Commit graph

959 commits

Author SHA1 Message Date
KN4CK3R 00705da102
Unify two factor check (#27915) (#27939)
Backport of #27915

Fixes #27819

We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.
2023-11-06 23:06:21 +01:00
Giteabot 4a48370d91
Fix DownloadFunc when migrating releases (#27887) (#27889)
Backport #27887 by @Zettat123

We should not use `asset.ID` in DownloadFunc because DownloadFunc is a
closure.

1bf5527eac/services/migrations/gitea_downloader.go (L284-L295)

A similar bug when migrating from GitHub has been fixed in #14703. This
PR fixes the bug when migrating from Gitea and GitLab.

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-11-03 08:29:30 +00:00
Giteabot 2147bfde05
Fix package webhook (#27839) (#27854)
Backport #27839 by @lunny

Fix #23742

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-31 11:26:06 +01:00
Giteabot ca4418eff1
Support allowed hosts for webhook to work with proxy (#27655) (#27674)
Backport #27655 by @wolfogre

When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-10-18 15:07:20 +02:00
Giteabot 80c0c88152
Fix poster is not loaded in get default merge message (#27657) (#27665)
Backport #27657 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-17 18:20:23 +02:00
Giteabot 7b96f71bc7
Fix attachment download bug (#27486) (#27570)
Backport #27486 by @lunny

Fix #27204

This PR allows `/<username>/<reponame>/attachments/<uuid>` access with
personal access token and also changed attachments API download url to
it so it can be download correctly.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-11 04:38:50 +02:00
yp05327 e6d1afaee3
Avoid run change title process when the title is same (#27467) (#27557)
Backport #27467 manually.
2023-10-10 09:01:24 +02:00
Giteabot 23139aa27b
Allow get release download files and lfs files with oauth2 token format (#26430) (#27378)
Backport #26430 by @lunny

Fix #26165
Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-01 19:54:15 +08:00
Giteabot 4b37eb2c23
Fix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27249)
Backport #27203 by @Nabapadma-sarker

Fixes #27202

Co-authored-by: Nabapadma-sarker <nabapadmacse1991@gmail.com>
2023-09-25 07:02:08 +00:00
Giteabot d8583edfe7
Fix release URL in webhooks (#27182) (#27184)
Backport #27182 by @jolheiser

Resolves #27180

`URL` points to the API URL, `HTMLURL` points to the web page.

Notably, however, for PRs they are the same URL. I switched them to use
HTMLURL to match the rest of the codebase terminology.

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-09-21 23:59:27 +00:00
Giteabot 25233a9bdc
Fix successful return value for SyncAndGetUserSpecificDiff (#27152) (#27156)
Backport #27152 by @delvh

A function should not return an error when it is successful.
Otherwise, things like
https://discord.com/channels/322538954119184384/322538954119184384/1153705341620600833
happen…

Co-authored-by: delvh <dev.lh@web.de>
2023-09-21 00:58:13 +02:00
Giteabot 882e465c3a
services/wiki: Close() after error handling (#27129) (#27137)
Backport #27129 by @earl-warren

Refs: https://codeberg.org/forgejo/forgejo/pulls/1385

Signed-off-by: Lars Lehtonen <lars.lehtonen@gmail.com>
(cherry picked from commit 589e7d346f)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Lars Lehtonen <lars.lehtonen@gmail.com>
2023-09-19 15:13:23 +00:00
techknowlogick b6fd1e48c0
Improve LDAP group config documentation (#21227) (#26921)
backport #21227

author @svenseeberg

Co-authored-by: Sven Seeberg <mail@sven-seeberg.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-05 22:41:10 -04:00
Giteabot 302c03c4a9
Sync tags when adopting repos (#26816) (#26834)
Backport #26816 by @Zettat123

Fixes #26138

Sync the tags into database when adopting repos

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-08-31 02:15:28 +00:00
Giteabot 41bae29f84
check blocklist for emails when adding them to account (#26812) (#26831)
Backport #26812 by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-08-31 00:52:19 +00:00
Giteabot 4013f3f600
Fix some slice append usages (#26778) (#26798)
Backport #26778 by @harryzcy

Co-authored-by: Chongyi Zheng <git@zcy.dev>
Co-authored-by: delvh <dev.lh@web.de>
2023-08-29 16:13:24 +00:00
Lunny Xiao a1cec4141e
Fix bug for ctx usage (#26763)
Fix #26684 
Backport #26762
2023-08-28 12:20:31 +08:00
Giteabot fe78aabc67
Add branch_filter to hooks API endpoints (#26599) (#26632)
Backport #26599 by @yardenshoham

We now include the branch filler in the response.

- Closes #26591 

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2023-08-21 12:17:19 +00:00
Giteabot 7da85fa0c3
Sync repo's IsEmpty status correctly (#26517) (#26560)
Backport #26517 by @wxiaoguang

Close #26509

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-17 05:12:14 +00:00
Giteabot 24d6aacc7e
Use object-fit: contain for oauth2 custom icons (#26493) (#26498)
Backport #26493 by @wxiaoguang

It works for various sizes.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-14 16:56:15 +00:00
Giteabot acc0fd22d8
Add ThreadID parameter for Telegram webhooks (#25996) (#26480)
Backport #25996

Telegram has recently implemented threads (channels) for group chats.

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: neveraskedtoexist <matikot415@gmail.com>
2023-08-14 08:55:17 +08:00
Lunny Xiao 368e9e0f1b
Add transaction when creating pull request created dirty data (#26259) (#26437)
Backport #26259 

This PR will introduce a transaction on creating pull request so that if
some step failed, it will rollback totally. And there will be no dirty
pull request exist.

Co-authored-by: Giteabot <teabot@gitea.io>
2023-08-11 05:27:23 +00:00
Giteabot dbabdf6d71
Add pull request review request webhook event (#26401) (#26407)
Backport #26401 by @yardenshoham

Add webhook events for pull request review requests

- Fixes #26371
- Added support for the "Pull request review requested" and "Pull
request review request removed" webhook events.
- Updated the `getPullRequestPayloadInfo` function in `general.go` to
handle these new webhook events.

# Before

![image](https://github.com/go-gitea/gitea/assets/20454870/bd942971-fb1d-40f3-8961-46638e3588fa)

# After

![image](https://github.com/go-gitea/gitea/assets/20454870/216e9c7d-0a4d-49f9-8492-2d14c88bbf4e)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2023-08-09 09:00:34 +00:00
Giteabot 2d1a7e1cd4
Introduce ctx.PathParamRaw to avoid incorrect unescaping (#26392) (#26405)
Backport #26392 by @wxiaoguang

Fix #26389

And complete an old TODO: `ctx.Params does un-escaping,..., which is
incorrect.`

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-09 07:31:44 +00:00
Giteabot cb1a4da5c2
Bypass MariaDB performance bug of the "IN" sub-query, fix incorrect IssueIndex (#26279) (#26368)
Backport #26279 by @wxiaoguang

Close #26277
Fix #26285

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-07 10:55:25 +00:00
delvh 39cbca0f95
Display human-readable text instead of cryptic filemodes (#26352) (#26358)
Backport #26352

Now, you don't need to be a git expert anymore to know what these numbers mean.

## Before

![grafik](https://github.com/go-gitea/gitea/assets/51889757/9a964bf6-10fd-40a6-aeb2-ac8f437f8c32)

## After

![grafik](https://github.com/go-gitea/gitea/assets/51889757/84573cb9-55b6-4dde-9866-95f71b657554)

or when the mode actually changed:

![grafik](https://github.com/go-gitea/gitea/assets/51889757/0f327538-ebdc-40e7-8c99-f9e21b67f638)
2023-08-06 23:15:01 +02:00
wxiaoguang 4fd8ac0653
Fix API leaking Usermail if not logged in (#25097) (#26350)
Backport #25097

The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.

Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-authored-by: silverwind <me@silverwind.io>
2023-08-06 20:11:39 +08:00
Giteabot 3e9475b3b2
Prevent newline errors with Debian packages (#26332) (#26342)
Backport #26332 by @KN4CK3R

Fixes #26313

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-08-05 11:41:30 +02:00
Giteabot 060026995a
Fix pull request check list is limited (#26179) (#26245)
Backport #26179 by @CaiCandong

In the original implementation, we can only get the first 30 records of
the commit status (the default paging size), if the commit status is
more than 30, it will lead to the bug #25990. I made the following two
changes.
- On the page, use the ` db.ListOptions{ListAll: true}` parameter
instead of `db.ListOptions{}`
- The `GetLatestCommitStatus` function makes a determination as to
whether or not a pager is being used.

fixed #25990

Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
2023-07-31 08:56:46 +00:00
Giteabot c5fe09db72
Warn instead of reporting an error when a webhook cannot be found (#26039) (#26211)
Backport #26039 by @puni9869

Attemp fix: #25744
Fixing the log level when we delete any repo then we get error hook not
found by id. That should be warn level to reduce the noise in the logs.

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
2023-07-29 14:47:46 +00:00
Lunny Xiao 666038a06d
Fix bug when pushing to a pull request which enabled dismiss approval automatically (#25882) (#26158)
Fix #25858
Backport #25882 

The option `dissmiss stale approvals` was listed on protected branch but
never implemented. This PR fixes that.

<img width="1006" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/60bfa968-4db7-4c24-b8be-2e5978f91bb9">

<img width="1021" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/8dabc14d-2dfe-40c2-94ed-24fcbf6e0e8f">
2023-07-27 10:36:54 +08:00
Giteabot a12d036a68
Fix bugs in LFS meta garbage collection (#26122) (#26157)
Backport #26122 by @Zettat123

This PR

- Fix #26093. Replace `time.Time` with `timeutil.TimeStamp`
- Fix #26135. Add missing `xorm:"extends"` to `CountLFSMetaObject` for
LFS meta object query
- Add a unit test for LFS meta object garbage collection

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-07-26 11:53:15 +00:00
Giteabot 81f5a87eb4
Fix version in rpm repodata/primary.xml.gz (#26009) (#26048)
Co-authored-by: Peter Verraedt <peter.verraedt@gmail.com>
2023-07-21 20:06:51 +00:00
Giteabot 227c3b67e0
Fix SSPI auth panic (#25955) (#25969)
Backport #25955 by @wxiaoguang

Try to fix #25952

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-18 22:28:06 +00:00
Giteabot de8127e78b
fix incorrect repo url when changed the case of ownername (#25733) (#25881)
Backport #25733 by @hiifong

When only the casing of the username changes, update the owner name of the repo,
and keep the original logic consistent with other conditions.

example: assume your username is `gitea`, lowercase username is `gitea` too,
repo URL is `.../gitea/{repo}`.
You change your username to `Gitea`, `GiTea` or something like that,
as long as the lowercase username is still `gitea`, the repo URL remained `.../gitea/{repo}`.

this pr keeps the new username consistent with the repo URL.

Before:

![image](https://github.com/go-gitea/gitea/assets/89133723/84177296-f0ff-4176-84f1-1f9ec3f5b86f)
![image](https://github.com/go-gitea/gitea/assets/89133723/8f8f4a12-ecdd-4dec-af89-85c009b0ccfe)

After: 

![image](https://github.com/go-gitea/gitea/assets/89133723/0564edb6-9467-405a-8cd4-d6f70e6f614b)
![image](https://github.com/go-gitea/gitea/assets/89133723/554ecd6e-e5a1-43bc-a46d-99e988c2ff58)

Co-authored-by: hiifong <i@hiif.ong>
2023-07-15 19:47:24 +02:00
Giteabot 353dcc5ad4
Fix the error message when the token is incorrect (#25701) (#25836)
Backport #25701 by @CaiCandong

we refactored `userIDFromToken` for the token parsing part into a new
function `parseToken`. `parseToken` returns the string `token` from
request, and a boolean `ok` representing whether the token exists or
not. So we can distinguish between token non-existence and token
inconsistency in the `verfity` function, thus solving the problem of no
proper error message when the token is inconsistent.
close #24439  
related #22119

Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
Co-authored-by: Jason Song <i@wolfogre.com>
2023-07-12 10:18:27 +00:00
Giteabot 2b79d3fd52
For API attachments, use API URL (#25639) (#25814)
Backport #25639 by @lunny

Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-10 12:56:16 +00:00
Giteabot a1bc2aa05e
Avoid amending the Rebase and Fast-forward merge if there is no message template (#25779) (#25809)
Backport #25779 by @wxiaoguang

Related #22669. Close #25177

After the fix:


![image](https://github.com/go-gitea/gitea/assets/2114189/0e900927-ea72-4f8f-bde6-5ed927cb02f4)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-10 10:23:54 +00:00
silverwind 24e64fe372
Replace interface{} with any (#25686) (#25687)
Same perl replacement as https://github.com/go-gitea/gitea/pull/25686
but for 1.20 to ease future backporting.
2023-07-04 23:41:32 -04:00
Giteabot 69bdcf41f3
Log the real reason when authentication fails (but don't show the user) (#25414) (#25660)
Backport #25414 by @lunny

Fix #24498

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-03 19:26:36 -04:00
Giteabot 8981f6d0fc
Fix content holes in Actions task logs file (#25560) (#25566)
Backport #25560 by @wolfogre

Fix #25451.

Bugfixes:
- When stopping the zombie or endless tasks, set `LogInStorage` to true
after transferring the file to storage. It was missing, it could write
to a nonexistent file in DBFS because `LogInStorage` was false.
- Always update `ActionTask.Updated` when there's a new state reported
by the runner, even if there's no change. This is to avoid the task
being judged as a zombie task.

Enhancement:
- Support `Stat()` for DBFS file.
- `WriteLogs` refuses to write if it could result in content holes.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-28 23:39:23 +00:00
Giteabot 9d69a4758e
Add Adopt repository event and handler (#25497) (#25518)
Backport #25497 by @lunny

Fix #14304

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-06-26 20:09:07 +00:00
John Olheiser 734fd93f59
Move some regexp out of functions (#25430) (#25445)
Partial backport of #25430

Not a bug, but worth backporting for efficiency.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-06-22 16:01:54 +00:00
Giteabot 203fe2841d
Fix Permission in API returned repository struct (#25388) (#25441)
Backport #25388 by @wolfogre

The old code generates `structs.Repository.Permissions` with only
`access.Permission.AccessMode`, however, it should check the units too,
or the value could be incorrect. For example,
`structs.Repository.Permissions.Push` could be false even the doer has
write access to code unit.

Should fix
https://github.com/renovatebot/renovate/issues/14059#issuecomment-1047961128
(Not reported by it, I just found it when I was looking into this bug)

---

Review tips:

The major changes are
- `modules/structs/repo.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-870406f6857117f8b03611c43fca0ab9ed6d6e76a2d0069a7c1f17e8fa9092f7
- `services/convert/repository.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-7736f6d2ae894c9edb7729a80ab89aa183b888a26a811a0c1fdebd18726a7101

And other changes are passive.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-22 17:01:42 +02:00
Giteabot f18b8e7d8a
Change default email domain for LDAP users (#25425) (#25434)
Backport #25425 by @Zettat123

Fixes #21169

Change `localhost` to `localhost.local`

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-06-22 10:53:15 +00:00
sebastian-sauer 30a783879f
Show outdated comments in files changed tab (#24936) (#25428)
Backport #24936

If enabled show a clickable label in the comment. A click on the label
opens the Conversation tab with the comment focussed - there you're able
to view the old diff (or original diff the comment was created on).

**Screenshots**


![image](https://github.com/go-gitea/gitea/assets/1135157/63ab9571-a9ee-4900-9f02-94ab0095f9e7)


![image](https://github.com/go-gitea/gitea/assets/1135157/78f7c225-8d76-46f5-acfd-9b8aab988a6c)

When resolved and outdated:


![image](https://github.com/go-gitea/gitea/assets/1135157/6ece9ebd-c792-4aa5-9c35-628694e9d093)

Option to enable/disable this (stored in user settings - default is
disabled):


![image](https://github.com/go-gitea/gitea/assets/1135157/ed99dfe4-76dc-4c12-bd96-e7e62da50ab5)


![image](https://github.com/go-gitea/gitea/assets/1135157/e837a052-e92e-4a28-906d-9db5bacf93a6)

fixes #24913

Co-authored-by: silverwind <me@silverwind.io>
2023-06-22 08:34:42 +00:00
wxiaoguang cb3173a1e9
Use "utf8mb4" for MySQL by default (#25432)
TBH, I don't see much difference from `Remove "CHARSET" config option
for MySQL, always use "utf8mb4"` #25413

Close #25413
2023-06-22 07:38:23 +02:00
Giteabot 6f1c95ec5b
Use the new download domain replace the old (#25405) (#25409)
Backport #25405 by @lunny

As title.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-06-21 03:59:51 +00:00
Giteabot dfefe86045
Fix LDAP sync when Username Attribute is empty (#25278) (#25379)
Backport #25278 by @Zettat123

Fix #21072


![image](https://github.com/go-gitea/gitea/assets/15528715/96b30beb-7f88-4a60-baae-2e5ad8049555)

Username Attribute is not a required item when creating an
authentication source. If Username Attribute is empty, the username
value of LDAP user cannot be read, so all users from LDAP will be marked
as inactive by mistake when synchronizing external users.

This PR improves the sync logic, if username is empty, the email address
will be used to find user.

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-06-20 13:11:22 +08:00
yp05327 d686aa0d31
Fix profile render when the README.md size is larger than 1024 bytes (#25270)
Backport #25131
2023-06-15 01:39:34 +00:00