Commit graph

19497 commits

Author SHA1 Message Date
Earl Warren
326d5e6b63 Merge pull request 'Update dependency vue to v3.4.27' (#3680) from renovate/patch-vue-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3680
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-09 07:20:21 +00:00
Earl Warren
2ecdffd65c Merge pull request 'Update dependency @playwright/test to v1.44.0' (#3684) from renovate/playwright-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3684
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-09 07:17:13 +00:00
Renovate Bot
e89e253636 Update dependency @playwright/test to v1.44.0 2024-05-09 02:05:43 +00:00
Renovate Bot
15c0878084 Update dependency vue to v3.4.27 2024-05-09 00:06:36 +00:00
Renovate Bot
e71f8b8f7b Update dependency swagger-ui-dist to v5.17.6 2024-05-09 00:06:13 +00:00
Earl Warren
996dbdb0b4 Merge pull request 'Update ghcr.io/visualon/renovate Docker tag to v37.351.2' (#3646) from renovate/ghcr.io-visualon-renovate-37.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3646
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 22:07:13 +00:00
Earl Warren
9ac8bc9328 Merge pull request 'Update module github.com/blevesearch/bleve/v2 to v2.4.0' (#3647) from renovate/github.com-blevesearch-bleve-v2-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3647
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 21:34:21 +00:00
Gergely Nagy
f4dd53d79d Fix an incorrect form submission in repo-issue.js (#3675)
This fixes `initRepoPullRequestAllowMaintainerEdit()` to submit the form correctly (as a web form, rather than as JSON payload).

Fixes #3618, cherry picked from gitea#30854.

Co-Authored-By: wxiaoguang <wxiaoguang@gmail.com>

---

Manual testing steps:

- Open a PR against any repository, with the "Allow edits from maintainers" option checked.
- Open the developer console (`Ctrl-Shift-I` on Firefox), and look at the Network tab.
- Visit the PR, find the "Allow edits from maintainers" checkbox, and click it.
- See the developer console, and check that the response says the setting is false.
- Refresh the page *completely* (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is off.
- Click the box again to enable it.
- See the developer console, and check that the response says the setting is true.
- Reload without cache again (`Ctrl-Shift-R` on Firefox)
- Observe that the setting is now on.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3675
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-08 21:14:46 +00:00
Renovate Bot
8e1a6d8e73 Update ghcr.io/visualon/renovate Docker tag to v37.351.2 2024-05-08 20:05:21 +00:00
Earl Warren
d3e02eaa89 chore(licenses): make go-license 2024-05-08 19:31:56 +00:00
Renovate Bot
4bff06dafb Update module github.com/blevesearch/bleve/v2 to v2.4.0 2024-05-08 19:31:56 +00:00
Earl Warren
18c8ae844e Merge pull request 'chore(dependency): automerge all JavaScript CI dependencies' (#3676) from earl-warren/forgejo:wip-ci-renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3676
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-05-08 19:31:01 +00:00
Earl Warren
4af9d9b6c3 Merge pull request 'Update dependency @stylistic/eslint-plugin-js to v1.8.1' (#3666) from renovate/linters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3666
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:45:20 +00:00
Earl Warren
bfe4995ed5 Merge pull request 'Update dependency @vue/test-utils to v2.4.6' (#3667) from renovate/vue-test-utils-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3667
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:44:26 +00:00
Earl Warren
d4bb667051
chore(dependency): automerge all JavaScript CI dependencies
Make a pass to have a full inventory of JavaScript dependencies that
can be automerged because they only have an impact on the CI. It is
easier than to examine them one by one when an update is proposed.

- add packages:test which indirectly includes packages:jsUnitTest and
  a number of test dependencies such as vitest
- add prefixes for dependencies which are known to be exclusively
  used for testing (playwright, ...)
- add modules

Refs: https://docs.renovatebot.com/presets-packages
2024-05-08 19:32:24 +02:00
Earl Warren
1c3c773dac Merge pull request 'Cumulative English improvements (May 2024)' (#3668) from 0ko/forgejo:i18n-20240508 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3668
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-08 17:04:21 +00:00
Renovate Bot
7105e19468 Update dependency @stylistic/eslint-plugin-js to v1.8.1 2024-05-08 16:03:56 +00:00
Earl Warren
7729cb3ecc Merge pull request 'fix(security): CVE-2024-24788 malformed DNS message' (#3671) from earl-warren/forgejo:wip-go-1.22.3 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3671
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-05-08 14:44:52 +00:00
Earl Warren
f3045f0519
fix(security): CVE-2024-24788 malformed DNS message
Refs: https://pkg.go.dev/vuln/GO-2024-2824
2024-05-08 14:25:08 +02:00
0ko
b11eddfaa8 [I18N] English improvements (May 2024)
- `editor.commit_id_not_matching` was reported by https://codeberg.org/kita. I confirmed the meaning on next.forgejo.org.
- `additional_repo_units_hint` was suggested by https://codeberg.org/leana8959.
2024-05-08 08:58:25 +05:00
Renovate Bot
84224a65ff Update dependency @vue/test-utils to v2.4.6 2024-05-08 02:05:00 +00:00
Earl Warren
a2c8fe0370 Merge pull request '[gitea] week 2024-19 cherry pick (gitea-github/main -> forgejo)' (#3639) from earl-warren/wcp/2024-19 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3639
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:47:53 +00:00
Michael Jerger
778dd81615 unused code of the moment 2024-05-07 18:40:27 +02:00
Michael Jerger
1a76664d56 next step on the way to federation 2024-05-07 17:58:13 +02:00
Earl Warren
99d1ae52fc Merge pull request 'Update module github.com/PuerkitoBio/goquery to v1.9.2' (#3634) from renovate/github.com-puerkitobio-goquery-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3634
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-07 11:28:32 +00:00
Earl Warren
cae4a5456f
chore(dependency): automerge goquery when the CI passes 2024-05-07 11:57:25 +01:00
Earl Warren
3f6e4af5a9 Merge pull request 'UI: Hide hidden email from own profile, again' (#3636) from n0toose/profile/hide-unhidden-hidden-email into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3636
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-05-07 10:39:01 +00:00
Earl Warren
420f017bce Merge pull request 'Update module github.com/cosmtrek/air to v1.52.0' (#3650) from renovate/github.com-cosmtrek-air-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3650
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-07 10:10:41 +00:00
Twenty Panda
44895011dc chore(dependencies): switch to air@v1
there are no tests but since Gitea uses @v1 since last month and Gitea
maintainers rely on make watch, it is safe to assume that upgrading is
not broken. Switching to v1 would require less scrutiny on the
upgrades. Even if there is breakage, it can be fixed with minimal
impact on the developer workflow.
2024-05-07 10:11:21 +01:00
Michael Jerger
2177d38e9c feat(federation): validate like activities (#3494)
First step on the way to #1680

The PR will

* accept like request on the api
* validate activity in a first level

You can find

* architecture at: https://codeberg.org/meissa/forgejo/src/branch/forgejo-federated-star/docs/unsure-where-to-put/federation-architecture.md

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3494
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2024-05-07 07:59:49 +00:00
0ko
8c3511a8b3 Merge pull request 'Allow org members to navigate between the org and the dashboard' (#3642) from 0ko/forgejo:ui-add-org-dashboard-goto into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3642
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-05-06 03:50:47 +00:00
Renovate Bot
62c3540467 Update module github.com/cosmtrek/air to v1.52.0 2024-05-06 02:05:34 +00:00
0ko
b034ab5a8e [UI] Allow org members to navigate between the org and the dashboard
- add a new button to the org view that is only shown to the org members
- add integration test to verify the expected navigatability
- add a new translation string to that button
- fix display style of "View <orgname>" button on the dashboard
- fix gap size between buttons on the org view by utilizing the common class top-right-buttons
2024-05-05 23:14:57 +05:00
Earl Warren
434ef46088 Merge pull request 'Update module gitea.com/go-chi/binding to v0.0.0-20240430071103-39a851e106ed' (#3597) from renovate/gitea.com-go-chi-binding-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3597
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-05 12:15:39 +00:00
Earl Warren
308304e4a4 Merge pull request 'Improve repo filter names' (#3612) from 0ko/forgejo:i18n-filters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3612
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-05 12:13:40 +00:00
Kemal Zebari
e388822e9d
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
2024-05-05 12:15:40 +01:00
yp05327
6a4bc0289d
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
wxiaoguang
d93d62371c
Ignore useless error message "broken pipe" (#30801)
Fix #30792

(cherry picked from commit 53b55223d167c3fc996dd0278a656f421408ace7)
2024-05-05 12:15:40 +01:00
Bo-Yi Wu
b29190c4f0
refactor: merge ListActionTasks func to action.go file (#30811)
Just merge actions.go file to action.go

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
(cherry picked from commit e67fbe4f15cdc544f6bec975de6560556724f098)
2024-05-05 12:15:40 +01:00
Archer
1b088fade6
Prevent automatic OAuth grants for public clients (#30790)
This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section 10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 5c542ca94caa3587329167cfe9e949357ca15cf1)
2024-05-05 12:15:40 +01:00
Kemal Zebari
9cd0441cd3
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
silverwind
396f16e7b2
Add hover outline to heatmap squares (#30828)
Makes it easier to use because you see which square is currently
hovered:

<img width="314" alt="Screenshot 2024-05-02 at 15 38 20"
src="https://github.com/go-gitea/gitea/assets/115237/3a15dad1-2259-4f28-9fae-5cf6ad3d8798">

I did try a `scoped` style for this, but that did not work for some
reason.

(cherry picked from commit 6f89d5e3a0886d02ead732005f593ae003f78f78)
2024-05-05 12:15:40 +01:00
silverwind
fb693442f5
Remove external API calls in TestPassword (#30716)
The test had a dependency on `https://api.pwnedpasswords.com` which
caused many failures on CI recently:

```
--- FAIL: TestPassword (2.37s)
    pwn_test.go:41: Get "https://api.pwnedpasswords.com/range/e6b6a": context deadline exceeded (Client.Timeout exceeded while awaiting headers)
FAIL
coverage: 82.9% of statements
```

(cherry picked from commit 9235442ba58524c8d12ae54865d583acfa1f439d)
2024-05-05 12:15:40 +01:00
wxiaoguang
ee97bb17ba
Fix issue card layout (#30800)
Fix #30788

(cherry picked from commit 6ff2acc52c976e9d7bb6a5693f8a2365d12400f5)
2024-05-05 12:15:40 +01:00
wxiaoguang
4e35e5b8ae
Skip gzip for some well-known compressed file types (#30796)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit be112c1fc30f87a248b30f48e891d1c8c18e8280)

Conflicts:
	routers/web/web.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/1533
2024-05-05 12:15:40 +01:00
Kemal Zebari
f0e466420a
Don't have redis-cluster as possible cache/session adapter in docs (#30794)
This is because it doesn't exist as an adapter. The `redis` adapter
already handles Redis cluster configurations.

Fixes #30534.

(cherry picked from commit f135cb7c9457f7b9bdc43601f44757834573950f)

Conflicts:
	docs/content/administration/config-cheat-sheet.en-us.md
	does not exist in Forgejo
2024-05-05 12:15:40 +01:00
Chester
1a40fe54a6
Add API endpoints for getting action jobs status (#26673)
Sample of response, it is similar to Github actions

ref
https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#list-workflow-runs-for-a-repository

``` json
{
    "workflow_runs": [
        {
            "id": 3,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 3,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo2.yaml",
            "url": "/chester/test/actions/runs/3",
            "created_at": "2023-08-22T13:41:33-04:00",
            "updated_at": "2023-08-22T13:41:37-04:00",
            "run_started_at": "2023-08-22T13:41:33-04:00"
        },
        {
            "id": 2,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 2,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/2",
            "created_at": "2023-08-22T13:41:30-04:00",
            "updated_at": "2023-08-22T13:41:33-04:00",
            "run_started_at": "2023-08-22T13:41:30-04:00"
        },
        {
            "id": 1,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "e5369ab054cae79899ba36e45ee82811a6e0acd5",
            "run_number": 1,
            "event": "push",
            "display_title": "Add job",
            "status": "failure",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/1",
            "created_at": "2023-08-22T13:15:21-04:00",
            "updated_at": "2023-08-22T13:18:10-04:00",
            "run_started_at": "2023-08-22T13:15:21-04:00"
        }
    ],
    "total_count": 3
}
```

---------

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit 6709e28da78a0ea7e63f9fe4e32f620abdc88d14)

Conflicts:
	routers/api/v1/swagger/repo.go
	trivial context conflict
2024-05-05 12:15:40 +01:00
Panagiotis "Ivory" Vasilopoulos
d03be77665 UI: Hide hidden email from own profile, again
This is a follow-up for 5e1bd8af5f, which
was my first commit to Gitea. It is also a follow up for the
Gitea PR #29300 (https://github.com/go-gitea/gitea/pull/23900) created
by myself, which turned stale.

This change partially restores the behavior of Gitea PR #23747
(https://github.com/go-gitea/gitea/pull/23747) by wxiaoguang, but
maintains the lock.

The original idea was to differentiate things from GitHub and GitLab a
little bit, and show the email address on the profile. The profile is
not only a place where the user chooses to show how they present
themselves on an instance, it is also a place where they can assess
their relationship *with* the instance, as it provides features such
as the Public Activity feed that can be only shown to the user, in
private.

It's, in some way, a dashboard. The email was shown there to remind
the user that this is the primary email that will be used by a supposed
administrator to contact them. There were other motivations behind that
change as well, but, long story short, the idea did not work very well,
as some people (e.g. people livestreaming on the Internet, or 'normal'
users sharing their screens) do not want to put their email address
out there when showing their screen to other people.

Other alternatives, such as blurring the text or only showing the real
email address, were explored, but were rejected because of
browser compatibility and simplicity reasons. The padlock icon that
is shown when showing the email address to other people has been kept.
One viable alternative could be displaying the placeholder email
instead, but that requires some more thought.

Fixes https://codeberg.org/forgejo/forgejo/issues/1950.
2024-05-05 13:08:31 +02:00
silverwind
9792a377e4
Fix tautological conditions (#30735)
As discovered by https://github.com/go-gitea/gitea/pull/30729.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 610802df85933e7a190a705bc3f7800da87ce868)

Conflicts:
	tests/integration/git_test.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/2834
2024-05-05 08:59:40 +01:00
6543
51b8d964c8
Get repo assignees and reviewers should ignore deactivated users (#30770) (#30782)
Backport  #30770

If an user is deactivated, it should not be in the list of users who are
suggested to be assigned or review-requested.

old assignees or reviewers are not affected.

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit f2d8ccc5bb2df25557cc0d4d23f2cdd029358274)

Conflicts:
	models/repo/user_repo_test.go
	because there is one less fixture user compared to Gitea
2024-05-05 08:53:27 +01:00