Commit graph

19913 commits

Author SHA1 Message Date
Earl Warren d3e02eaa89 chore(licenses): make go-license 2024-05-08 19:31:56 +00:00
Renovate Bot 4bff06dafb Update module github.com/blevesearch/bleve/v2 to v2.4.0 2024-05-08 19:31:56 +00:00
Earl Warren 18c8ae844e Merge pull request 'chore(dependency): automerge all JavaScript CI dependencies' (#3676) from earl-warren/forgejo:wip-ci-renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3676
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-05-08 19:31:01 +00:00
Earl Warren 4af9d9b6c3 Merge pull request 'Update dependency @stylistic/eslint-plugin-js to v1.8.1' (#3666) from renovate/linters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3666
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:45:20 +00:00
Earl Warren bfe4995ed5 Merge pull request 'Update dependency @vue/test-utils to v2.4.6' (#3667) from renovate/vue-test-utils-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3667
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:44:26 +00:00
Earl Warren d4bb667051
chore(dependency): automerge all JavaScript CI dependencies
Make a pass to have a full inventory of JavaScript dependencies that
can be automerged because they only have an impact on the CI. It is
easier than to examine them one by one when an update is proposed.

- add packages:test which indirectly includes packages:jsUnitTest and
  a number of test dependencies such as vitest
- add prefixes for dependencies which are known to be exclusively
  used for testing (playwright, ...)
- add modules

Refs: https://docs.renovatebot.com/presets-packages
2024-05-08 19:32:24 +02:00
Earl Warren 1c3c773dac Merge pull request 'Cumulative English improvements (May 2024)' (#3668) from 0ko/forgejo:i18n-20240508 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3668
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:04:21 +00:00
Renovate Bot 7105e19468 Update dependency @stylistic/eslint-plugin-js to v1.8.1 2024-05-08 16:03:56 +00:00
Earl Warren 7729cb3ecc Merge pull request 'fix(security): CVE-2024-24788 malformed DNS message' (#3671) from earl-warren/forgejo:wip-go-1.22.3 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3671
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-05-08 14:44:52 +00:00
Earl Warren f3045f0519
fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
2024-05-08 14:25:08 +02:00
0ko b11eddfaa8 [I18N] English improvements (May 2024)
- `editor.commit_id_not_matching` was reported by https://codeberg.org/kita. I confirmed the meaning on next.forgejo.org.
- `additional_repo_units_hint` was suggested by https://codeberg.org/leana8959.
2024-05-08 08:58:25 +05:00
Renovate Bot 84224a65ff Update dependency @vue/test-utils to v2.4.6 2024-05-08 02:05:00 +00:00
Earl Warren a2c8fe0370 Merge pull request '[gitea] week 2024-19 cherry pick (gitea-github/main -> forgejo)' (#3639) from earl-warren/wcp/2024-19 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3639
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:47:53 +00:00
Michael Jerger 778dd81615 unused code of the moment 2024-05-07 18:40:27 +02:00
Michael Jerger 1a76664d56 next step on the way to federation 2024-05-07 17:58:13 +02:00
Michael Jerger 8ec570841a Merge branch 'forgejo' into forgejo-federated-star 2024-05-07 17:49:26 +02:00
Michael Jerger e122df36f8 prepare for next pr 2024-05-07 17:47:35 +02:00
Earl Warren 99d1ae52fc Merge pull request 'Update module github.com/PuerkitoBio/goquery to v1.9.2' (#3634) from renovate/github.com-puerkitobio-goquery-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3634
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-07 11:28:32 +00:00
Earl Warren cae4a5456f
chore(dependency): automerge goquery when the CI passes 2024-05-07 11:57:25 +01:00
Earl Warren 3f6e4af5a9 Merge pull request 'UI: Hide hidden email from own profile, again' (#3636) from n0toose/profile/hide-unhidden-hidden-email into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3636
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-05-07 10:39:01 +00:00
Earl Warren 420f017bce Merge pull request 'Update module github.com/cosmtrek/air to v1.52.0' (#3650) from renovate/github.com-cosmtrek-air-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3650
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-07 10:10:41 +00:00
Twenty Panda 44895011dc chore(dependencies): switch to air@v1
there are no tests but since Gitea uses @v1 since last month and Gitea
maintainers rely on make watch, it is safe to assume that upgrading is
not broken. Switching to v1 would require less scrutiny on the
upgrades. Even if there is breakage, it can be fixed with minimal
impact on the developer workflow.
2024-05-07 10:11:21 +01:00
Michael Jerger 2177d38e9c feat(federation): validate like activities (#3494)
First step on the way to #1680

The PR will

* accept like request on the api
* validate activity in a first level

You can find

* architecture at: https://codeberg.org/meissa/forgejo/src/branch/forgejo-federated-star/docs/unsure-where-to-put/federation-architecture.md

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3494
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2024-05-07 07:59:49 +00:00
Michael Jerger fdfc21a6b8 review results 2024-05-07 07:38:20 +02:00
Clemens 82fe1d3e42 make fmt 2024-05-06 16:01:23 +02:00
Michael Jerger a485837b9c removed unused code 2024-05-06 08:52:25 +02:00
Michael Jerger c70b8d28a3 linting 2024-05-06 08:12:43 +02:00
Michael Jerger 8f298a9901 Merge branch 'forgejo' into forgejo-federated-star 2024-05-06 07:58:50 +02:00
0ko 8c3511a8b3 Merge pull request 'Allow org members to navigate between the org and the dashboard' (#3642) from 0ko/forgejo:ui-add-org-dashboard-goto into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3642
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-05-06 03:50:47 +00:00
Renovate Bot 62c3540467 Update module github.com/cosmtrek/air to v1.52.0 2024-05-06 02:05:34 +00:00
0ko b034ab5a8e [UI] Allow org members to navigate between the org and the dashboard
- add a new button to the org view that is only shown to the org members
- add integration test to verify the expected navigatability
- add a new translation string to that button
- fix display style of "View <orgname>" button on the dashboard
- fix gap size between buttons on the org view by utilizing the common class top-right-buttons
2024-05-05 23:14:57 +05:00
Michael Jerger b99d66b530 linting 2024-05-05 18:04:12 +02:00
Michael Jerger 3a6dfadcd0 linting 2024-05-05 17:10:16 +02:00
Michael Jerger 510868731d linting 2024-05-05 16:58:15 +02:00
Michael Jerger 1a07db1a40 omit linting next try 2024-05-05 16:35:25 +02:00
Earl Warren 434ef46088 Merge pull request 'Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed' (#3597) from renovate/gitea.com-go-chi-binding-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3597
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-05 12:15:39 +00:00
Earl Warren 308304e4a4 Merge pull request 'Improve repo filter names' (#3612) from 0ko/forgejo:i18n-filters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3612
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-05 12:13:40 +00:00
Kemal Zebari e388822e9d
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
2024-05-05 12:15:40 +01:00
yp05327 6a4bc0289d
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
wxiaoguang d93d62371c
Ignore useless error message "broken pipe" (#30801)
Fix #30792

(cherry picked from commit 53b55223d167c3fc996dd0278a656f421408ace7)
2024-05-05 12:15:40 +01:00
Bo-Yi Wu b29190c4f0
refactor: merge ListActionTasks func to action.go file (#30811)
Just merge actions.go file to action.go

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
(cherry picked from commit e67fbe4f15cdc544f6bec975de6560556724f098)
2024-05-05 12:15:40 +01:00
Archer 1b088fade6
Prevent automatic OAuth grants for public clients (#30790)
This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section 10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 5c542ca94caa3587329167cfe9e949357ca15cf1)
2024-05-05 12:15:40 +01:00
Kemal Zebari 9cd0441cd3
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
silverwind 396f16e7b2
Add hover outline to heatmap squares (#30828)
Makes it easier to use because you see which square is currently
hovered:

<img width="314" alt="Screenshot 2024-05-02 at 15 38 20"
src="https://github.com/go-gitea/gitea/assets/115237/3a15dad1-2259-4f28-9fae-5cf6ad3d8798">

I did try a `scoped` style for this, but that did not work for some
reason.

(cherry picked from commit 6f89d5e3a0886d02ead732005f593ae003f78f78)
2024-05-05 12:15:40 +01:00
silverwind fb693442f5
Remove external API calls in TestPassword (#30716)
The test had a dependency on `https://api.pwnedpasswords.com` which
caused many failures on CI recently:

```
--- FAIL: TestPassword (2.37s)
    pwn_test.go:41: Get "https://api.pwnedpasswords.com/range/e6b6a": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
FAIL
coverage: 82.9% of statements
```

(cherry picked from commit 9235442ba58524c8d12ae54865d583acfa1f439d)
2024-05-05 12:15:40 +01:00
wxiaoguang ee97bb17ba
Fix issue card layout (#30800)
Fix #30788

(cherry picked from commit 6ff2acc52c976e9d7bb6a5693f8a2365d12400f5)
2024-05-05 12:15:40 +01:00
wxiaoguang 4e35e5b8ae
Skip gzip for some well-known compressed file types (#30796)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit be112c1fc30f87a248b30f48e891d1c8c18e8280)

Conflicts:
	routers/web/web.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/1533
2024-05-05 12:15:40 +01:00
Kemal Zebari f0e466420a
Don't have redis-cluster as possible cache/session adapter in docs (#30794)
This is because it doesn't exist as an adapter. The `redis` adapter
already handles Redis cluster configurations.

Fixes #30534.

(cherry picked from commit f135cb7c9457f7b9bdc43601f44757834573950f)

Conflicts:
	docs/content/administration/config-cheat-sheet.en-us.md
	does not exist in Forgejo
2024-05-05 12:15:40 +01:00
Chester 1a40fe54a6
Add API endpoints for getting action jobs status (#26673)
Sample of response, it is similar to Github actions

ref
https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#list-workflow-runs-for-a-repository

``` json
{
    "workflow_runs": [
        {
            "id": 3,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 3,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo2.yaml",
            "url": "/chester/test/actions/runs/3",
            "created_at": "2023-08-22T13:41:33-04:00",
            "updated_at": "2023-08-22T13:41:37-04:00",
            "run_started_at": "2023-08-22T13:41:33-04:00"
        },
        {
            "id": 2,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 2,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/2",
            "created_at": "2023-08-22T13:41:30-04:00",
            "updated_at": "2023-08-22T13:41:33-04:00",
            "run_started_at": "2023-08-22T13:41:30-04:00"
        },
        {
            "id": 1,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "e5369ab054cae79899ba36e45ee82811a6e0acd5",
            "run_number": 1,
            "event": "push",
            "display_title": "Add job",
            "status": "failure",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/1",
            "created_at": "2023-08-22T13:15:21-04:00",
            "updated_at": "2023-08-22T13:18:10-04:00",
            "run_started_at": "2023-08-22T13:15:21-04:00"
        }
    ],
    "total_count": 3
}
```

---------

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit 6709e28da78a0ea7e63f9fe4e32f620abdc88d14)

Conflicts:
	routers/api/v1/swagger/repo.go
	trivial context conflict
2024-05-05 12:15:40 +01:00
Panagiotis "Ivory" Vasilopoulos d03be77665 UI: Hide hidden email from own profile, again
This is a follow-up for 5e1bd8af5f, which
was my first commit to Gitea. It is also a follow up for the
Gitea PR #29300 (https://github.com/go-gitea/gitea/pull/23900) created
by myself, which turned stale.

This change partially restores the behavior of Gitea PR #23747
(https://github.com/go-gitea/gitea/pull/23747) by wxiaoguang, but
maintains the lock.

The original idea was to differentiate things from GitHub and GitLab a
little bit, and show the email address on the profile. The profile is
not only a place where the user chooses to show how they present
themselves on an instance, it is also a place where they can assess
their relationship *with* the instance, as it provides features such
as the Public Activity feed that can be only shown to the user, in
private.

It's, in some way, a dashboard. The email was shown there to remind
the user that this is the primary email that will be used by a supposed
administrator to contact them. There were other motivations behind that
change as well, but, long story short, the idea did not work very well,
as some people (e.g. people livestreaming on the Internet, or 'normal'
users sharing their screens) do not want to put their email address
out there when showing their screen to other people.

Other alternatives, such as blurring the text or only showing the real
email address, were explored, but were rejected because of
browser compatibility and simplicity reasons. The padlock icon that
is shown when showing the email address to other people has been kept.
One viable alternative could be displaying the placeholder email
instead, but that requires some more thought.

Fixes https://codeberg.org/forgejo/forgejo/issues/1950.
2024-05-05 13:08:31 +02:00