Commit graph

17195 commits

Author SHA1 Message Date
Giteabot 01285dc47c
Fix incorrect URL for "Reference in New Issue" (#28716) (#28723)
Backport #28716 by wxiaoguang

Gitea prefers to use relative URLs in code (to make multiple domain work
for some users)

So it needs to use `toAbsoluteUrl` to generate a full URL when click
"Reference in New Issues"

And add some comments in the test code

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit def178ce32)

Conflicts:
	tests/integration/issue_test.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:37:07 +00:00
Giteabot d416f94b70
Improve frontend guideline (#28711) (#28713)
(cherry picked from commit ad2cb9863c)
2024-01-16 14:16:56 +00:00
Giteabot ad027c2818
Fix panic when parsing empty pgsql host (#28708) (#28709)
Backport #28708 by wxiaoguang

Regression of #27723
Fix #28705

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 7f833d8f71)
2024-01-16 14:16:56 +00:00
Giteabot 2b8b1ab0ae
Fix wrapping of label list (#28684) (#28688)
Backport #28684 by @denyskon

Before:

![grafik](https://github.com/go-gitea/gitea/assets/47871822/2fbd7ef2-22ad-4515-9c66-81c29bfbb7a3)

After:

![grafik](https://github.com/go-gitea/gitea/assets/47871822/df86d1ae-03db-4543-834c-761859c367be)

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
(cherry picked from commit e67c819cf4)
2024-01-16 14:16:55 +00:00
wxiaoguang d537b63521
Make template DateTime show proper tooltip (#28677) (#28683)
Backport #28677

(cherry picked from commit 83457805bb)
2024-01-16 14:16:55 +00:00
Giteabot f5764bbf26
Fix: system webhooks API bug (#28531) (#28666)
Backport #28531 by @pulltheflower

- Fix the bug about admin/hooks API that `GET /admin/hooks` can only
fetch system_hooks, `POST /admin/hooks` can only create default_hooks.

Co-authored-by: vincent <38434877+pulltheflower@users.noreply.github.com>
(cherry picked from commit 3c79315cf2)
2024-01-16 14:16:55 +00:00
Giteabot 881159f593
Fix alpine package files are not rebuilt (#28638) (#28665)
Backport #28638 by @lng2020

I noticed the `BuildAllRepositoryFiles` function under the Alpine folder
is unused and I thought it was a bug.
But I'm not sure about this. Was it on purpose?

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 3e1bd61000)
2024-01-16 14:16:55 +00:00
Giteabot 0a157ed950
Upgrade xorm to new version which supported update join for all supported databases (#28590) (#28668)
Backport #28590 by @lunny

Fix https://github.com/go-gitea/gitea/pull/28547#issuecomment-1867740842

Since https://gitea.com/xorm/xorm/pulls/2383 merged, xorm now supports
UPDATE JOIN.
To keep consistent from different databases, xorm use
`engine.Join().Update`, but the actural generated SQL are different
between different databases.

For MySQL, it's `UPDATE talbe1 JOIN table2 ON join_conditions SET xxx
Where xxx`.

For MSSQL, it's `UPDATE table1 SET xxx FROM TABLE1, TABLE2 WHERE
join_conditions`.

For SQLITE per https://www.sqlite.org/lang_update.html, sqlite support
`UPDATE table1 SET xxx FROM table2 WHERE join conditions` from
3.33.0(2020-8-14).

POSTGRES is the same as SQLITE.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 18da3f8483)
2024-01-16 14:16:55 +00:00
Gusted fe3b294f7b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
(cherry picked from commit 8d2dab94a6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:14:46 +00:00
wxiaoguang ea8ca5b509
Avoid cycle-redirecting user/login page (#28636) (#28658)
Backport #28636

Fix #28231, and remove some unused code.

(cherry picked from commit 2165729d16)
2024-01-16 14:11:44 +00:00
Earl Warren d694579bdf
Revert "[GITEA] rework long-term authentication"
This reverts commit 8d2dab94a6.
2024-01-16 14:11:28 +00:00
wxiaoguang fd098cf75b
Improve 1.21 document for Database Preparation (#28643) (#28644)
Backport #28643

Fix #28247

(cherry picked from commit 8ec232817c)
2024-01-16 14:11:02 +00:00
Giteabot 2caf162b77
Extend description for ARTIFACT_RETENTION_DAYS (#28626) (#28630)
Backport #28626 by @hakito

Make it clear that this value is just a default value and that every
artifact can have it's own value.

Co-authored-by: Gerd Katzenbeisser <hakito@users.noreply.github.com>
(cherry picked from commit a5c7ac9980)
2024-01-16 14:11:02 +00:00
Giteabot da1b257733
Use known issue IID to generate new PR index number when migrating from GitLab (#28616) (#28618)
Backport #28616 by wxiaoguang

Fix #13884

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit bf983735fd)
2024-01-16 14:11:02 +00:00
Gusted 120294c44e
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit 91191aaaed)
(cherry picked from commit 72be417f84)
(cherry picked from commit 98497c84da)
(cherry picked from commit fba042adb5)
(cherry picked from commit dd2414f226)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/issues/2016
2024-01-16 14:09:55 +00:00
wxiaoguang 265cd70bdb
Refactor CORS handler (#28587) (#28611)
Backport #28587, the only conflict is the test file.

The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098

(cherry picked from commit 7a2786ca6c)
2024-01-16 14:08:38 +00:00
Earl Warren 0b872a403d
Revert "[GITEA] Use maintained gziphandler"
This reverts commit dd2414f226.
2024-01-16 14:08:31 +00:00
Giteabot fef19bcf94
Fix the scroll behavior for emoji/mention list (#28597) (#28601)
Backport #28597 by wxiaoguang

Fix #28595 by https://github.com/github/combobox-nav/pull/79 (combobox-nav v2.3.1)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 8a46a6417e)
2024-01-16 14:07:46 +00:00
Giteabot c39e9cd9a9
Fix flex container width (#28603) (#28605)
Backport #28603 by wxiaoguang

Fix #28489

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 5b104a5533)
2024-01-16 14:07:46 +00:00
Giteabot 75ad9ac50b
Include heap pprof in diagnosis report to help debugging memory leaks (#28596) (#28599)
(cherry picked from commit f2add36a29)
2024-01-16 14:07:46 +00:00
Giteabot 29a0e7738c
Fix wrong due date rendering in issue list page (#28588) (#28591)
Backport #28588 by @yardenshoham

It included the hours, minutes, and seconds. By removing these, the date
renders correctly.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit 564068aa99)
2024-01-16 14:07:46 +00:00
Giteabot 3fe44b8762
Fix status_check_contexts matching bug (#28582) (#28589)
Backport #28582 by @Zettat123

Fix #28570
Follow #24633

---
Copied from
https://github.com/go-gitea/gitea/issues/28570#issuecomment-1867327999

The feature introduced in #24633 should be compatible with
`status_check_contexts`. However, if one or more of
`status_check_contexts` is not a legal glob expressions, `glob.Compile`
will fail and the contexts cannot match.

21229ed2c8/routers/web/repo/pull.go (L653-L663)

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 6a559ad634)
2024-01-16 14:07:46 +00:00
Giteabot 9ad7a67fc1
Fix 405 method not allowed CORS / OIDC (#28583) (#28586)
Backport #28583 by @morphelinho

Follow #28184
Follow #28515

Fix problem with 405 method not allowed for CORS wrt OIDC

Co-authored-by: morphelinho <morphelinho@users.noreply.github.com>
(cherry picked from commit 4dd39eb54a)
2024-01-16 14:07:46 +00:00
Earl Warren b856b108e9
Revert "[GITEA] Make reference URL absolute"
This reverts commit a8ce03660f.
2024-01-16 13:42:39 +00:00
Earl Warren 74652a6c81
Revert "[GITEA] Fix wrong link in user and organization profile when using relative url"
This reverts commit 658475dd21.
2024-01-16 13:38:07 +00:00
Earl Warren 90d532e778
Revert "[GITEA] Avoid conflicts of issue and PR numbers in GitLab migration (#1790)"
This reverts commit 55b9aed470.
2024-01-16 13:37:45 +00:00
Earl Warren b0295a3153
Revert "[GITEA] Downgrade @github/combobox-nav"
This reverts commit b0874a0912.
2024-01-16 13:37:29 +00:00
Earl Warren 2631d10df0 Merge pull request 'Backport #2139 to v1.21' (#2142) from algernon/forgejo:b/v1.21/missing-branch-makes-server-sad into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2142
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-01-15 13:08:56 +00:00
Gergely Nagy 49efd192e9
tests: More testing in TestDatabaseMissingABranch
In the `TestDatabaseMissingABranch` testcase, make sure that the
branches are in sync between the db and git before deleting a branch via
git, then compare the branch count from the web UI, making sure that it
returns an out-of-sync value first, and the correct one after another
sync.

This is currently tested by scraping the UI, and relies on the fact that
the branch counter is out of date before syncing. If that issue gets
resolved, we'll have to adjust the test to verify the sync another way.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:24 +01:00
Gergely Nagy 754f97b1e2
tests: Add a testcase for missing branches
This tests the scenario reported in Codeberg/Community#1408: a branch
that is recorded in the database, but missing on disk was causing
internal server errors. With recent changes, that is no longer the case,
the error is logged and then ignored.

This test case tests this behaviour, that the repo's branches page on
the web UI functions even if the git branch is missing.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:22 +01:00
Gergely Nagy c2fa9c308f
services: Gracefully handle missing branches
When loading branches, if loading one fails, log an error, and ignore
the branch, rather than returning and causing an internal server error.

Ideally, we would only ignore the error if it was caused by a missing
branch, and do it silently, like the respective API endpoint does.
However, veryfing that at this place is not very practical, so for the
time being, ignore any and all branch loading errors.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:12 +01:00
Gergely Nagy fffd9bb7d5
services: in loadOneBranch, return if CountDivergingCommits fail
If we can't count the number of diverging commits for one reason or
another (such as the branch being in the database, but missing from
disk), rather than logging an error and continuing into a crash (because
`divergence` will be nil), return an error instead.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:07 +01:00
Gusted ca25167a03 Merge pull request '[GITEA] Fix panic in canSoftDeleteContentHistory' (#2138) from gusted/forgejo-bp-2134 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2138
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-13 21:43:48 +00:00
Gusted ab1ccc55dc
[GITEA] Fix panic in canSoftDeleteContentHistory
- Backport of #2134
- It's possible that `canSoftDeleteContentHistory` is called without
`ctx.Doer` being set, such as an anonymous user requesting the
`/content-history/detail` endpoint.
- Add a simple condition to always set to `canSoftDelete` to false if an
anonymous user is requesting this, this avoids a panic in the code that
assumes `ctx.Doer` is set.
- Added integration testing.

(cherry picked from commit 0b5db0dcc6)
2024-01-13 22:05:35 +01:00
Gusted bd3e5109ba Merge pull request '[GITEA] Fix wrong link in user and organization profile when using relative url' (#2118) from gusted/forgejo-bp-gt-28617 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2118
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-09 20:10:44 +00:00
katsu 658475dd21
[GITEA] Fix wrong link in user and organization profile when using relative url
- Backport of https://github.com/go-gitea/gitea/pull/28617
- Ref: https://codeberg.org/forgejo/forgejo/issues/1947

(cherry picked from commit 42149ff1a8)
2024-01-08 16:40:16 +01:00
Gusted 316b633e62 Merge pull request '[GITEA] Make reference URL absolute' (#2104) from gusted/forgejo-bp-2100 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2104
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-06 19:49:11 +00:00
Gusted a8ce03660f
[GITEA] Make reference URL absolute
- Backport of #2100
- Make the reference URL in the "Reference in New issue" feature
absolute again as it wouldn't render as a link otherwise.
- Adds integration test.
- Regression by 769be877f2
- Resolves #2012

(cherry picked from commit c74bae2897)
2024-01-06 20:16:52 +01:00
Gusted 2489cb97e7 Merge pull request '[GITEA] Check for Commit in opengraph' (#2098) from gusted/forgejo-bp-2094 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2098
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-05 15:03:21 +00:00
Gusted b473a44a2b
[GITEA] Check for Commit in opengraph
- Backport of #2094
- It's possible that `PageIsDiff` is set but not `Commit` resulting in a
NPE in the template. This can happen when the requested commit doesn't exist.
- Regression of c802c46a9b &
5743d7cb5b
- Added 'hacky' integration test.

(cherry picked from commit 8db2d5e4a7)
2024-01-05 14:26:20 +01:00
Gusted 0fbf761d19
[GITEA] Handle non-existant commit in Archive request
- When a user requests a archive of a non-existant commit
`git.ErrNotExist` is returned, but was not gracefully handled resulting
in a 500 error.
- Doesn't exist in v1.22 due to it being refactored away in
cbf923e87b
- Adds integration test.
2024-01-04 23:56:33 +01:00
Gusted 95dcc2dd8c Merge pull request '[GITEA] Fix NPE in ToPullReviewList' (#2058) from gusted/bp-forgejo-npe-reviews into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2058
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2023-12-30 15:53:13 +00:00
Gusted f5349b66b7
[GITEA] Fix NPE in ToPullReviewList
- Add condition to ensure doer isn't nil when using it.
- Added unit test.
- Resolves #2055

(cherry picked from commit 32967b2b5a62f7c7adc270aa3e6b123406b7b6d0)
2023-12-30 15:16:53 +01:00
Earl Warren ba222c299c
[CI] Forgejo Actions based release process (squash) no ownca
The private Forgejo instance trusted with the release signing keys no
longer requires the installation of the ownca certificate authority.

Refs: https://codeberg.org/forgejo/docs/pulls/338
(cherry picked from commit 72f9ae796d)
2023-12-28 17:27:34 +01:00
Aravinth Manivannan ac889d4290 [GITEA] notifies admins on new user registration (squash) fix URL
## Changes:

1. Use absolute URL in the admin panel link sent on new registrations
2. Include absolute URL of the newly signed-up user's profile.

New email looks like this:

<details><summary>Please click to expand</summary>

```
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

User Information: @realaravinth ( http://localhost:3000/realaravinth )
----------------------------------------------------------------------

* Created: 2023-12-13 19:36:50 +05:30

Please click here ( http://localhost:3000/admin/users/9 ) to manage the use=
r from the admin panel.
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
	<title>New user realaravinth just signed up</title>

	<style>
		blockquote { padding-left: 1em; margin: 1em 0; border-left: 1px solid gre=
y; color: #777}
		.footer { font-size:small; color:#666;}
	</style>

</head>

<body>
	<ul>
		<h3>User Information: <a href=3D"http://localhost:3000/realaravinth">@rea=
laravinth</a></h3>
		<li>Created: <relative-time format=3D"datetime" weekday=3D"" year=3D"nume=
ric" month=3D"short" day=3D"numeric" hour=3D"numeric" minute=3D"numeric" se=
cond=3D"numeric" datetime=3D"2023-12-13T19:36:50+05:30">2023-12-13 19:36:50=
 +05:30</relative-time></li>
	</ul>
	<p> Please <a href=3D"http://localhost:3000/admin/users/9" rel=3D"nofollow=
">click here</a> to manage the user from the admin panel. </p>
</body>
</html>

--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770--
```

</details>

fixes: https://codeberg.org/forgejo/forgejo/issues/1927
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1940
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit b8d764e36a)
2023-12-24 14:41:12 +00:00
Earl Warren f929d195fd
[ACTIONS] on.schedule: do not cancel jobs
The cancelation of jobs is taken care of by handleWorkflows which is
called right after handleSchedules with the same event.

(cherry picked from commit ad1af2e436)
2023-12-23 15:58:37 +01:00
Earl Warren c6940a6c5a
[ACTIONS] on.schedule: create a new payload
do not reuse the payload of the event that triggered the creation of
the scheduled event. Create a new one instead that contains no other
information than the event name in the action field ("schedule").

(cherry picked from commit 0b40ca1ea5)
2023-12-23 15:58:37 +01:00
Earl Warren 892a8e1f4a
[ACTIONS] on.schedule: the event is always "schedule"
handleSchedules() is called every time an event is received and will
check the content of the main branch to (re)create scheduled events.
There is no reason why intput.Event will be relevant when the schedule
workflow runs.

(cherry picked from commit 9a712bb276)
2023-12-23 15:58:37 +01:00
Earl Warren 248b8bb0fa
Revert "improve possible performance bottleneck (#28547) (#28578)"
This reverts commit 7ddb1291ea.

Does not work at all.
2023-12-22 16:52:28 +01:00
Giteabot 90a650d2b0
Fix 500 error of searching commits (#28576) (#28579)
Backport #28576 by wxiaoguang

Regression of #28454 . Now the string is escaped HTML, so it doesn't
need `| Safe`.

Fix #28575

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit acc8100d47)
2023-12-22 12:10:04 +01:00