Commit graph

16724 commits

Author SHA1 Message Date
Giteabot 16263af971
Fix inperformant query on retrifing review from database. (#28552) (#28562)
Backport #28552 by @6543

can we please PLEAS PLEASE only use raw SQL statements if it is relay
needed!!!

source is https://github.com/go-gitea/gitea/pull/28544 (before
refactoring)

Co-authored-by: 6543 <m.huber@kithara.com>
2023-12-20 16:55:08 +01:00
Giteabot f096635622
Fix the issue ref rendering for wiki (#28556) (#28559)
Backport #28556 by wxiaoguang

Fix #28526, regression of 
* #26365

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-20 22:51:25 +08:00
Giteabot 932e282e15
Fix duplicate ID when deleting repo (#28520) (#28528)
Backport #28520 by @framitdavid


There is an accessibility issue in the interface when attempting to
delete a repository. When I click on "Delete repository," a dialog box
appears, requiring confirmation to proceed with the repository deletion.
However, when I press the "Repo name" label, the wrong input field gains
focus. The focused field is located behind the dialog and is intended
for renaming the repository.

I am submitting these pull requests to ensure that the correct input
field is focused when the user clicks on the label. This change will
also facilitate the writing of tests using Playwright or Testing Library
to retrieve elements based on roles. This PR will also improve
acessibility of this area.

Co-authored-by: David Øvrelid <46874830+framitdavid@users.noreply.github.com>
2023-12-19 16:40:03 +08:00
Giteabot d9aeb1f09d
Only check online runner when detecting matching runners in workflows (#28286) (#28512)
Backport #28286 by @yp05327

Mentioned:
[#28277](https://github.com/go-gitea/gitea/issues/28277#issuecomment-1831325276)

We should only check online runner when detecting matching runners in
workflows,
as if runner is not online, the workflow will not run.


![image](https://github.com/go-gitea/gitea/assets/18380374/11855e9d-7241-4b7a-b8d7-49dbb94ba1c5)

Co-authored-by: yp05327 <576951401@qq.com>
2023-12-19 04:06:31 +00:00
Giteabot 411310d698
chore(api): support ignore password if login source type is LDAP for creating user API (#28491) (#28525)
Backport #28491 by @appleboy

- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-19 11:14:06 +08:00
wxiaoguang 6d002f8e1e
Update golang.org/x/crypto (#28519)
ref: https://groups.google.com/g/golang-announce/c/qA3XtxvMUyg,
CVE-2023-48795, https://go.dev/issue/64784
2023-12-19 07:04:21 +08:00
Giteabot 4462628a26
Improve the prompt for "ssh-keygen sign" (#28509) (#28510)
Backport #28509 by wxiaoguang

Close #28505

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-18 15:25:52 +00:00
wxiaoguang a3f403f438
Add option to disable ambiguous unicode characters detection (#28454) (#28499)
Backport #28454 (the only conflict is caused by some comments)

* Close #24483
* Close #28123
* Close #23682
* Close #23149
2023-12-18 12:20:37 +08:00
Giteabot 8ee1ed877b
Initalize stroage for orphaned repository doctor (#28487) (#28490)
Backport #28487 by @earl-warren

- When a repository is orphaned and has objects stored in any of the
storages such as repository avatar or attachments the delete function
would error, because the storage module wasn't initalized.
- Add code to initialize the storage module.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1954

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-12-16 22:06:37 +08:00
Giteabot 2c2e00899d
Update docs for DISABLE_QUERY_AUTH_TOKEN (#28485) (#28488)
Backport #28485 by @kdumontnu

As described
[here](https://github.com/go-gitea/gitea/pull/28390#issuecomment-1857553331).

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2023-12-16 00:04:05 -05:00
Giteabot 6cbb6f303a
Refactor SSH clone URL generation code (#28421) (#28480)
Backport #28421 by wxiaoguang

Refactor the code and add tests, keep the old logic.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-15 14:54:40 +08:00
Giteabot 6af698fb81
Polyfill SubmitEvent for PaleMoon (#28441) (#28478)
Backport #28441 by wxiaoguang

Fix #28319

It only polyfills if there is no "SubmitEvent" class, so it has no side
effect for most users.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-15 03:04:37 +00:00
Giteabot 94a05a492d
Fix Chinese translation of config cheat sheet[API] (#28472) (#28473)
Backport #28472 by @CaiCandong

Co-authored-by: CaiCandong <50507092+CaiCandong@users.noreply.github.com>
2023-12-15 07:54:32 +08:00
Giteabot 6de862abdf
Fix documents for "custom/public/assets/" (#28465) (#28467)
Backport #28465 by wxiaoguang

Fix #28463

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-14 17:00:39 +08:00
Giteabot b47482d58e
Retry SSH key verification with additional CRLF if it failed (#28392) (#28464)
Backport #28392 by @nekrondev

Windows-based shells will add a CRLF when piping the token into
ssh-keygen command resulting in
verification error. This resolves #21527.

Co-authored-by: nekrondev <heiko@noordsee.de>
Co-authored-by: Heiko Besemann <heiko.besemann@qbeyond.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-14 12:50:26 +08:00
Giteabot 74ab798033
Add endpoint for not implemented Docker auth (#28457) (#28462)
Backport #28457 by @KN4CK3R

Recently Docker started to use the optional `POST /v2/token` endpoint
which should respond with a `404 Not Found` status code instead of the
current `405 Method Not Allowed`.

> Note: Not all token servers implement oauth2. If the request to the
endpoint returns 404 using the HTTP POST method, refer to Token
Documentation for using the HTTP GET method supported by all token
servers.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-12-13 22:06:24 +01:00
Giteabot 97a0bf151a
Fix possible nil pointer access (#28428) (#28440)
Backport #28428 by @KN4CK3R

There could be a nil pointer exception if the file is not found because
that specific error is suppressed but not handled.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-12-12 23:35:32 +08:00
Giteabot 5e2bae7716
Don't show unnecessary citation JS error on UI (#28433) (#28437)
Backport #28433 by wxiaoguang

Fix #28226

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-12 21:14:04 +08:00
techknowlogick 96d3fcf179
1.21.2 changelog (#28387)
To be rebuilt with latest golang version

---------

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-12 14:23:54 +08:00
Lunny Xiao 265f485295
Do some missing checks (#28423) (#28432)
backport #28423
2023-12-12 06:20:18 +00:00
Giteabot f144521aea
Deprecate query string auth tokens (#28390) (#28430)
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 13:45:00 +08:00
Giteabot 6f4d5c0b8c
Recover from panic in cron task (#28409) (#28425)
Backport #28409 by @earl-warren

- Currently there's code to recover gracefully from panics that happen
within the execution of cron tasks. However this recover code wasn't
being run, because `RunWithShutdownContext` also contains code to
recover from any panic and then gracefully shutdown Forgejo. Because
`RunWithShutdownContext` registers that code as last, that would get run
first which in this case is not behavior that we want.
- Move the recover code to inside the function, so that is run first
before `RunWithShutdownContext`'s recover code (which is now a noop).

Fixes: https://codeberg.org/forgejo/forgejo/issues/1910

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-12-12 03:28:56 +00:00
Giteabot 1ec622db24
Improve doctor cli behavior (#28422) (#28424)
Backport #28422 by wxiaoguang

1. Do not sort the "checks" slice again and again when "Register", it
just wastes CPU when the Gitea instance runs
2. If a check doesn't exist, tell the end user
3. Add some tests

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-11 16:28:27 +00:00
Giteabot 40d51188c0
Fix links in docs (#28302) (#28418)
Backport #28302 by @yp05327

Close #28287

## How to test it in local
convert Makefile L34 into:
```
cd .tmp/upstream-docs && git clean -f && git reset --hard && git fetch origin pull/28302/head:pr28302 && git switch pr28302
```

Co-authored-by: yp05327 <576951401@qq.com>
2023-12-11 22:53:59 +08:00
Lunny Xiao 87db4a47c8
Also sync DB branches on push if necessary (#28361) (#28403)
Fix #28056
Backport #28361 

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.
2023-12-11 06:16:56 +00:00
Giteabot cd2dd5a67d
Fix missing check (#28406) (#28411)
Backport #28406 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-11 09:10:48 +08:00
Giteabot 46beb7f33f
enable system users search via the API (#28013) (#28018)
Backport #28013 by @earl-warren

Refs: https://codeberg.org/forgejo/forgejo/issues/1403

(cherry picked from commit dd4d17c159)

---------

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-08 21:46:08 +00:00
Giteabot 3107093394
Fix Docker meta action for releases (#28232) (#28395) 2023-12-07 16:29:17 -08:00
Giteabot 272ae03341
Make gogit Repository.GetBranchNames consistent (#28348) (#28386)
Backport #28348 by @AdamMajer

nogogit GetBranchNames() lists branches sorted in reverse commit date
order. On the other hand the gogit implementation doesn't apply any
ordering resulting in unpredictable behaviour. In my case, the unit
tests requiring particular order fail

    repo_branch_test.go:24:
                Error Trace:
               ./gitea/modules/git/repo_branch_test.go:24
                Error:          elements differ

                                extra elements in list A:
                                ([]interface {}) (len=1) {
                                 (string) (len=6) "master"
                                }

                                extra elements in list B:
                                ([]interface {}) (len=1) {
                                 (string) (len=7) "branch1"
                                }

                                listA:
                                ([]string) (len=2) {
                                 (string) (len=6) "master",
                                 (string) (len=7) "branch2"
                                }

                                listB:
                                ([]string) (len=2) {
                                 (string) (len=7) "branch1",
                                 (string) (len=7) "branch2"
                                }
                Test:           TestRepository_GetBranches

To fix this, we sort branches based on their commit date in gogit
implementation.

Fixes: #28318

Co-authored-by: Adam Majer <amajer@suse.de>
2023-12-07 13:03:27 -05:00
Giteabot b56a9f6ded
Fix margin in server signed signature verification view (#28379) (#28381)
Backport #28379 by @lafriks

Before:

![image](https://github.com/go-gitea/gitea/assets/165205/e2e2256d-03c5-4ab8-8ed9-08ef68571a43)

After:

![image](https://github.com/go-gitea/gitea/assets/165205/804132ef-18f9-4ab8-949d-f6c71e7f4d24)

Co-authored-by: Lauris BH <lauris@nix.lv>
2023-12-07 10:37:12 +08:00
Giteabot c5c44d0951
Fix object does not exist error when checking citation file (#28314) (#28369)
Backport #28314 by @yp05327

Fix #28264

`DataAsync()` will be called twice.
Caused by https://github.com/go-gitea/gitea/pull/27958.
I'm sorry, I didn't completely remove all unnecessary codes.

Co-authored-by: yp05327 <576951401@qq.com>
2023-12-06 22:06:51 +00:00
Giteabot 8f2805f757
Fix incorrect default value of [attachment].MAX_SIZE (#28373) (#28376)
Backport #28373 by @capvor

In the documents, the `[attachment] MAX_SIZE` default value should be 4.

Reference the source code `modules/setting/attachment.go` line 29.

Co-authored-by: capvor <capvor@sina.com>
2023-12-06 19:32:23 +00:00
Giteabot 5eaf91e919
Use filepath instead of path to create SQLite3 database file (#28374) (#28378)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix #28300
2023-12-06 11:22:18 -06:00
Giteabot b7e3adc66c
Fix the runs will not be displayed bug when the main branch have no workflows but other branches have (#28359) (#28365)
Backport #28359 by @lunny

The left menu will only display the default branch's workflows but the
right side will display the runs triggered by all branches' workflows.
So we cannot hide right side if default branch has no workflows.

Fix #28332 
Replace #28333

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-06 02:28:00 -05:00
Giteabot 5b5f8aab19
handle repository.size column being NULL in migration v263 (#28336) (#28363)
Co-authored-by: Nate Levesque <nate@thenaterhood.com>
2023-12-05 14:51:56 +00:00
Giteabot fef34790bb
Convert git commit summary to valid UTF8. (#28356) (#28358)
Backport #28356 by @darrinsmart

The summary string ends up in the database, and (at least) MySQL &
PostgreSQL require valid UTF8 strings.

Fixes #28178

Co-authored-by: darrinsmart <darrin@djs.to>
Co-authored-by: Darrin Smart <darrin@filmlight.ltd.uk>
2023-12-05 09:19:08 +00:00
Giteabot 8b590de186
Fix migration panic due to an empty review comment diff (#28334) (#28362)
Backport #28334 by @lng2020

Fix #28328 
```
func (p *PullRequestComment) GetDiffHunk() string {
	if p == nil || p.DiffHunk == nil {
		return ""
	}
	return *p.DiffHunk
}
```
This function in the package `go-github` may return an empty diff. When
it's empty, the following code will panic because it access `ss[1]`

ec1feedbf5/services/migrations/gitea_uploader.go (L861-L867)

ec1feedbf5/modules/git/diff.go (L97-L101)

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
2023-12-05 16:58:15 +08:00
Giteabot 5105d2093c
Add HEAD support for rpm repo files (#28309) (#28360)
Backport #28309 by @KN4CK3R

Fixes https://codeberg.org/forgejo/forgejo/issues/1810

zypper uses HEAD requests to check file existence.

https://github.com/openSUSE/libzypp/blob/HEAD/zypp/RepoManager.cc#L2549

https://github.com/openSUSE/libzypp/blob/HEAD/zypp-curl/ng/network/private/downloaderstates/basicdownloader_p.cc#L116

@ExplodingDragon fyi

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-12-05 16:24:57 +08:00
Giteabot 08445d5d86
Refactor template empty checks (#28351) (#28354)
Backport #28351 by @KN4CK3R

Fix #28347

As there is no info how to reproduce it, I can't test it.
Fix may be `section_split.tmpl @ 126/130`.

Other changes are "empty check" refactorings.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-12-05 06:07:15 +00:00
Giteabot b71d4c3ec0
Fix RPM/Debian signature key creation (#28352) (#28353)
Backport #28352 by @KN4CK3R

Fixes #28324

The name parameter can't contain some characters
(https://github.com/keybase/go-crypto/blob/master/openpgp/keys.go#L680)
but is optional. Therefore just use an empty string.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-12-05 13:42:41 +08:00
Giteabot bf537adf8a
Keep profile tab when clicking on Language (#28320) (#28331)
Backport #28320 by @JakobDev

Fixes https://codeberg.org/Codeberg/Community/issues/1355

Co-authored-by: JakobDev <jakobdev@gmx.de>
2023-12-03 14:54:53 +00:00
Giteabot 8c8c24f8eb
Fix missing issue search index update when changing status (#28325) (#28330)
Backport #28325 by @brechtvl

Changing an issue status, assignee, labels or milestone without also
adding a comment would not update the index, resulting in wrong search
results.

Co-authored-by: Brecht Van Lommel <brecht@blender.org>
2023-12-03 11:43:17 +00:00
Giteabot fee9c05ed3
Fix wrong link in protect_branch_name_pattern_desc (#28313) (#28315)
Backport #28313 by @yp05327

The current href will link to
`https://domain/owner/repo/settings/branches/github.com/gobwas/glob`

Co-authored-by: yp05327 <576951401@qq.com>
2023-12-01 20:06:08 +08:00
Giteabot e15fe85335
Read previous info from git blame (#28306) (#28310)
Backport #28306 by @KN4CK3R

Fixes #28280

Reads the `previous` info from the `git blame` output instead of
calculating it afterwards.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-12-01 08:27:35 +01:00
wxiaoguang 4f5122a7fe
Ignore "non-existing" errors when getDirectorySize calculates the size (#28276) (#28285)
Backport #28276

The git command may operate the git directory (add/remove) files in any
time.

So when the code iterates the directory, some files may disappear during
the "walk". All "IsNotExist" errors should be ignored.
2023-11-30 16:39:16 +00:00
Giteabot 84e65afffd
Use appSubUrl for OAuth2 callback URL tip (#28266) (#28275)
Backport #28266 by @earl-warren

- When crafting the OAuth2 callbackURL take into account `appSubUrl`,
which is quite safe given that its strictly formatted.
- No integration testing as this is all done in Javascript.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1795

(cherry picked from commit 27cb6b7956)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-30 00:26:47 +00:00
Giteabot d2908b2794
Meilisearch: require all query terms to be matched (#28293) (#28296)
Co-authored-by: Brecht Van Lommel <brecht@blender.org>
2023-11-29 09:38:04 -06:00
Giteabot 24e03a125d
Fix required error for token name (#28267) (#28284)
Backport #28267 by @earl-warren

- Say to the binding middleware which locale should be used for the
required error.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1683

(cherry picked from commit 5a2d796612)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-29 23:00:32 +08:00
Giteabot 76e892317b
Fix issue will be detected as pull request when checking First-time contributor (#28237) (#28271)
Backport #28237 by @yp05327

Fix #28224

Co-authored-by: yp05327 <576951401@qq.com>
2023-11-29 02:49:33 +00:00
Giteabot 5001f63c07
Check for v prefix on tags for release clean name (#28257) (#28270)
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-11-28 16:02:26 -06:00