },
-    "GitTreeResponse": {
-      "description": "GitTreeResponse returns a git tree",
-      "type": "object",
-      "properties": {
-        "sha": {
-          "type": "string",
-          "x-go-name": "SHA"
-        },
-        "tree": {
-          "type": "array",
-          "items": {
-            "$ref": "#/definitions/GitEntry"
-          },
-          "x-go-name": "Entries"
-        },
-        "truncated": {
-          "type": "boolean",
-          "x-go-name": "Truncated"
-        },
-        "url": {
-          "type": "string",
-          "x-go-name": "URL"
-        }
-      },
-      "x-go-package": "code.gitea.io/gitea/vendor/code.gitea.io/sdk/gitea"
-    },
    "Issue": {
      "description": "Issue represents an issue in a repository",
      "type": "object",
@@ -8298,12 +8200,6 @@
        }
      }
    },
-    "GitTreeResponse": {
-      "description": "GitTreeResponse",
-      "schema": {
-        "$ref": "#/definitions/GitTreeResponse"
-      }
-    },
    "Hook": {
      "description": "Hook",
      "schema": {
--- a/templates/user/dashboard/dashboard.tmpl
+++ b/templates/user/dashboard/dashboard.tmpl
@@ -44,14 +44,12 @@
 						<div v-show="tab === 'repos'" class="ui tab active list dashboard-repos">
 							<h4 class="ui top attached header">
 								{{.i18n.Tr "home.my_repos"}} <span class="ui grey label">${reposTotalCount}</span>
-								{{if or (not .ContextUser.IsOrganization) .IsOrganizationOwner}}
 								<div class="ui right">
-									<a class="poping up" :href="suburl + '/repo/create{{if .ContextUser.IsOrganization}}?org={{.ContextUser.ID}}{{end}}'" data-content="{{.i18n.Tr "new_repo"}}" data-variation="tiny inverted" data-position="left center">
+									<a class="poping up" :href="suburl + '/repo/create'" data-content="{{.i18n.Tr "new_repo"}}" data-variation="tiny inverted" data-position="left center">
 										<i class="plus icon"></i>
 										<span class="sr-only">{{.i18n.Tr "new_repo"}}</span>
 									</a>
 								</div>
-								{{end}}
 							</h4>
 							<div class="ui attached secondary segment repos-search">
 								<div class="ui fluid icon input" :class="{loading: isLoading}">
--- a/vendor/github.com/go-xorm/xorm/dialect_postgres.go
+++ b/vendor/github.com/go-xorm/xorm/dialect_postgres.go
@@ -822,7 +822,7 @@ func (db *postgres) SqlType(c *core.Column) string {
 	case core.NVarchar:
 		res = core.Varchar
 	case core.Uuid:
-		return core.Uuid
+		res = core.Uuid
 	case core.Blob, core.TinyBlob, core.MediumBlob, core.LongBlob:
 		return core.Bytea
 	case core.Double:
@@ -834,10 +834,6 @@ func (db *postgres) SqlType(c *core.Column) string {
 		res = t
 	}

-	if strings.EqualFold(res, "bool") {
-		// for bool, we don't need length information
-		return res
-	}
 	hasLen1 := (c.Length > 0)
 	hasLen2 := (c.Length2 > 0)

--- a/vendor/github.com/go-xorm/xorm/engine.go
+++ b/vendor/github.com/go-xorm/xorm/engine.go
@@ -481,8 +481,7 @@ func (engine *Engine) dumpTables(tables []*core.Table, w io.Writer, tp ...core.D
 		}

 		cols := table.ColumnsSeq()
-		colNames := engine.dialect.Quote(strings.Join(cols, engine.dialect.Quote(", ")))
-		destColNames := dialect.Quote(strings.Join(cols, dialect.Quote(", ")))
+		colNames := dialect.Quote(strings.Join(cols, dialect.Quote(", ")))

 		rows, err := engine.DB().Query("SELECT " + colNames + " FROM " + engine.Quote(table.Name))
 		if err != nil {
@@ -497,7 +496,7 @@ func (engine *Engine) dumpTables(tables []*core.Table, w io.Writer, tp ...core.D
 				return err
 			}

-			_, err = io.WriteString(w, "INSERT INTO "+dialect.Quote(table.Name)+" ("+destColNames+") VALUES (")
+			_, err = io.WriteString(w, "INSERT INTO "+dialect.Quote(table.Name)+" ("+colNames+") VALUES (")
 			if err != nil {
 				return err
 			}
--- a/vendor/gopkg.in/ldap.v2/LICENSE
+++ b/vendor/gopkg.in/ldap.v2/LICENSE
@@ -1,22 +1,27 @@
-The MIT License (MIT)
+Copyright (c) 2012 The Go Authors. All rights reserved.

-Copyright (c) 2011-2015 Michael Mitton (mmitton@gmail.com)
-Portions copyright (c) 2015-2016 go-ldap Authors
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are
+met:

-Permission is hereby granted, free of charge, to any person obtaining a copy
-of this software and associated documentation files (the "Software"), to deal
-in the Software without restriction, including without limitation the rights
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
-copies of the Software, and to permit persons to whom the Software is
-furnished to do so, subject to the following conditions:
+   * Redistributions of source code must retain the above copyright
+notice, this list of conditions and the following disclaimer.
+   * Redistributions in binary form must reproduce the above
+copyright notice, this list of conditions and the following disclaimer
+in the documentation and/or other materials provided with the
+distribution.
+   * Neither the name of Google Inc. nor the names of its
+contributors may be used to endorse or promote products derived from
+this software without specific prior written permission.

-The above copyright notice and this permission notice shall be included in all
-copies or substantial portions of the Software.
-
-THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
-SOFTWARE.
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
+LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
+OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/vendor/gopkg.in/ldap.v2/atomic_value.go
+++ b/vendor/gopkg.in/ldap.v2/atomic_value.go
@@ -1,13 +0,0 @@
-// +build go1.4
-
-package ldap
-
-import (
-	"sync/atomic"
-)
-
-// For compilers that support it, we just use the underlying sync/atomic.Value
-// type.
-type atomicValue struct {
-	atomic.Value
-}
--- a/vendor/gopkg.in/ldap.v2/atomic_value_go13.go
+++ b/vendor/gopkg.in/ldap.v2/atomic_value_go13.go
@@ -1,28 +0,0 @@
-// +build !go1.4
-
-package ldap
-
-import (
-	"sync"
-)
-
-// This is a helper type that emulates the use of the "sync/atomic.Value"
-// struct that's available in Go 1.4 and up.
-type atomicValue struct {
-	value interface{}
-	lock  sync.RWMutex
-}
-
-func (av *atomicValue) Store(val interface{}) {
-	av.lock.Lock()
-	av.value = val
-	av.lock.Unlock()
-}
-
-func (av *atomicValue) Load() interface{} {
-	av.lock.RLock()
-	ret := av.value
-	av.lock.RUnlock()
-
-	return ret
-}
--- a/vendor/gopkg.in/ldap.v2/conn.go
+++ b/vendor/gopkg.in/ldap.v2/conn.go
@@ -11,7 +11,6 @@ import (
 	"log"
 	"net"
 	"sync"
-	"sync/atomic"
 	"time"

 	"gopkg.in/asn1-ber.v1"
@@ -83,18 +82,20 @@ const (
 type Conn struct {
 	conn                net.Conn
 	isTLS               bool
-	closing             uint32
-	closeErr            atomicValue
+	isClosing           bool
+	closeErr            error
 	isStartingTLS       bool
 	Debug               debugging
-	chanConfirm         chan struct{}
+	chanConfirm         chan bool
 	messageContexts     map[int64]*messageContext
 	chanMessage         chan *messagePacket
 	chanMessageID       chan int64
+	wgSender            sync.WaitGroup
 	wgClose             sync.WaitGroup
+	once                sync.Once
 	outstandingRequests uint
 	messageMutex        sync.Mutex
-	requestTimeout      int64
+	requestTimeout      time.Duration
 }

 var _ Client = &Conn{}
@@ -141,7 +142,7 @@ func DialTLS(network, addr string, config *tls.Config) (*Conn, error) {
 func NewConn(conn net.Conn, isTLS bool) *Conn {
 	return &Conn{
 		conn:            conn,
-		chanConfirm:     make(chan struct{}),
+		chanConfirm:     make(chan bool),
 		chanMessageID:   make(chan int64),
 		chanMessage:     make(chan *messagePacket, 10),
 		messageContexts: map[int64]*messageContext{},
@@ -157,22 +158,12 @@ func (l *Conn) Start() {
 	l.wgClose.Add(1)
 }

-// isClosing returns whether or not we're currently closing.
-func (l *Conn) isClosing() bool {
-	return atomic.LoadUint32(&l.closing) == 1
-}
-
-// setClosing sets the closing value to true
-func (l *Conn) setClosing() bool {
-	return atomic.CompareAndSwapUint32(&l.closing, 0, 1)
-}
-
 // Close closes the connection.
 func (l *Conn) Close() {
-	l.messageMutex.Lock()
-	defer l.messageMutex.Unlock()
+	l.once.Do(func() {
+		l.isClosing = true
+		l.wgSender.Wait()

-	if l.setClosing() {
 		l.Debug.Printf("Sending quit message and waiting for confirmation")
 		l.chanMessage <- &messagePacket{Op: MessageQuit}
 		<-l.chanConfirm
@@ -180,25 +171,27 @@ func (l *Conn) Close() {

 		l.Debug.Printf("Closing network connection")
 		if err := l.conn.Close(); err != nil {
-			log.Println(err)
+			log.Print(err)
 		}

 		l.wgClose.Done()
-	}
+	})
 	l.wgClose.Wait()
 }

 // SetTimeout sets the time after a request is sent that a MessageTimeout triggers
 func (l *Conn) SetTimeout(timeout time.Duration) {
 	if timeout > 0 {
-		atomic.StoreInt64(&l.requestTimeout, int64(timeout))
+		l.requestTimeout = timeout
 	}
 }

 // Returns the next available messageID
 func (l *Conn) nextMessageID() int64 {
-	if messageID, ok := <-l.chanMessageID; ok {
-		return messageID
+	if l.chanMessageID != nil {
+		if messageID, ok := <-l.chanMessageID; ok {
+			return messageID
+		}
 	}
 	return 0
 }
@@ -265,7 +258,7 @@ func (l *Conn) sendMessage(packet *ber.Packet) (*messageContext, error) {
 }

 func (l *Conn) sendMessageWithFlags(packet *ber.Packet, flags sendMessageFlags) (*messageContext, error) {
-	if l.isClosing() {
+	if l.isClosing {
 		return nil, NewError(ErrorNetwork, errors.New("ldap: connection closed"))
 	}
 	l.messageMutex.Lock()
@@ -304,7 +297,7 @@ func (l *Conn) sendMessageWithFlags(packet *ber.Packet, flags sendMessageFlags)
 func (l *Conn) finishMessage(msgCtx *messageContext) {
 	close(msgCtx.done)

-	if l.isClosing() {
+	if l.isClosing {
 		return
 	}

@@ -323,12 +316,12 @@ func (l *Conn) finishMessage(msgCtx *messageContext) {
 }

 func (l *Conn) sendProcessMessage(message *messagePacket) bool {
-	l.messageMutex.Lock()
-	defer l.messageMutex.Unlock()
-	if l.isClosing() {
+	if l.isClosing {
 		return false
 	}
+	l.wgSender.Add(1)
 	l.chanMessage <- message
+	l.wgSender.Done()
 	return true
 }

@@ -340,14 +333,15 @@ func (l *Conn) processMessages() {
 		for messageID, msgCtx := range l.messageContexts {
 			// If we are closing due to an error, inform anyone who
 			// is waiting about the error.
-			if l.isClosing() && l.closeErr.Load() != nil {
-				msgCtx.sendResponse(&PacketResponse{Error: l.closeErr.Load().(error)})
+			if l.isClosing && l.closeErr != nil {
+				msgCtx.sendResponse(&PacketResponse{Error: l.closeErr})
 			}
 			l.Debug.Printf("Closing channel for MessageID %d", messageID)
 			close(msgCtx.responses)
 			delete(l.messageContexts, messageID)
 		}
 		close(l.chanMessageID)
+		l.chanConfirm <- true
 		close(l.chanConfirm)
 	}()

@@ -356,7 +350,11 @@ func (l *Conn) processMessages() {
 		select {
 		case l.chanMessageID <- messageID:
 			messageID++
-		case message := <-l.chanMessage:
+		case message, ok := <-l.chanMessage:
+			if !ok {
+				l.Debug.Printf("Shutting down - message channel is closed")
+				return
+			}
 			switch message.Op {
 			case MessageQuit:
 				l.Debug.Printf("Shutting down - quit message received")
@@ -379,15 +377,14 @@ func (l *Conn) processMessages() {
 				l.messageContexts[message.MessageID] = message.Context

 				// Add timeout if defined
-				requestTimeout := time.Duration(atomic.LoadInt64(&l.requestTimeout))
-				if requestTimeout > 0 {
+				if l.requestTimeout > 0 {
 					go func() {
 						defer func() {
 							if err := recover(); err != nil {
 								log.Printf("ldap: recovered panic in RequestTimeout: %v", err)
 							}
 						}()
-						time.Sleep(requestTimeout)
+						time.Sleep(l.requestTimeout)
 						timeoutMessage := &messagePacket{
 							Op:        MessageTimeout,
 							MessageID: message.MessageID,
@@ -400,7 +397,7 @@ func (l *Conn) processMessages() {
 				if msgCtx, ok := l.messageContexts[message.MessageID]; ok {
 					msgCtx.sendResponse(&PacketResponse{message.Packet, nil})
 				} else {
-					log.Printf("Received unexpected message %d, %v", message.MessageID, l.isClosing())
+					log.Printf("Received unexpected message %d, %v", message.MessageID, l.isClosing)
 					ber.PrintPacket(message.Packet)
 				}
 			case MessageTimeout:
@@ -442,8 +439,8 @@ func (l *Conn) reader() {
 		packet, err := ber.ReadPacket(l.conn)
 		if err != nil {
 			// A read error is expected here if we are closing the connection...
-			if !l.isClosing() {
-				l.closeErr.Store(fmt.Errorf("unable to read LDAP response packet: %s", err))
+			if !l.isClosing {
+				l.closeErr = fmt.Errorf("unable to read LDAP response packet: %s", err)
 				l.Debug.Printf("reader error: %s", err.Error())
 			}
 			return
--- a/vendor/gopkg.in/ldap.v2/control.go
+++ b/vendor/gopkg.in/ldap.v2/control.go
@@ -334,18 +334,18 @@ func DecodeControl(packet *ber.Packet) Control {
 		for _, child := range sequence.Children {
 			if child.Tag == 0 {
 				//Warning
-				warningPacket := child.Children[0]
-				packet := ber.DecodePacket(warningPacket.Data.Bytes())
+				child := child.Children[0]
+				packet := ber.DecodePacket(child.Data.Bytes())
 				val, ok := packet.Value.(int64)
 				if ok {
-					if warningPacket.Tag == 0 {
+					if child.Tag == 0 {
 						//timeBeforeExpiration
 						c.Expire = val
-						warningPacket.Value = c.Expire
-					} else if warningPacket.Tag == 1 {
+						child.Value = c.Expire
+					} else if child.Tag == 1 {
 						//graceAuthNsRemaining
 						c.Grace = val
-						warningPacket.Value = c.Grace
+						child.Value = c.Grace
 					}
 				}
 			} else if child.Tag == 1 {
--- a/vendor/gopkg.in/ldap.v2/debug.go
+++ b/vendor/gopkg.in/ldap.v2/debug.go
@@ -6,7 +6,7 @@ import (
 	"gopkg.in/asn1-ber.v1"
 )

-// debugging type
+// debbuging type
 //     - has a Printf method to write the debug output
 type debugging bool

--- a/vendor/gopkg.in/ldap.v2/dn.go
+++ b/vendor/gopkg.in/ldap.v2/dn.go
@@ -2,7 +2,7 @@
 // Use of this source code is governed by a BSD-style
 // license that can be found in the LICENSE file.
 //
-// File contains DN parsing functionality
+// File contains DN parsing functionallity
 //
 // https://tools.ietf.org/html/rfc4514
 //
@@ -52,7 +52,7 @@ import (
 	"fmt"
 	"strings"

-	"gopkg.in/asn1-ber.v1"
+	ber "gopkg.in/asn1-ber.v1"
 )

 // AttributeTypeAndValue represents an attributeTypeAndValue from https://tools.ietf.org/html/rfc4514
@@ -83,19 +83,9 @@ func ParseDN(str string) (*DN, error) {
 	attribute := new(AttributeTypeAndValue)
 	escaping := false

-	unescapedTrailingSpaces := 0
-	stringFromBuffer := func() string {
-		s := buffer.String()
-		s = s[0 : len(s)-unescapedTrailingSpaces]
-		buffer.Reset()
-		unescapedTrailingSpaces = 0
-		return s
-	}
-
 	for i := 0; i < len(str); i++ {
 		char := str[i]
 		if escaping {
-			unescapedTrailingSpaces = 0
 			escaping = false
 			switch char {
 			case ' ', '"', '#', '+', ',', ';', '<', '=', '>', '\\':
@@ -117,10 +107,10 @@ func ParseDN(str string) (*DN, error) {
 			buffer.WriteByte(dst[0])
 			i++
 		} else if char == '\\' {
-			unescapedTrailingSpaces = 0
 			escaping = true
 		} else if char == '=' {
-			attribute.Type = stringFromBuffer()
+			attribute.Type = buffer.String()
+			buffer.Reset()
 			// Special case: If the first character in the value is # the
 			// following data is BER encoded so we can just fast forward
 			// and decode.
@@ -143,10 +133,7 @@ func ParseDN(str string) (*DN, error) {
 			}
 		} else if char == ',' || char == '+' {
 			// We're done with this RDN or value, push it
-			if len(attribute.Type) == 0 {
-				return nil, errors.New("incomplete type, value pair")
-			}
-			attribute.Value = stringFromBuffer()
+			attribute.Value = buffer.String()
 			rdn.Attributes = append(rdn.Attributes, attribute)
 			attribute = new(AttributeTypeAndValue)
 			if char == ',' {
@@ -154,17 +141,8 @@ func ParseDN(str string) (*DN, error) {
 				rdn = new(RelativeDN)
 				rdn.Attributes = make([]*AttributeTypeAndValue, 0)
 			}
-		} else if char == ' ' && buffer.Len() == 0 {
-			// ignore unescaped leading spaces
-			continue
+			buffer.Reset()
 		} else {
-			if char == ' ' {
-				// Track unescaped spaces in case they are trailing and we need to remove them
-				unescapedTrailingSpaces++
-			} else {
-				// Reset if we see a non-space char
-				unescapedTrailingSpaces = 0
-			}
 			buffer.WriteByte(char)
 		}
 	}
@@ -172,76 +150,9 @@ func ParseDN(str string) (*DN, error) {
 		if len(attribute.Type) == 0 {
 			return nil, errors.New("DN ended with incomplete type, value pair")
 		}
-		attribute.Value = stringFromBuffer()
+		attribute.Value = buffer.String()
 		rdn.Attributes = append(rdn.Attributes, attribute)
 		dn.RDNs = append(dn.RDNs, rdn)
 	}
 	return dn, nil
 }
-
-// Equal returns true if the DNs are equal as defined by rfc4517 4.2.15 (distinguishedNameMatch).
-// Returns true if they have the same number of relative distinguished names
-// and corresponding relative distinguished names (by position) are the same.
-func (d *DN) Equal(other *DN) bool {
-	if len(d.RDNs) != len(other.RDNs) {
-		return false
-	}
-	for i := range d.RDNs {
-		if !d.RDNs[i].Equal(other.RDNs[i]) {
-			return false
-		}
-	}
-	return true
-}
-
-// AncestorOf returns true if the other DN consists of at least one RDN followed by all the RDNs of the current DN.
-// "ou=widgets,o=acme.com" is an ancestor of "ou=sprockets,ou=widgets,o=acme.com"
-// "ou=widgets,o=acme.com" is not an ancestor of "ou=sprockets,ou=widgets,o=foo.com"
-// "ou=widgets,o=acme.com" is not an ancestor of "ou=widgets,o=acme.com"
-func (d *DN) AncestorOf(other *DN) bool {
-	if len(d.RDNs) >= len(other.RDNs) {
-		return false
-	}
-	// Take the last `len(d.RDNs)` RDNs from the other DN to compare against
-	otherRDNs := other.RDNs[len(other.RDNs)-len(d.RDNs):]
-	for i := range d.RDNs {
-		if !d.RDNs[i].Equal(otherRDNs[i]) {
-			return false
-		}
-	}
-	return true
-}
-
-// Equal returns true if the RelativeDNs are equal as defined by rfc4517 4.2.15 (distinguishedNameMatch).
-// Relative distinguished names are the same if and only if they have the same number of AttributeTypeAndValues
-// and each attribute of the first RDN is the same as the attribute of the second RDN with the same attribute type.
-// The order of attributes is not significant.
-// Case of attribute types is not significant.
-func (r *RelativeDN) Equal(other *RelativeDN) bool {
-	if len(r.Attributes) != len(other.Attributes) {
-		return false
-	}
-	return r.hasAllAttributes(other.Attributes) && other.hasAllAttributes(r.Attributes)
-}
-
-func (r *RelativeDN) hasAllAttributes(attrs []*AttributeTypeAndValue) bool {
-	for _, attr := range attrs {
-		found := false
-		for _, myattr := range r.Attributes {
-			if myattr.Equal(attr) {
-				found = true
-				break
-			}
-		}
-		if !found {
-			return false
-		}
-	}
-	return true
-}
-
-// Equal returns true if the AttributeTypeAndValue is equivalent to the specified AttributeTypeAndValue
-// Case of the attribute type is not significant
-func (a *AttributeTypeAndValue) Equal(other *AttributeTypeAndValue) bool {
-	return strings.EqualFold(a.Type, other.Type) && a.Value == other.Value
-}
--- a/vendor/gopkg.in/ldap.v2/error.go
+++ b/vendor/gopkg.in/ldap.v2/error.go
@@ -97,13 +97,6 @@ var LDAPResultCodeMap = map[uint8]string{
 	LDAPResultObjectClassModsProhibited:    "Object Class Mods Prohibited",
 	LDAPResultAffectsMultipleDSAs:          "Affects Multiple DSAs",
 	LDAPResultOther:                        "Other",
-
-	ErrorNetwork:            "Network Error",
-	ErrorFilterCompile:      "Filter Compile Error",
-	ErrorFilterDecompile:    "Filter Decompile Error",
-	ErrorDebugging:          "Debugging Error",
-	ErrorUnexpectedMessage:  "Unexpected Message",
-	ErrorUnexpectedResponse: "Unexpected Response",
 }

 func getLDAPResultCode(packet *ber.Packet) (code uint8, description string) {
--- a/vendor/gopkg.in/ldap.v2/filter.go
+++ b/vendor/gopkg.in/ldap.v2/filter.go
@@ -82,10 +82,7 @@ func CompileFilter(filter string) (*ber.Packet, error) {
 	if err != nil {
 		return nil, err
 	}
-	switch {
-	case pos > len(filter):
-		return nil, NewError(ErrorFilterCompile, errors.New("ldap: unexpected end of filter"))
-	case pos < len(filter):
+	if pos != len(filter) {
 		return nil, NewError(ErrorFilterCompile, errors.New("ldap: finished compiling filter with extra at end: "+fmt.Sprint(filter[pos:])))
 	}
 	return packet, nil
--- a/vendor/gopkg.in/ldap.v2/ldap.go
+++ b/vendor/gopkg.in/ldap.v2/ldap.go
@@ -9,7 +9,7 @@ import (
 	"io/ioutil"
 	"os"

-	"gopkg.in/asn1-ber.v1"
+	ber "gopkg.in/asn1-ber.v1"
 )

 // LDAP Application Codes
@@ -153,47 +153,16 @@ func addLDAPDescriptions(packet *ber.Packet) (err error) {
 func addControlDescriptions(packet *ber.Packet) {
 	packet.Description = "Controls"
 	for _, child := range packet.Children {
-		var value *ber.Packet
-		controlType := ""
 		child.Description = "Control"
-		switch len(child.Children) {
-		case 0:
-			// at least one child is required for control type
-			continue
-
-		case 1:
-			// just type, no criticality or value
-			controlType = child.Children[0].Value.(string)
-			child.Children[0].Description = "Control Type (" + ControlTypeMap[controlType] + ")"
-
-		case 2:
-			controlType = child.Children[0].Value.(string)
-			child.Children[0].Description = "Control Type (" + ControlTypeMap[controlType] + ")"
-			// Children[1] could be criticality or value (both are optional)
-			// duck-type on whether this is a boolean
-			if _, ok := child.Children[1].Value.(bool); ok {
-				child.Children[1].Description = "Criticality"
-			} else {
-				child.Children[1].Description = "Control Value"
-				value = child.Children[1]
-			}
-
-		case 3:
-			// criticality and value present
-			controlType = child.Children[0].Value.(string)
-			child.Children[0].Description = "Control Type (" + ControlTypeMap[controlType] + ")"
+		child.Children[0].Description = "Control Type (" + ControlTypeMap[child.Children[0].Value.(string)] + ")"
+		value := child.Children[1]
+		if len(child.Children) == 3 {
 			child.Children[1].Description = "Criticality"
-			child.Children[2].Description = "Control Value"
 			value = child.Children[2]
+		}
+		value.Description = "Control Value"

-		default:
-			// more than 3 children is invalid
-			continue
-		}
-		if value == nil {
-			continue
-		}
-		switch controlType {
+		switch child.Children[0].Value.(string) {
 		case ControlTypePaging:
 			value.Description += " (Paging)"
 			if value.Value != nil {
@@ -219,18 +188,18 @@ func addControlDescriptions(packet *ber.Packet) {
 			for _, child := range sequence.Children {
 				if child.Tag == 0 {
 					//Warning
-					warningPacket := child.Children[0]
-					packet := ber.DecodePacket(warningPacket.Data.Bytes())
+					child := child.Children[0]
+					packet := ber.DecodePacket(child.Data.Bytes())
 					val, ok := packet.Value.(int64)
 					if ok {
-						if warningPacket.Tag == 0 {
+						if child.Tag == 0 {
 							//timeBeforeExpiration
 							value.Description += " (TimeBeforeExpiration)"
-							warningPacket.Value = val
-						} else if warningPacket.Tag == 1 {
+							child.Value = val
+						} else if child.Tag == 1 {
 							//graceAuthNsRemaining
 							value.Description += " (GraceAuthNsRemaining)"
-							warningPacket.Value = val
+							child.Value = val
 						}
 					}
 				} else if child.Tag == 1 {
--- a/vendor/gopkg.in/ldap.v2/passwdmodify.go
+++ b/vendor/gopkg.in/ldap.v2/passwdmodify.go
@@ -135,10 +135,10 @@ func (l *Conn) PasswordModify(passwordModifyRequest *PasswordModifyRequest) (*Pa
 	extendedResponse := packet.Children[1]
 	for _, child := range extendedResponse.Children {
 		if child.Tag == 11 {
-			passwordModifyResponseValue := ber.DecodePacket(child.Data.Bytes())
-			if len(passwordModifyResponseValue.Children) == 1 {
-				if passwordModifyResponseValue.Children[0].Tag == 0 {
-					result.GeneratedPassword = ber.DecodeString(passwordModifyResponseValue.Children[0].Data.Bytes())
+			passwordModifyReponseValue := ber.DecodePacket(child.Data.Bytes())
+			if len(passwordModifyReponseValue.Children) == 1 {
+				if passwordModifyReponseValue.Children[0].Tag == 0 {
+					result.GeneratedPassword = ber.DecodeString(passwordModifyReponseValue.Children[0].Data.Bytes())
 				}
 			}
 		}