Commit graph

18821 commits

Author SHA1 Message Date
Giteabot
248a5b8d7a
Prevent automatic OAuth grants for public clients (#30790) (#30836)
Backport #30790 by archer-321

This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section
10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: Archer <archer@beezig.eu>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6d83f5eddc0f394f6386e80b86a3221f6f4925ff)
2024-05-07 08:14:22 +01:00
Kemal Zebari
5678e9ab20
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 9cd0441cd3)
2024-05-07 08:12:34 +01:00
silverwind
a7124df0c5
Add hover outline to heatmap squares (#30828)
Makes it easier to use because you see which square is currently
hovered:

<img width="314" alt="Screenshot 2024-05-02 at 15 38 20"
src="https://github.com/go-gitea/gitea/assets/115237/3a15dad1-2259-4f28-9fae-5cf6ad3d8798">

I did try a `scoped` style for this, but that did not work for some
reason.

(cherry picked from commit 6f89d5e3a0886d02ead732005f593ae003f78f78)
2024-05-07 08:09:44 +01:00
wxiaoguang
abf40ee957
Skip gzip for some well-known compressed file types (#30796)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit be112c1fc30f87a248b30f48e891d1c8c18e8280)

Conflicts:
	routers/web/web.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/1533
(cherry picked from commit 4e35e5b8ae)
2024-05-07 07:59:45 +01:00
Earl Warren
7be345f88e Merge pull request '[v7.0/forgejo] Improve repo filter names' (#3641) from bp-v7.0/forgejo-82f7308 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3641
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-05 14:49:03 +00:00
0ko
8b1d84797f [I18N] Improve repo filter names
(cherry picked from commit 82f7308e1b)
2024-05-05 12:15:56 +00:00
Earl Warren
ba0ed5823c Merge pull request '[UI] Fix commit messages breaking out of event history' (#3640) from 0ko/forgejo:ui-fix-break-out into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3640
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-05 12:12:09 +00:00
0ko
e59f92dec8 [UI] Fix commit messages breaking out of event history
Regression of 8b54d38cbe.
This is 7.0 specific path for the issue. The design of this area is not compatible with 8.0, and thus there's no startightforward way to make it look like on 8.0.
2024-05-05 15:40:25 +05:00
forgejo-backport-action
10b919d3ca [v7.0/forgejo] [I18N] Translations update from Weblate (#3631)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3508

Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3631
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-04 19:24:41 +00:00
Earl Warren
f45a6cb3b7 Merge pull request '[v7.0/forgejo] FIX gogs migration if gogs is hosted at a subpath' (#3588) from bp-v7.0/forgejo-4a2959b into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3588
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-03 17:17:00 +00:00
Otto
5b6a375d05 Merge pull request '[v7.0/forgejo] Fix text selection color' (#3611) from bp-v7.0/forgejo-787b16a into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3611
Reviewed-by: Otto <otto@codeberg.org>
2024-05-02 22:06:17 +00:00
Earl Warren
ac34a68a93 Merge pull request 'Port Fix checkbox field markup' (#3592) from 0ko/forgejo:a-commit into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3592
Reviewed-by: Otto <otto@codeberg.org>
2024-05-02 18:10:20 +00:00
Earl Warren
fcf85b12af Merge pull request '[v7.0/forgejo] UI: Actions: Replace runs list description semicolon' (#3582) from bp-v7.0/forgejo-870a1c8 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3582
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-02 18:01:28 +00:00
Earl Warren
2949bbcad1 Merge pull request '[v7.0/forgejo] Show repo count in blocked users tab' (#3609) from bp-v7.0/forgejo-d50efa6 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3609
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-02 17:49:17 +00:00
0ko
b23d4ec4bb [THEME] fix text selection color
regression of c2280a2009

(cherry picked from commit 787b16a7be)
2024-05-02 17:46:07 +00:00
Panagiotis "Ivory" Vasilopoulos
d758633c91 UI: Actions: Replace runs list description semicolon
The current format makes the text look somewhat like this:

```
testing.yml #15065 :Commit 103306f00c pushed by n0toose
```

This looks wrong. We will have to work on that list at a later point
in time anyways, as well as make the way that we separate information
in subheaders in lists like this one more consistent.

However, this should do for now.

This change should make each entry look like this instead:

```
testing.yml #15065 - Commit 103306f00c pushed by n0toose
```

(cherry picked from commit 870a1c85c7)
2024-05-02 17:10:28 +00:00
JakobDev
d449fcff0a Show repo count in blocked users tab (#3601)
Fixes #3595

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3601
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit d50efa626a)
2024-05-02 17:10:06 +00:00
Earl Warren
a7400b1812 Merge pull request 'Upgrade github.com/editorconfig-checker/editorconfig-checker to v2.8.0' (#3610) from earl-warren/forgejo:wip-lint-editorconfig into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3610
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: thefox <thefox@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-05-02 17:09:33 +00:00
Earl Warren
a6d31a30a2
Upgrade github.com/editorconfig-checker/editorconfig-checker to v2.8.0
Manual backport: https://codeberg.org/forgejo/forgejo/pulls/3181
because it conflicts with a number of evolutions in how the tools are
upgraded in the development branch.
2024-05-02 17:38:26 +01:00
forgejo-backport-action
4b79a98910 Fix inconsistent required field (#3591)
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3591
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-01 19:05:43 +00:00
silverwind
b917571d81 Fix checkbox field markup (#30666)
Fixes https://github.com/go-gitea/gitea/issues/30664.

Previous use was not a supported way by fomantic and the misuse only
became visible after the checkbox migration.

(cherry picked from commit 1a2ae64b16f10b8d1e17197d18b9eb373faf58db)
2024-05-01 23:31:42 +05:00
varp0n
c91f7d3599 FIX gogs migration if gogs is hosted at a subpath (#3572)
Also add a test for GogsDownloaderFactory.New() to make sure
that the URL of the source repository is parsed correctly.

When the source gogs instance is hosted at a subpath like `https://git.example.com/gogs/<username>/<reponame>` the migration fails.
This PR fixes that.

Co-authored-by: hecker <tomas.hecker@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3572
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: varp0n <tom@gkstn.de>
Co-committed-by: varp0n <tom@gkstn.de>
(cherry picked from commit 4a2959b3ec)
2024-05-01 16:32:17 +00:00
Earl Warren
9d1ffeaf8d Merge pull request '[skip ci] [v7.0/forgejo] docs(release-notes): 7.0.2' (#3586) from earl-warren/forgejo:wip-release-notes-v7.0.2 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3586
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-01 14:35:52 +00:00
Earl Warren
9db70035b1
[skip ci] docs(release-notes): 7.0.2
(cherry picked from commit a050b546b9)
2024-05-01 15:05:28 +02:00
Earl Warren
ad0b97c7c2 Merge pull request '[v1.22/gitea] week 2024-18 cherry pick v7.0 (take 2)' (#3580) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3580
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-05-01 12:36:57 +00:00
Earl Warren
61230e72b5 Merge pull request '[v7.0/forgejo] Fix Issue watching / unwatching on the web ui' (#3585) from algernon/forgejo:backport/v7.0/3562 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3585
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-01 12:26:04 +00:00
forgejo-backport-action
50b7009603 [v7.0/forgejo] Add inline attachments to comments and prevent double handling of mails (#3566)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3504

If incoming email is configured and an email is sent, inline attachments are currently not added to the comment if it has the `Content-Disposition: inline` instead of `Content-Disposition: attachment` as e.g. with Apple Mail.

This adds inline attachments (`Content-Disposition: inline`) that *have a filename* as attachment to the comment. Other elements with `Content-Disposition: inline` are not attached as attachment to the comment.

In addition, a check has been added to prevent mails from being processed twice.

Fixes #3496

Co-authored-by: Beowulf <beowulf@beocode.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3566
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-05-01 12:19:38 +00:00
Gergely Nagy
36b8e68eee
Add a test case for unsubscribing from an issue
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00
Gergely Nagy
f83ae0fad2
tests: Support creating a declarative repo without AutoInit
To be able to easily test cases where the repository does not have any
code, where the git repo itself is completely uninitialized, lets
support a case where the `AutoInit` property is false.

For the sake of backwards compatibility, if the option is not set either
way, it will default to `true`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00
Gergely Nagy
6f35a5ab90
Fix Issue watching / unwatching on the web ui
When subscribing or unsubscribing to/from an issue on the web ui, the
request was posted to a route handled by `repo.IssueWatch`. This
function used `ctx.Req.PostForm.Get()`, erroneously.

`request.PostForm` is *only* available if `request.ParseForm()` has been
called before it. The function in question did not do that. Under some
circumstances, something, somewhere did end up calling `ParseForm()`,
but not in every scenario.

Since we do not need to check for multiple values, the easiest fix here
is to use `ctx.Req.PostFormValue`, which will call `ParseForm()` if
necessary.

Fixes #3516.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00
Gergely Nagy
0da02b9213
tests: Let CreateDeclarativeRepoWithOptions create a Wiki too
Add a new member to `DeclarativeRepoOptions`: `WikiBranch`. If
specified, create a Wiki with the given branch, and a single "Home"
page.

This will be used by an upcoming test.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:30:32 +02:00
Gergely Nagy
13892121e6
tests: Refactor CreateDeclarativeRepo
Lets introduce a new helper function,
`CreateDeclarativeRepoWithOptions`! This is almost the same as the
existing `CreateDeclarativeRepo` helper, but instead of taking a list of
random parameters the author thought of at the time of its introduction,
it takes a `DeclarativeRepoOptions` struct, with optional members.

This makes it easier to extend the function, as new members can be added
without breaking or having to update existing callsites, as long as the
newly added members default to compatible values.

`CreateDeclarativeRepo` is then reimplemented on top of the new
function. Callsites aren't updated yet, we can do that organically,
whenever touching code that uses the older function.

No new functionality is introduced just yet, this is merely a refactor.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:29:21 +02:00
Earl Warren
ad7bf760ac Merge pull request '[v7.0/forgejo] [I18N] Fix tepository->repository typo' (#3581) from bp-v7.0/forgejo-5ed3ffc into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3581
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-05-01 07:36:46 +00:00
proton-ab
d6597b8f7a [I18N] Fix tepository->repository typo
Signed-off-by: proton-ab <proton_ab@tuta.io>
(cherry picked from commit 5ed3ffc0c8)
2024-05-01 07:00:09 +00:00
Earl Warren
6069fcced6 Merge pull request '[v7.0/forgejo] Fix SQL command with too many placeholders' (#3578) from bp-v7.0/forgejo-33cd844-0d029eb into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3578
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-01 06:50:49 +00:00
Zettat123
4fa80332e9
Fix duplicate status check contexts (#30660) (#30779)
Backport #30660.

Caused by #30076.

There may be some duplicate status check contexts when setting status
checks for a branch protection rule. The duplicate contexts should be
removed.

Before:
<img

src="https://github.com/go-gitea/gitea/assets/15528715/97f4de2d-4868-47a3-8a99-5a180f9ac0a3"
width="600px" />

After:
<img

src="https://github.com/go-gitea/gitea/assets/15528715/ff7289c5-9793-4090-ba31-e8cb3c85f8a3"
width="600px" />

(cherry picked from commit 99e89e57bc4d2b3a3cd6c3068f818a0c7e8cec28)
2024-05-01 08:34:29 +02:00
6543
2da615c37c
Get repo assignees and reviewers should ignore deactivated users (#30770) (#30782)
Backport  #30770

If an user is deactivated, it should not be in the list of users who are
suggested to be assigned or review-requested.

old assignees or reviewers are not affected.

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 022eac4ac8e59f861237cc1e02f7ef117eaf8e30)

Conflicts:
	models/repo/user_repo_test.go
	because there is one less fixture user compared to Gitea
2024-05-01 08:31:47 +02:00
wxiaoguang
78517f80bb
Fix nil dereference on error (#30740) (#30746)
Backport #30740 manually

Co-authored-by: Chongyi Zheng <git@zcy.dev>
(cherry picked from commit d07019f539c475466748fbf730d7f270a92fdb8b)
2024-05-01 08:14:16 +02:00
Earl Warren
16e7af48bd Merge pull request '[v7.0/forgejo] Fix user mention processing' (#3567) from bp-v7.0/forgejo-9a01062 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3567
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-01 05:37:13 +00:00
Gergely Nagy
275f5326a1 Performance improvement for FindReposLastestCommitStatuses
If `commitstatus_service.FindReposLastestCommitStatuses` receives no
repos in its params, short-circuit, and return early, without performing
any potentially expensive work.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 33cd8446d3)
2024-05-01 05:36:50 +00:00
Gergely Nagy
dd8d3f5ebe Fix git_model.FindBranchesByRepoAndBranchName
When a logged in user with no repositories visits their dashboard, it will
display a search box that lists their own repositories.

This is served by the `repo.SearchRepos` handler, which in turn calls
`commitstatus_service.FindReposLastestCommitStatuses()` with an empty
repo list.

That, in turn, will call `git_model.FindBranchesByRepoAndBranchName()`,
with an empty map. With no map, `FindBranchesByRepoAndBranchName()` ends
up querying the entire `branch` table, because no conditions were set
up.

Armed with a gazillion repo & commit shas, we return to
`FindReposLastestCommitStatuses`, and promptly call
`git_model.GetLatestCommitStatusForPairs`, which constructs a monstrous
query with so many placeholders that the database tells us to go
somewhere else, and flips us off. At least on instances the size of
Codeberg. On smaller instances, it will eventually return, and throw
away all the data, and return an empty set, having performed all this
for naught.

We fix this by short-circuiting `FindBranchesByRepoAndBranchName`, and
returning fast if our inputs are empty.

A test case is included.

Fixes #3521.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 0d029ebe6d)
2024-05-01 05:36:50 +00:00
Otto
04ce562f62 Merge pull request 'Backport: Cumulative English locale improvements' (#3568) from 0ko/forgejo:i18n-backport-20240430 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3568
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: crystal <crystal@noreply.codeberg.org>
2024-04-30 22:38:06 +00:00
0ko
3178f1614a [I18N] Cumulative English locale improvements
- decap wiki UI
- decap release UI
- fix cap of self visibility toggle button on org member list
- simplify `release.add_tag`
- simplify `admin_indexer_commit_sha` (we got multiple hash types now, but this referes to commit)
- some improvements to admin dashboard
- fnetX suggestions: [[1]](https://codeberg.org/forgejo/forgejo/pulls/3266#issuecomment-1795685), [[2]](https://codeberg.org/forgejo/forgejo/pulls/3266#issuecomment-1795734)
2024-04-30 20:05:42 +05:00
Earl Warren
a64e000e42 Merge pull request '[v7.0/forgejo] Fix colour contrast issues in forms' (#3553) from bp-v7.0/forgejo-03c1c88 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3553
Reviewed-by: Otto <otto@codeberg.org>
2024-04-30 14:07:35 +00:00
Earl Warren
86251afec6 Merge pull request '[v7.0/forgejo] UI: Disable internal wiki options when enabling external wiki' (#3550) from bp-v7.0/forgejo-103306f into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3550
Reviewed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
2024-04-30 14:06:37 +00:00
Earl Warren
cfbc52921e Merge pull request '[v7.0/forgejo] fix: webhook: send short ref on gitea create/delete payload' (#3560) from bp-v7.0/forgejo-0d3a9e6-cb0f361 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3560
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-30 12:51:43 +00:00
Earl Warren
8915d65aa1 Merge pull request '[v7.0/forgejo] fix: webhook getPayloadBranch' (#3557) from bp-v7.0/forgejo-df06904-79380c2 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3557
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-30 12:45:26 +00:00
Earl Warren
f874c5e978 Merge pull request '[v7.0/forgejo] Choose better icon for Add more repo units suggestion' (#3552) from bp-v7.0/forgejo-a8211e0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3552
Reviewed-by: Otto <otto@codeberg.org>
2024-04-30 12:42:08 +00:00
Gergely Nagy
75aa4c28f0 Fix user mention processing
When mentioning a user, the markup post-processor did not handle the
case where the mentioned user did not exist well: it tried to skip to
the next node, which in turn, ended up skipping the rest of the line.

To fix this, lets skip just the mentioned, but non-existing user, and
continue processing the current node from there.

Fixes #3535.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 9a01062ae2)
2024-04-30 12:28:49 +00:00
Earl Warren
c3e5e9ffb8 Merge pull request '[v7.0/forgejo] Fix toggling WIP state in PR footer' (#3551) from bp-v7.0/forgejo-900bf43 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3551
Reviewed-by: Otto <otto@codeberg.org>
2024-04-30 09:47:54 +00:00