Commit graph

552 commits

Author SHA1 Message Date
Gergely Nagy aacc13fca8 hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Signed-off-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit 8eba631f8d)
2024-04-20 05:58:39 +00:00
Earl Warren bc1f64e3bf Merge pull request '[v7.0/forgejo] [TEST] cancel all processes on PrepareTestEnv' (#3130) from bp-v7.0/forgejo-8ffaa08-aba99ab into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3130
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-04-19 15:39:36 +00:00
0ko ae128c617b Add integration test for EasyMDE button
(cherry picked from commit 089e37026f)
2024-04-19 13:49:21 +00:00
Earl Warren 7784a6c331 Merge pull request '[v7.0/forgejo] Fix release published actions not triggering for releases created from existing tags' (#3273) from bp-v7.0/forgejo-8506dbe-46977b0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3273
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-04-19 12:51:01 +00:00
Gergely Nagy 261fc87673 Allow admins to fork repos even when creation limits are exhausted (#3277)
This is a continuation of #2728, with a test case added.

Fixes #2633.

I kept @zareck 's commit as is, because I believe it is correct. We can't move the check to `owner.CanForkRepo()`, because `owner` is the future owner of the forked repo, and may be an organization. We need to check the admin permission of the `doer`, like in the case of repository creation.

I verified that the test fails without the `ForkRepository` change, and passes with it.

Co-authored-by: Cassio Zareck <cassiomilczareck@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3277
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ea4071ca9f)
2024-04-17 06:06:48 +00:00
Laura Hausmann 145cac0865 Add tests for webhook release events
Co-authored-by: oliverpool <git@olivier.pfad.fr>
(cherry picked from commit 8506dbe2e5)
2024-04-16 18:28:54 +00:00
Gusted 0f72cd8508 [BUG] Escape editor.add_tmpl translation
- Previously translations were escaped, but now translations are
accepted as-is and will be rendered as HTML. Use `TrString` to escape
the translation value.
- Adds integration test.
- Regression of 65248945c9.
- Resolves #3260

(cherry picked from commit a0f47b8de7)
2024-04-16 16:23:25 +00:00
Earl Warren ec6b255c2c
[TESTS] disable test failure on log.Error for now (part 2)
Fixes: https://codeberg.org/forgejo/forgejo/issues/3153
(cherry picked from commit fd62033b98)
2024-04-16 10:28:48 +02:00
oliverpool dd474b72df
add missing defer
(cherry picked from commit 8ffaa08b04)
2024-04-16 10:28:48 +02:00
Earl Warren ee749c7916 Merge pull request '[v7.0/forgejo] fix(actions): call automerge service on successful commit state' (#3238) from bp-v7.0/forgejo-36f4732 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3238
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-04-15 17:52:36 +00:00
Michael Kriese f49402273f fix(actions): call automerge service on successful commit state
- Backport of https://github.com/go-gitea/gitea/pull/30225

(cherry picked from commit 36f4732e6a)
2024-04-15 16:51:22 +00:00
Gusted fe09c8860a [PORT] gitea#30430: Fix rename branch 500 when the target branch is deleted but exist in database
Fix https://github.com/go-gitea/gitea/issues/30428

---

Conflict resolution: trivial and move test to own subtest run directly
after `Normal`.

(cherrypicked commit 9466fec879f4f2c88c7c1e7a5cffba319282ab66)

(cherry picked from commit db39b8f4a7)
2024-04-15 15:52:24 +00:00
forgejo-backport-action 1b8fd7b17b [v7.0/forgejo] [BUG] Fix code search in explore reporting as git grep even with indexer enabled (#3204)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3173

regression caused in porting #2813 🫣

see https://codeberg.org/forgejo/forgejo/pulls/2688#issuecomment-1692750

Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3204
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-04-14 14:21:31 +00:00
Zottelchen bb7b211c0c Update tests/integration/api_packages_pypi_test.go
(cherry picked from commit 14badb37fe)
2024-04-12 22:23:58 +00:00
Gergely Nagy fd5abfd244 Fix the settings tab highlighting
When visiting a repos `/settings/units` page, highlight the active tab
properly: "Add more..." if the tab is displayed, or "Settings"
otherwise.

Fixes #3188.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 65ed86e396)
2024-04-12 20:46:24 +00:00
Earl Warren 50822f361e
Do not update PRs based on events that happened before they existed
* Split TestPullRequest out of AddTestPullRequestTask
* A Created field is added to the Issue table
* The Created field is set to the time (with nano resolution) on creation
* Record the nano time repo_module.PushUpdateOptions is created by the hook
* The decision to update a pull request created before a commit was
  pushed is based on the time (with nano resolution) the git hook
  was run and the Created field

It ensures the following happens:

* commit C is pushed
* the git hook queues AddTestPullRequestTask for processing and returns with success
* TestPullRequest is not called yet
* a pull request P with commit C as the head is created
* TestPullRequest runs and ignores P because it was created after the commit was received

When the "created" column is NULL, no verification is done, pull
requests that were created before the column was created in the
database cannot be newer than the latest call to a git hook.

Fixes: https://codeberg.org/forgejo/forgejo/issues/2009
(cherry picked from commit 998a431747)

Conflicts:
	models/forgejo_migrations/migrate.go
	see https://codeberg.org/forgejo/forgejo/pulls/3165#issuecomment-1755941
	services/pull/pull.go
	trivial conflicts
2024-04-12 10:41:19 +02:00
oliverpool 01dc275a19 webhook: add admin-hooks tests
(cherry picked from commit 9a94019db4)
2024-04-09 21:57:34 +00:00
oliverpool 457370bfce webhook: add admin-hooks new list test
(cherry picked from commit c1f7c49804)
2024-04-09 21:57:34 +00:00
oliverpool 373200e986 webhook: add org tests
(cherry picked from commit 7d95cf6472)
2024-04-09 21:57:34 +00:00
Shiny Nematoda 328f694a33 [FEAT] Support Include/Exclude Filters for Grep (#3058)
fixes `TestRepoSearch` failing occasionally

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3058
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
(cherry picked from commit baac15f316)
2024-04-06 17:38:32 +00:00
forgejo-backport-action 706a7ad41e [v7.0/forgejo] Fix "view file" button in diff compare view (#3077)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3046

This PR fixes an issue in the diff compare view, where when working on a fork that has not the same name as the upstream repo, the "View file" button links to a wrong, often missing, location.

Demonstration of this issue:
- Visit https://next.forgejo.org/mai-lapyst-test-org/upstream/compare/main...Mai-Lapyst/downstream:mai-lapyst-patch-1.
- Click the "View file" button of the patch.
- Get taken to `4fe947d522/README.md` (which does not exist and returns a 404) instead of `4fe947d522/README.md`. Note the different repository name (`upstream` vs `downstream`).

Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3077
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-04-06 13:24:55 +00:00
forgejo-backport-action 5bde9555b1 [v7.0/forgejo] Add optional pronoun field in user settings (#3076)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/1518

An attempt at adding an optional pronoun field for user profiles, as suggested here 3 years ago: https://github.com/go-gitea/gitea/issues/13990

![A Forgejo profile showing pronouns to the right of the user's username](/attachments/2e5ff300-d333-46db-9074-f030f199843c)

I made this for [my own instance](https://git.gay/h) and didn't initially think I'd make a PR because of the previous closed issue, but I thought I'd ask the Forgejo matrix chat to see if there was any support and there was!

I'm told I should make a database migration, some help as to how to do that would be appreciated.

Co-authored-by: hazycora <hazysu@riseup.net>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3076
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-04-06 13:23:43 +00:00
Earl Warren 1065ee4a60 Merge pull request '[v7.0/forgejo] Fix #3030 add Cache-Control header for health-check' (#3074) from bp-v7.0/forgejo-323d7ad-84f5115-d2ff8f8-b210a3e into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3074
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-06 09:55:19 +00:00
Earl Warren 3da5ad9a00 Merge pull request '[v7.0/forgejo] feat: improve nuget nuspec api' (#3073) from bp-v7.0/forgejo-bc72fd7 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3073
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-06 09:50:50 +00:00
Ada 7aa0999c9f Remove useless t.run
(cherry picked from commit 323d7ad507)
2024-04-06 08:44:23 +00:00
Ada 8ddfd26d97 Add health-check test
(cherry picked from commit 84f5115bd1)
2024-04-06 08:44:23 +00:00
Michael Kriese 091400b656 feat: improve nuget nuspec api
(cherry picked from commit bc72fd7f46)
2024-04-06 08:32:53 +00:00
oliverpool 4a8eb1caa1 [TEST] webhook creation payload ref
(cherry picked from commit 9d2919248b)
2024-04-06 07:30:48 +00:00
oliverpool 82b92c3f2c [FEAT] sourcehut webhooks
(cherry picked from commit ed9dd0e62a)
2024-04-05 19:36:04 +00:00
Earl Warren 2024519bb4 Merge pull request '[v7.0/forgejo] [FEAT] Add label filters in organization issues dashboard' (#3038) from bp-v7.0/forgejo-8d13ed4 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3038
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-04 19:41:54 +00:00
iminfinity cb0c6b52be add label filters in org/{org_name}/issues
(cherry picked from commit 8d13ed4a8d)
2024-04-04 17:37:56 +00:00
Gusted aefdf17a75 [BUG] Fix crash in issue forms
- Fix a crash in the issue forms, because `ctx.Ctx` was trying to be
accessed, however this is not set in all contexts thus could result to NPE.
- Adds integration test.
- Resolves #3011

(cherry picked from commit b0cd0ebb91)
2024-04-04 16:57:55 +00:00
Earl Warren 594c9c4570 Merge pull request '[v7.0/forgejo] Port archived labels visual filter' (#3009) from bp-v7.0/forgejo-53dc9f3-1060b7c-cab47bb-4b09dd1 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3009
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-04-04 07:31:38 +00:00
0ko 64bbd545a2 Add integration test for (non-)archived label properties
(cherry picked from commit 53dc9f3393)
2024-04-03 20:14:39 +00:00
Gusted 5c3dff26d6 [FEAT] Allow non-explicit push options
- Currently the parsing of the push options require that `=` is present
in the value, however we shouldn't be that strict and assume if that's
not set the value is `true`.
- This allow for more natural commands, so become `-o force-push=true`
simply `-o force-push`.
- Add unit test.

(cherry picked from commit f5ad6d4be5)
2024-04-03 19:04:01 +00:00
Gusted 858fbbaafd [BUG] Disable 'View at this point in history' for wikis
- Don't show the 'View at this point in history' button for wikis as
wikis don't have this feature.
- Adds integration test
- Resolves https://codeberg.org/forgejo/forgejo/issues/2995

(cherry picked from commit 8df9100994)
2024-04-03 17:10:28 +00:00
oliverpool 585e6137f7 [TESTS] pull review deleted from gitea#29888
Instead of db.TruncateBeans(db.DefaultContext, &issues_model.Review{}), reviews are deleted using issue.DeleteReview

(cherry picked from commit 6b857193ff)
2024-04-03 08:13:14 +00:00
0ko f3b6759ab7 [I18N] Allow custom repo size format
Following https://codeberg.org/forgejo/forgejo/pulls/2528#issuecomment-1721846

- simplify the code
- allow to have custom format in translations
- provide proper Russian translation because test depends on it
2024-04-02 18:04:32 +00:00
0ko 470886bf52 Rename ByteSize to ReadableSize 2024-04-02 17:29:32 +00:00
0ko e5212c8c96 Add integration test for TrSize 2024-04-02 17:29:32 +00:00
Aravinth Manivannan e13854c305 fix: respond with JSON Resource Descriptor Content-Type per RFC7033 2024-04-02 09:41:57 +00:00
Earl Warren 7db4e374ca Merge pull request '[v7.0/forgejo] [FEAT] Configure if protected branch rule should apply to admins' (#2956) from bp-v7.0/forgejo-79b7089 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2956
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-02 05:51:43 +00:00
Gusted 029bcd361a [FEAT] Configure if protected branch rule should apply to admins
- Currently protected branch rules do not apply to admins, however in
some cases (like in the case of Forgejo project) you might also want to
apply these rules to admins to avoid accidental merges.
- Add new option to configure this on a per-rule basis.
- Adds integration tests.
- Resolves #65
2024-04-01 19:31:43 +00:00
oliverpool 4706b644f8
[TESTS] deliver webhooks on localhost
(cherry picked from commit bd97bd875d)
2024-04-01 16:36:04 +02:00
oliverpool 966faddee4
[TESTS] prevent overriding testlogger when calling mainApp
(cherry picked from commit 5785ae72c7)
2024-04-01 16:36:04 +02:00
Gergely Nagy 9ecd041975 An integration test for SSH signed tags
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-01 13:42:11 +00:00
wxiaoguang ea4755be6d
Relax generic package filename restrictions (#30135)
Now, the chars `=:;()[]{}~!@#$%^ &` are possible as well
Fixes #30134

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 1ad48f781eb0681561b083b49dfeff84ba51f2fe)
2024-03-30 07:17:31 +01:00
Lunny Xiao 3ba127c618
[Port] gitea#29999: Fix Add/Remove WIP on pull request title failure
Fix #29997

---

Conflict resolution:
- Use Forgejo's user blocking feature (services/issue/issue.go)
- Trivial (tests/integration/pull_review_test.go)
Ref: https://codeberg.org/forgejo/forgejo/pulls/2872
(cherry picked from commit 475b6e839caa88994318f905f0965c3b418f876a)
2024-03-29 12:21:51 +01:00
Earl Warren 6bf6a473cf Merge pull request '[BUG] Do not allow deletion of internal references' (#2834) from gusted/forgejo-internal-reference into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2834
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-28 16:53:53 +00:00
Jimmy Praet 003881b06d
[Port] gitea#29842: Notify reviewers added via CODEOWNERS
Fixes https://github.com/go-gitea/gitea/issues/28297

This PR also fixed a problem that it needs a database transaction when
removing the WIP title.

---

Resolves #2771
Also partially ports gitea#29783

(cherry picked from commit 17d7ab5ad4ce3d0fbc1251572c22687c237a30b1)
2024-03-28 14:58:39 +01:00