mirror of
1
Fork 0
Commit Graph

4321 Commits

Author SHA1 Message Date
Gusted a7e96aae66
[SEC] Notify owner about TOTP enrollment
- In the spirit of #4635
- Notify the owner when their account is getting enrolled into TOTP. The
message is changed according if they have security keys or not.
- Integration test added.
2024-07-26 19:49:22 +02:00
Gusted 4383da91bd
[SECURITY] Notify users about account security changes
- Currently if the password, primary mail, TOTP or security keys are
changed, no notification is made of that and makes compromising an
account a bit easier as it's essentially undetectable until the original
person tries to log in. Although other changes should be made as
well (re-authing before allowing a password change), this should go a
long way of improving the account security in Forgejo.
- Adds a mail notification for password and primary mail changes. For
the primary mail change, a mail notification is sent to the old primary
mail.
- Add a mail notification when TOTP or a security keys is removed, if no
other 2FA method is configured the mail will also contain that 2FA is
no longer needed to log into their account.
- `MakeEmailAddressPrimary` is refactored to the user service package,
as it now involves calling the mailer service.
- Unit tests added.
- Integration tests added.
2024-07-23 18:31:47 +02:00
Earl Warren ded237ee77 Merge pull request '[gitea] week 2024-30 cherry pick (gitea/main -> forgejo)' (#4607) from algernon/wcp/2024-30 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4607
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 16:01:28 +00:00
Gusted 3ba64bd038 Merge pull request 'Reserve the `devtest` username' (#4638) from ikuyo/forgejo:reserve-devtest into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4638
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-23 12:59:16 +00:00
Earl Warren 03b95d20fa Merge pull request 'feat(ui): sort milestones by name by default instead of the due date' (#4625) from gusted/forgejo-gt-27084 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4625
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-23 06:08:24 +00:00
Ikuyo 93d0836241
Reserve devtest username 2024-07-23 08:18:20 +05:00
Rowan Bohde 21fdd28f08
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit 416c36f3034e228a27258b5a8a15eec4e5e426ba)

Conflicts:
	- tests/integration/auth_ldap_test.go
	  Trivial conflict resolved by manually applying the change.
	- routers/web/auth/oauth.go
	  Technically not a conflict, but the original PR removed the
	  modules/util import, which in our version, is still in use. Added it
	  back.
2024-07-22 15:44:13 +02:00
Lunny Xiao 54f2dcff9d
Upgrade xorm to v1.3.9 and improve some migrations Sync (#29899)
Co-authored-by: 6543 <6543@obermui.de>
(cherry picked from commit 0d08bb6112884411eb4f58b056278d3c824a8fc0)
2024-07-22 15:44:13 +02:00
Bartlomiej Komendarczuk 5e8a830505
[PORT] Added default sorting milestones by name (gitea#27084)
Resolves https://github.com/go-gitea/gitea/issues/26996
Added default sorting for milestones by name.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

---

Conflict resolution: trivial, was due to the improvement made to 'the due
date sorting' strings.

(cherry picked from commit e8d4b7a8b198eca3b0bd117efb422d7d7cac93fe)
2024-07-22 14:55:58 +02:00
Emmanuel BENOÎT 320ab7ed7f
feat(cli): allow updates to runners' secrets
This commit allows the `forgejo-cli actions register` command to change
an existing runner's secret, as discussed in #4610.

It refactors `RegisterRunner` to extract the code that hashes the token,
moving this code to a method called `UpdateSecret` on `ActionRunner`.
A test for the method has been added.

The `RegisterRunner` function is updated so that:
- it relies on `ActionRunner.UpdateSecret` when creating new runners,
- it checks whether an existing runner's secret still matches the one
  passed on the command line,
- it updates the runner's secret if it wasn't created and it no longer
  matches.

A test has been added for the new behaviour.
2024-07-22 11:55:43 +02:00
Emmanuel BENOÎT fdb1874ada feat(cli): add `--keep-labels` flag to `forgejo actions register` (#4610)
This commit adds a new flag, `--keep-labels`, to the runner registration CLI command. If this flag is present and the runner being registered already exists, it will prevent the runners' labels from being reset.

In order to accomplish this, the signature of the `RegisterRunner` function from the `models/actions` package has been modified so that the labels argument can be nil. If it is, the part of the function that updates the record will not change the runner.

Various tests have been added for this function, for the following cases: new runner with labels, new runner without label, existing runner with labels, existing runner without labels.

The flag has been added to the CLI command, the action function has been updated to read the labels parameters through a separate function (`getLabels`), and test cases for this function have been added.

<!--
Before submitting a PR, please read the contributing guidelines:
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING.md
-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4610
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Emmanuel BENOÎT <tseeker@nocternity.net>
Co-committed-by: Emmanuel BENOÎT <tseeker@nocternity.net>
2024-07-22 07:33:45 +00:00
Gusted f7dac2c3d9
[BUG] Add early-return to loading items from `SpecList`
- Add an early-return to `LoadSchedules` and `LoadRepos` of the
`SpecList` type, @Beowulf noticed that useless queries were being run
every 30 seconds. These stemmed from these two functions being run even
if there were no scheduled actions.
- No tests were added, because there is zero testing infrastructure or
fixtures for the actions specifications models. I feel these are trivial
enough to not require any tests.
2024-07-20 01:27:11 +02:00
Earl Warren 125e4832e0 Merge pull request 'Update module github.com/go-testfixtures/testfixtures/v3 to v3.12.0 (forgejo)' (#4485) from renovate/forgejo-github.com-go-testfixtures-testfixtures-v3-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4485
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-17 14:07:10 +00:00
Gusted 8a1924b51a [PORT] Use FullName in Emails to address the recipient if possible (gitea#31527) (#4516)
Before we had just the plain mail address as recipient. But now we provide additional Information for the Mail clients.

---
Porting information:

- Two behavior changes are noted with this patch, the display name is now always quoted although in some scenarios unnecessary it's a safety precaution of Go. B encoding is used when certain characters are present as they aren't 'legal' to be used as a display name and Q encoding would still show them and B encoding needs to be used, this is now done by Go's `address.String()`.
- Update and add new unit tests.

Co-authored-by: 6543 <6543@obermui.de>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4516
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2024-07-17 05:13:59 +00:00
Gusted 984d0127f1
Enable multiStatements for MySQL 2024-07-16 23:16:03 +02:00
Gusted 45341ee9ce
[CHORE] Use github.com/ProtonMail/go-crypto
- We were previously using `github.com/keybase/go-crypto`, because the
package for openpgp by Go itself is deprecated and no longer
maintained. This library provided a maintained version of the openpgp
package. However, it hasn't seen any activity for the last five years,
 and I would therefore consider this also unmaintained.
- This patch switches the package to `github.com/ProtonMail/go-crypto`
which provides a maintained version of the openpgp package and was
already being used in the tests.
- Adds unit tests, I've carefully checked the callstacks to ensure the
OpenPGP-related code was covered under either a unit test or integration
tests to avoid regression, as this can easily turn into security
vulnerabilities if a regression happens here.
- Small behavior update, revocations are now checked correctly instead
of checking if they merely exist and the expiry time of a subkey is used
if one is provided (this is just cosmetic and doesn't impact security).
- One more dependency eliminated :D
2024-07-15 17:27:37 +02:00
Earl Warren 84e6f03134 Merge pull request 'Fix CI status link in dashboard' (#4481) from beowulf/fix-ci-status-link-on-dashboard into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4481
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-07-14 17:38:06 +00:00
Gusted 138942c09e
[CHORE] Move test related function to own package
- Go's deadcode eliminator is quite simple, if you put a public function
in a package `aa/bb` that is used only by tests, it would still be built
if package `aa/bb` was imported. This means that if such functions use
libraries relevant only to tests that those libraries would still be
be built and increase the binary size of a Go binary.
- This is also the case with Forgejo, `models/migrations/base/tests.go`
contained functions exclusively used by tests which (skipping some steps
here) imports https://github.com/ClickHouse/clickhouse-go, which is
2MiB. The `code.gitea.io/gitea/models/migrations/base` package is
imported by `cmd/doctor` and thus the code of the clickhouse library is
also built and included in the Forgejo binary, although entirely unused
and not reachable.
- This patch moves the test-related functions to their own package, so
Go's deadcode eliminator knows not to build the test-related functions
and thus reduces the size of the Forgejo binary.
- It is not possible to move this to a `_test.go` file because Go does
not allow importing functions from such files, so any test helper
function must be in a non-test package and file.
- Reduction of size (built with `TAGS="sqlite sqlite_unlock_notify" make
build`):
  - Before: 95912040 bytes (92M)
  - After: 92306888 bytes (89M)
2024-07-14 17:00:49 +02:00
Beowulf 1088c057e0
Fixed link to commit status and tooltip on dashboard
Regression introduced by 5a18b74632
2024-07-14 13:03:03 +02:00
ThetaDev e80f8ff69f fix artifact range requests (#4218)
I noticed that Forgejo does not allow HTTP range requests when downloading artifacts. All other file downloads like releases and packages support them.

So I looked at the code and found that the artifact download endpoint uses a simple io.Copy to serve the file contents instead of using the established `ServeContentByReadSeeker` function which does take range requests into account.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4218
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: ThetaDev <thetadev@magenta.de>
Co-committed-by: ThetaDev <thetadev@magenta.de>
2024-07-10 05:28:01 +00:00
kiatt210 9d1c72ae7c
Fix web notification icon not updated once you read all notifications (#31447)
Fix #29065
Remove status filtering from GetUIDsAndNotificationCounts sql.

---------

Co-authored-by: kiatt210 <kiatt210@github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6a96deb5898745d957ffd7860b2b6821c673e907)
2024-06-29 07:33:37 +02:00
Mai-Lapyst 51735c415b Add support for workflow_dispatch (#3334)
Closes #2797

I'm aware of https://github.com/go-gitea/gitea/pull/28163 exists, but since I had it laying around on my drive and collecting dust, I might as well open a PR for it if anyone wants the feature a bit sooner than waiting for upstream to release it or to be a forgejo "native" implementation.

This PR Contains:
- Support for the `workflow_dispatch` trigger
- Inputs: boolean, string, number, choice

Things still to be done:
- [x] API Endpoint `/api/v1/<org>/<repo>/actions/workflows/<workflow id>/dispatches`
- ~~Fixing some UI bugs I had no time figuring out, like why dropdown/choice inputs's menu's behave weirdly~~ Unrelated visual bug with dropdowns inside dropdowns
- [x] Fix bug where opening the branch selection submits the form
- [x] Limit on inputs to render/process

Things not in this PR:
- Inputs: environment (First need support for environments in forgejo)

Things needed to test this:
- A patch for https://code.forgejo.org/forgejo/runner to actually consider the inputs inside the workflow.
  ~~One possible patch can be seen here: https://code.forgejo.org/Mai-Lapyst/runner/src/branch/support-workflow-inputs~~
  [PR](https://code.forgejo.org/forgejo/runner/pulls/199)

![image](/attachments/2db50c9e-898f-41cb-b698-43edeefd2573)

## Testing

- Checkout PR
- Setup new development runner with [this PR](https://code.forgejo.org/forgejo/runner/pulls/199)
- Create a repo with a workflow (see below)
- Go to the actions tab, select the workflow and see the notice as in the screenshot above
- Use the button + dropdown to run the workflow
  - Try also running it via the api using the `` endpoint
- ...
- Profit!

<details>
<summary>Example workflow</summary>

```yaml
on:
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log Level'
        required: true
        default: 'warning'
        type: choice
        options:
        - info
        - warning
        - debug
      tags:
        description: 'Test scenario tags'
        required: false
        type: boolean
      boolean_default_true:
        description: 'Test scenario tags'
        required: true
        type: boolean
        default: true
      boolean_default_false:
        description: 'Test scenario tags'
        required: false
        type: boolean
        default: false
      number1_default:
        description: 'Number w. default'
        default: '100'
        type: number
      number2:
        description: 'Number w/o. default'
        type: number
      string1_default:
        description: 'String w. default'
        default: 'Hello world'
        type: string
      string2:
        description: 'String w/o. default'
        required: true
        type: string

jobs:
  test:
    runs-on: docker
    steps:
      - uses: actions/checkout@v3
      - run: whoami
      - run: cat /etc/issue
      - run: uname -a
      - run: date
      - run: echo ${{ inputs.logLevel }}
      - run: echo ${{ inputs.tags }}
      - env:
          GITHUB_CONTEXT: ${{ toJson(github) }}
        run: echo "$GITHUB_CONTEXT"
      - run: echo "abc"
```
</details>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3334
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-28 05:17:11 +00:00
Chl 544cbc6f01 Optimization of labels handling in issue_search (#4228)
This PR optimizes the SQL query and de-duplicate the labels' ids when generating the query string, on the issue page.

<hr/>

### Background

Some time ago, BingBot and some other crawlers have been putting my instance on its knees with requests containing a lot of label ids, like this one :

```
[07/Aug/2023:11:28:37 +0200] "GET /Dolibarr/sendrecurringinvoicebymail/issues?q=&type=all&sort=&state=closed&labels=1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c2%2c10%2c2%2c1%2c1%2c10%2c10%2c7%2c6%2c10%2c10%2c3%2c2%2c1%2c5%2c10%2c1%2c6%2c2%2c7%2c3%2c7%2c6%2c10%2c1%2c10%2c1%2c1%2c7%2c7%2c1%2c1%2c1%2c1%2c10%2c10%2c1%2c2%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c1%2c2%2c1%2c12%2c6%2c6%2c10&milestone=0&project=-1&poster=0 HTTP/1.1" 499 0 "-" "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm) Chrome/103.0.5060.134 Safari/537.36"
```

Since each of the label ids implies a join, it grows exponentially expensive for the database engine (at least on PostgreSQL but SQLite suffers a little too).

Thus, this PR proposes two enhancements:

* rewrite the database query to use only one squashed condition,
* deduplicate the label ids when generating the URL.

### Performance comparison

Here are some timings on Postgresql-backed, Forgejo 7.0.4 instances :
```sh
$ time curl -s -o /dev/null "http://localhost:3000/toto/tata/issues?q=&type=all&sort=&labels=19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25&state=open&milestone=0&project=0&assignee=0&poster=0"

real    0m10,491s
user    0m0,017s
sys     0m0,008s
```
...and with the patch:
```sh
$ time curl -s -o /dev/null "http://localhost:3000/toto/tata/issues?q=&type=all&sort=&labels=19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25%2c19%2c25&state=open&milestone=0&project=0&assignee=0&poster=0"

real    0m0,094s
user    0m0,012s
sys     0m0,013s
```

### Annex

This issue was originally proposed to [Gitea](https://github.com/go-gitea/gitea/pull/26460) but didn't get much attention, and I switched to Forgejo in the meantime :)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4228
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Chl <chl@xlii.si>
Co-committed-by: Chl <chl@xlii.si>
2024-06-28 05:11:57 +00:00
Earl Warren 328b5d79d3 Merge pull request '[gitea] week 2024-25 cherry pick (gitea/main -> forgejo)' (#4145) from earl-warren/wcp/2024-25 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4145
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-06-18 07:56:20 +00:00
JakobDev 0233ee0c0d
Run make fmt 2024-06-16 15:59:59 +02:00
6543 3246e83251
Rename repo_model.SearchOrderByMap to repo_model.OrderByMap (#31359)
https://github.com/go-gitea/gitea/pull/30876#discussion_r1637112394
(cherry picked from commit 78e8296e113e2fd9259ec05fe87035427821ea0b)
2024-06-16 13:42:59 +02:00
6543 5d10c3446a
rm const do inline (#31360)
https://github.com/go-gitea/gitea/pull/30876/files#r1637288202
(cherry picked from commit e37ecd17324946d9b2db07ea10d4a9fbb53da20f)
2024-06-16 13:42:59 +02:00
mzroot ff43d02803
Add tag protection via rest api #17862 (#31295)
Add tag protection manage via rest API.

---------

Co-authored-by: Alexander Kogay <kogay.a@citilink.ru>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit d4e4226c3cbfa62a6adf15f4466747468eb208c7)

Conflicts:
	modules/structs/repo_tag.go
	trivial context conflict
	templates/swagger/v1_json.tmpl
	fixed with make generate-swagger
2024-06-16 13:42:59 +02:00
yp05327 b5ea092964
Fix PullRequestList.GetIssueIDs's logic (#31352)
fix a bug from #30490

`prs.GetIssueIDs()` will also be used in other places, e.g.
`InvalidateCodeComments`
so we should not add `if pr.Issue == nil` in it, or if `pr.Issue` is
already loaded, you will not get the issueID in the results list and
this is not an expected result.

So this will caused a bug:
before calling `InvalidateCodeComments`, all `pr.Issues` in `prs` are
loaded, so `issueIDs` in this function will always be `[]`.

![image](https://github.com/go-gitea/gitea/assets/18380374/ef94d9d2-0bf9-455a-abd6-4d5e6497db7c)

(cherry picked from commit e61e9a36b7117bab2cb122a95d606a86527ed45d)
2024-06-16 13:42:58 +02:00
6543 12e23ee199
[Refactor] Unify repo search order by logic (#30876)
have repo OrderBy definitions defined in one place and use a single type
for OrderBy database options

(cherry picked from commit bb04311b0b5b7a28f94c4bc409db1c4a04bcef17)
2024-06-16 13:42:58 +02:00
silverwind d8bc0495de
Enable `unparam` linter (#31277)
Enable [unparam](https://github.com/mvdan/unparam) linter.

Often I could not tell the intention why param is unused, so I put
`//nolint` for those cases like webhook request creation functions never
using `ctx`.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit fc2d75f86d77b022ece848acf2581c14ef21d43b)

Conflicts:
	modules/setting/config_env.go
	modules/storage/azureblob.go
	services/webhook/dingtalk.go
	services/webhook/discord.go
	services/webhook/feishu.go
	services/webhook/matrix.go
	services/webhook/msteams.go
	services/webhook/packagist.go
	services/webhook/slack.go
	services/webhook/telegram.go
	services/webhook/wechatwork.go

	run make lint-go and fix Forgejo specific warnings
2024-06-16 13:42:58 +02:00
JakobDev b9fba8d71f
Fix bug in GetIssueStats 2024-06-13 10:25:26 +02:00
Mai-Lapyst 0a7767eaaa [FEAT] Adds x-mode-only anchor styles to display images based if the theme is light or dark mode. (#3985)
Adds a feature similar to this https://github.blog/changelog/2021-11-24-specify-theme-context-for-images-in-markdown/ , by adding styles to elements which `src` or `href` attribute ends with `#light-mode-only` or `#dark-mode-only`. To improve compability, the github variants with the `gh-` prefix are also contained.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3985
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-06-09 10:50:53 +00:00
Earl Warren d8319b6cc2 Merge pull request 'test(oauth): RFC 6749 Section 10.2 conformance' (#4032) from earl-warren/forgejo:wip-oauth-public into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4032
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-06-06 10:00:37 +00:00
Earl Warren 592469464b
test(oauth): RFC 6749 Section 10.2 conformance
See:

1b088fade6 Prevent automatic OAuth grants for public clients
07fe5a8b13 use existing oauth grant for public client
2024-06-05 17:50:15 +02:00
André Rosenhammer fb7b17d240 Make gitea webhooks openproject compatible (gitea#28435)
This PR adds some fields to the gitea webhook payload that
[openproject](https://www.openproject.org/) expects to exists in order
to process the webhooks.
These fields do exists in Github's webhook payload so adding them makes
Gitea's native webhook more compatible towards Github's.
2024-06-05 15:58:51 +02:00
Earl Warren c2382d4f5b Merge pull request '[gitea] week 2024-23 cherry pick (gitea/main -> forgejo)' (#3989) from earl-warren/wcp/2024-23 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3989
Reviewed-by: Otto <otto@codeberg.org>
2024-06-04 07:40:35 +00:00
Earl Warren 166bb2861f
tests(api): POST /repos/{owner}/{repo}/push_mirrors coverage 2024-06-02 16:31:41 +02:00
Earl Warren 5747951cc7
test(mock): DeletePushMirrors & AddPushMirrorRemote
make them into variables that can be mocked
2024-06-02 16:31:41 +02:00
Lunny Xiao f6e2b79dd8
Fix the possible migration failure on 286 with postgres 16 (#31209)
Try to fix #31205

(cherry picked from commit 98a61040b1c83790b0e0e977188842f967ae357e)
2024-06-02 16:26:54 +02:00
Max Wipfli 737c3e90eb
Only update poster in issue/comment list if it has been loaded (#31216)
Previously, all posters were updated, even if they were not part of
posterMaps. In that case, a ghost user was erroneously inserted.

Fixes #31213.

(cherry picked from commit 3cc7f763c3c22ae4c3b5331f8b72b7009c5b11ea)
2024-06-02 16:26:54 +02:00
Lunny Xiao 47a2102694
Performance improvements for pull request list API (#30490)
Fix #30483

---------

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 352a2cae247afa254241f113c5c22b9351f116b9)
2024-06-02 16:26:54 +02:00
Jason Song 3e5f85ccf3
Drop `IDOrderDesc` for listing Actions task and always order by `id DESC` (#31150)
Close #31066

Just follow what `FindRunOptions` and `FindScheduleOptions` do.

(cherry picked from commit 572fa55fbcc2cb9418b4f7b981a7c80a11899276)
2024-06-02 16:26:54 +02:00
Lunny Xiao 18eef3b23a
Fix branch order (#31174)
Fix #31172

The original order or the default order should not be ignored even if we
have an is_deleted order.

(cherry picked from commit 1137a0357eb1e35a046e86a7277594154d0f6c85)
2024-06-02 16:26:54 +02:00
metiftikci ca0921a95a
Prevent simultaneous editing of comments and issues (#31053)
fixes #22907

Tested:
- [x] issue content edit
- [x] issue content change tasklist
- [x] pull request content edit
- [x] pull request change tasklist

![issue-content-edit](https://github.com/go-gitea/gitea/assets/29250154/a0828889-fb96-4bc4-8600-da92e3205812)

(cherry picked from commit aa92b13164e84c26be91153b6022220ce0a27720)

Conflicts:
	models/issues/comment.go
	 c7a389f2b2 [FEAT] allow setting the update date on issues and comments

	options/locale/locale_en-US.ini
	 trivial context conflicts

	routers/api/v1/repo/issue_comment.go
	routers/api/v1/repo/issue_comment_attachment.go
	services/issue/comments.go
	services/issue/content.go
         user blocking is implemented differently in Forgejo

	routers/web/repo/issue.go
	 trivial difference from 6a0750177f Allow to save empty comment
         user blocking is implemented differently in Forgejo

	templates/repo/issue/view_content/conversation.tmpl
	 templates changed a lot in Forgejo but the change is
	 trivially ported

	tests/integration/issue_test.go
	 other tests were added in the same region

	web_src/js/features/repo-issue-edit.js
	 the code is still web_src/js/features/repo-legacy.js
	 trivially ported
2024-06-02 16:26:54 +02:00
Lunny Xiao a7591f9738
Rename project board -> column to make the UI less confusing (#30170)
This PR split the `Board` into two parts. One is the struct has been
renamed to `Column` and the second we have a `Template Type`.

But to make it easier to review, this PR will not change the database
schemas, they are just renames. The database schema changes could be in
future PRs.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 98751108b11dc748cc99230ca0fc1acfdf2c8929)

Conflicts:
	docs/content/administration/config-cheat-sheet.en-us.md
	docs/content/index.en-us.md
	docs/content/installation/comparison.en-us.md
	docs/content/usage/permissions.en-us.md
	non existent files

	options/locale/locale_en-US.ini
	routers/web/web.go
	templates/repo/header.tmpl
	templates/repo/settings/options.tmpl
	trivial context conflicts
2024-06-02 09:42:39 +02:00
Michael Jerger 2f7f1aab8a fix review 2024-05-29 18:31:06 +02:00
Michael Jerger 5620dd76fa Merge branch 'forgejo' into forgejo-federated-pr5 2024-05-29 18:26:16 +02:00
Lunny Xiao 7d7ea45465
Fix automerge will not work because of some events haven't been triggered (#30780)
Replace #25741
Close #24445
Close #30658
Close #20646
~Depends on #30805~

Since #25741 has been rewritten totally, to make the contribution
easier, I will continue the work in this PR. Thanks @6543

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit c6cf96d31d80ab79d370a6192fd761b4443daec2)

Conflicts:
	tests/integration/editor_test.go
	trivial context conflict because of 75ce1e2ac1 [GITEA] Allow user to select email for file operations in Web UI
	tests/integration/pull_merge_test.go
	trivial context conflicts in imports because more tests were added in Forgejo
2024-05-26 19:01:36 +02:00
wxiaoguang 5612cf32e5
Refactor sha1 and time-limited code (#31023)
Remove "EncodeSha1", it shouldn't be used as a general purpose hasher
(just like we have removed "EncodeMD5" in #28622)

Rewrite the "time-limited code" related code and write better tests, the
old code doesn't seem quite right.

(cherry picked from commit fb1ad920b769799aa1287441289d15477d9878c5)

Conflicts:
	modules/git/utils_test.go
	trivial context conflict because sha256 testing in Forgejo has diverged
2024-05-26 18:43:30 +02:00
wxiaoguang f6e50abd65
Fix data-race during testing (#30999)
Fix #30992

(cherry picked from commit 47accfebbd69e5f47d1b97a3e39cf181fab7e597)

Conflicts:
	models/unit/unit.go
	trivial context conflict because of
	e07b0e75ff Add a direct link from repo header to unit settings
2024-05-26 18:28:26 +02:00
Michael Jerger 82cb9e0203 ui for adding following repos 2024-05-24 13:28:15 +02:00
oliverpool bb165fadf6 test: check hook_task deletion
move test to integration to ensure Sqlite + MySQL testing
2024-05-24 10:31:41 +02:00
Earl Warren d8e21e673d Merge pull request 'Creation of federated user' (#3792) from meissa/forgejo:forgejo-federated-pr3 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3792
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-22 11:11:42 +00:00
Earl Warren 74e07656d2 Merge pull request '[gitea] week 2024-21 cherry pick (gitea/main -> forgejo)' (#3838) from algernon/wcp/2024-21 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3838
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-21 08:05:01 +00:00
Gergely Nagy d6915f4d5f
badges: Relax the default workflow badge conditions
Previously, if no branch was explicitly specified for a workflow, it
defaulted to the default branch of the repo. This worked fine for
workflows that were triggered on push, but it prevented showing badges
for workflows that only run on tags, or on schedule - since they do not
run on a specific branch.

Thus, relax the conditions, and if no branch is specified, just return
the latest run of the given workflow. If one is specified, *then*
restrict it to said branch.

Fixes #3487.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-20 11:20:11 +02:00
KN4CK3R 597dcd864a
Protected tag is no internal server error (#30962)
Fixes #30959

Adds an API test for protected tags.
Fix existing tag in combination with fixtures.

(cherry picked from commit b1d8f13bd0ecd9c576ebf2ecbd9c7dbeb3f5254f)
2024-05-19 13:12:35 +02:00
Emmanuel BENOÎT 0801518f5d fix(actions): prevent deleted records' UUID from colliding with new records (#3830)
This commit changes the code that deletes a runner so it updates the UUID before deleting the record. The new UUID is set to 8 0xff bytes followed by a little endian version of the record's numeric ID. Such UUIDs cannot be created from tokens when registering runners, as the first 16 bytes of the token are in the `[0-9a-f]` range. This should prevent deleted runners from colliding with new records if the tokens share the same first 16 characters.

It is a possible solution to issue #3828

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3830
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Emmanuel BENOÎT <tseeker@nocternity.net>
Co-committed-by: Emmanuel BENOÎT <tseeker@nocternity.net>
2024-05-19 10:46:15 +00:00
Michael Jerger 5ce359b14e rename fkt name 2024-05-17 08:15:51 +02:00
Michael Jerger b2c3eb1644 add migration & enhance int-test 2024-05-16 18:25:16 +02:00
Michael Jerger 1c7a9b00be initial 2024-05-16 08:15:43 +02:00
oliverpool 5e73c67d67 fix: hook post-receive for sha256 repos 2024-05-15 16:43:16 +02:00
Earl Warren 77092c7a0c Merge pull request 'Federation: Parse ActorId & cache FederationHost' (#3662) from meissa/forgejo:forgejo-federated-parse-actorId into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3662
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 22:42:02 +00:00
Michael Jerger fc38e56373 enhance test & fix reviews 2024-05-14 08:24:31 +02:00
Lunny Xiao 32c97efab4
Remove If Exist check on migration for mssql because that syntax required SQL server 2016 (#30894)
Fix #30872

We will assume the database is consistent before executing the
migration. So the indexes should exist. Removing `IF EXIST` then is safe
enough.

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 40de54ece82356b161cdb9cc224ed9004af8ae5d)

Conflicts:
	models/migrations/v1_22/v286.go
	MSSQL is not supported in Forgejo
2024-05-12 20:03:10 +02:00
Lunny Xiao 7d3ca90dfe
Fix various problems around projects board view (#30696)
The previous implementation will start multiple POST requests from the
frontend when moving a column and another bug is moving the default
column will never be remembered in fact.

- [x] This PR will allow the default column to move to a non-first
position
- [x] And it also uses one request instead of multiple requests when
moving the columns
- [x] Use a star instead of a pin as the icon for setting the default
column action
- [x] Inserted new column will be append to the end
- [x] Fix #30701 the newly added issue will be append to the end of the
default column
- [x] Fix when deleting a column, all issues in it will be displayed
from UI but database records exist.
- [x] Add a limitation for columns in a project to 20. So the sorting
will not be overflow because it's int8.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a303c973e0264dab45a787c4afa200e183e0d953)

Conflicts:
	routers/web/web.go
	e91733468ef726fc9365aa4820cdd5f2ddfdaa23 Add missing database transaction for new issue (#29490) was not cherry-picked
	services/issue/issue.go
	fe6792dff3 Enable/disable owner and repo projects independently (#28805) was not cherry-picked
2024-05-12 20:03:10 +02:00
6543 eb4c6f3f09
Get repo list with OrderBy alpha should respect owner too (#30784)
instead of:
- zowner/gcode
- awesome/nul
- zowner/nul
- zowner/zzz

we will get:
- awesome/nul
- zowner/gcode
- zowner/nul
- zowner/zzz

(cherry picked from commit 8e8ca6c6530e49e39f970bdfa84716ffda8973d0)
2024-05-12 20:03:10 +02:00
Gergely Nagy 9cb2aa989a
Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-09 18:33:33 +02:00
Yaroslav Halchenko 2b2fd2728c Add codespell support and fix a good number of typos with its help (#3270)
More about codespell: https://github.com/codespell-project/codespell .

I personally introduced it to dozens if not hundreds of projects already and so far only positive feedback.

```
❯ grep lint-spell Makefile
	@echo " - lint-spell                       lint spelling"
	@echo " - lint-spell-fix                   lint spelling and fix issues"
lint: lint-frontend lint-backend lint-spell
lint-fix: lint-frontend-fix lint-backend-fix lint-spell-fix
.PHONY: lint-spell
lint-spell: lint-codespell
.PHONY: lint-spell-fix
lint-spell-fix: lint-codespell-fix
❯ git grep lint- -- .forgejo/
.forgejo/workflows/testing.yml:      - run: make --always-make -j$(nproc) lint-backend checks-backend # ensure the "go-licenses" make target runs
.forgejo/workflows/testing.yml:      - run: make lint-frontend
```
so how would you like me to invoke `lint-codespell` on CI? (without that would be IMHO very suboptimal and let typos sneak in)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3270
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-05-09 13:49:37 +00:00
Michael Jerger 1a76664d56 next step on the way to federation 2024-05-07 17:58:13 +02:00
yp05327 6a4bc0289d
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
6543 51b8d964c8
Get repo assignees and reviewers should ignore deactivated users (#30770) (#30782)
Backport  #30770

If an user is deactivated, it should not be in the list of users who are
suggested to be assigned or review-requested.

old assignees or reviewers are not affected.

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit f2d8ccc5bb2df25557cc0d4d23f2cdd029358274)

Conflicts:
	models/repo/user_repo_test.go
	because there is one less fixture user compared to Gitea
2024-05-05 08:53:27 +01:00
Zettat123 60e5825579
Fix duplicate status check contexts (#30660)
Caused by #30076.

There may be some duplicate status check contexts when setting status
checks for a branch protection rule. The duplicate contexts should be
removed.

Before:
<img
src="https://github.com/go-gitea/gitea/assets/15528715/97f4de2d-4868-47a3-8a99-5a180f9ac0a3"
width="600px" />

After:
<img
src="https://github.com/go-gitea/gitea/assets/15528715/ff7289c5-9793-4090-ba31-e8cb3c85f8a3"
width="600px" />

(cherry picked from commit 7ad50313284db7eec565ad1750108de1444c5a84)
2024-05-05 08:48:45 +01:00
Chongyi Zheng c504461b66
Resolve lint for unused parameter and unnecessary type arguments (#30750)
Resolve all cases for `unused parameter` and `unnecessary type
arguments`

Related: #30729

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit e80466f7349164ce4cf3c07bdac30d736d20f035)

Conflicts:
	modules/markup/markdown/transform_codespan.go
	modules/setting/incoming_email.go
	routers/api/v1/admin/user_badge.go
	routers/private/hook_pre_receive.go
	tests/integration/repo_search_test.go
	resolved by discarding the change, this is linting only and
	for the sake of avoiding future conflicts
2024-05-05 08:38:16 +01:00
Gergely Nagy 0d029ebe6d
Fix git_model.FindBranchesByRepoAndBranchName
When a logged in user with no repositories visits their dashboard, it will
display a search box that lists their own repositories.

This is served by the `repo.SearchRepos` handler, which in turn calls
`commitstatus_service.FindReposLastestCommitStatuses()` with an empty
repo list.

That, in turn, will call `git_model.FindBranchesByRepoAndBranchName()`,
with an empty map. With no map, `FindBranchesByRepoAndBranchName()` ends
up querying the entire `branch` table, because no conditions were set
up.

Armed with a gazillion repo & commit shas, we return to
`FindReposLastestCommitStatuses`, and promptly call
`git_model.GetLatestCommitStatusForPairs`, which constructs a monstrous
query with so many placeholders that the database tells us to go
somewhere else, and flips us off. At least on instances the size of
Codeberg. On smaller instances, it will eventually return, and throw
away all the data, and return an empty set, having performed all this
for naught.

We fix this by short-circuiting `FindBranchesByRepoAndBranchName`, and
returning fast if our inputs are empty.

A test case is included.

Fixes #3521.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 00:34:39 +02:00
oliverpool 79380c209d test: webhook fix branch filter tests 2024-04-30 09:38:35 +02:00
Chongyi Zheng 781789e779
Replace deprecated `math/rand` functions (#30733)
Suggested by logs in #30729

- Remove `math/rand.Seed`
`rand.Seed is deprecated: As of Go 1.20 there is no reason to call Seed
with a random value.`
- Replace `math/rand.Read`
`rand.Read is deprecated: For almost all use cases, [crypto/rand.Read]
is more appropriate.`
- Replace `math/rand` with `math/rand/v2`, which is available since Go
1.22

(cherry picked from commit 7b8e418da1e082786b844562a05864ec1177ce97)
2024-04-28 15:39:02 +02:00
wxiaoguang 2d2c18f0bd
Rename migration package name for 1.22-rc1 (#30730)
Ref: Propose to restart 1.22 release #30501
(cherry picked from commit 6d2a307ad8af7d686f1c3a3706ff0f2df895658a)

Conflicts:
	models/migrations/migrations.go
	models/migrations/v1_22/v297.go
	trivial conflict because a migration does not exist in Forgejo
2024-04-28 15:39:01 +02:00
Lunny Xiao 931ca18340
Fix some bug on migrations (#30647)
Fix https://github.com/go-gitea/gitea/pull/23894#discussion_r1573718690

(cherry picked from commit 2ad9ef4984f0b68ef38241fd6b557d8427d851d8)

Conflicts:
	models/migrations/v1_16/v210.go
	models/migrations/v1_22/v286.go
	trivial conflicts because MSSQL is no longer supported
2024-04-28 15:39:01 +02:00
sillyguodong 561a7cf520
Interpolate runs-on with variables when scheduling tasks (#30640)
Follow #29468
1. Interpolate runs-on with variables when scheduling tasks.
2. The `GetVariablesOfRun` function will check if the `Repo` of the run
is nil.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 2f6b1c46a1a4a90f56ca0f3ad7840e8e70daeab5)

Conflicts:
	services/actions/schedule_tasks.go
	trivial conflict because of 'Add vars context to cron jobs (#3059)'
2024-04-28 15:39:00 +02:00
Zettat123 168cb758ec
Add a db consistency check to remove runners that do not belong to a repository (#30614)
Follow #30406

(cherry picked from commit 30dd4beeee631860c7dd393c341e9955997095a4)
2024-04-28 15:39:00 +02:00
Lunny Xiao 4f73382e95
Fix wrong table name (#30557)
The table name should be `oauth2_application` but `o_auth2_application`

Caused by
https://github.com/go-gitea/gitea/pull/21316/files#diff-9610efbc608a41f1f2eaff5790423f0a187906f6ff0beb23a5e8d18366cc2ccfR38

(cherry picked from commit e94864e86c43f435af7e1fc3c4831a4cc0a3e981)

Conflicts:
	models/migrations/migrations.go
	trivial context conflict because
	Allow everyone to read or write a wiki by a repo unit setting (#30495)
        was skipped.
2024-04-28 15:39:00 +02:00
wxiaoguang b9891088ad
Allow everyone to read or write a wiki by a repo unit setting (#30495)
Replace #6312
Help #5833
Wiki solution for #639

(cherry picked from commit 3feba9f1f44156c256a30d25ad1c25f751819c94)

Conflicts:
  Trash everything, just keep the migration placeholder to ensure the Gitea
  sequence is preserved. The Wiki edition is implemented differently.
2024-04-28 15:39:00 +02:00
silverwind 12b199c5e5
Enable more `revive` linter rules (#30608)
Noteable additions:

- `redefines-builtin-id` forbid variable names that shadow go builtins
- `empty-lines` remove unnecessary empty lines that `gofumpt` does not
remove for some reason
- `superfluous-else` eliminate more superfluous `else` branches

Rules are also sorted alphabetically and I cleaned up various parts of
`.golangci.yml`.

(cherry picked from commit 74f0c84fa4245a20ce6fb87dac1faf2aeeded2a2)

Conflicts:
	.golangci.yml
	apply the linter recommendations to Forgejo code as well
2024-04-28 15:39:00 +02:00
Cheng 2ec0c5e284
chore: use errors.New to replace fmt.Errorf with no parameters will much better (#30621)
use errors.New to replace fmt.Errorf with no parameters will much better

(cherry picked from commit 9de443ced2c328d9b58a5e144a765f402aab859d)
2024-04-28 15:39:00 +02:00
Earl Warren d6c36ec406 Merge pull request 'Drop Gitea-specific columns from two tables' (#3475) from algernon/forgejo:wiki-branch-wars-episode-iii-a-new-migration into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3475
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-26 10:21:28 +00:00
oliverpool 20350846fc Merge pull request 'fix: git.ComputeHash did not write the content' (#3466) from oliverpool/forgejo:fix_compute_hash into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3466
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-26 10:15:23 +00:00
Gergely Nagy 2bc226eb57
Drop Gitea-specific columns from two tables
Gitea and Forgejo chose to implement wiki branch naming differently, but
Forgejo picked the Gitea migration anyway, resulting in an unused column
in the database, which wasn't part of the `Repository` struct either -
something warned about during startup, too.

Similarly, Forgejo chose not to implement User badges at all - but kept
the existing code for it -, and the `badge` table ended up with an
unused `slug` column due to a Gitea migration, and resulted in another
warning at startup.

To keep the database consistent with the code, and to get rid of these
warnings, lets introduce a new migration, which simply drops these
Gitea-specific columns from the database.

Fixes #3463.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-26 10:34:06 +02:00
oliverpool 3dfa5ba43a test: LFS gc should not delete all metadata objects
and ComputeBlobHash should depend on the blob content (not only the
length)
2024-04-26 10:16:59 +02:00
Earl Warren 7cabc5670d
Implement remote user login source and promotion to regular user
A remote user (UserTypeRemoteUser) is a placeholder that can be
promoted to a regular user (UserTypeIndividual). It represents users
that exist somewhere else. Although the UserTypeRemoteUser already
exists in Forgejo, it is neither used or documented.

A new login type / source (Remote) is introduced and set to be the login type
of remote users.

Type        UserTypeRemoteUser
LogingType  Remote

The association between a remote user and its counterpart in another
environment (for instance another forge) is via the OAuth2 login
source:

LoginName   set to the unique identifier relative to the login source
LoginSource set to the identifier of the remote source

For instance when migrating from GitLab.com, a user can be created as
if it was authenticated using GitLab.com as an OAuth2 authentication
source.

When a user authenticates to Forejo from the same authentication
source and the identifier match, the remote user is promoted to a
regular user. For instance if 43 is the ID of the GitLab.com OAuth2
login source, 88 is the ID of the Remote loging source, and 48323
is the identifier of the foo user:

Type        UserTypeRemoteUser
LogingType  Remote
LoginName   48323
LoginSource 88
Email       (empty)
Name        foo

Will be promoted to the following when the user foo authenticates to
the Forgejo instance using GitLab.com as an OAuth2 provider. All users
with a LoginType of Remote and a LoginName of 48323 are examined. If
the LoginSource has a provider name that matches the provider name of
GitLab.com (usually just "gitlab"), it is a match and can be promoted.

The email is obtained via the OAuth2 provider and the user set to:

Type        UserTypeIndividual
LogingType  OAuth2
LoginName   48323
LoginSource 43
Email       foo@example.com
Name        foo

Note: the Remote login source is an indirection to the actual login
source, i.e. the provider string my be set to a login source that does
not exist yet.
2024-04-25 13:03:49 +02:00
JakobDev 1bce2dc5c5 [FEAT]Add Option to hide Release Archive links (#3139)
This adds a new options to releases to hide the links to the automatically generated archives. This is useful, when the automatically generated Archives are broken e.g. because of Submodules.

![grafik](/attachments/5686edf6-f318-4175-8459-89c33973b181)
![grafik](/attachments/74a8bf92-2abb-47a0-876d-d41024770d0b)

Note:
This juts hides the Archives from the UI. Users can still download 5the Archive if they know t correct URL.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3139
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-04-24 15:15:55 +00:00
Gergely Nagy 9b85f97835
Fix user search paging
When searching for users, page the results by default, and respect the
default paging limits.

This makes queries like '/api/v1/users/search?limit=1' actually work.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-23 00:06:05 +02:00
Earl Warren b63b224c36 Merge pull request '[gitea] week 2024-17 cherry pick (gitea/main -> forgejo)' (#3350) from algernon/wcp/2024-17 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3350
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-22 18:48:13 +00:00
0ko 469c214ec8 s/Gitea/Forgejo in various log messages and comments 2024-04-21 21:26:15 +05:00
KN4CK3R 27f459b63b
Fix package list performance (#30520)
Fixes #28255

The new query uses the id field to sort by "newer". This most not be
correct (usually it is) but it's faster (see #28255).
If someone has a better idea, please propose changes.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit b06aac40e6552b0ce1f7b8a92c977fcc27566f68)
2024-04-21 16:28:16 +02:00
Lunny Xiao 77c4a5e95b
Reduce unnecessary database queries on actions table (#30509)
(cherry picked from commit 6f7d70fb3d2624507c3ccd5640f6d1837259c27d)
2024-04-21 12:07:30 +02:00
wxiaoguang b122c6ef8b
Improve "must-change-password" logic and document (#30472)
Unify the behaviors of "user create" and "user change-password".

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 4c6e2da088cf092a9790df5c84b7b338508fede7)

Conflicts:
	- cmd/admin_user_create.go
          Resolved by favoring Gitea's version of the conflicting areas.
	- docs/content/administration/command-line.en-us.md
          Removed, Gitea specific.
2024-04-21 11:29:08 +02:00
Earl Warren e4aa7bd511 Merge pull request 'webhook: improve UX for sourcehut and matrix' (#3156) from oliverpool/forgejo:webhook_sourcehut_polish into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3156
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 06:39:54 +00:00
oliverpool df042909bb Merge pull request '[Port] container.FilterSlice function (gitea#30339 & gitea#30370)' (#3264) from oliverpool/forgejo:port_30339 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3264
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-16 13:12:11 +00:00
Lunny Xiao c0d22d55c9
Fix commitstatus summary (#30431)
The target_url is necessary for the UI, but missed in
commit_status_summary table. This PR fix it.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-16 12:01:27 +02:00