Commit graph

13615 commits

Author SHA1 Message Date
KN4CK3R 6b7ce726c2
Prevent Authorization header for presigned LFS urls (#21531) (#21569)
Backport of #21531

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 11:18:31 +08:00
Lunny Xiao 92b5f48c40
Update binding to fix bugs (#21560)
backport #21556, Fix #19698
2022-10-24 02:17:13 +01:00
silverwind 8043fbce09
Check for valid user token in integration tests (#21520) (#21529)
Backport #21520

Added checks for logged user token.

Some builds fail at unrelated tests, due to missing token.

Co-authored-by: Vladimir Yakovlev <nagos@inbox.ru>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-22 17:22:11 +08:00
Lunny Xiao 556e2d5506
Fix generating compare link (#21519) (#21530)
Fix #6318, backport #21519

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2022-10-21 20:59:27 +08:00
delvh 675c14aba6
Ignore error when retrieving changed PR review files (#21487) (#21524)
When a PR reviewer reviewed a file on a commit that was later gc'ed,
they would always get a `500` response from then on when loading the PR.
This PR simply ignores that error and instead marks all files as
unchanged.
This approach was chosen as the only feasible option without diving into
**a lot** of error handling.

Fixes #21392
Backport of #21487

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-20 23:25:54 +08:00
silverwind 4b4adb1cc9
Enable Monaco automaticLayout (#21516)
Enable
[`automaticLayout`](https://microsoft.github.io/monaco-editor/api/interfaces/monaco.editor.IDiffEditorOptions.html#automaticLayout)
for monaco so it can reflow itself.

Fixes: https://github.com/go-gitea/gitea/issues/21508
2022-10-19 21:12:37 +01:00
wxiaoguang 19df07f021
Fix incorrect notification commit url (#21479) (#21483)
Backport #21479

For normal commits the notification url was wrong because oldCommitID is
received from the shrinked commits list.

This PR moves the commits list shrinking after the oldCommitID
assignment.
2022-10-18 15:46:13 +08:00
KN4CK3R 5a84558e7c
Display total commit count in hook message (#21400) (#21481)
Backport of #21400

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-17 10:37:44 -04:00
KN4CK3R 46053c092d
Enforce grouped NuGet search results (#21442) (#21480)
Backport of #21442
2022-10-17 13:07:19 +08:00
Gusted 3f032759ed
Return 404 when user is not found on avatar (#21476) (#21477)
- Backport #21476
- Instead of returning a 500 Internal Server when the user wasn't found,
return 404 Not found.
2022-10-17 00:56:58 +08:00
6543 f48fda8eef
Changelog v1.17.3 (#21456) 2022-10-15 15:08:17 +02:00
6543 cd48a007bb
improve code quality (#21464) (#21463)
Backport #21464 and #21465

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-15 14:24:39 +02:00
zeripath 6afbef5a8b
Do DB update after merge in hammer context (#21401) (#21416)
Backport #21401

When merge was changed to run in the background context, the db updates
were still running in request context. This means that the merge could
be successful but the db not be updated.

This PR changes both these to run in the hammer context, this is not
complete rollback protection but it's much better.

Fix #21332

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-12 15:52:21 +08:00
Gusted d745780014
Add Num{Issues,Pulls} stats checks (#21404) (#21414)
Backport #21404

Currently `repository.Num{Issues,Pulls}` weren't checked and could
become out-of-consistency. Adds these two checks to `CheckRepoStats`.

Fix incorrect SQL query for `repository.NumClosedPulls`, the check
should be for `repo_num_pulls`.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 14:47:48 +08:00
Gusted 652abf0ae0
Bump golang.org/x/text (#21412) (#21413)
- Backport #21412
- Update the `golang.org/x/text` dependency, this fixes [a security
issue](https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ).
2022-10-11 20:00:55 +01:00
zeripath 1f804d35ca
Stop logging CheckPath returns error: context canceled (#21064) (#21405)
Backport #21064

We should only log CheckPath errors if they are not simply due to
context cancellation - and we should add a little more context to the
error message.

Fix #20709

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-11 16:35:29 +08:00
KN4CK3R c83a05f114
Set SemverCompatible to false for Conan packages (#21275) (#21366)
Backport of #21275
2022-10-10 20:46:09 +08:00
KN4CK3R a3c75ac438
Make NuGet service index publicly accessible (#21242) (#21277)
Backport of #21242

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-08 16:23:41 +01:00
M Hickford 14bc4d79c1
Parse OAuth Authorization header when request omits client secret (#21351) (#21374)
Backport #21351

This fixes error "unauthorized_client: invalid client secret" when
client includes secret in Authorization header rather than request body.
OAuth spec permits both:
https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1

Clients in possession of a client password MAY use the HTTP Basic
authentication scheme ... Alternatively, the authorization server MAY
support including the client credentials in the request-body

Sanity validation that client id and client secret in request are
consistent with Authorization header.

Improve error descriptions. Error codes remain the same.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-08 16:53:17 +08:00
M Hickford 672d54fafa
Ignore port for OAuth2 loopback redirect URIs (#21293) (#21373)
Backport #21293

Following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3

Fixes #21285
2022-10-08 09:52:35 +08:00
Jason Song 0495544b8a
Tag list should include draft releases with existing tags (#21263) (#21365)
Backport #21263.

Before, a tag for a draft release disappeared in the tag list, fix #21262.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-07 18:59:42 +08:00
John Olheiser 1fbc56d732
Fix linked account translation (#21331) (#21334) 2022-10-05 10:25:34 -04:00
wxiaoguang 1a9ba1c65d
Fix missing m.Run() in TestMain (#21341)
Backport #21340, add the missing m.Run()
2022-10-05 12:17:16 +08:00
techknowlogick cbebcc1c26
Foreign ID conflicts if ID is 0 for each item (#21271) (#21272)
The default is 0 if not defined, and that causes dupe index errors

Backport of #21271
2022-10-02 17:43:30 -04:00
6543 0e677d7b41
Update bluemonday (#21281) (#21287)
Backport #21281

https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.20

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-09-28 16:15:22 +02:00
KN4CK3R 790770aef3
Fix empty container layer history and UI (#21251) (#21278)
Backport of #21251
2022-09-27 23:10:19 +08:00
KN4CK3R 43b4c38d4f
Use absolute links in feeds (#21229) (#21265)
Backport of #21229

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-09-26 13:49:22 -04:00
wxiaoguang e79a10793f
Use en-US as fallback when using other default language (#21200) (#21256)
Only en-US has complete translations. When use other language as
default, the en-US should still be used as fallback.

Backport #21200, Close #21199
2022-09-25 22:14:57 +08:00
wxiaoguang be5411d6b5
Make Clone in VSCode link get updated correctly (#21225) (#21226)
Backport #21225, fix for #21128 (also in 1.17.3), close #21224

The indent was incorrect before, so this PR did some formatting work. 

Bypass Golang's template bug for JS string interpolation. And since
there are JS lint rules for templates, so the string interpolation is
also a must.
2022-09-23 12:10:26 +08:00
KN4CK3R bdf3be53b0
Respect REQUIRE_SIGNIN_VIEW for packages (#20873) (#21232)
Backport of #20873

When REQUIRE_SIGNIN_VIEW = true, even with public repositories, you can only see them after you login. The packages should not be accessed without login.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-09-23 11:25:53 +08:00
delvh e50473e6bb
Prevent invalid behavior for file reviewing when loading more files (#21230) (#21234)
Backport of #21230

The problem was that many PR review components loaded by `Show more`
received the same ID as previous batches, which confuses browsers (when
clicked). All such occurrences should now be fixed.

Additionally improved the background of the `viewed` checkbox.

Fixes #21228.
Fixes #20681.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-22 20:45:51 -04:00
wxiaoguang 20c135cd46
Use Go 1.19 fmt for Gitea 1.17, sync emoji data (#21239)
The images used by Gitea's drone pipeline were upgraded to Go 1.19.x
It causes the lint fails because Go 1.19 uses new code format.

This PR partially backport #20758 (including the emoji-data sync),
partially fix the format manually.
2022-09-22 21:58:31 +08:00
wxiaoguang 937ef6fa90
Treat git object mode 40755 as directory (#21195) (#21218)
Backport #21195

Git uses 040000 for tree object, but some users may get 040755 for
unknown reasons, fix #21190

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-09-20 12:40:23 -04:00
Abdul Monim 54d4e664c2
Make the vscode clone link respect transport protocol (#20557) (#21128)
Backports #20557

Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: Munim Munna <6266677+monim67@users.noreply.github.com>
2022-09-20 22:01:24 +08:00
KN4CK3R c571ac6fd3
Allow uppercase ASCII alphabet in PyPI package names (#21095) (#21217)
Backport of #21095

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-09-20 17:37:24 +08:00
Lunny Xiao f663773200
Fix limited user cannot view himself's profile (#21212)
backport #21210, fix #21206

If user and viewer are equal the method should return true.
Also the common organization check was wrong as count can never be less then 0.

Tests are on main branch.
2022-09-20 16:00:46 +08:00
Lunny Xiao a28677273b
Fix template bug of admin monitor (#21209)
backport #21208
2022-09-20 08:15:08 +08:00
Jason Song c8d687997d
Fix reaction of issues (#21185) (#21196)
Backport #21185.

Fix #20860.

`CommentID` in `FindReactionsOptions` should be -1 to search reactions
with zero comment id.



8351172b6e/models/issues/reaction.go (L108-L121)

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-09-18 12:04:09 +08:00
wxiaoguang 5cb1037cb7
Fix CSV diff for added/deleted files (#21189) (#21193)
Backport #21189
Fixes #21184
Regression of #19552

Instead of using `GetBlobByPath`, use the already existing instances.
2022-09-17 18:53:04 +08:00
Tyrone Yeh 2dcea782c5
Fix pagination limit parameter problem (#21111)
backport #21109

Co-authored-by: 6543 <6543@obermui.de>
2022-09-08 20:00:42 +08:00
wxiaoguang 31842f12a4
Add MD5 back to template helper functions to avoid breaking (#21102)
In #20932 the MD5 helper function was removed from template context,
it breaks user's customized templates.

This PR adds the MD5 helper function back.
2022-09-07 19:30:52 +08:00
Lunny Xiao 32eef4aa2e
Add changelog for v1.17.2 (#21089)
Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-09-06 17:32:20 -04:00
Tyrone Yeh 449b39ea0e
Fix sub folder in repository missing add file dropdown (#21069) (#21083)
Backport #21069

In repository sub folder missing add file dropdown menu, Probably broken since #20602
2022-09-06 09:42:05 +01:00
zeripath 06f968d662
Fix hard-coded timeout and error panic in API archive download endpoint (#20925) (#21051)
Backport #20925

This commit updates the `GET /api/v1/repos/{owner}/{repo}/archive/{archive}`
endpoint which prior to this PR had a couple of issues.

1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
   which a 500 (Internal Server Error) was returned to client. For a scripted
   API client there was no clear way of telling that the operation timed out and
   that it should retry.

2. Whenever the timeout _did occur_, the code used to panic. This was caused by
   the API endpoint "delegating" to the same call path as the web, which uses a
   slightly different way of reporting errors (HTML rather than JSON for
   example).

   More specifically, `api/v1/repo/file.go#GetArchive` just called through to
   `web/repo/repo.go#Download`, which expects the `Context` to have a `Render`
   field set, but which is `nil` for API calls. Hence, a `nil` pointer error.

The code addresses (1) by dropping the hard-coded timeout. Instead, any
timeout/cancelation on the incoming `Context` is used.

The code addresses (2) by updating the API endpoint to use a separate call path
for the API-triggered archive download. This avoids producing HTML-errors on
errors (it now produces JSON errors).

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-09-06 07:54:47 +01:00
Lunny Xiao 084797b4dc
Fix delete user missed some comments (#21067) (#21068) 2022-09-06 06:48:57 +08:00
zeripath 7888a55e8c
Delete unreferenced packages when deleting a package version (#20977) (#21060)
Backport #20977

Delete a package if its last version got deleted. Otherwise removing the owner works only after the clean up job ran.

Fix #20969

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-09-04 12:17:48 -04:00
zeripath ea416d7d0e
Redirect if user does not exist on admin pages (#20981) (#21059)
Backport #20981

When on /admin/users/ endpoints if the user is no longer in the DB,
redirect instead of causing a http 500.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-09-04 12:17:35 -04:00
zeripath 0db6add5c0
Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902) (#21058)
Backport #20902

When setting.Git.DisablePartialClone is set to false then the web server will add filter support to web http. It does this by using`-c` command arguments but this will not work on gitea serv as the upload-pack and receive-pack commands do not support this.

Instead we move these options into the .gitconfig instead.

Fix #20400

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-09-04 12:17:27 -04:00
qwerty287 0ecbb71bee
Fix 500 on time in timeline API (#21052) (#21057)
Backport #21052

Before converting a TrackedTime for the API we need to load its attributes - otherwise we get an NPE.

Fix #21041
2022-09-04 16:12:37 +01:00
Jason Song ea38455e1f
Fill the specified ref in webhook test payload (#20961) (#21055)
Backport #20961

The webhook payload should use the right ref when it‘s specified in the testing request.

The compare URL should not be empty, a URL like `compare/A...A` seems useless in most cases but is helpful when testing.
2022-09-04 16:12:01 +01:00