Commit graph

3920 commits

Author SHA1 Message Date
Loïc Dachary 6edae51a23
test POST /{username}/{reponame}/{type:issues|pulls}/{index}/content-history/soft-delete 2023-11-25 21:05:50 +01:00
Lunny Xiao 5504ce44d2
Fix comment permissions (#28213)
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
2023-11-25 19:35:58 +01:00
Gusted b1e8858de9
[GITEA] Add noreply email address as verified for SSH signed Git commits
- When someone really wants to avoid sharing their email, they could
configure git to use the noreply email for git commits. However if they
also wanted to use SSH signing, it would not show up as verified as the
noreply email address was technically not an activated email address for
the user.
- Add unit tests for the `ParseCommitWithSSHSignature` function.
- Resolves https://codeberg.org/Codeberg/Community/issues/946

(cherry picked from commit 1685de7eba)
2023-11-13 14:09:45 +01:00
Gusted f161a4f60f
[GITEA] Make atomic ssh keys replacement robust
- After stumbling upon https://github.com/golang/go/issues/22397 and
reading the implementations I realized that Forgejo code doesn't have
`Sync()` and it doesn't properly error handle the `Close` function.
- (likely) Resolves https://codeberg.org/forgejo/forgejo/issues/1446

(cherry picked from commit 0efcb334c2)
(cherry picked from commit 04ef02c0dd)
(cherry picked from commit 85f2065c9b)
(cherry picked from commit 8d36b5cce6)
(cherry picked from commit 378dc30fb5)
(cherry picked from commit 2b28bf826e)
(cherry picked from commit d0625a001e)
2023-11-13 14:09:45 +01:00
Gusted 1311e30a81
[GITEA] Drop sha256-simd in favor of stdlib
- In Go 1.21 the crypto/sha256 [got a massive
improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the
SHA instructions for AMD64 CPUs, which sha256-simd already was doing.
The performance is now on par and I think it's preferable to use the
standard library rather than a package when possible.

```
cpu: AMD Ryzen 5 3600X 6-Core Processor
                │  simd.txt   │               go.txt                │
                │   sec/op    │    sec/op     vs base               │
Hash/8Bytes-12    63.25n ± 1%    73.38n ± 1%  +16.02% (p=0.002 n=6)
Hash/64Bytes-12   98.73n ± 1%   105.30n ± 1%   +6.65% (p=0.002 n=6)
Hash/1K-12        567.2n ± 1%    572.8n ± 1%   +0.99% (p=0.002 n=6)
Hash/8K-12        4.062µ ± 1%    4.062µ ± 1%        ~ (p=0.396 n=6)
Hash/1M-12        512.1µ ± 0%    510.6µ ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        2.556m ± 1%    2.564m ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       5.112m ± 0%    5.127m ± 0%        ~ (p=0.093 n=6)
geomean           13.82µ         14.27µ        +3.28%

                │   simd.txt   │               go.txt                │
                │     B/s      │     B/s       vs base               │
Hash/8Bytes-12    120.6Mi ± 1%   104.0Mi ± 1%  -13.81% (p=0.002 n=6)
Hash/64Bytes-12   618.2Mi ± 1%   579.8Mi ± 1%   -6.22% (p=0.002 n=6)
Hash/1K-12        1.682Gi ± 1%   1.665Gi ± 1%   -0.98% (p=0.002 n=6)
Hash/8K-12        1.878Gi ± 1%   1.878Gi ± 1%        ~ (p=0.310 n=6)
Hash/1M-12        1.907Gi ± 0%   1.913Gi ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        1.911Gi ± 1%   1.904Gi ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       1.910Gi ± 0%   1.905Gi ± 0%        ~ (p=0.093 n=6)
geomean           1.066Gi        1.032Gi        -3.18%
```

(cherry picked from commit abd94ff5b5)
(cherry picked from commit 15e81637ab)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 325d92917f)

Conflicts:
	modules/context/context_cookie.go
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 358819e895)
(cherry picked from commit 362fd7aae1)
(cherry picked from commit 4f64ee294e)
(cherry picked from commit 4bde77f7b1)
2023-11-13 14:09:45 +01:00
Gusted 631c87cc23
[GITEA] Use restricted sanitizer for repository description
- Currently the repository description uses the same sanitizer as a
normal markdown document. This means that element such as heading and
images are allowed and can be abused.
- Create a minimal restricted sanitizer for the repository description,
which only allows what the postprocessor currently allows, which are
links and emojis.
- Added unit testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1202
- Resolves https://codeberg.org/Codeberg/Community/issues/1122

(cherry picked from commit a8afa4cd18)
(cherry picked from commit 0238587c51)
(cherry picked from commit a8c7bbf728)
(cherry picked from commit 80e05a8245)
(cherry picked from commit f5af5050b3)
(cherry picked from commit 608f981e55)
(cherry picked from commit f40cff9263)
(cherry picked from commit 5f113bb611)
(cherry picked from commit 7798a3d746)
2023-11-13 14:09:44 +01:00
Earl Warren 6a2d2fa243
[GITEA] enable system users for comment.LoadPoster
System users (Ghost, ActionsUser, etc) have a negative id and may be
the author of a comment, either because it was created by a now
deleted user or via an action using a transient token.

The GetPossibleUserByID function has special cases related to system
users and will not fail if given a negative id.

Refs: https://codeberg.org/forgejo/forgejo/issues/1425
(cherry picked from commit 97667e06b3)
(cherry picked from commit 8ef73a09c9)
(cherry picked from commit fa8a00d264)
(cherry picked from commit 2ada2074b5)
(cherry picked from commit f9a59b940a)
(cherry picked from commit cd82834043)
(cherry picked from commit aeb9a2c2b8)
(cherry picked from commit 0bfac925c2)
(cherry picked from commit bb78cdcec0)
2023-11-13 14:09:43 +01:00
Aravinth Manivannan 9b7bbae8c4
[GITEA] notifies admins on new user registration
Sends email with information on the new user (time of creation and time of last sign-in) and a link to manage the new user from the admin panel

closes: https://codeberg.org/forgejo/forgejo/issues/480

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1371
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit c721aa828b)
(cherry picked from commit 6487efcb9d)

Conflicts:
	modules/notification/base/notifier.go
	modules/notification/base/null.go
	modules/notification/notification.go
	https://codeberg.org/forgejo/forgejo/pulls/1422
(cherry picked from commit 7ea66ee1c5)

Conflicts:
	services/notify/notifier.go
	services/notify/notify.go
	services/notify/null.go
	https://codeberg.org/forgejo/forgejo/pulls/1469
(cherry picked from commit 7d2d997011)
(cherry picked from commit 435a54f140)
(cherry picked from commit 8ec7b3e448)

[GITEA] notifies admins on new user registration (squash) performance bottleneck

Refs: https://codeberg.org/forgejo/forgejo/issues/1479
(cherry picked from commit 97ac9147ff)
(cherry picked from commit 19f295c16b)
(cherry picked from commit 3367dcb2cf)

[GITEA] notifies admins on new user registration (squash) cosmetic changes

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 9f1670e040)
(cherry picked from commit de5bb2a224)
(cherry picked from commit 8f8e52f31a)
(cherry picked from commit e0d5130312)
(cherry picked from commit f1288d6d9b)
(cherry picked from commit 1db4736fd7)
(cherry picked from commit e8dcbb6cd6)
(cherry picked from commit 09625d6476)

[GITEA] notifies admins on new user registration (squash) ctx.Locale

(cherry picked from commit dab7212fad)
2023-11-13 14:09:41 +01:00
Gusted 1069c860e7
[GITEA] Add slow SQL query warning
- Databases are one of the most important parts of Forgejo, every
interaction with Forgejo uses the database in one way or another.
Therefore, it is important to maintain the database and recognize when
Forgejo is not doing well with the database. Forgejo already has the
option to log *every* SQL query along with its execution time, but
monitoring becomes impractical for larger instances and takes up
unnecessary storage in the logs.
- Add a QoL enhancement that allows instance administrators to specify a
threshold value beyond which query execution time is logged as a warning
in the xorm logger. The default value is a conservative five seconds to
avoid this becoming a source of spam in the logs.
- The use case for this patch is that with an instance the size of Codeberg, monitoring SQL logs is not very fruitful and most of them are uninteresting. Recently, in the context of persistent deadlock issues (https://codeberg.org/forgejo/forgejo/issues/220), I have noticed that certain queries hold locks on tables like comment and issue for several seconds. This patch helps to identify which queries these are and when they happen.
- Added unit test.

(cherry picked from commit 24bbe7886f)
(cherry picked from commit 6e29145b3c)
(cherry picked from commit 63731e3071)
(cherry picked from commit 3ce1a09736)
(cherry picked from commit a64426907d)
(cherry picked from commit 4b19215691)
(cherry picked from commit e635674435)
(cherry picked from commit 9cf501f1af)
(cherry picked from commit 0d6b934eba)
(cherry picked from commit 4b6c273879)
(cherry picked from commit 89b1315338)
(cherry picked from commit edd8e66ce9)

[GITEA] Add slow SQL query warning (squash) document the setting

(cherry picked from commit ce38599c51)
(cherry picked from commit 794aa67c68)
(cherry picked from commit a4c2c6b004)
(cherry picked from commit 97912752bc)
(cherry picked from commit 00b5327c97)
2023-11-13 14:07:36 +01:00
Gusted bf337bed35
[GITEA] Improve HTML title on repositories
- The `<title>` element that lives inside the `<head>` element is an important element that gives browsers and search engine crawlers the title of the webpage, hence the element name. It's therefor important that this title is accurate.
- Currently there are three issues with titles on repositories. It doesn't use the `FullName` and instead only uses the repository name, this doesn't distinguish which user or organisation the repository is on. It doesn't show the full treepath in the title when visiting an file inside a directory and instead only uses the latest path in treepath. It can show the repository name twice if the `.Title` variable also included the repository name such as on the repository homepage.
- Use the repository's fullname (which include which user the repository is on) instead of just their name.
- Display the repository's fullname if it isn't already in `.Title`.
- Use the full treepath in the repository code view instead of just the
last path.
- Adds integration tests.
- Adds a new repository (`repo59`) that has 3 depths for folders, which
wasn't in any other fixture repository yet, so the full treepath for
could be properly tested.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1276

(cherry picked from commit ff9a6a2cda)
(cherry picked from commit 76dffc8621)
(cherry picked from commit ff0615b9d0)
(cherry picked from commit 8712eaa394)
(cherry picked from commit 0c11587582)
(cherry picked from commit 3cbd9fb792)

Conflicts:
	tests/integration/repo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1512
(cherry picked from commit fbfdba8ae9)

Conflicts:
	models/fixtures/release.yml
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 8b2bf0534c)
(cherry picked from commit d706d9e222)
(cherry picked from commit 6d46261a3f)
(cherry picked from commit f864d18ad3)
(cherry picked from commit 80f8620d0d)

[GITEA] Improve HTML title on repositories (squash) do not double escape

(cherry picked from commit 22882fe25c)
(cherry picked from commit 63e99df3d1)
(cherry picked from commit b65d777bc7)
(cherry picked from commit 2961f4f632)
(cherry picked from commit f7f723628c)
(cherry picked from commit 9ed7915826)
(cherry picked from commit 8b9ead4608)
(cherry picked from commit 50eeaf1fbc)
(cherry picked from commit ee6f32820e)
2023-11-13 14:07:36 +01:00
Earl Warren 436cc21217
[GITEA] silently ignore obsolete sudo scope
Fixes: https://codeberg.org/forgejo/forgejo/issues/820
(cherry picked from commit 6a7022ebbb)
(cherry picked from commit 764eac47b5)
(cherry picked from commit 1141eb7b6f)
(cherry picked from commit 826b6509b6)
(cherry picked from commit 9990d932b8)
(cherry picked from commit 7eca570743)
(cherry picked from commit 66e1d3f082)
(cherry picked from commit 188226a8e6)
(cherry picked from commit 4cd1bff25c)
(cherry picked from commit fad6b6d2c4)
(cherry picked from commit 5b25c3d851)
(cherry picked from commit 4746ece4dd)
(cherry picked from commit 2a6f85afb3)
(cherry picked from commit c027d724ee)
(cherry picked from commit be2f1eeaeb)
(cherry picked from commit 3058a54fe9)
(cherry picked from commit 53936d38a0)
(cherry picked from commit 311983cc97)
(cherry picked from commit 1651ae757b)
(cherry picked from commit d3dd8ea24d)
(cherry picked from commit 9a80326ff3)
(cherry picked from commit 66eb33235e)
(cherry picked from commit 769e24d5a8)
2023-11-13 14:07:36 +01:00
Earl Warren 77ba6be1da
[FEAT] allow setting the update date on issues and comments
This field adds the possibility to set the update date when modifying
an issue through the API.

A 'NoAutoDate' in-memory field is added in the Issue struct.
If the update_at field is set, NoAutoDate is set to true and the
Issue's UpdatedUnix field is filled.

That information is passed down to the functions that actually updates
the database, which have been modified to not auto update dates if
requested.

A guard is added to the 'EditIssue' API call, to checks that the
udpate_at date is between the issue's creation date and the current
date (to avoid 'malicious' changes). It also limits the new feature
to project's owners and admins.

(cherry picked from commit c524d33402)

Add a SetIssueUpdateDate() function in services/issue.go

That function is used by some API calls to set the NoAutoDate and
UpdatedUnix fields of an Issue if an updated_at date is provided.

(cherry picked from commit f061caa655)

Add an updated_at field to the API calls related to Issue's Labels.

The update date is applied to the issue's comment created to inform
about the modification of the issue's labels.

(cherry picked from commit ea36cf80f5)

Add an updated_at field to the API call for issue's attachment creation

The update date is applied to the issue's comment created to inform
about the modification of the issue's content, and is set as the
asset creation date.

(cherry picked from commit 96150971ca)

Checking Issue changes, with and without providing an updated_at date

Those unit tests are added:

- TestAPIEditIssueWithAutoDate
- TestAPIEditIssueWithNoAutoDate

- TestAPIAddIssueLabelsWithAutoDate
- TestAPIAddIssueLabelsWithNoAutoDate

- TestAPICreateIssueAttachmentWithAutoDate
- TestAPICreateIssueAttachmentWithNoAutoDate

(cherry picked from commit 4926a5d7a2)

Add an updated_at field to the API call for issue's comment creation

The update date is used as the comment creation date, and is applied to
the issue as the update creation date.

(cherry picked from commit 76c8faecdc)

Add an updated_at field to the API call for issue's comment edition

The update date is used as the comment update date, and is applied to
the issue as an update date.

(cherry picked from commit cf787ad7fd)

Add an updated_at field to the API call for comment's attachment creation

The update date is applied to the comment, and is set as the asset
creation date.

(cherry picked from commit 1e4ff424d3)

Checking Comment changes, with and without providing an updated_at date

Those unit tests are added:

- TestAPICreateCommentWithAutoDate
- TestAPICreateCommentWithNoAutoDate

- TestAPIEditCommentWithAutoDate
- TestAPIEditCommentWithNoAutoDate

- TestAPICreateCommentAttachmentWithAutoDate
- TestAPICreateCommentAttachmentWithNoAutoDate

(cherry picked from commit da932152f1)

Pettier code to set the update time of comments

Now uses sess.AllCols().NoAutoToime().SetExpr("updated_unix", ...)

XORM is smart enough to compose one single SQL UPDATE which all
columns + updated_unix.

(cherry picked from commit 1f6a42808d)

Issue edition: Keep the max of the milestone and issue update dates.

When editing an issue via the API, an updated_at date can be provided.
If the EditIssue call changes the issue's milestone, the milestone's
update date is to be changed accordingly, but only with a greater
value.

This ensures that a milestone's update date is the max of all issue's
update dates.

(cherry picked from commit 8f22ea182e)

Rewrite the 'AutoDate' tests using subtests

Also add a test to check the permissions to set a date, and a test
to check update dates on milestones.

The tests related to 'AutoDate' are:
- TestAPIEditIssueAutoDate
- TestAPIAddIssueLabelsAutoDate
- TestAPIEditIssueMilestoneAutoDate
- TestAPICreateIssueAttachmentAutoDate
- TestAPICreateCommentAutoDate
- TestAPIEditCommentWithDate
- TestAPICreateCommentAttachmentAutoDate

(cherry picked from commit 961fd13c55)
(cherry picked from commit d52f4eea44)
(cherry picked from commit 3540ea2a43)

Conflicts:
	services/issue/issue.go
	https://codeberg.org/forgejo/forgejo/pulls/1415
(cherry picked from commit 56720ade00)

Conflicts:
	routers/api/v1/repo/issue_label.go
	https://codeberg.org/forgejo/forgejo/pulls/1462
(cherry picked from commit 47c78927d6)
(cherry picked from commit 2030f3b965)
(cherry picked from commit f02aeb7698)

Conflicts:
	routers/api/v1/repo/issue_attachment.go
	routers/api/v1/repo/issue_comment_attachment.go
	https://codeberg.org/forgejo/forgejo/pulls/1575
(cherry picked from commit d072525b35)
(cherry picked from commit 8424d0ab3d)
(cherry picked from commit 5cc62caec7)
(cherry picked from commit d6300d5dcd)

[FEAT] allow setting the update date on issues and comments (squash) apply the 'update_at' value to the cross-ref comments (#1676)

[this is a follow-up to PR #764]

When a comment of issue A referencing issue B is added with a forced 'updated_at' date, that date has to be applied to the comment created in issue B.

-----

Comment:

While trying my 'RoundUp migration script', I found that this case was forgotten in PR #764 - my apologies...

I'll try to write a functional test, base on models/issues/issue_xref_test.go

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1676
Co-authored-by: fluzz <fluzz@freedroid.org>
Co-committed-by: fluzz <fluzz@freedroid.org>
(cherry picked from commit ac4f727f63)
(cherry picked from commit 5110476ee9)
2023-11-13 12:21:09 +01:00
Earl Warren 6f5c2f902e
[SEMVER] store SemVer in ForgejoSemVer after a database upgrade
https://codeberg.org/forgejo/forgejo/pulls/1543
(cherry picked from commit 6146ef6263)
(cherry picked from commit 45b9005ad9)
(cherry picked from commit 4622cc5cc4)
(cherry picked from commit ed39cdc54c)
(cherry picked from commit b837dbd434)
(cherry picked from commit a0abe20b1b)
2023-11-13 12:21:09 +01:00
Earl Warren 5a4d56e77b
[TESTS] tests.AddFixtures helper loads additional per-test fixtures
(cherry picked from commit 93a844dd13)
(cherry picked from commit 6d6d1a121c)
(cherry picked from commit 8b101f2860)
(cherry picked from commit 3e56212d6d)
(cherry picked from commit 4f619bc585)
(cherry picked from commit 06a47ea56e)
2023-11-13 12:21:09 +01:00
Earl Warren 2817ce027c
[UPGRADE] add sanity checks for [storage*]
Refs: https://forgejo.org/2023-08-release-v1-20-3-0/
(cherry picked from commit a266dd0ce3)
(cherry picked from commit b9eb5eccd8)
(cherry picked from commit 7fc2028ede)
(cherry picked from commit 0c988e6120)
(cherry picked from commit 7ba05e8c2b)
(cherry picked from commit 2ed5068abe)
(cherry picked from commit 353913a26d)
(cherry picked from commit 4e63a01a8b)
(cherry picked from commit 99f612aed3)
(cherry picked from commit b4fe189cae)
(cherry picked from commit bd35e3b7bc)
(cherry picked from commit f59d9f7088)
(cherry picked from commit 0b2a93e044)
(cherry picked from commit 8c5d8bfea0)
2023-11-13 12:21:09 +01:00
Earl Warren db22d61eb4
[UPGRADE] run sanity checks before the database is upgraded
(cherry picked from commit 69741e4e66)
(cherry picked from commit 2a3c7b09cb)
(cherry picked from commit a1554c1168)
(cherry picked from commit edae2c6d2d)
(cherry picked from commit 49737cf009)
(cherry picked from commit ec53704c34)
(cherry picked from commit 7a1c5c0f32)
(cherry picked from commit e658c20c0f)
(cherry picked from commit baf575468f)
(cherry picked from commit 40cb14eff4)
(cherry picked from commit 25ab4d0713)
(cherry picked from commit 5a29005215)
(cherry picked from commit fef1260e99)
(cherry picked from commit eadbbb1afe)
2023-11-13 12:21:09 +01:00
Earl Warren fd1c3a6d09
[SEMVER] store SemVer in ForgejoSemVer after a database upgrade
(cherry picked from commit b7fe7cf401)
(cherry picked from commit cf339eed4f)
(cherry picked from commit 4f3a16168b)
(cherry picked from commit 6f5bbc53fc)
(cherry picked from commit aca42b422e)
(cherry picked from commit 5a7f7580e5)
(cherry picked from commit 06c383c807)
(cherry picked from commit fe831dcb53)
(cherry picked from commit cd12cd0dbc)
(cherry picked from commit cc79163703)
(cherry picked from commit 0102a5715e)
(cherry picked from commit 403f7520b3)
(cherry picked from commit a3b61510a2)
(cherry picked from commit f83f0f9feb)
2023-11-13 12:21:08 +01:00
Gusted ac56c7a202
[DB] forgejo migration v1: add blocked user migration
(cherry picked from commit 66afddd511)
(cherry picked from commit 19da0dee9d)
(cherry picked from commit 0b725af693)
(cherry picked from commit 64d4de2b66)
(cherry picked from commit 05bc9d3b7f)
(cherry picked from commit 5958553066)
(cherry picked from commit c4f77e26c9)
(cherry picked from commit 3034832c66)
(cherry picked from commit d48931ec5b)
(cherry picked from commit b1e0d53c28)
(cherry picked from commit e3de35fe15)
(cherry picked from commit 3b2712c3d6)
(cherry picked from commit 00c6940851)
2023-11-13 12:21:08 +01:00
Earl Warren 10e8a4f8b8
[DB] forgejo migration v2: create the forgejo_sem_ver table
(cherry picked from commit 86b26436af)
(cherry picked from commit 479cba59ac)
(cherry picked from commit 4765f9a889)
(cherry picked from commit af771410bf)
(cherry picked from commit d1ea9305d8)
(cherry picked from commit f77e1bb7ab)
(cherry picked from commit 0b95f8fe89)
(cherry picked from commit 4f8fb2390a)
(cherry picked from commit 8ea0e22ff6)
(cherry picked from commit 43ac19ac59)
(cherry picked from commit 0d2f63df4f)
(cherry picked from commit d02a8036fd)
(cherry picked from commit 1fe4c7db94)
(cherry picked from commit d641cdeaf0)
2023-11-13 12:21:08 +01:00
Gusted 6c0aa7dd4f
[DB] Forgejo database migrations
- Implements https://codeberg.org/forgejo/discussions/issues/32#issuecomment-918737
- Allows to add Forgejo-specific migrations that don't interfere with Gitea's migration logic. Please do note that we cannot liberally add migrations for Gitea tables, as they might do their own migrations in a future version on that table, and that could undo our migrations. Luckily,  we don't have a scenario where that's needed and thus not taken into account.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/795
(cherry picked from commit 8ee32978c0)
(cherry picked from commit c240b34f59)
(cherry picked from commit 03936c6492)
(cherry picked from commit a20ed852f8)
(cherry picked from commit 1dfa82676f)
(cherry picked from commit c39ae0bf8a)
(cherry picked from commit cfaff08996)
(cherry picked from commit 94a458835a)
(cherry picked from commit 61a3cf77df)
(cherry picked from commit abb350fde8)
(cherry picked from commit 5194829d6b)
(cherry picked from commit 89239a60f2)
(cherry picked from commit 683cfd86ef)
(cherry picked from commit f4546cfed9)
(cherry picked from commit 86614d5826)
(cherry picked from commit e4b9c32187)
(cherry picked from commit 8c253719af)
(cherry picked from commit 857365d6c1)
(cherry picked from commit a488b3952f)
(cherry picked from commit 98313c4910)
(cherry picked from commit 430d95e824)
(cherry picked from commit 08bf9d918f)
(cherry picked from commit f8a170e2d0)
(cherry picked from commit d20e325378)
2023-11-13 12:21:08 +01:00
Earl Warren 1a7afe4153
[TESTS] oauth2: add integration test helpers
(cherry picked from commit e11dcc60f2)

use backticks to avoid backslash

(cherry picked from commit 34212791ee)
(cherry picked from commit bde9473c69)
(cherry picked from commit d4deb43084)
(cherry picked from commit 08e91649b0)
(cherry picked from commit 2b988e5415)

[TESTS] auth LinkAccount test coverage (squash)

(cherry picked from commit a2b2e3066b)
(cherry picked from commit 841d1b5073)
(cherry picked from commit 35da630ad8)
(cherry picked from commit caf2dc4fa7)
(cherry picked from commit 6eb81e67ba)
(cherry picked from commit d59757239f)
(cherry picked from commit 38a121b688)
(cherry picked from commit 20613874ee)
(cherry picked from commit 6d2705e108)
(cherry picked from commit f177b72814)
(cherry picked from commit 75e1fc4c83)
(cherry picked from commit ba64fa9867)
(cherry picked from commit 0b8ab0893e)
(cherry picked from commit 1419d11435)
(cherry picked from commit 38766847e0)
(cherry picked from commit 6f23426a6a)
(cherry picked from commit 9e0ff9ca54)
(cherry picked from commit 353f3601c3)
(cherry picked from commit 6e4ae401d8)
2023-11-13 12:21:08 +01:00
Earl Warren 89705502c4
[CLI] implement forgejo-cli
(cherry picked from commit 2555e315f7)
(cherry picked from commit 51b9c9092e)

[CLI] implement forgejo-cli (squash) support initDB

(cherry picked from commit 5c31ae602a)
(cherry picked from commit bbf76489a7)

Conflicts:
	because of d0dbe52e76
	upgrade to https://pkg.go.dev/github.com/urfave/cli/v2
(cherry picked from commit b6c1bcc008)

[CLI] implement forgejo-cli actions

(cherry picked from commit 08be2b226e)
(cherry picked from commit b6cfa88c6e)
(cherry picked from commit 59704200de)

[CLI] implement forgejo-cli actions generate-secret

(cherry picked from commit 6f7905c8ec)
(cherry picked from commit e085d6d273)

[CLI] implement forgejo-cli actions generate-secret (squash) NoInit

(cherry picked from commit 962c944eb2)

[CLI] implement forgejo-cli actions register

(cherry picked from commit 2f95143000)
(cherry picked from commit 42f2f8731e)

[CLI] implement forgejo-cli actions register (squash) no private

Do not go through the private API, directly modify the database

(cherry picked from commit 1ba7c0d39d)

[CLI] implement forgejo-cli actions

(cherry picked from commit 6f7905c8ec)
(cherry picked from commit e085d6d273)

[CLI] implement forgejo-cli actions generate-secret (squash) NoInit

(cherry picked from commit 962c944eb2)
(cherry picked from commit 4c121ef022)

Conflicts:
	cmd/forgejo/actions.go
	tests/integration/cmd_forgejo_actions_test.go
(cherry picked from commit 36997a48e3)

[CLI] implement forgejo-cli actions (squash) restore --version

Refs: https://codeberg.org/forgejo/forgejo/issues/1134
(cherry picked from commit 9739eb52d8)

[CI] implement forgejo-cli (squash) the actions subcommand needs config

(cherry picked from commit def638475122a26082ab3835842c84cd03839154)

Conflicts:
	cmd/main.go
	https://codeberg.org/forgejo/forgejo/pulls/1209
(cherry picked from commit a1758a3910)
(cherry picked from commit 935fa650c7)
(cherry picked from commit cd21026bc9)
(cherry picked from commit 1700b8973a)
(cherry picked from commit 1def42a379)
(cherry picked from commit 839d97521d)
(cherry picked from commit fd8c13be6b)
(cherry picked from commit 588e5d552f)
(cherry picked from commit 151a726620)

[v1.22] [CLI] implement forgejo-cli

https://codeberg.org/forgejo/forgejo/pulls/1541
(cherry picked from commit 46708de7b9)
(cherry picked from commit a8e5c1369e)
(cherry picked from commit c8a32aaf24)

Conflicts:
	models/actions/main_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1656
(cherry picked from commit 79f4553063)
(cherry picked from commit 0379da0cf5)
(cherry picked from commit 331d58c085)
2023-11-13 11:51:54 +01:00
KN4CK3R 3081e7e153
Fix missing mail reply address (#27997)
Fixes https://codeberg.org/forgejo/forgejo/issues/1458

Some mails such as issue creation mails are missing the reply-to-comment
address. This PR fixes that and specifies which comment types should get
a reply-possibility.
2023-11-13 03:20:34 +00:00
Nanguan Lin d95102d650
Fix wrong xorm Delete usage (#27995)
## Bug in Gitea
I ran into this bug when I accidentally used the wrong redirect URL for
the oauth2 provider when using mssql. But the oauth2 provider still got
added.
Most of the time, we use `Delete(&some{id: some.id})` or
`In(condition).Delete(&some{})`, which specify the conditions. But the
function uses `Delete(source)` when `source.Cfg` is a `TEXT` field and
not empty. This will cause xorm `Delete` function not working in mssql.

61ff91f960/models/auth/source.go (L234-L240)

## Reason
Because the `TEXT` field can not be compared in mssql, xorm doesn't
support it according to [this
PR](https://gitea.com/xorm/xorm/pulls/2062)
[related
code](b23798dc98/internal/statements/statement.go (L552-L558))
in xorm
```go
if statement.dialect.URI().DBType == schemas.MSSQL && (col.SQLType.Name == schemas.Text ||
   col.SQLType.IsBlob() || col.SQLType.Name == schemas.TimeStampz) {
   if utils.IsValueZero(fieldValue) {
     continue
   }
   return nil, fmt.Errorf("column %s is a TEXT type with data %#v which cannot be as compare condition", col.Name, fieldValue.Interface())
   }
}
```
When using the `Delete` function in xorm, the non-empty fields will
auto-set as conditions(perhaps some special fields are not?). If `TEXT`
field is not empty, xorm will return an error. I only found this usage
after searching, but maybe there is something I missing.

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-11-12 07:38:45 +00:00
Nanguan Lin 966dcb99e3
Fix 500 when deleting a dismissed review (#27903)
Fix #27767 
Add a test to ensure its behavior
2023-11-05 13:25:40 +00:00
Earl Warren 59f9ef9fee
Remove action runners on user deletion (#27902)
- On user deletion, delete action runners that the user has created.
- Add a database consistency check to remove action runners that have
nonexistent belonging owner.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1720

(cherry picked from commit 009ca7223d)

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-05 13:48:32 +01:00
Lunny Xiao d1dc9cb334
Refactor the function RemoveOrgUser (#27582)
This PR is a small refactor to merge removeOrgUser into RemoveOrgUser.
2023-11-03 14:01:45 +00:00
Lunny Xiao 1bf5527eac
Refactor Find Sources and fix bug when view a user who belongs to an unactive auth source (#27798)
The steps to reproduce it.

First, create a new oauth2 source.
Then, a user login with this oauth2 source.
Disable the oauth2 source.
Visit users -> settings -> security, 500 will be displayed.
This is because this page only load active Oauth2 sources but not all
Oauth2 sources.
2023-11-03 01:41:00 +00:00
KN4CK3R 4776fde9e1
Display issue task list on project cards (#27865)
Display the issue task list on project cards.


![grafik](https://github.com/go-gitea/gitea/assets/1666336/e6cb3196-8980-403c-9795-3a7b03fbfb3c)

Co-authored-by: Giteabot <teabot@gitea.io>
2023-11-02 11:42:02 +01:00
JakobDev c8602a8dfa
Add Index to pull_auto_merge.doer_id (#27811)
Reported at https://codeberg.org/forgejo/forgejo/issues/1677

This column is used by
[deleteUser](f089be91da/services/user/delete.go (L90)).

Note: This PR contains a Migration, so we can't backport it to 1.21.
2023-10-30 08:39:29 +00:00
KN4CK3R b36e2ca419
List all Debian package versions in Packages (#27786)
Closes #27783

This PR lists all and not only the latest package versions in the
`Packages` index.
2023-10-29 14:14:47 +00:00
Nanguan Lin e75b89ea6e
Upgrade xorm to 1.3.4 (#27807)
Noticeable change: 
Remove the `OrderBy("1") `
[patch](https://github.com/go-gitea/gitea/pull/27673#issuecomment-1768570142)
for mssql since xorm has [fixed
it](0f085408af).
2023-10-27 13:28:53 +02:00
Nanguan Lin 1eae2aadae
Fix issue not showing on default board and add test (#27720)
See https://github.com/go-gitea/gitea/pull/27718#issuecomment-1773743014
. Add a test to ensure its behavior.
Why this test uses `ProjectBoardID=0`? Because in `SearchOptions`,
`ProjectBoardID=0` means what it is. But in `IssueOptions`,
`ProjectBoardID=0` means there is no condition, and
`ProjectBoardID=db.NoConditionID` means the board ID = 0.
It's really confusing. Probably it's better to separate the db search
engine and the other issue search code. It's really two different
systems. As far as I can see, `IssueOptions` is not necessary for most
of the code, which has very simple issue search conditions.
2023-10-25 11:51:49 +00:00
silverwind ce83609ff6
Upgrade to golangci-lint@v1.55.0 (#27756)
https://github.com/golangci/golangci-lint/releases/tag/v1.55.0
2023-10-24 02:54:59 +00:00
6543 b2f828db5e
refactor: make db iterate context aware (#27710)
the iteration will run until finished atm.

this changes it by checking if if the context got canceled before each
run of a loop sequence is executed

[View this pull with now
whitespace](https://github.com/go-gitea/gitea/pull/27710/files?diff=unified&w=1)
2023-10-21 10:05:29 +08:00
Nanguan Lin 881806a50b
Replace -1 with GhostUserID (#27703) 2023-10-20 14:43:08 +00:00
Nanguan Lin eb1478791f
Clean some functions about project issue (#27705)
1. remove unused function `MoveIssueAcrossProjectBoards`
2. extract the project board condition into a function
3. use db.NoCondition instead of -1. (BTW, the usage of db.NoCondition
is too confusing. Is there any way to avoid that?)
4. remove the unnecessary comment since the ctx refactor is completed.
5. Change `b.ID != 0` to `b.ID > 0`. It's more intuitive but I think
they're the same since board ID can't be negative.
2023-10-20 14:01:25 +02:00
6543 adbc995c34
Show total TrackedTime on issue/pull/milestone lists (#26672)
TODOs:
- [x] write test for `GetIssueTotalTrackedTime`
- [x] frontport kitharas template changes and make them mobile-friendly

---

![image](https://github.com/go-gitea/gitea/assets/24977596/6713da97-201f-4217-8588-4c4cec157171)

![image](https://github.com/go-gitea/gitea/assets/24977596/3a45aba8-26b5-4e6a-b97d-68bfc2bf9024)

---
*Sponsored by Kithara Software GmbH*
2023-10-19 14:08:31 +00:00
Nanguan Lin e91d4f106b
Upgrade xorm (#27673)
Related to https://gitea.com/xorm/xorm/pulls/2341
2023-10-19 10:25:57 +00:00
Nanguan Lin 80a0ab350b
Add unit tests for action runner token (#27670)
In case the behavior of the register token changes.
2023-10-19 07:24:24 +00:00
Jason Song 0a2b93d411
Fix typo "GetLatestRunnerToken" (#27680) 2023-10-18 15:52:44 +00:00
Lunny Xiao cddf245c12
Replace more db.DefaultContext (#27628)
Target #27065
2023-10-15 17:46:06 +02:00
JakobDev 76a85a4ce9
Final round of db.DefaultContext refactor (#27587)
Last part of #27065
2023-10-14 08:37:24 +00:00
KN4CK3R c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
Nanguan Lin dc04044716
Replace assert.Fail with assert.FailNow (#27578)
assert.Fail() will continue to execute the code while assert.FailNow()
not. I thought those uses of assert.Fail() should exit immediately.
PS: perhaps it's a good idea to use
[require](https://pkg.go.dev/github.com/stretchr/testify/require)
somewhere because the assert package's default behavior does not exit
when an error occurs, which makes it difficult to find the root error
reason.
2023-10-11 11:02:24 +00:00
JakobDev ebe803e514
Penultimate round of db.DefaultContext refactor (#27414)
Part of #27065

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-11 04:24:07 +00:00
Lunny Xiao 7ff1f2527c
Make actions default enabled for newly created repository if global configuraion enabled (#27482) 2023-10-10 14:45:31 +00:00
Sebastian Grabowski 3c131307ac
Respect SSH.KeygenPath option when calculating ssh key fingerprints (#27536)
Fixes #27535
2023-10-10 00:01:46 +00:00
silverwind 5bf367f904
Restore warning commit status (#27504)
Partial revert of https://github.com/go-gitea/gitea/pull/25839. This
commit status is used by a number of external integrations, so I think
we should not remove it (See
https://github.com/go-gitea/gitea/pull/25839#issuecomment-1729002077).
This is a rare case where an existing migration needed to be alterted to
avoid data loss.

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-10-08 22:16:06 +00:00
M Hickford a825cc0f34
Pre-register OAuth application for tea (#27509)
It remains to implement OAuth login in tea
https://gitea.com/gitea/tea/issues/598

Fixes #27510
2023-10-08 03:51:08 +00:00