- When the doer blocks an user, who is also an collaborator on an
repository that the doer owns, remove that collaboration.
- Added unit tests.
- Refactor the unit test to be more organized.
Vulnerability #1: GO-2023-1988
Improper rendering of text nodes in golang.org/x/net/html
More info: https://pkg.go.dev/vuln/GO-2023-1988
Module: golang.org/x/net
Found in: golang.org/x/net@v0.12.0
Fixed in: golang.org/x/net@v0.13.0
Example traces found:
#1: modules/markup/html.go:371:24: markup.postProcess calls html.Render
(cherry picked from commit 63d6e6e1b9)
- Add the ability to block a user via their profile page.
- This will unstar their repositories and visa versa.
- Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations).
- Blocked users cannot comment on the doer's opened issues or pull requests.
- Blocked users cannot add reactions to doer's comments.
- Blocked users cannot cause a notification trough mentioning the doer.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540
(cherry picked from commit 687d852480)
(cherry picked from commit 0c32a4fde5)
(cherry picked from commit 1791130e3c)
(cherry picked from commit 37858b7e8f)
(cherry picked from commit a3e2bfd7e9)
(cherry picked from commit 7009b9fe87)
Conflicts: https://codeberg.org/forgejo/forgejo/pulls/1014
routers/web/user/profile.go
templates/user/profile.tmpl
(cherry picked from commit b2aec34791)
(cherry picked from commit e2f1b73752)
[MODERATION] organization blocking a user (#802)
- Resolves#476
- Follow up for: #540
- Ensure that the doer and blocked person cannot follow each other.
- Ensure that the block person cannot watch doer's repositories.
- Add unblock button to the blocked user list.
- Add blocked since information to the blocked user list.
- Add extra testing to moderation code.
- Blocked user will unwatch doer's owned repository upon blocking.
- Add flash messages to let the user know the block/unblock action was successful.
- Add "You haven't blocked any users" message.
- Add organization blocking a user.
Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/802
(cherry picked from commit 0505a10421)
(cherry picked from commit 37b4e6ef9b)
(cherry picked from commit c17c121f2c)
[MODERATION] organization blocking a user (#802) (squash)
Changes to adapt to:
6bbccdd177 Improve AJAX link and modal confirm dialog (#25210)
Refs: https://codeberg.org/forgejo/forgejo/pulls/882/files#issuecomment-945962
Refs: https://codeberg.org/forgejo/forgejo/pulls/882#issue-330561
(cherry picked from commit 523635f83c)
(cherry picked from commit 4743eaa6a0)
(cherry picked from commit eff5b43d2e)
Conflicts: https://codeberg.org/forgejo/forgejo/pulls/1014
routers/web/user/profile.go
(cherry picked from commit 9d359be5ed)
(cherry picked from commit b1f3069a22)
[MODERATION] add user blocking API
- Follow up for: #540, #802
- Add API routes for user blocking from user and organization
perspective.
- The new routes have integration testing.
- The new model functions have unit tests.
- Actually quite boring to write and to read this pull request.
(cherry picked from commit f3afaf15c7)
(cherry picked from commit 6d754db3e5)
(cherry picked from commit 2a89ddc0ac)
(cherry picked from commit 4a147bff7e)
Conflicts:
routers/api/v1/api.go
templates/swagger/v1_json.tmpl
(cherry picked from commit bb8c339185)
(cherry picked from commit 5a11569a01)
(cherry picked from commit 2373c801ee)
[MODERATION] restore redirect on unblock
ctx.RedirectToFirst(ctx.FormString("redirect_to"), ctx.ContextUser.HomeLink())
was replaced by
ctx.JSONOK()
in 128d77a3a Following up fixes for "Fix inconsistent user profile layout across tabs" (#25739)
thus changing the behavior (nicely spotted by the tests). This
restores it.
(cherry picked from commit 597c243707)
(cherry picked from commit cfa539e590)
[MODERATION] Add test case (squash)
- Add an test case, to test an property of the function.
(cherry picked from commit 70dadb1916)
[MODERATION] Block adding collaborators
- Ensure that the doer and blocked user cannot add each other as
collaborators to repositories.
- The Web UI gets an detailed message of the specific situation, the API
gets an generic Forbidden code.
- Unit tests has been added.
- Integration testing for Web and API has been added.
- This commit doesn't introduce removing each other as collaborators on
the block action, due to the complexity of database calls that needs to
be figured out. That deserves its own commit and test code.
(cherry picked from commit 747be949a1)
[MODERATION] move locale_en-US.ini strings to avoid conflicts
Conflicts:
web_src/css/org.css
web_src/css/user.css
https://codeberg.org/forgejo/forgejo/pulls/1180
- `setting.UI.Notification.EventSourceUpdateTime` is by default 10
seconds, which adds an 10 second delay before the test succeeds.
- Lower the interval to reduce it to at most 3 second delay (the code
only send events when they are at least 2 seconds old 🤷).
(cherry picked from commit c0b4a064e9)
- The user renaming function has zero test coverage.
- This patch brings that up to speed to test for various scenarios and
ensure that in a normal workflow the correct things has changed to their
respective new value. Most scenarios are to ensure certain things DO NOT happen.
(cherry picked from commit ec5901fcd0)
It does not pollute the output because they go to sqlite-log/gitea.log
and it may provide clues for debugging. When trying to figure out a
problem in production, Debug is likely to be used but in a development
environment a very fine grain log is the most useful. If that's really
too much noise, the lines can be trimmed by removing all those with [T].
(cherry picked from commit 666b02eb9d)
(cherry picked from commit b69e4d3058)
(cherry picked from commit e11dcc60f2)
use backticks to avoid backslash
(cherry picked from commit 34212791ee)
(cherry picked from commit bde9473c69)
(cherry picked from commit d4deb43084)
(cherry picked from commit 08e91649b0)
(cherry picked from commit 2b988e5415)
[TESTS] auth LinkAccount test coverage (squash)
(cherry picked from commit a2b2e3066b)
(cherry picked from commit 841d1b5073)
(cherry picked from commit 35da630ad8)
(cherry picked from commit caf2dc4fa7)
(cherry picked from commit c1d14c5fff)
(cherry picked from commit e0e8aabc98)
(cherry picked from commit 392a415070)
(cherry picked from commit c7cf1307ca)
(cherry picked from commit 93b13d092b)
[TESTS] createUser via the user model helper for integration tests (squash)
(cherry picked from commit 6ff2383952)
(cherry picked from commit de2a6fe8c3)
(cherry picked from commit 398a6ab072)
(cherry picked from commit 16abc89780)
- Implements https://codeberg.org/forgejo/discussions/issues/32#issuecomment-918737
- Allows to add Forgejo-specific migrations that don't interfere with Gitea's migration logic. Please do note that we cannot liberally add migrations for Gitea tables, as they might do their own migrations in a future version on that table, and that could undo our migrations. Luckily, we don't have a scenario where that's needed and thus not taken into account.
Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/795
(cherry picked from commit 8ee32978c0)
(cherry picked from commit c240b34f59)
(cherry picked from commit 03936c6492)
(cherry picked from commit a20ed852f8)
(cherry picked from commit 1dfa82676f)
(cherry picked from commit c39ae0bf8a)
(cherry picked from commit cfaff08996)
(cherry picked from commit 94a458835a)
(cherry picked from commit 61a3cf77df)
(cherry picked from commit 20b5669269)
(cherry picked from commit 1574643a6a)
Update semantic version according to specification
(cherry picked from commit 22510f4130)
Mise à jour de 'Makefile'
(cherry picked from commit c3d85d8409)
(cherry picked from commit 5ea2309851)
(cherry picked from commit ec5217b9d1)
(cherry picked from commit 14f08e364b)
(cherry picked from commit b4465c67b8)
[API] [SEMVER] replace number with version
(cherry picked from commit fba48e6497)
(cherry picked from commit 532ec5d878)
[API] [SEMVER] [v1.20] less is replaced by css
(cherry picked from commit 01ca3a4f42)
(cherry picked from commit 1d928c3ab2)
(cherry picked from commit a39dc804cd)
Conflicts:
webpack.config.js
(cherry picked from commit adc68578b3)
(cherry picked from commit 9b8d98475f)
(cherry picked from commit 2516103974)
(cherry picked from commit 18e6287963)
(cherry picked from commit e9694e67ab)
(cherry picked from commit a9763edaf0)
(cherry picked from commit e2b550f4fb)
(cherry picked from commit 2edac36701)
[API] Forgejo API /api/forgejo/v1 (squash)
Update semver as v1.20 is entering release candidate mode
(cherry picked from commit 4995098ec3)
(cherry picked from commit 578ccfdd27)
(cherry picked from commit 1bf6ac0952)
(cherry picked from commit 2fe16b2bfe)
(cherry picked from commit 7cd9d027ee)
(cherry picked from commit eaed4be2ae)
(cherry picked from commit cc94f3115f)
(cherry picked from commit 9dd224f00c)
(cherry picked from commit 710af007bc)
(cherry picked from commit 2ccd6e2bd6)
(cherry picked from commit b90dc5fc4f)
(cherry picked from commit bf25d98a98)
(cherry picked from commit d7c71e5985)
[WORKFLOW] Add Forgejo Next and reproducing to issue template
(cherry picked from commit 17a3988fe0)
(cherry picked from commit 9ee5b3a619)
(cherry picked from commit bebdd8d5f3)
(cherry picked from commit be7bb96d5c)
(cherry picked from commit 4ae659d63a)
(cherry picked from commit 82426f376d)
(cherry picked from commit 1cb28e3671)
(cherry picked from commit c6a2db94c4)
(cherry picked from commit 90d3eb2d13)
(cherry picked from commit 3c3e656f58)
(cherry picked from commit 54ece82417)
(cherry picked from commit 55a042485a)
(cherry picked from commit 4e984aeba6)
(cherry picked from commit 52ea3f32b6)
(cherry picked from commit 00b0d0621e)
(cherry picked from commit dc4acfa6db)
(cherry picked from commit 0d26574fe3)
(cherry picked from commit 81acdf5a84)
Refs: https://codeberg.org/forgejo/forgejo/issues/8
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/153
Refs: https://codeberg.org/forgejo/forgejo/issues/123
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/299
(cherry picked from commit 08dcef0c8c)
[DOCS] CONTRIBUTING/RELEASE: https://forgejo.org/docs/admin
Because the version is not displayed on the landing page of Forgejo,
there cannot be a link to a versionned documentation. There must exist
a link that points to the latest version on the website for the
forgejo instance to display.
Better but more complicated approaches could be to:
* Embed the documentation in Forgejo
* Allow the admin to not display the help
* Allow the admin to display a versionned help or not
(cherry picked from commit 83cc389239)
(cherry picked from commit 5df52b8a4f)
(cherry picked from commit 9a66b3d70b)
[DOCS] CONTRIBUTING/RELEASE: reminder to update FORGEJO_VERSION
(cherry picked from commit 2a4d0bd164)
(cherry picked from commit d68576ba67)
[DOCS] CONTRIBUTING: updates
* Remove obsolete description of the well being & moderation team and
replace them with a link to the moderation email.
* Remove description of the governance process and replace with a link
to the governance readme that did not exist at the time.
* Add links to the Forgejo documentation
(cherry picked from commit df749da272)
(cherry picked from commit 4da39128c5)
(cherry picked from commit f442ca6f40)
(cherry picked from commit 031928c447)
(cherry picked from commit 1e6ba47216)
(cherry picked from commit 8916a1f8c6)
(cherry picked from commit 663e28c412)
(cherry picked from commit d56b130baa)
[DOCS] CONTRIBUTING (squash)
(cherry picked from commit 0dc4b6e5c9)
(cherry picked from commit 52f2163807)
(cherry picked from commit 47d0ae3e10)
(cherry picked from commit 7757a5c34c)
(cherry picked from commit 5b4d25bd03)
(cherry picked from commit 78798cc25e)
(cherry picked from commit 3001fb8c7b)
(cherry picked from commit da27bf1bc5)
(cherry picked from commit 2fb13da8ed)
(cherry picked from commit ea19e0efb3)
[DOCS] Add link to build instructions in CONTRIBUTING.md
(cherry picked from commit 50d86aa4ad)
Replace 'v1.20' with 'next'
(cherry picked from commit 3e99f49fc5)
(cherry picked from commit f5c89e88cf)
Although it would be possible to modify these files, it would create
conflicts when rebasing. Instead, this commit removes them entirely
and another commit can start from scratch, borrowing content from the
original files.
The drawback of this approach is that some content updates from Gitea
that also need updating in Forgejo will have to be copy/pasted
instead of being merged.
(cherry picked from commit eb85782115)
(cherry picked from commit 34401f2004)
(cherry picked from commit ef43b1c691)
(cherry picked from commit d17fe25e2f)
(cherry picked from commit 3f65dea3e7)
(cherry picked from commit 3cacb64a1b)
(cherry picked from commit b531b014b7)
(cherry picked from commit adf6e7a840)
(cherry picked from commit 68c19d977d)
(cherry picked from commit 31aa8647ec)
(cherry picked from commit be70dd7208)
(cherry picked from commit 7f44bb60b1)
(cherry picked from commit 5098f1224b)
(cherry picked from commit dc7a859144)
(cherry picked from commit f1e78dd006)
(cherry picked from commit c41ba7a148)
(cherry picked from commit f1da66a918)
(cherry picked from commit 99194a3664)
(cherry picked from commit 52f356f6a9)
(cherry picked from commit c93ffa72ae)
(cherry picked from commit 477c7454d3)
(cherry picked from commit 413df23a40)
[DOCS] delete Gitea specific files that need rewriting for Forgejo (squash)
(cherry picked from commit df78cedd05)
(cherry picked from commit 3b9178b3e5)
Refs: https://codeberg.org/forgejo/website/pulls/230
(cherry picked from commit 87d56bf6c7)
[CI] Forgejo Actions based release process (squash)
base64 -w0 to avoid wrapping when the doer name is long as it creates
a broken config.json
(cherry picked from commit 9efdc27e49)
[CI] Forgejo Actions based release process (squash) generate .xz files and sources
Generate .xz files
Check .sha256
Generate the source tarbal
(cherry picked from commit 7afec520c4)
[CI] Forgejo Actions based release process (squash) release notes
(cherry picked from commit d8f4f4807b)
[CI] Forgejo Actions based release process (squash) publish and sign release
(cherry picked from commit a52778c747)
(cherry picked from commit cf2ec62740)
[CI] Forgejo Actions based release process (squash) version
use Actions environment variables in Makefile (#25319) (#25318)
uses Actions variable to determine the version. But Forgejo builds
happen in a container where they are not available. Do not use them.
Also verify the version of the binary is as expected for sanity check.
(cherry picked from commit 6decf111a1)
(cherry picked from commit 206d0b3886)
[CI] read STORED_VERSION_FILE if available
(cherry picked from commit af74085ebf)
[CI] backward compatible executable compilation
Add a new static-executable target to use in Dockerfiles and restore
the $(EXECUTABLE) target to what it was before to for backward
compatibility.
The release process now builds static executables instead of
dynamically linked ones which makes them more portable. It changes the
requirements at compile time and is not backward compatible. In
particular it may break packaging that rely on the target that
currently creates a dynamically linked executable.
(cherry picked from commit 84d02a174a)
(cherry picked from commit 854be47328)
[CI] Forgejo Actions based release process (squash) doc / ca / verbosity
- Document workflow
- Increase verbosity if VERBOSE=true
- Download the Certificate Authority if behind the VPN
(cherry picked from commit 168d5d5869)
(cherry picked from commit 8756c9a72a)
(cherry picked from commit 2dad7ef20f)
[CI] Forgejo Actions based release process (squash) add assets sources-tarbal
Refs: https://codeberg.org/forgejo/forgejo/issues/1115
(cherry picked from commit 5531d01f19)
[CI] Forgejo Actions based release process (squash) add assets sources-tarbal
bindata.go is a file, not a directory
Refs: https://codeberg.org/forgejo/forgejo/issues/1115
(cherry picked from commit bd88a44778)
(cherry picked from commit b408085138)
[CI] Forgejo Actions based release process (squash) public/assets moved
(cherry picked from commit d8c921d5a6)
(cherry picked from commit f9d75d4705)
(cherry picked from commit 64f76f4ab2)
(cherry picked from commit 5d02454155)
[CI] Forgejo Actions workflows
(cherry picked from commit 3ff59b5379)
(cherry picked from commit 8af826a6f7)
(cherry picked from commit d7c09d9cc8)
[CI] use the docker label instead of ubuntu-latest
(cherry picked from commit b6a6470db6)
[CI] all tests need compliance before proceeding
(cherry picked from commit b35c496f2c)
(cherry picked from commit 36a4148a8e)
(cherry picked from commit 7ffcffa653)
(cherry picked from commit 8a246d296e)
(cherry picked from commit dd0b6e1826)
[CI] Forgejo Actions based release process (squash) MySQL optimization
Refs: https://codeberg.org/forgejo/forgejo/issues/976
(cherry picked from commit b4b8c489e6)
(cherry picked from commit 1e861db4af)
(cherry picked from commit a6c0e00330)
(cherry picked from commit f97b336465)
f92e0a4018 added minio to the tests/pgsql.ini.tmpl and Forgejo CI does
not run a minio server. It will if there are external storage related
changes at some point but it is not the case now so it is not worth
the burden.
(cherry picked from commit 4cfbf4718d)
(cherry picked from commit 9bd644d601)
(cherry picked from commit 604636c7c4)
(cherry picked from commit 341cdb8540)
(cherry picked from commit 57bdc91de5)
(cherry picked from commit c6ec6517b4)
(cherry picked from commit 2f03fc1b29)
(cherry picked from commit aaecd10966)
(cherry picked from commit 7025ff7b06)
(cherry picked from commit 15e6485ae1)
(cherry picked from commit 5f7b23c659)
(cherry picked from commit a74d7ce6c5)
(cherry picked from commit f552e2fc56)
(cherry picked from commit 9fa4a90baa)
(cherry picked from commit a8be33da60)
(cherry picked from commit 205f7897aa)
(cherry picked from commit a6074d765d)
(cherry picked from commit b85c999109)
(cherry picked from commit e370e412e8)
(cherry picked from commit c2a7aaeee8)
(cherry picked from commit 6b6007fbce)
(cherry picked from commit 63608a221e)
(cherry picked from commit 5cfe60baa7)
(cherry picked from commit 2af4c73d12)
(cherry picked from commit 1985959bfe)
(cherry picked from commit 880424c77e)
(cherry picked from commit c78a861d1b)
(cherry picked from commit 25c1227011)
(cherry picked from commit 7195e894ee)
(cherry picked from commit cf15153873)
(cherry picked from commit 9bee773c95)
(cherry picked from commit 581c3060da)
(cherry picked from commit bf550f9b2c)
(cherry picked from commit b570eca0b9)
[CI] implementation: Woodpecker based CI (squash)
Upgrade xgo to Go v1.20 for building binaries
(cherry picked from commit 6308c776b6)
[CI] v1.20: switch PR check from Woodpecker CI to Forgejo Actions
The PR checks for v1.19 still rely on Woodpecker CI. Keeping
.woodpecker in v1.20 while both Woodpecker CI & Forgejo Actions are
enabled would dupicate the checks.
The release process in releases remains Woodpecker CI.
(cherry picked from commit 93e42f3f53)
(cherry picked from commit 599c5162ad)
(cherry picked from commit 6f8b723a55)
(cherry picked from commit e238d7d72f)
(cherry picked from commit 2258fb575b)
(cherry picked from commit 52195d9456)
(cherry picked from commit 633a61809e)
(cherry picked from commit 9ff1e2561d)
Our `devtest` page contains some good UI examples which should be taken
as example when working on Gitea UI. Mention it in our frontend
contributing guidelines to for new contributors to know about it.
Not too important, but I think that it'd be a pretty neat touch.
Also fixes some layout bugs introduced by a previous PR.
---------
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix#24662.
Replace #24822 and #25708 (although it has been merged)
## Background
In the past, Gitea supported issue searching with a keyword and
conditions in a less efficient way. It worked by searching for issues
with the keyword and obtaining limited IDs (as it is heavy to get all)
on the indexer (bleve/elasticsearch/meilisearch), and then querying with
conditions on the database to find a subset of the found IDs. This is
why the results could be incomplete.
To solve this issue, we need to store all fields that could be used as
conditions in the indexer and support both keyword and additional
conditions when searching with the indexer.
## Major changes
- Redefine `IndexerData` to include all fields that could be used as
filter conditions.
- Refactor `Search(ctx context.Context, kw string, repoIDs []int64,
limit, start int, state string)` to `Search(ctx context.Context, options
*SearchOptions)`, so it supports more conditions now.
- Change the data type stored in `issueIndexerQueue`. Use
`IndexerMetadata` instead of `IndexerData` in case the data has been
updated while it is in the queue. This also reduces the storage size of
the queue.
- Enhance searching with Bleve/Elasticsearch/Meilisearch, make them
fully support `SearchOptions`. Also, update the data versions.
- Keep most logic of database indexer, but remove
`issues.SearchIssueIDsByKeyword` in `models` to avoid confusion where is
the entry point to search issues.
- Start a Meilisearch instance to test it in unit tests.
- Add unit tests with almost full coverage to test
Bleve/Elasticsearch/Meilisearch indexer.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
In the original implementation, we can only get the first 30 records of
the commit status (the default paging size), if the commit status is
more than 30, it will lead to the bug #25990. I made the following two
changes.
- On the page, use the ` db.ListOptions{ListAll: true}` parameter
instead of `db.ListOptions{}`
- The `GetLatestCommitStatus` function makes a determination as to
whether or not a pager is being used.
fixed#25990
The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.
---------
Co-authored-by: silverwind <me@silverwind.io>
