Commit graph

593 commits

Author SHA1 Message Date
Ada 41676a8634 Fix #2512 /api/forgejo/v1/version auth check (#2582)
Add the same auth check and middlewares as the /v1/ API.
It require to export some variable from /v1 API, i am not sure if is the correct way to do

Co-authored-by: oliverpool <git@olivier.pfad.fr>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2582
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Ada <ada@gnous.eu>
Co-committed-by: Ada <ada@gnous.eu>
2024-03-19 07:16:19 +00:00
Jason Song 286d09203f Sync branches to DB immediately when handle git hook calling (gitea#29493)
Unlike other async processing in the queue, we should sync branches to
the DB immediately when handling git hook calling. If it fails, users
can see the error message in the output of the git command.

It can avoid potential inconsistency issues, and help #29494.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-18 17:38:01 +01:00
0ko 4c1af0d9a6 [I18N] Fix capitalization in English and reword a few strings
fixes #2551
2024-03-17 21:04:11 +05:00
oliverpool 98f1fe7944 Makefile: check git diff exit-code (#2651)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2651
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-03-14 10:38:58 +00:00
Gusted fbdda5d5b0 Merge pull request '[PORT] Test /user/settings/security auth sources' (#2641) from oliverpool/forgejo:security_test into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2641
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-03-13 21:57:14 +00:00
Earl Warren 226fa396df Merge pull request 'Accessibility: Taborder in repo explore' (#2636) from fnetx/explore-taborder into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2636
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-13 02:31:47 +00:00
oliverpool d49c116ce5 [PORT] Test /user/settings/security auth sources 2024-03-12 15:41:10 +01:00
Otto Richter 16a63a16b3 Playwright e2e test for taborder
This should be a failing test for Firefox (but working in Chrome?) for
the taborder in the explore page.

Tabbing through the page should ensure that certain elements are focused
at least once.
2024-03-12 02:23:29 +01:00
oliverpool 63973e2c70
add repo_settings_hook_test 2024-03-11 23:37:00 +07:00
wxiaoguang abb0294996
Partially enable MSSQL case-sensitive collation support (#29238)
Follow #28662

(cherry picked from commit 29a8c8de779924694fadad80b31cc855dd62c0f2)
2024-03-11 23:36:59 +07:00
Zettat123 e7afba21ce
Skip email domain check when admins edit user emails (#29609)
Follow #29522

Administrators should be able to set a user's email address even if the
email address is not in `EMAIL_DOMAIN_ALLOWLIST`

(cherry picked from commit 136dd99e86eea9c8bfe61b972a12b395655171e8)
2024-03-11 23:36:58 +07:00
Zettat123 b6057a34db
Skip email domain check when admin users adds user manually (#29522)
Fix #27457

Administrators should be able to manually create any user even if the
user's email address is not in `EMAIL_DOMAIN_ALLOWLIST`.

(cherry picked from commit 4fd9c56ed09b31e2f6164a5f534a31c6624d0478)
2024-03-11 23:36:58 +07:00
Gusted 4dbf2d7c11 Merge pull request 'Better number for UserCards pagination' (#2584) from 0ko/forgejo:its39 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2584
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-03-11 15:53:59 +00:00
0ko b2bc233517 Test pagination of repo stars, watchers and forks
based on code suggested in https://codeberg.org/forgejo/forgejo/pulls/2584#issuecomment-1647897 and https://codeberg.org/forgejo/forgejo/pulls/2584#issuecomment-1655289

Co-authored-by: Gusted <gusted@noreply.codeberg.org>
2024-03-10 17:15:59 +05:00
0ko 8f8b608fd7 Add test to UI of archive/unarchive related actions 2024-03-09 13:29:23 +00:00
oliverpool ecfcbcb19f [BUG] prevent removing session cookie when redirect_uri query contains :// 2024-03-07 10:52:30 +01:00
Gusted b9e27b64e6 Merge pull request '[BUG] Disable CODEOWNERS for forked repositories' (#2537) from gusted/forgejo-codeowner-forked into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2537
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-06 18:18:58 +00:00
Gusted e793e28f94
[BUG] Remember topic only in repo search
- Ports b4360d504c
2024-03-06 13:22:39 +01:00
Earl Warren a39f69ac28
Revert "[BUG] Remember topic only in repo search"
This reverts commit b4360d504c.
2024-03-06 12:10:46 +08:00
KN4CK3R 47a913d40d
Add support for API blob upload of release attachments (#29507)
Fixes #29502

Our endpoint is not Github compatible.

https://docs.github.com/en/rest/releases/assets?apiVersion=2022-11-28#upload-a-release-asset

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 70c126e6184872a6ac63cae2f327fc745b25d1d7)
2024-03-06 12:10:46 +08:00
ChristopherHX 66632c4958
Actions Artifacts v4 backend (#28965)
Fixes #28853

Needs both https://gitea.com/gitea/act_runner/pulls/473 and
https://gitea.com/gitea/act_runner/pulls/471 on the runner side and
patched `actions/upload-artifact@v4` / `actions/download-artifact@v4`,
like `christopherhx/gitea-upload-artifact@v4` and
`christopherhx/gitea-download-artifact@v4`, to not return errors due to
GHES not beeing supported yet.

(cherry picked from commit a53d268aca87a281aadc2246541f8749eddcebed)
2024-03-06 12:10:45 +08:00
wxiaoguang 459ee98136
Only use supported sort order for "explore/users" page (#29430)
Thanks to inferenceus : some sort orders on the "explore/users" page
could list users by their lastlogintime/updatetime.

It leaks user's activity unintentionally. This PR makes that page only
use "supported" sort orders.

Removing the "sort orders" could also be a good solution, while IMO at
the moment keeping the "create time" and "name" orders is also fine, in
case some users would like to find a target user in the search result,
the "sort order" might help.

![image](https://github.com/go-gitea/gitea/assets/2114189/ce5c39c1-1e86-484a-80c3-33cac6419af8)

(cherry picked from commit eedb8f41297c343d6073a7bab46e4df6ee297a90)
2024-03-06 12:10:43 +08:00
Lunny Xiao 894d9b2836
Move context from modules to services (#29440)
Since `modules/context` has to depend on `models` and many other
packages, it should be moved from `modules/context` to
`services/context` according to design principles. There is no logic
code change on this PR, only move packages.

- Move `code.gitea.io/gitea/modules/context` to
`code.gitea.io/gitea/services/context`
- Move `code.gitea.io/gitea/modules/contexttest` to
`code.gitea.io/gitea/services/contexttest` because of depending on
context
- Move `code.gitea.io/gitea/modules/upload` to
`code.gitea.io/gitea/services/context/upload` because of depending on
context

(cherry picked from commit 29f149bd9f517225a3c9f1ca3fb0a7b5325af696)

Conflicts:
	routers/api/packages/alpine/alpine.go
	routers/api/v1/repo/issue_reaction.go
	routers/install/install.go
	routers/web/admin/config.go
	routers/web/passkey.go
	routers/web/repo/search.go
	routers/web/repo/setting/default_branch.go
	routers/web/user/home.go
	routers/web/user/profile.go
	tests/integration/editor_test.go
	tests/integration/integration_test.go
	tests/integration/mirror_push_test.go
	trivial context conflicts
	also modified all other occurrences in Forgejo specific files
2024-03-06 12:10:43 +08:00
Earl Warren 21b1381e36 Merge pull request 'Move migration functions to services layer - port of gitea#29497' (#2546) from algernon/forgejo:gitea/port/29497 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2546
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-04 10:01:26 +00:00
Gergely Nagy f9894f4c51
A release title should always be a link
This partially reverts c41b2c73ef21d5c54c7f2658ceffaa163b135131: for the
sake of consistency, the title of a release should always be a link,
whether it's a tag-only release or not.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-04 08:29:11 +01:00
Gergely Nagy 19ff532d42
Test that tags without a release display properly
Update the `TestTagViewWithoutRelease` test case with another assert:
one that checks that the release title is properly displayed.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-04 08:29:11 +01:00
Lunny Xiao ff8cb299d1
Move migration functions to services layer (#29497) 2024-03-04 07:10:53 +01:00
Earl Warren ad547edf3b
[TESTS] enable AddFixtures in unit tests
Use setting.AppWorkPath instead of filepath.Dir(setting.AppPath). It
is the common denominator between:

* models/unittest/testdb.go:MainTest
* tests/test_utils.go:InitTest

which makes it usable in unit tests as well as integration tests.
2024-03-03 11:11:26 +08:00
Gusted c63b52c126
[FEAT] Show follow symlink button
- When a user goes opens a symlink file in Forgejo, the file would be
rendered with the path of the symlink as content.
- Add a button that is shown when the user opens a *valid* symlink file,
which means that the symlink must have an valid path to an existent
file and after 999 follows isn't a symlink anymore.
- Return the relative path from the `FollowLink` functions, because Git
really doesn't want to tell where an file is located based on the blob ID.
- Adds integration tests.
2024-03-02 17:58:09 +01:00
Gusted abe3351187 Merge pull request '[BUG] Allow to select commit email for file updload/delete' (#2383) from 0ko/forgejo:fix-commit-del into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2383
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-02 12:00:45 +00:00
Gusted 2658d4361e
[BUG] Disable CODEOWNERS for forked repositories
- Disable the CODEOWNERS feature for forked repositories, as it would
otherwise inadvertently request reviewers when for example a pull
request is opened against a forked repository to propose changes to an
existant pull request in the original repository.
- Adds integration test.
- Resolves #2525
2024-03-01 23:19:18 +01:00
Gusted 86b46085c7
[BUG] Sort file list case insensitively
- Make the sorting done on the entries list case insensitive.
- Adds integration test.
- Resolves #317
2024-02-29 21:14:06 +01:00
Gusted d0e5af7079 Merge pull request '[UI] Actions: Link to Workflow in View' (#1866) from n0toose/forgejo:forgejo-add-workflow-link into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1866
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-28 17:28:16 +00:00
Earl Warren 7af1349c1d Merge pull request '[BUG] Correct changed files for codeowners' (#2507) from gusted/forgejo-codeowner-diff into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2507
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-02-28 12:15:49 +00:00
Gusted 64a0d61aff [BUG] Implement commit mail selection for other Git operations
- Implement the commit mail selection feature for the other supported
Git operations that can be done trough the web UI.
- Adds integration tests (goodluck reviewing this).
- Ref: #1788

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
2024-02-27 22:41:58 +00:00
Gusted fb2795b5bb
[BUG] Correct changed files for codeowners
- The CODEOWNER feature relies on the changed files to determine which
reviewers should be added according to the `CODEOWNER` file.
- The current approach was to 'diff' between the base and head branch,
which seems logical but fail in practice when the pull request is out of
date with the base branch. Therefore it should instead diff between the
head branch and the merge base of the head and base branch, so only the
actual affected files by the pull requests are used, the same approach
is used by the diff of an unmerged pull request.
- Add integration testing (for the feature as well).
- Resolves #2458
2024-02-27 23:16:00 +01:00
Earl Warren 2855727c85 Merge pull request 'Disabling Stars should disable the routes too' (#2471) from algernon/forgejo:stars/disable-routes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2471
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-27 21:24:25 +00:00
Gergely Nagy aef0b024b7 Fix the Fork button in repo headers
In #2445, I lifted out the fork button into its own template, but did
not update it properly. This resulted in the fork button's counter not
displaying, and pointing to the wrong place too.

This patch updates the template to account for it moving to a separate
file, and also adds test cases to verify the button is display as it
should be.

Fixes #2494.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-27 18:36:37 +00:00
0ko 2e76e4fb33 [I18N] Improve English strings & consistency 2024-02-27 17:42:59 +00:00
Gergely Nagy c9b410fb35
Highlight the correct small menu item when viewing a tag
When viewing a tag that isn't associated with a release, highlight the
"N Tags" sub-menu item, rather than the "M releases" one.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-27 13:32:55 +01:00
Gergely Nagy fc635f1014
Restore the ability to view tags without a release
The `repo.SingleRelease` handler was broken by gitea#29149, as the
switch to `getReleaseInfos` stopped returning tags without an associated
release. This resulted in the web UI showing a 404 when trying to view a
tag without a release.

This restores the functionality by explicitly including tags in the
search, and also adds tests to exercise the fix.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-27 13:32:55 +01:00
Earl Warren 3fa4962a88 Merge pull request '[gitea] cherry-pick' (#2478) from earl-warren/forgejo:wip-gitea-cherry-pick into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2478
2024-02-27 10:39:41 +00:00
Earl Warren d9ae3717b5 Merge pull request '[BUG] Remember topic only in repo search' (#2489) from gusted/forgejo-topic-explore into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2489
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-26 22:40:34 +00:00
Zettat123 77c56e29de
Allow non-admin users to delete review requests (#29057)
Fix #14459

The following users can add/remove review requests of a PR
- the poster of the PR
- the owner or collaborators of the repository
- members with read permission on the pull requests unit

(cherry picked from commit c42083a33950be6ee9f822c6d0de3c3a79d1f51b)

Conflicts:
	models/repo/repo_list_test.go
	tests/integration/api_nodeinfo_test.go
	tests/integration/api_repo_test.go
	shared fixture counts
2024-02-26 22:30:27 +01:00
KN4CK3R 5f79550a0d
Prevent double use of git cat-file session. (#29298)
Fixes the reason why #29101 is hard to replicate.
Related #29297

Create a repo with a file with minimum size 4097 bytes (I use 10000) and
execute the following code:
```go
gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, <repo>)
assert.NoError(t, err)

commit, err := gitRepo.GetCommit(<sha>)
assert.NoError(t, err)

entry, err := commit.GetTreeEntryByPath(<file>)
assert.NoError(t, err)

b := entry.Blob()

// Create a reader
r, err := b.DataAsync()
assert.NoError(t, err)
defer r.Close()

// Create a second reader
r2, err := b.DataAsync()
assert.NoError(t, err) // Should be no error but is ErrNotExist
defer r2.Close()
```

The problem is the check in `CatFileBatch`:

79217ea63c/modules/git/repo_base_nogogit.go (L81-L87)
`Buffered() > 0` is used to check if there is a "operation" in progress
at the moment. This is a problem because we can't control the internal
buffer in the `bufio.Reader`. The code above demonstrates a sequence
which initiates an operation for which the code thinks there is no
active processing. The second call to `DataAsync()` therefore reuses the
existing instances instead of creating a new batch reader.

(cherry picked from commit f74c869221624092999097af38b6f7fae4701420)
2024-02-26 22:30:25 +01:00
6543 f796548225
Workaround to clean up old reviews on creating a new one (#28554)
close  #28542

blocks  #28544

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 217d71c48a10265e08b95cc961656b921f61f9ff)

Conflicts:
	tests/integration/api_pull_review_test.go
	context
2024-02-26 21:42:14 +01:00
Gergely Nagy 0b4a9c4ec2
Disabling Stars should disable the routes too
Similarly to how `[repository].DISABLE_FORKS` works, lets make
`[repository].DISABLE_STARS` disable the routes too, not just hide the
functionality from the UI.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-26 20:50:32 +01:00
Gusted b4360d504c
[BUG] Remember topic only in repo search
- If the user is searching repositories with an specific topic, adding
any other filter option, such as showing unrelevant repositories or
using another sort Forgejo should remember that 'topic only' was set.
- Adds integration test.
- Resolves #2461
2024-02-26 16:25:01 +01:00
Earl Warren 775956cc68 Merge pull request '[BUG] Don't overwrite protected branch accidentally' (#2473) from gusted/forgejo-error-duplicate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2473
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-26 14:55:09 +00:00
Earl Warren f91702dd74 Merge pull request 'Split up repo.Action in routers/web into smaller functions.' (#2476) from algernon/forgejo:refactor/routes/web/repo-action into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2476
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-26 14:54:35 +00:00
Gergely Nagy ae0635fd61
Correctly support linguist-documentation=false
If a documentation file is marked with a `linguist-documentation=false`
attribute, include it in language stats.

However, make sure that we do *not* include documentation languages as
fallback.

Added a new test case to exercise the formerly buggy behaviour.

Problem discovered while reviewing @KN4CK3R's tests from gitea#29267.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-26 14:18:33 +01:00
Gergely Nagy 7e6fe41389
Add tests for the star/unstar & watch/unwatch UI
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-26 09:14:11 +01:00
qwerty287 feb189554e
Add API to get PR by base/head (#29242)
Closes https://github.com/go-gitea/gitea/issues/16289

Add a new API `/repos/{owner}/{repo}/pulls/{base}/{head}` to get a PR by
its base and head branch.
2024-02-26 03:41:42 +01:00
Gusted 1bab4358ac
[BUG] Don't overwrite protected branch accidentally
- If a user tries to create another protected branching rule that
specifies a set of branches already used by another rule, do not allow
it.
- Update the translation accordingly.
- Adds integration test.
- Resolves #2455
2024-02-25 20:09:18 +01:00
Earl Warren f991f107da Merge pull request 'Improve display of 404/500 error pages' (#2466) from 0ko/forgejo:errorcodes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2466
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-25 15:53:09 +00:00
Earl Warren 649ca2b230 Merge pull request 'Allow instance-wide disabling of forking' (#2445) from algernon/forgejo:f/disable-forks into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2445
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 15:13:15 +00:00
Earl Warren bc2a105cbb Merge pull request '[FEAT] Check if commit is already present in target branch' (#2450) from gusted/forgejo-agit-contain-commit into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2450
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 15:05:33 +00:00
Earl Warren ef1d579c41 Merge pull request '[UI] Agit: Add AGit label to AGit-created PRs' (#2444) from n0toose/agit-indicator into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2444
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 14:48:09 +00:00
0ko a748ba70a8 10-year old images are gone 2024-02-25 18:13:59 +05:00
Gergely Nagy 0ea021c8c9
Allow instance-wide disabling of forking
For small, personal self-hosted instances with no user signups, the fork
button is just a noise. This patch allows disabling them like stars can
be disabled too.

Disabling forks does not only remove the buttons from the web UI, it
also disables the routes that could be used to create forks.

Fixes #2441.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-25 12:00:17 +01:00
Earl Warren 3471adb14a Merge pull request '[FEAT] Enable ambiguous character detection in configured contexts' (#2427) from gusted/forgejo-ambigious-characters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2427
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-02-24 12:25:31 +00:00
Earl Warren bc8d61d12e Merge pull request '[FEAT] Restrict file size of blame operation' (#2395) from gusted/forgejo-blame-restrict into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2395
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-23 23:17:02 +00:00
Gusted f0ed6de89d
[FEAT] Check if commit is already present in target branch
- Check if someone is (accidentally) trying to create a pull request via
AGit with changes already in the target branch and fail if that is the
case.
- Added integration test.
2024-02-23 21:42:15 +01:00
Panagiotis "Ivory" Vasilopoulos bf7fb89178 [UI] Agit: Add AGit label to AGit-created PRs
Adds a label to Pull Requests that were created using AGit-Flow,
in order to prevent situations where a contributor uses AGit-Flow
to push new changes - only to realize that they did not use AGit-Flow
in the first place, and that they just opened a new PR accidentally
(that was me).

Also intended to raise general awareness about the feature. Some
additional work, such as adding a tooltip, still needs to be
done.

A small typo fix for a comment and (exclusively) formatting fixes
in the copyright header are also included.

Refs: https://codeberg.org/forgejo/forgejo/issues/2433
2024-02-23 21:09:08 +01:00
Gusted 5b3a82d621
[FEAT] Enable ambiguous character detection in configured contexts
- The ambiguous character detection is an important security feature to
combat against sourcebase attacks (https://trojansource.codes/).
- However there are a few problems with the feature as it stands
today (i) it's apparantly an big performance hitter, it's twice as slow
as syntax highlighting (ii) it contains false positives, because it's
reporting valid problems but not valid within the context of a
programming language (ambiguous charachters in code comments being a
prime example) that can lead to security issues (iii) charachters from
certain languages always being marked as ambiguous. It's a lot of effort
to fix the aforementioned issues.
- Therefore, make it configurable in which context the ambiguous
character detection should be run, this avoids running detection in all
contexts such as file views, but still enable it in commits and pull
requests diffs where it matters the most. Ideally this also becomes an
per-repository setting, but the code architecture doesn't allow for a
clean implementation of that.
- Adds unit test.
- Adds integration tests to ensure that the contexts and instance-wide
is respected (and that ambigious charachter detection actually work in
different places).
- Ref: https://codeberg.org/forgejo/forgejo/pulls/2395#issuecomment-1575547
- Ref: https://codeberg.org/forgejo/forgejo/issues/564
2024-02-23 13:12:17 +01:00
Gergely Nagy 98943fdb43
tests: Add a basic test for artifact deletion
Adds a very bare-bones test for artifact deletion. It does not exercise
the functionality itself, just the presence of the functionality.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-23 09:24:43 +01:00
Earl Warren c47e6ceb82 Merge pull request '[FEAT] repo search using git grep' (#1594) from snematoda/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1594
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-22 22:21:44 +00:00
Panagiotis "Ivory" Vasilopoulos 62f3ff6074 [UI] Actions: I will always run make fmt before pushing
I will always run make fmt before pushing
I will always run make fmt before pushing
I will always run make fmt before pushing
2024-02-22 22:31:26 +01:00
Panagiotis "Ivory" Vasilopoulos 2a0a5c6ec0 [UI] Actions: Oops, forgot to lint the tests. 2024-02-22 22:26:11 +01:00
Panagiotis "Ivory" Vasilopoulos 785f336c12 [UI] Actions: Improve frontend testing 2024-02-22 22:12:44 +01:00
Gusted ca798e4cc2
[SECURITY] Test XSS in dismissed review
It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
2024-02-22 15:33:20 +01:00
Gusted 565e331238
[SECURITY] Test XSS in wiki last commit information
On the wiki and revisions page, information is shown about the last
commit that modified that wiki page. This includes the time it was last
edited and by whom. Verify it is sanitized.
2024-02-22 15:03:15 +01:00
Panagiotis "Ivory" Vasilopoulos 1668904513 [UI] Actions: Link to Workflow in View 2024-02-22 13:18:06 +01:00
Malte Jürgens 5c67c34ce8
Add e2e debug server
This adds the ability to run `make test-e2e-debugserver` to start a
forgejo server pupulated with the test data from `models/fixtures`. This
is particularly useful for debugging the e2e tests with a external tool,
such as the Playwright extension for VSCode [1].

[1] https://open-vsx.org/extension/ms-playwright/playwright
2024-02-21 20:47:57 +01:00
Shiny Nematoda 51fb6f3983 [FEAT] add fallback repo search using git grep 2024-02-20 13:00:34 +00:00
Gusted cfd6420a0e Merge pull request '[REFACTOR] Refactor the AGit code' (#2386) from gusted/fix-agit into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2386
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-19 15:59:10 +00:00
Gusted d8a267d3ab
[FEAT] Restrict file size of blame operation
- Currently there exists a restriction to not render and show files that
are larger than what's configured in `[UI].MAX_DISPLAY_FILE_SIZE`.
- Apply the same restriction to the blame operation as well, as the
blame operation can be seen as displaying a file.
- Add integration test.
- Ref: #2394
2024-02-19 16:39:39 +01:00
Earl Warren 6c9c0aca76 Merge pull request '[gitea] cherry-pick' (#2375) from earl-warren/forgejo:wip-gitea-cherry-pick into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2375
Reviewed-by: Otto <otto@codeberg.org>
2024-02-19 14:42:41 +00:00
Gusted c58ad87513
[REFACTOR] Refactor the AGit code
TLDR: Less code, better maintainability and more comments.

- Add code comments to explain what the code does, it's quite a big
function so it definitely deserved some of that.
- Simplify some logic.
- Load the `pusher` in a single place.
- Update the error messages to be more correct, not capitlized, include
more debug info and remove 'Error:' As it's no need to indicate that,
errors are concenated with `:` seperators.
- Improve the message that a change was rejected, because a force push
was detected and the `force-push` option wasn't set.
- Avoid a second time loading `gitRepo.GetObjectFormat` and handle the
error gracefully for the other occurence.
- Adds integration test for force push detection.
2024-02-19 13:18:50 +01:00
Earl Warren 5240e27266 Merge pull request 'GitHub-style alert blocks in Markdown (gitea#29121)' (#2348) from algernon/forgejo:f/markdown/alert-blocks-port into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2348
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-18 11:21:36 +00:00
Yarden Shoham 2685be9f95
Fix labels referencing the wrong ID in the user profile settings (#29199)
2 instances of `for` with a wrong value and 1 `for` that had a reference
to a `name` instead of `id`.

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit 1d275c1748a75a01c270f5c306c5248808016aba)
2024-02-17 23:24:32 +01:00
Gergely Nagy cc47808b84
tests: Markdown alert block test cases
This adds a few test cases to exercise the alert block feature of the
markdown renderer, both the legacy GitHub style, and the modern one.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-17 18:35:45 +01:00
Gusted f779aa79f2
[BUG] Fix pull request reopen conditions
- Move the conditions code around, such that the existence of the head
and base is first checked (so a clear error can be given, instead of a
possible server error). This makes it easier to read this code. As the
logic is now grouped together.
- Adds integration testing that simulates the deletion of the base and
head branch and ensures the pull request cannot be opened. The 'normal'
testcase also 'informally' ensures that the previous incorrect condition
is not there, because the branch `base-branch` doesn't exist on the head
repository.
- Resolves #2321
2024-02-17 15:38:16 +01:00
Gusted 7bf93e5d1a Merge pull request 'A new test to exercise linguist-language=' (#2368) from algernon/tests/linguist/view-guess into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2368
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-02-17 13:46:43 +00:00
Gusted 0c0b87ec1a Merge pull request 'Add rel="nofollow" to issue filter links' (#2367) from algernon/forgejo:b/issues/nofollow into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2367
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-17 10:56:47 +00:00
Gergely Nagy ae95db12a1
A new test to exercise linguist-language=
Rename `repo_lang_stats_test.go` to `linguist_test.go`, and add a new
tests that exercises parts of the web UI to ensure that language
overrides in `.gitattributes` work when viewing a file source, and in
the blame view too.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-17 11:24:16 +01:00
Gergely Nagy 5143ebb507
Add rel="nofollow" to issue filter links
The issue filter links should not be crawled by search engines, because
they they only filter results, and contain nothing new, yet, they put a
considerable load on the server.

To stop - well behaving - search engines from following these links, add
a `rel="nofollow"` property to them. The same property is already
present on the archive download links, and plenty of other places.

Fixes #2361.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-17 10:42:47 +01:00
wxiaoguang 65248945c9
Refactor locale&string&template related code (#29165)
Clarify when "string" should be used (and be escaped), and when
"template.HTML" should be used (no need to escape)

And help PRs like  #29059 , to render the error messages correctly.

(cherry picked from commit f3eb835886031df7a562abc123c3f6011c81eca8)

Conflicts:
	modules/web/middleware/binding.go
	routers/web/feed/convert.go
	tests/integration/branches_test.go
	tests/integration/repo_branch_test.go
	trivial context conflicts
2024-02-16 15:20:52 +01:00
oliverpool 0fc61c8836 [BUG] split code conversations in diff tab (#2306)
Follow-up of #2282 and #2296 (which tried to address #2278)

One of the issue with the previous PR is that when a conversation on the Files tab was marked as "resolved", it would fetch all the comments for that line (even the outdated ones, which should not be shown on this page - except when explicitly activated).

To properly fix this, I have changed `FetchCodeCommentsByLine` to `FetchCodeConversation`. Its role is to fetch all comments related to a given (review, path, line) and reverted my changes in the template (which were based on a misunderstanding).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2306
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-02-16 12:16:11 +00:00
Earl Warren 41cc9784f9 Merge pull request 'agit: Automatically fill in the description' (#2344) from algernon/f/agit/description-autofill into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2344
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-02-14 20:46:00 +00:00
Gergely Nagy 259ad5d614
agit: Automatically fill in the description
If no `-o description=` is provided, fill it in automatically from the
first commit, just like title. Also allow filling in either, and
specifying them independently.

This means that `git push origin HEAD:refs/for/main/my-local-branch`
will fill in the PR title, *and* the description, without having to
specify additional parameters.

The description is the first commit's message without the first two
lines (the title and a newline, as customary).

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-14 21:17:55 +01:00
Chris Copeland 83123b493f
Add merge style fast-forward-only (#28954)
With this option, it is possible to require a linear commit history with
the following benefits over the next best option `Rebase+fast-forward`:
The original commits continue existing, with the original signatures
continuing to stay valid instead of being rewritten, there is no merge
commit, and reverting commits becomes easier.

Closes #24906
2024-02-14 17:19:19 +01:00
Earl Warren 05eaf1cf3e Merge pull request 'Repository settings refactor' (#2221) from algernon/forgejo:repo-units/ui-refactor into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2221
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-02-14 13:29:04 +00:00
Gergely Nagy 44424bfe60
Add tests for the previous two commits
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-13 22:42:09 +01:00
Earl Warren 98e7753ade Merge pull request '[FEAT]: Allow forking without a repo ID' (#2310) from algernon/forgejo:f/repo/fork-route into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2310
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-12 13:36:49 +00:00
Alexandre Oliveira 29007c09bd Fix Alpine Registry packages with noarch not being found (#2285)
Fixes #2173
~~Still requires a bit of work to do, I'm not 100% happy with this solution.~~

The idea is to copy the noarch package to the architectures available in the package repository.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2285
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Alexandre Oliveira <me+codeberg@aoalmeida.com>
Co-committed-by: Alexandre Oliveira <me+codeberg@aoalmeida.com>
2024-02-11 18:02:56 +00:00
Earl Warren 7b4dba3aa0 [ACTIONS] skip superflous pull request synchronized event (#2314)
Skip a HookEventPullRequestSync event if it has the same CommitSHA as an existing HookEventPullRequest event in the ActionRun table. A HookEventPullRequestSync event must only create an ActionRun if the CommitSHA is different from what it was when the PR was open.

This guards against a race that can happen when the following is done in parallel:

* A commit C is pushed to a repo on branch B
* A pull request with head on branch B

it is then possible that the pull request is created first, successfully. The commit that was just pushed is not known yet but the PR only references the repository and the B branch so it is fine.

A HookEventPullRequest event is sent to the notification queue but not processed immediately.

The commit C is pushed and processed successfully. Since the PR already exists and has a head that matches the branch, the head of the PR is updated with the commit C and a HookEventPullRequestSync event is sent to the notification queue.

The HookEventPullRequest event is processed and since the head of the PR was updated to be commit C, an ActionRun with CommitSHA C is created.

The HookEventPullRequestSync event is then processed and also has a CommitSHA equal to C.

Refs: https://codeberg.org/forgejo/forgejo/issues/2009
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2314
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2024-02-11 13:06:54 +00:00
Gergely Nagy 5f2d8be38e
[FEAT]: New route to view lates run of specific workflows
This adds a new route at `/actions/workflows/{workflow}/runs/latest`,
which will redirect to the latest run of the given workflow. It can be
further restricted by specifying an optional `?branch={branch}` query
parameter. If no branch is specified, the route defaults to using the
repo's default branch.

This route is meant to go hand in hand with the Badge route that returns
the result of the same workflow as a badge. This route can be used to
link to the run that produced that result.

Fixes #2303.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-10 09:15:58 +01:00
Gergely Nagy f8da672307
[FEAT]: Allow forking without a repo ID
Forking a repository via the web UI currently requires visiting a
`/repo/fork/{{repoid}}` URL. This makes it cumbersome to create a link
that starts a fork, because the repository ID is only available via the
API. While it *is* possible to create a link, doing so requires extra
steps.

To make it easier to have a "Fork me!"-style links, introduce the
`/{username}/{repo}/fork` route, which will start the forking process
based on the repository in context instead.

The old `/repo/fork/{repoid}` route (with a `GET` request) will remain
there for the sake of backwards compatibility, but will redirect to the
new URL instead. It's `POST` handler is removed.

Tests that used the old route are updated to use the new one, and new
tests are introduced to exercise the redirect.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-10 09:14:14 +01:00
Earl Warren 7cbf05fafb
Merge remote-tracking branch 'forgejo/forgejo-dependency' into wip-forgejo
Conflicts:
	.forgejo/workflows/testing.yml
	trivial conflict
2024-02-09 19:00:54 +01:00
Gergely Nagy 1624ebc836
[TESTS] issue & PR templates in .forgejo are recognized
This adds a few tests for the previous change, to verify that issue
template configs, issue templates and pr templates are all recognized in
`.forgejo` directories.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-06 10:22:32 +01:00
Gergely Nagy be8d16438a
Fix /api/v1/{owner}/{repo}/issue_templates
When issue templates were moved into services in
def4956122, the code was also refactored
and simplified. Unfortunately, that simplification broke the
`/api/v1/{owner}/{repo}/issue_templates` route, because it was
previously using a helper function that ignored invalid templates, and
after the refactor, the function it called *always* returned non-nil as
the second return value. This, in turn, results in the aforementioned
end point always returning an internal server error.

This change restores the previous behaviour of ignoring invalid files
returned by `issue.GetTemplatesFromDefaultBranch`, and adds a few test
cases to exercise the endpoint.

Other users of `GetTemplatesFromDefaultBranch` already ignore the second
return value, or handle it correctly, so no changes are necessary there.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-05 20:58:41 +01:00
Earl Warren 094c84ed6d
Merge branch 'rebase-forgejo-dependency' into wip-forgejo 2024-02-05 18:58:23 +01:00
Earl Warren d7e1854884
Merge branch 'rebase-forgejo-branding' into wip-forgejo 2024-02-05 18:58:18 +01:00
Earl Warren 036f1eddc5
[GITEA] avoid superfluous synchronized pull_request run when opening a PR (#2236)
* Split TestPullRequest out of AddTestPullRequestTask
* Before scheduling the task, AddTestPullRequestTask stores the max
  index of the repository
* When the task runs, it does not take into account pull requests that
  have an index higher than the recorded max index

When AddTestPullRequestTask is called with isSync == true, it is the
direct consequence of a new commit being pushed. Forgejo knows nothing
of this new commit yet. If a PR is created later and its head
references the new commit, it will have an index that is higher and
must not be taken into account. It would be acting and triggering a
notification for a PR based on an event that happened before it
existed.

Refs: https://codeberg.org/forgejo/forgejo/issues/2009
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2236
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit b3be895a30)
2024-02-05 16:57:58 +01:00
Gergely Nagy c335d076aa
[GITEA] admin: "Self Check" should only show for some db types
The "Self Check" menu essentially runs the collation check that is also
performed at startup, and displays the results. This is only a thing for
MariaDB/MySQL and MSSQL. As such, the menu item should only be available
for these database types.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 0ca118fdc3)
2024-02-05 16:57:56 +01:00
oliverpool 76c2f5bf92
[GITEA] add test showing bug on resolving invalidated review comment
(cherry picked from commit 5fb3b927f1)
2024-02-05 16:57:56 +01:00
Gergely Nagy fde08f91fd
[GITEA] tests: A workaround for the MySQL collation tests
Because Forgejo run mysqld with `--innodb-flush-method=nosync` to speed
up the test suite, there are situations where a larger, database-wide
operation does not always fully manifest until later, not even when it
is wrapped in a transaction, nor when we use `FLUSH TABLES` and similar
methods.

In the case of the MySQL collation test, this *sometimes* results in the
database still responding with the old collation to a reader, even after
an `ALTER DATABASE ... COLLATE ...`.

In order to be able to still use the aforementioned flag and enjoy its
benefits, add a five second sleep between `db.ConvertDatabaseTable()`
and `db.CheckCollations()` in the `TestDatabaseCollation()` set of
tests.

This is not a fix - I don't think there is one possible -, but a
workaround. If it breaks again, the correct fix will be to remove the
flag from `mysqld` (it's not a supported flag to begin with).

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit af18ed2ba9)
2024-02-05 16:57:55 +01:00
Gergely Nagy 2ca4862f8b
[GITEA] Allow changing the repo Wiki branch to main
Previously, the repo wiki was hardcoded to use `master` as its branch,
this change makes it possible to use `main` (or something else, governed
by `[repository].DEFAULT_BRANCH`, a setting that already exists and
defaults to `main`).

The way it is done is that a new column is added to the `repository`
table: `wiki_branch`. The migration will make existing repositories
default to `master`, for compatibility's sake, even if they don't have a
Wiki (because it's easier to do that). Newly created repositories will
default to `[repository].DEFAULT_BRANCH` instead.

The Wiki service was updated to use the branch name stored in the
database, and fall back to the default if it is empty.

Old repositories with Wikis using the older `master` branch will have
the option to do a one-time transition to `main`, available via the
repository settings in the "Danger Zone". This option will only be
available for repositories that have the internal wiki enabled, it is
not empty, and the wiki branch is not `[repository].DEFAULT_BRANCH`.

When migrating a repository with a Wiki, Forgejo will use the same
branch name for the wiki as the source repository did. If that's not the
same as the default, the option to normalize it will be available after
the migration's done.

Additionally, the `/api/v1/{owner}/{repo}` endpoint was updated: it will
now include the wiki branch name in `GET` requests, and allow changing
the wiki branch via `PATCH`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit d87c526d2a)
2024-02-05 16:57:47 +01:00
Gusted 361617eea0
[GITEA] Use correct translations for pull request
- When a commit references a pull request, the detail strings should
reflect that. Add a new translation string for the pull request.
- Added integration tests.
- Resolves #2256

(cherry picked from commit 0d054cd4d9)
2024-02-05 16:54:44 +01:00
Gergely Nagy fdda432d1e
[TESTS] Convert more tests to CreateDeclarativeRepo
These tests originate from Gitea, so may cause conflicts in the longer
run. But they use the same pattern, so transitioning them to the helper
is hopefully a benefit that offsets the risk.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 2d475af494)
(cherry picked from commit a99c17729c)
2024-02-05 16:54:44 +01:00
Gergely Nagy 48d752c630
[TESTS] Lift out CreateDeclarativeRepo()
There are a number of tests which require creating a repository on the
fly, and they each do it their own way. To reduce code duplication, lift
out this common pattern into a helper called `CreateDeclarativeRepo()`,
which lets us create a repository, set up enabled and disabled repo
units, and even add, delete, or update files.

Also convert a number of users of this pattern to the new helper - those
users that I introduced, and are in code introduced by Forgejo in the
first place.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 342b7bae3c)
(cherry picked from commit 2ece8764e9)
2024-02-05 16:54:44 +01:00
Earl Warren fe8622dae3
Revert "Fix schedule tasks bugs (#28691)"
This reverts commit 97292da960.

(cherry picked from commit 83e5eba031)
(cherry picked from commit f6ef8f3819)

Conflicts:
	services/repository/setting.go
2024-02-05 16:54:42 +01:00
Gergely Nagy d4396acf82
[GITEA] Don't consider orphan branches as recently pushed
When displaying the recently pushed branches banner, don't display
branches that have no common history with the default branch. These
branches are usually not meant to be merged, so the banner is just noise
in this case.

Refs: https://codeberg.org/forgejo/forgejo/pulls/2196

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e1fba517f4)
(cherry picked from commit 2d3c81d4f2)
(cherry picked from commit 624a61b3b8)
2024-02-05 16:09:43 +01:00
Gergely Nagy 69688628f5
[GITEA] Fix misleading comparisons when comparing branches
When comparing branches, only offer those branches to use as a base
where the repository allows pull requests. Those that do not allow pull
request would result in a 404, so offering them as an option would be
misleading.

Refs: https://codeberg.org/forgejo/forgejo/pulls/2194

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 022d0e0d71)
(cherry picked from commit 957990b36a)
(cherry picked from commit 6d2df72825)
2024-02-05 16:09:43 +01:00
Gergely Nagy bc7e448d49
[GITEA] Rework when recently pushed branches are displayed
With this change, the "You pushed on branch xyz" banner will be
displayed when either the viewed repository or its base repo (if the
current one's a fork) has pull requests enabled. Previously it only
displayed if the viewed repo had PRs enabled.

Furthermore, if the viewed repository is an original repository that the
viewing user has a fork of, if the forked repository has recently pushed
branches, then the banner will appear for the original repository too.
In this case, the notification will include branches from the viewing
user's fork, and branches they pushed to the base repo, too.

Refs: https://codeberg.org/forgejo/forgejo/pulls/2195

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit a29f10661d)
(cherry picked from commit 70c5e2021d)
(cherry picked from commit 48b25be67a)
2024-02-05 16:09:43 +01:00
Gusted bbe5a881cc
[GITEA] Fix API inconsistencies
- Document the correct content types for Git archives. Add code that
actually sets the correct application type for `.zip` and `.tar.gz`.
- When an action (POST/PUT/DELETE method) was successful, an 204 status
code should be returned instead of status code 200.
- Add and adjust integration testing.
- Resolves #2180
- Resolves #2181

(cherry picked from commit 6c8c4512b5)
(cherry picked from commit 3f74bcb14d)
(cherry picked from commit 6ed9057fd7)
2024-02-05 16:09:43 +01:00
Earl Warren 0b503e5e86
[GITEA] DELETE /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments/{comment}
* reuse deleteIssueComment by adding the commentType parameter
* ensure tests start with a PR with no random reviews from fixtures

Refs: https://codeberg.org/forgejo/forgejo/issues/2109
(cherry picked from commit 5b90ab77f6)
(cherry picked from commit 28ecd6f5a6)
(cherry picked from commit 24870cf133)
2024-02-05 16:09:43 +01:00
Gergely Nagy 8eaa8aeaf9
[GITEA] Improved Linguist compatibility
Recognise the `linguist-documentation` and `linguist-detectable`
attributes in `.gitattributes` files, and use them in
`GetLanguageStats()` to make a decision whether to include a particular
file in the stats or not.

This allows one more control over which files in their repositories
contribute toward the language statistics, so that for a project that is
mostly documentation, the language stats can reflect that.

Fixes #1672.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 6d4e02fe5f)
(cherry picked from commit ee1ead8189)
(cherry picked from commit 2dbec730e8)
2024-02-05 16:09:43 +01:00
Earl Warren bd1cea3f82
[GITEA] GET /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments/{comment}
Refs: https://codeberg.org/forgejo/forgejo/issues/2109
(cherry picked from commit 69fcf26dee)
(cherry picked from commit 1296f4d115)
(cherry picked from commit 119d10d9e2)
(cherry picked from commit eb5b55b1b7)
2024-02-05 16:09:43 +01:00
Gergely Nagy 3bdfb7a7aa
[GITEA] Fix the topic search paging
When searching for repository topics, either via the API, or via
Explore, paging did not work correctly, because it only applied when the
`page` parameter was non-zero. Paging should have applied when the page
size is greater than zero, which is what this patch does.

As a result, both the API, and the Explore endpoint will return paged
results (30 by default). As such, when managing topics on the frontend,
the offered completions will also be limited to a pageful of results,
based on what the user has already typed.

This drastically reduces the amount of traffic, and also the number of
the topics to choose from, and thus, the rendering time too.

The topics will be returned by popularity, with most used topics first.
A single page will contain `[api].DEFAULT_PAGING_NUM` (30 by default)
items that match the query. That's plenty to choose from.

Fixes #132.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 64d4ff41db)
(cherry picked from commit 06b808fa2c)
(cherry picked from commit 9205c9266a)
(cherry picked from commit 47863d4f72)
2024-02-05 16:09:43 +01:00
Gergely Nagy 2924fcf814
[GITEA] services: Gracefully handle missing branches
services: in loadOneBranch, return if CountDivergingCommits fail

If we can't count the number of diverging commits for one reason or
another (such as the branch being in the database, but missing from
disk), rather than logging an error and continuing into a crash (because
`divergence` will be nil), return an error instead.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 8266105f24)

services: Gracefully handle missing branches

When loading branches, if loading one fails, log an error, and ignore
the branch, rather than returning and causing an internal server error.

Ideally, we would only ignore the error if it was caused by a missing
branch, and do it silently, like the respective API endpoint does.
However, veryfing that at this place is not very practical, so for the
time being, ignore any and all branch loading errors.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e552a8fd62)

tests: Add a testcase for missing branches

This tests the scenario reported in Codeberg/Community#1408: a branch
that is recorded in the database, but missing on disk was causing
internal server errors. With recent changes, that is no longer the case,
the error is logged and then ignored.

This test case tests this behaviour, that the repo's branches page on
the web UI functions even if the git branch is missing.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e20eb7b385)

tests: More testing in TestDatabaseMissingABranch

In the `TestDatabaseMissingABranch` testcase, make sure that the
branches are in sync between the db and git before deleting a branch via
git, then compare the branch count from the web UI, making sure that it
returns an out-of-sync value first, and the correct one after another
sync.

This is currently tested by scraping the UI, and relies on the fact that
the branch counter is out of date before syncing. If that issue gets
resolved, we'll have to adjust the test to verify the sync another way.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 8c2ccfcece)
(cherry picked from commit 439fadf563)
(cherry picked from commit 44dd80552c)
(cherry picked from commit 37b91fe6f2)
2024-02-05 16:09:42 +01:00
Gusted 2cfcd266b4
[GITEA] Fix panic in canSoftDeleteContentHistory
- It's possible that `canSoftDeleteContentHistory` is called without
`ctx.Doer` being set, such as an anonymous user requesting the
`/content-history/detail` endpoint.
- Add a simple condition to always set to `canSoftDelete` to false if an
anonymous user is requesting this, this avoids a panic in the code that
assumes `ctx.Doer` is set.
- Added integration testing.

(cherry picked from commit 0b5db0dcc6)
(cherry picked from commit 30d168bcc8)
(cherry picked from commit 19be82b7ef)
(cherry picked from commit 334b703b17)
2024-02-05 16:09:42 +01:00
Earl Warren 603a44edf0
[GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments
Refs: https://codeberg.org/forgejo/forgejo/issues/2109
(cherry picked from commit 8b4ba3dce7)
(cherry picked from commit 196edea0f9)

[GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments (squash) do not implicitly create a review

If a comment already exists in a review, the comment is added. If it
is the first comment added to a review, it will implicitly create a
new review instead of adding to the existing one.

The pull_service.CreateCodeComment function is responsibe for this
behavior and it will defer to createCodeComment once the review is
determined, either because it was found or because it was created.

Rename createCodeComment into CreateCodeCommentKnownReviewID to expose
it and change the API endpoint to use it instead. Since the review is
provided by the user and verified to exist already, there is no need
for the logic implemented by CreateCodeComment.

The tests are modified to remove the initial comment from the fixture
because it was creating the false positive. I was verified to fail
without this fix.

(cherry picked from commit 6a555996dc)
(cherry picked from commit b173a0ccee)
(cherry picked from commit 838ab9740a)
2024-02-05 16:09:42 +01:00
Gergely Nagy 639b428cf4
[FEAT] API support for repository flags
Expose the repository flags feature over the API, so the flags can be
managed by a site administrator without using the web API.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit bac9f0225d)
(cherry picked from commit e7f5c1ba14)
(cherry picked from commit 95d9fe19cf)
(cherry picked from commit 7fc51991e4)
2024-02-05 16:09:42 +01:00
Gergely Nagy 36f7c162e2
[FEAT] Repository flags
This implements "repository flags", a way for instance administrators to
assign custom flags to repositories. The idea is that custom templates
can look at these flags, and display banners based on them, Forgejo does
not provide anything built on top of it, just the foundation. The
feature is optional, and disabled by default. To enable it, set
`[repository].ENABLE_FLAGS = true`.

On the UI side, instance administrators will see a new "Manage flags"
tab on repositories, and a list of enabled tags (if any) on the
repository home page. The "Manage flags" page allows them to remove
existing flags, or add any new ones that are listed in
`[repository].SETTABLE_FLAGS`.

The model does not enforce that only the `SETTABLE_FLAGS` are present.
If the setting is changed, old flags may remain present in the database,
and anything that uses them, will still work. The repository flag
management page will allow an instance administrator to remove them, but
not set them, once removed.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ba735ce222)
(cherry picked from commit f09f6e029b)
(cherry picked from commit 2f8b041489)
(cherry picked from commit d3186ee5f4)
2024-02-05 16:09:42 +01:00
Gergely Nagy 9809f96a4a
[GITEA] Disable the RSS feed in file view for non-branches
Files can have an RSS feed, but those only make sense when taken in the
context of a branch. There is no history to make a feed of on a tag or a
commit: they're static. Forgejo does not provide a feed for them for
this reason.

However, the file view on the web UI was offering a link to these
non-existent feeds. With this patch, it does that no longer, and only
provides a link when viewing the file in the context of a branch.

Fixes #2102.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 4b48d21ea7)
(cherry picked from commit 70cb266760)
(cherry picked from commit 69b45c3fea)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 639a2c0741)
2024-02-05 16:09:42 +01:00
Gergely Nagy e019eb33a2
[GITEA] Find README.md for user profiles case insensitively
When trying to find a `README.md` in a `.profile` repo, do so case
insensitively. This change does not make it possible to render readmes
in formats other than Markdown, it just removes the hard-coded
"README.md".

Also adds a few tests to make sure the change works.

Fixes #1494.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit edd219d8e9)
(cherry picked from commit 2c0105ef17)
(cherry picked from commit 3975a9f3aa)
(cherry picked from commit dee4a18423)
(cherry picked from commit 60aee6370f)
2024-02-05 16:09:42 +01:00
Gusted 159dc74ceb
[GITEA] Check for Commit in opengraph
- It's possible that `PageIsDiff` is set but not `Commit` resulting in a
NPE in the template. This can happen when the requested commit doesn't exist.
- Regression of c802c46a9b &
5743d7cb5b
- Added 'hacky' integration test.

(cherry picked from commit 8db2d5e4a7)
(cherry picked from commit 8c737a802b)
(cherry picked from commit 6b7c7d18dc)
(cherry picked from commit a2be4fab27)
(cherry picked from commit a1125268ac)
2024-02-05 16:09:42 +01:00
Gergely Nagy f90b802634
[GITEA] Add support for shields.io-based badges
Adds a new `/{username}/{repo}/badges` family of routes, which redirect
to various shields.io badges. The goal is to not reimplement badge
generation, and delegate it to shields.io (or a similar service), which
are already used by many. This way, we get all the goodies that come
with it: different styles, colors, logos, you name it.

So these routes are just thin wrappers around shields.io that make it
easier to display the information we want. The URL is configurable via
`app.ini`, and is templatable, allowing to use alternative badge
generator services with slightly different URL patterns.

Additionally, for compatibility with GitHub, there's an
`/{username}/{repo}/actions/workflows/{workflow_file}/badge.svg` route
that works much the same way as on GitHub. Change the hostname in the
URL, and done.

Fixes gitea#5633, gitea#23688, and also fixes #126.

Work sponsored by Codeberg e.V.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit fcd0f61212)
(cherry picked from commit 20d14f7844)
(cherry picked from commit 4359741431)
(cherry picked from commit 35cff45eb8)
(cherry picked from commit 2fc0d0b8a3)
2024-02-05 16:09:42 +01:00
Gergely Nagy 92f41d11dd
[GITEA] repo: Don't redirect the repo to external units
When displaying the repo home view, do not redirect to unit types that
can't be defaults (which, at the moment, are the external wiki and issue
tracker unit types).

If we'd redirect to those, that would mean that a repository with the
Code unit disabled, and an external issue tracker would immediately
redirect to the external issue tracker, making it harder to reach other,
non-external units of the repo.

Fixes #1965.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 44078e5460)
(cherry picked from commit 1868dec2e4)
(cherry picked from commit c3a8e98870)
(cherry picked from commit 9266b1916f)
(cherry picked from commit 8fa5ff65af)
2024-02-05 16:09:42 +01:00
Gusted abfc169fc8
[GITEA] Remove redundant syncBranchToDB
- The transaction in combination with Git push was causing deadlocks if
you had the `push_update` queue set to `immediate`. This was the root
cause of slow integration tests in CI.
- Remove the sync branch code as this is already being done in the Git
post-receive hook.
- Add tests to proof the branch models are in sync even with this code
removed.

(cherry picked from commit 90110e1f44)
(cherry picked from commit a064065cb9)
(cherry picked from commit 7713e558eb)

Conflicts:
	services/repository/branch.go
	https://codeberg.org/forgejo/forgejo/pulls/2068
(cherry picked from commit 3bb73e0813)
(cherry picked from commit c557540926)
(cherry picked from commit 986be6171a)
(cherry picked from commit 7a343877f1)
(cherry picked from commit 51425500f2)
2024-02-05 16:09:42 +01:00
Gergely Nagy 1d8bca07f3
[GITEA] Configurable clone methods
Adds `[repository].DOWNLOAD_OR_CLONE_METHODS` (defaulting to
"download-zip,download-targz,download-bundle,vscode-clone"), which lets
an instance administrator override the additional clone methods
displayed on the repository home view.

This is purely display-only, the clone methods not listed here are still
available, unless disabled elsewhere. They're just not displayed.

Fixes #710.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 2aadcf4946)
(cherry picked from commit 42ac34fbf9)
(cherry picked from commit bd231b0245)
(cherry picked from commit 3d3366dbbe)
(cherry picked from commit 0157fb9b88)
(cherry picked from commit bee88f6a83)
2024-02-05 16:09:42 +01:00
Antonin Delpeuch f3b298133e
[GITEA] pulls: "Edit File" button in "Files Changed" tab
Closes #1894.
Gitea issue: https://github.com/go-gitea/gitea/issues/23848

(cherry picked from commit 79c75164ca)
(cherry picked from commit 58c76aad8f)
(cherry picked from commit 5bdb3c6c53)
(cherry picked from commit 94e954ce22)
(cherry picked from commit 1388e7c7be)
(cherry picked from commit 6a234abff5)
2024-02-05 16:09:42 +01:00
Gergely Nagy 5eeccecafc
[GITEA] Optionally allow anyone to edit Wikis
This is largely based on gitea#6312 by @ashimokawa, with updates and
fixes by myself, and incorporates the review feedback given in that pull
request, and more.

What this patch does is add a new "default_permissions" column to the
`repo_units` table (defaulting to read permission), adjusts the
permission checking code to take this into consideration, and then
exposes a setting that lets a repo administrator enable any user on a
Forgejo instance to edit the repo's wiki (effectively giving the wiki
unit of the repo "write" permissions by default).

By default, wikis will remain restricted to collaborators, but with the
new setting exposed, they can be turned into globally editable wikis.

Fixes Codeberg/Community#28.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 4b74439922)
(cherry picked from commit 337cf62c10)
(cherry picked from commit b6786fdb32)
(cherry picked from commit a5d2829a10)

[GITEA] Optionally allow anyone to edit Wikis (squash) AddTokenAuth

(cherry picked from commit fed50cf72e)
(cherry picked from commit 42c55e494e)
(cherry picked from commit e3463bda47)
2024-02-05 16:09:42 +01:00
Gusted 33b1dec846
[GITEA] Fix NPE in UsernameSubRoute
- When the user is not found in `reloadparam`, early return when the
user is not found to avoid calling `IsUserVisibleToViewer` which in turn
avoids causing a NPE.
- This fixes the case that a 500 error and 404 error is shown on the
same page.
- Add integration test for non-existant user RSS.
- Regression by c6366089df

(cherry picked from commit f0e0696278)
(cherry picked from commit 75d8066908)
(cherry picked from commit 4d0a1e0637)
(cherry picked from commit 5f40a485da)
(cherry picked from commit c4cb7812e3)
(cherry picked from commit d31ce2f03d)
(cherry picked from commit cfebef4f82)
2024-02-05 16:09:41 +01:00
Gergely Nagy d4fc0d2c5a
[GITEA] Allow changing the email address before activation
During registration, one may be required to give their email address, to
be verified and activated later. However, if one makes a mistake, a
typo, they may end up with an account that cannot be activated due to
having a wrong email address.

They can still log in, but not change the email address, thus, no way to
activate it without help from an administrator.

To remedy this issue, lets allow changing the email address for logged
in, but not activated users.

This fixes gitea#17785.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit aaaece28e4)
(cherry picked from commit 639dafabec)
(cherry picked from commit d699c12ceb)

[GITEA] Allow changing the email address before activation (squash) cache is always active

This needs to be revisited because the MailResendLimit is not enforced
and turns out to not be tested.

See e7cb8da2a8 * Always enable caches (#28527)

(cherry picked from commit 43ded8ee30)

Rate limit pre-activation email change separately

Changing the email address before any email address is activated should
be subject to a different rate limit than the normal activation email
resending. If there's only one rate limit for both, then if a newly
signed up quickly discovers they gave a wrong email address, they'd have
to wait three minutes to change it.

With the two separate limits, they don't - but they'll have to wait
three minutes before they can change the email address again.

The downside of this setup is that a malicious actor can alternate
between resending and changing the email address (to something like
`user+$idx@domain`, delivered to the same inbox) to effectively halving
the rate limit. I do not think there's a better solution, and this feels
like such a small attack surface that I'd deem it acceptable.

The way the code works after this change is that `ActivatePost` will now
check the `MailChangeLimit_user` key rather than `MailResendLimit_user`,
and if we're within the limit, it will set `MailChangedJustNow_user`. The
`Activate` method - which sends the activation email, whether it is a
normal resend, or one following an email change - will check
`MailChangedJustNow_user`, and if it is set, it will check the rate
limit against `MailChangedLimit_user`, otherwise against
`MailResendLimit_user`, and then will delete the
`MailChangedJustNow_user` key from the cache.

Fixes #2040.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e35d2af2e5)
(cherry picked from commit 03989418a7)
(cherry picked from commit f50e0dfe5e)
(cherry picked from commit cad9184a36)
(cherry picked from commit e2da5d7fe1)
(cherry picked from commit 3a80534d4d)
2024-02-05 16:09:41 +01:00
Earl Warren 06aae9ae72
[GITEA] GetScheduledMergeByPullID may involve a system user
Refs: https://codeberg.org/forgejo/forgejo/issues/1897
(cherry picked from commit ddc3c22558)
(cherry picked from commit a7fe969b93)
(cherry picked from commit 62bda95774)
(cherry picked from commit 8149a822c7)
(cherry picked from commit 9ed4e685eb)
(cherry picked from commit 4f072b4f80)
(cherry picked from commit ca5924037b)
(cherry picked from commit 88e2b47e29)
(cherry picked from commit 784f860cfa)
2024-02-05 16:09:41 +01:00
Gergely Nagy fa0759962b
[GITEA] allow viewing the latest Action Run on the web
Similar to how some other parts of the web UI support a `/latest` path
to directly go to the latest of a certain thing, let the Actions web UI
do the same: `/{owner}/{repo}/actions/runs/latest` will redirect to the
latest run, if there's one available.

Fixes gitea#27991.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit f67ccef1dd)

Code cleanup in the actions.ViewLatest route handler

Based on feedback received after the feature was merged, use
`ctx.NotFound` and `ctx.ServerError`, and drop the use of the
unnecessary `ctx.Written()`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 74e42da563)
(cherry picked from commit f7535a1cef)
(cherry picked from commit 1a90cd37c3)
(cherry picked from commit d86d71340a)
(cherry picked from commit 9e5cce1afc)
(cherry picked from commit 2013fb3fab)
(cherry picked from commit 88b9d21d11)
(cherry picked from commit 72c020298e)
(cherry picked from commit 6525f730df)
2024-02-05 16:09:41 +01:00
Gergely Nagy ff00749191
[GITEA] new doctor check: fix-push-mirrors-without-git-remote (#1853)
This adds a new `doctor` check: `fix-push-mirrors-without-git-remote`. The new check looks for push mirrors that do not have their remotes configured in git. If automatic fixing is enabled, it will remove these push mirrors from the database.

The check is not run by default, and thus, must be invoked manually. It should be usable in a half-migrated state, too, and as such, fixes #1800.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1853
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 9038e07ef3)
(cherry picked from commit b15bafcbc7)
(cherry picked from commit 93ba05a2dd)
(cherry picked from commit e418ea8082)
(cherry picked from commit 321790a91e)
(cherry picked from commit f4e19d3323)
(cherry picked from commit 4d9923dee8)
(cherry picked from commit 049df69eda)

Conflicts:
	services/doctor/push_mirror_consistency.go
	https://codeberg.org/forgejo/forgejo/pulls/2214
(cherry picked from commit c79cba8d55)
(cherry picked from commit f3a3969c02)
2024-02-05 16:09:41 +01:00
Gusted 75ce1e2ac1
[GITEA] Allow user to select email for file operations in Web UI
- Add a dropdown to the web interface for changing files to select which
Email should be used for the commit. It only shows (and verifies) that a
activated mail can be used, while this isn't necessary, it's better to
have this already in place.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/281

(cherry picked from commit 564e701f40)
(cherry picked from commit de8f2e03cc)
(cherry picked from commit 0182cff12e)
(cherry picked from commit 9c74254d46)
(cherry picked from commit 2f0b68f821)
(cherry picked from commit 079b995d49)
(cherry picked from commit 6952ea6ee3)
(cherry picked from commit 6c7d5a5d14)
(cherry picked from commit 49c39f0ed5)
(cherry picked from commit a8f9727388)
2024-02-05 16:09:41 +01:00
Loïc Dachary 21c4d844f3
[GITEA] test GET /{owner}/{repo}/comments/{id}/attachments
Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers

(cherry picked from commit 888dda12cf9bc95f9ef85ba5a518cf40152e07ea)
(cherry picked from commit aceeca55da)
(cherry picked from commit ab7e649668)
(cherry picked from commit 7fb8598c7d)
(cherry picked from commit fb4961e2a5)
(cherry picked from commit 9fe856a29a)
(cherry picked from commit 6db21c013d)
(cherry picked from commit 72c84eb19c)
(cherry picked from commit 07ebc9761d)
(cherry picked from commit 0c8f484002)
(cherry picked from commit 25df7d89bc)
(cherry picked from commit 0f436a0d22)
(cherry picked from commit 6109f8b6c1)
2024-02-05 16:09:41 +01:00
Loïc Dachary 3f71a0ef02
[GITEA] test POST /{username}/{reponame}/{type:issues|pulls}/move_pin
Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers

(cherry picked from commit 52f50792606a22cbf1e144e1bd480984abf6f53f)
(cherry picked from commit 65b942fa1e)
(cherry picked from commit e140c5c983)
(cherry picked from commit 4d108fa1cf)
(cherry picked from commit 9430badc5c)
(cherry picked from commit 1e67f4665d)
(cherry picked from commit 992e0d3218)
(cherry picked from commit 0e25ca17f3)
(cherry picked from commit 3c7d9769fa)

Conflicts:
	tests/integration/issue_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2119
(cherry picked from commit f6bdf76a1d)
(cherry picked from commit a5e527f872)
(cherry picked from commit be3f9a28a1)
(cherry picked from commit 836a95eab8)
2024-02-05 16:09:41 +01:00
Loïc Dachary efbe483057
[GITEA] test POST /{username}/{reponame}/{tags,release}/delete
Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers

(cherry picked from commit 78dcbb62fe87abe044034d880c9e8c22b44c2c98)
(cherry picked from commit 6707c08c17)
(cherry picked from commit 68da5a9cd8)
(cherry picked from commit c27fb08cb0)
(cherry picked from commit f15a2c558a)
(cherry picked from commit 8eb3ae6939)
(cherry picked from commit d54d5952f2)
(cherry picked from commit ce22d57485)
(cherry picked from commit bfc110ba33)
(cherry picked from commit 1fb3d555d9)
(cherry picked from commit 859c2275db)
(cherry picked from commit b21cf2567a)
(cherry picked from commit 8b9d75974f)
2024-02-05 16:09:41 +01:00
Antonin Delpeuch 6338fe8bef
[GITEA] oauth2: use link_account page when email/username is missing (#1757)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1757
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
(cherry picked from commit 0f6e0f9035)
(cherry picked from commit 779168a572)
(cherry picked from commit 29a2457321)
(cherry picked from commit a1edc2314d)
(cherry picked from commit cd01594610)
(cherry picked from commit 74db46b0f5)
(cherry picked from commit fd98f55204)
(cherry picked from commit 3099d0e281)
(cherry picked from commit 9fbbe61364)
(cherry picked from commit 8c00565006)
(cherry picked from commit 0977a1ed75)
2024-02-05 16:09:40 +01:00
Gusted 4d76bbeda7
[GITEA] Accept shorter commit IDs in web route
- Be more liberal in what Forgejo accepts, by reducing the minimum
amount of characters for SHA to 4 characters, which is the minimum
amount that  Git needs in order to figure out which commit was meant.
- It's safe to reduce this requirements, as commits are passed to Git
which will error if the given commit ID results in more than one Git
object. Forgejo will catch this error as that the Commit doesn't exist,
which is a error that's already being handled in most places gracefully.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1760

(cherry picked from commit 0d655c7384)
(cherry picked from commit 9b9aca2a02)
(cherry picked from commit 0d0ab1af1f)
(cherry picked from commit d3b352c854)
(cherry picked from commit d6af2094df)
(cherry picked from commit f96e55a7a9)
(cherry picked from commit bb6261f847)
(cherry picked from commit f6a4146161)
(cherry picked from commit ed02921379)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2214
(cherry picked from commit 768377cb02)
(cherry picked from commit 2cebe3ef94)
2024-02-05 16:09:40 +01:00
Gusted 62f866de99
[GITEA] Add repo empty check for branch feed
- If you attempted to get a branch feed on a empty repository, it would
result in a panic as the code expects that the branch exists.
- `context.RepoRefByType` would normally already 404 if the branch
doesn't exist, however if a repository is empty, it would not do this
check.
- Fix bug where `/atom/branch/*` would return a RSS feed.

(cherry picked from commit d27bcd98a4)
(cherry picked from commit c58566403d)
(cherry picked from commit b8b3f6ab8b)
(cherry picked from commit 195520100b)
(cherry picked from commit 6e417087dd)
(cherry picked from commit ff91e5957a)
(cherry picked from commit 6626d5cc75)
(cherry picked from commit 62f8ab793b)
(cherry picked from commit e5bbf1a2d0)
(cherry picked from commit f5b8c8edea)
(cherry picked from commit 50948fa11b)
(cherry picked from commit 83a9f7f442)
(cherry picked from commit 679438b5d6)
(cherry picked from commit 17db07d6d0)
2024-02-05 16:09:40 +01:00
Grigory Kirillov 8c0cbd3549
[GITEA] convert feed items' titles to plain text
Refs: https://codeberg.org/forgejo/forgejo/pulls/1595

(cherry picked from commit 35b962e631)
(cherry picked from commit 1004e35b84)
(cherry picked from commit af51dd594d)
(cherry picked from commit ef10fae296)
(cherry picked from commit ff8027ed1b)
(cherry picked from commit 2540ff52ef)
(cherry picked from commit 57b4d775e1)
(cherry picked from commit c388aba9b5)
(cherry picked from commit 7a3b605c11)
(cherry picked from commit cc02354d0a)
(cherry picked from commit e11c5ce82a)
(cherry picked from commit d1e7798bb2)
(cherry picked from commit 1813af7391)
(cherry picked from commit 0d55a88945)
(cherry picked from commit bd9ac9ac6f)
(cherry picked from commit 3794698320)
(cherry picked from commit 0f22c4be84)
2024-02-05 16:09:40 +01:00
Gusted 92413041bd
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit d130653454)
(cherry picked from commit 45a16f8c3c)
(cherry picked from commit a497acb31f)
(cherry picked from commit fe87fd8289)
(cherry picked from commit 6ac12e6693)
(cherry picked from commit 981ec37e1e)
(cherry picked from commit 5d6892ec10)
(cherry picked from commit 9df7968f4f)
(cherry picked from commit 7d588d1833)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit defb101281)
(cherry picked from commit 5830f204a1)
(cherry picked from commit 029f4e9863)
(cherry picked from commit 816fe55812)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 99866d8045)
2024-02-05 16:09:40 +01:00
Gusted 662c8ee341
[GITEA] Use existing jsonschema library
- Use the 'existing' jsonschema library for the nodeinfo integration test.

(cherry picked from commit 73864840f2)
(cherry picked from commit da36df306b)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 2b4ab46d8e)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 8064130344)
(cherry picked from commit 0ccefc633e)
(cherry picked from commit 19e647b531)
(cherry picked from commit 2bcc04889d)
(cherry picked from commit 2fd1932699)
(cherry picked from commit b9a3e1e525)
(cherry picked from commit 92d932d23f)
(cherry picked from commit c125217fea)
(cherry picked from commit f9801ba57b)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 2558a8a764)
(cherry picked from commit f53b2d3112)
(cherry picked from commit c098055f0a)
(cherry picked from commit 0e1591554a)
(cherry picked from commit 876d9d5c6f)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 7110bb6a78)
2024-02-05 16:09:40 +01:00