mirror of
1
Fork 0
Commit Graph

4632 Commits

Author SHA1 Message Date
yp05327 da993b09ad
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 6a4bc0289d)
2024-05-07 08:21:38 +01:00
Kemal Zebari 6ae15bc15e
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
(cherry picked from commit e388822e9d)
2024-05-07 08:17:35 +01:00
Giteabot f30c648037
Ignore useless error message "broken pipe" (#30801) (#30842)
Backport #30801 by wxiaoguang

Fix #30792

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit ab2ef1ae49bc5e81d0debac85aee687a64fde8b3)
2024-05-07 08:15:36 +01:00
Giteabot 248a5b8d7a
Prevent automatic OAuth grants for public clients (#30790) (#30836)
Backport #30790 by archer-321

This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section
10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: Archer <archer@beezig.eu>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 6d83f5eddc0f394f6386e80b86a3221f6f4925ff)
2024-05-07 08:14:22 +01:00
Kemal Zebari 5678e9ab20
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
(cherry picked from commit 9cd0441cd3)
2024-05-07 08:12:34 +01:00
JakobDev d449fcff0a Show repo count in blocked users tab (#3601)
Fixes #3595

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3601
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit d50efa626a)
2024-05-02 17:10:06 +00:00
Earl Warren ad0b97c7c2 Merge pull request '[v1.22/gitea] week 2024-18 cherry pick v7.0 (take 2)' (#3580) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3580
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-05-01 12:36:57 +00:00
Gergely Nagy 6f35a5ab90
Fix Issue watching / unwatching on the web ui
When subscribing or unsubscribing to/from an issue on the web ui, the
request was posted to a route handled by `repo.IssueWatch`. This
function used `ctx.Req.PostForm.Get()`, erroneously.

`request.PostForm` is *only* available if `request.ParseForm()` has been
called before it. The function in question did not do that. Under some
circumstances, something, somewhere did end up calling `ParseForm()`,
but not in every scenario.

Since we do not need to check for multiple values, the easiest fix here
is to use `ctx.Req.PostFormValue`, which will call `ParseForm()` if
necessary.

Fixes #3516.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 13:32:39 +02:00
wxiaoguang 78517f80bb
Fix nil dereference on error (#30740) (#30746)
Backport #30740 manually

Co-authored-by: Chongyi Zheng <git@zcy.dev>
(cherry picked from commit d07019f539c475466748fbf730d7f270a92fdb8b)
2024-05-01 08:14:16 +02:00
Beowulf 135764f244 Show repo activities even if only code unit active or git repo is empty but issue is active (#3455)
When all repository units are deactivated except for the code unit, the activity tab will not be shown.
Since the activities tab also shows contributing stats, it would be good to show the activities tab also when only code is active.
This commit changes the behavior when the activities tab is shown.
Previous it would only be shown when Issues, Pull-Requests or Releases are activated. Now it would additionally be shown when the code unit is activated.

Refs: #3429

| Before (Code + Issues - Owner) | Before (Code - Viewer) | After (Code + Issues - Owner) | After (Code - Viewer) |
| -- | -- | -- | -- |
| ![image](/attachments/2af997bc-1f38-48c6-bdf3-cfbd7087b220)  | ![image](/attachments/ef1797f0-5c9a-4a1a-ba82-749f3ab4f403) | ![image](/attachments/fd28a96c-04ca-407e-a70d-d28b393f223d) | ![image](/attachments/2cd0d559-a6de-4ca0-a736-29c5fea81b5a) |
|  | `/activity` returns 404 for everyone | ![image](/attachments/e0e97d8f-48cb-4c16-a505-1fafa46c4b8e)  | - |

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3455
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
(cherry picked from commit c54896ba70)
2024-04-28 13:50:45 +00:00
0ko c7ba51518c s/Gitea/Forgejo in various log messages and comments
(cherry picked from commit 469c214ec8)
2024-04-22 14:41:17 +00:00
Giteabot d802a8c0cf
Fix HEAD method for robots.txt (#30603) (#30605)
Backport #30603 by @wxiaoguang

Fix #30601

```
~$ curl --head localhost:3000/robots.txt
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=0, private, must-revalidate
Content-Length: 5
Content-Type: text/plain; charset=utf-8
Last-Modified: Wed, 19 Jul 2023 04:56:12 GMT
X-Gitea-Debug: RUN_MODE=dev
Date: Fri, 19 Apr 2024 12:59:44 GMT
```

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 7eaf7907d7f71e103baced018e6eeb271085789d)
2024-04-21 18:16:38 +02:00
Giteabot f436cb86d4
Fix branch_protection api shows users/teams who has no readAccess (#30291) (#30544)
Backport #30291 by @edwardzhanged

Add some logic in `convert.ToBranchProtection` to return only the names
associated with readAccess instead of returning all names. This will
ensure consistency in behavior between the frontend and backend.
Fixes: #27694

Co-authored-by: Edward Zhang <45360012+edwardzhanged@users.noreply.github.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wenzhuo.zhang <wenzhuo.zhang@geely.com>
(cherry picked from commit d88958bb99eabc07dead6965e396755e7b6d947f)
2024-04-21 18:10:34 +02:00
Giteabot 9de4bebbf7
Fix empty field `login_name` in API response JSON when creating user (#30511) (#30516)
Backport #30511 by @yp05327

Fix #30508

ps: if `sourceID` is not set, `LoginName` will be ignored

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit f9a025f6a358aa6e34408743a59f5081f397d47c)
2024-04-21 18:07:51 +02:00
Gergely Nagy aacc13fca8 hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Signed-off-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit 8eba631f8d)
2024-04-20 05:58:39 +00:00
Earl Warren 67232bd44e Merge pull request '[backport] gitea#30406: Check the token's owner and repository when registering a runner' (#3262) from algernon/forgejo:backport/3257-to-7.0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3262
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-19 15:41:18 +00:00
Laura Hausmann ee500dacd0 Fix release published actions not triggering for releases created from existing tags
(cherry picked from commit 46977b0f01)
2024-04-16 18:28:53 +00:00
Zettat123 1173663f17
Check the token's owner and repository when registering a runner (#30406)
Fix #30378

(cherry picked from commit 0fe9f93eb4c94d55e43b18b9c3cc6d513a34c0b5)

Conflicts:
	- models/organization/org.go
	- services/repository/delete.go
	- services/user/delete.go
	In all three cases, conflicts were resolved by manually adding
        the lines added by the Gitea patch, keeping the Forgejo code
        surrounding them.
2024-04-16 11:43:08 +02:00
Earl Warren 335abbbc9d Merge pull request '[v1.22/gitea] week 16 cherry pick to v7.0' (#3235) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3235
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-04-16 09:31:46 +00:00
0ko 74bc9e666f [I18N] Improve English locale
- user settings/profile: renamed Description fild of biography to Biography

(cherry picked from commit 3b23633721)
2024-04-15 17:50:01 +00:00
Gusted fe09c8860a [PORT] gitea#30430: Fix rename branch 500 when the target branch is deleted but exist in database
Fix https://github.com/go-gitea/gitea/issues/30428

---

Conflict resolution: trivial and move test to own subtest run directly
after `Normal`.

(cherrypicked commit 9466fec879f4f2c88c7c1e7a5cffba319282ab66)

(cherry picked from commit db39b8f4a7)
2024-04-15 15:52:24 +00:00
Giteabot fb91390b48
Fix network error when open/close organization/individual projects and redirect to project page (#30387) (#30465)
Backport #30387 by @yp05327

Follow #27734

![image](https://github.com/go-gitea/gitea/assets/18380374/02ed6b9a-cbb6-4f49-a54a-ca76a0d052a9)

Updated:
Redirect to project page instead of project list page.

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 3735797b3366c983de5b199a50f4c1015e8cb807)
2024-04-15 16:44:14 +02:00
Giteabot 6ad8ed5da1
Fix missed doer (#30231) (#30343)
Backport #30231 by @lunny

Fix #29879

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit e0b9638191508180a3e5da916550d00c76dd7eaa)
2024-04-15 16:21:45 +02:00
wxiaoguang c5d6cb5b52
Clean up log messages (#30313)
`log.Xxx("%v")` is not ideal, this PR adds necessary context messages.
Remove some unnecessary logs.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 83f83019ef3471b847a300f0821499b3896ec987)

Conflicts:
	- modules/util/util.go
          Conflict resolved by picking `util.Iif` from 654cfd1dfbd3f3f1d94addee50b6fe2b018a49c3
(cherry picked from commit 492d116b2a468991f44d6d37ec33f918ccbe4514)

Conflicts:
	modules/util/util.go
	trivial context conflict as the commit is picked from https://codeberg.org/forgejo/forgejo/pulls/3212
2024-04-15 16:11:14 +02:00
forgejo-backport-action 1b8fd7b17b [v7.0/forgejo] [BUG] Fix code search in explore reporting as git grep even with indexer enabled (#3204)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3173

regression caused in porting #2813 🫣

see https://codeberg.org/forgejo/forgejo/pulls/2688#issuecomment-1692750

Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3204
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-04-14 14:21:31 +00:00
Earl Warren 50822f361e
Do not update PRs based on events that happened before they existed
* Split TestPullRequest out of AddTestPullRequestTask
* A Created field is added to the Issue table
* The Created field is set to the time (with nano resolution) on creation
* Record the nano time repo_module.PushUpdateOptions is created by the hook
* The decision to update a pull request created before a commit was
  pushed is based on the time (with nano resolution) the git hook
  was run and the Created field

It ensures the following happens:

* commit C is pushed
* the git hook queues AddTestPullRequestTask for processing and returns with success
* TestPullRequest is not called yet
* a pull request P with commit C as the head is created
* TestPullRequest runs and ignores P because it was created after the commit was received

When the "created" column is NULL, no verification is done, pull
requests that were created before the column was created in the
database cannot be newer than the latest call to a git hook.

Fixes: https://codeberg.org/forgejo/forgejo/issues/2009
(cherry picked from commit 998a431747)

Conflicts:
	models/forgejo_migrations/migrate.go
	see https://codeberg.org/forgejo/forgejo/pulls/3165#issuecomment-1755941
	services/pull/pull.go
	trivial conflicts
2024-04-12 10:41:19 +02:00
0ko 71efe9b8fc Update checker setting updates
- revert c53f802778
- enable by default on install page
- save checkbox state between form submissions

Resolves https://codeberg.org/forgejo/forgejo/issues/2859

(cherry picked from commit e498069fd5)
2024-04-10 20:55:35 +00:00
Earl Warren 666432d15b Merge pull request '[v1.22/gitea] week 15 cherry pick to v7.0' (#3113) from earl-warren/forgejo:wip-v7.0-gitea-cherry-pick into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3113
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-10 05:00:07 +00:00
oliverpool 01dc275a19 webhook: add admin-hooks tests
(cherry picked from commit 9a94019db4)
2024-04-09 21:57:34 +00:00
oliverpool 660e450e6d webhook: fix admin-hooks new dropdowns
(cherry picked from commit e0b5f2d59b)
2024-04-09 21:57:34 +00:00
Giteabot b310027e55
Remove scheduled action tasks if the repo is archived (#30224) (#30230)
Backport #30224 by @Zettat123

Fix #30220

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 895d2795abe79cc2e87b35d39cb7d09b9234b06d)
2024-04-08 11:41:39 +02:00
Gusted 0af1418e6e [BUG] Fix unblock action
- At some point the unblock button was transformed into being handled by
Javascript, however the endpoint didn't yet respond in JSON.
- Ref: https://codeberg.org/kita/.profile/raw/branch/main/img/G94IqS9.png

(cherry picked from commit a3f1249f0a)
2024-04-07 15:35:31 +00:00
forgejo-backport-action 706a7ad41e [v7.0/forgejo] Fix "view file" button in diff compare view (#3077)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3046

This PR fixes an issue in the diff compare view, where when working on a fork that has not the same name as the upstream repo, the "View file" button links to a wrong, often missing, location.

Demonstration of this issue:
- Visit https://next.forgejo.org/mai-lapyst-test-org/upstream/compare/main...Mai-Lapyst/downstream:mai-lapyst-patch-1.
- Click the "View file" button of the patch.
- Get taken to `4fe947d522/README.md` (which does not exist and returns a 404) instead of `4fe947d522/README.md`. Note the different repository name (`upstream` vs `downstream`).

Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3077
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-04-06 13:24:55 +00:00
forgejo-backport-action 5bde9555b1 [v7.0/forgejo] Add optional pronoun field in user settings (#3076)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/1518

An attempt at adding an optional pronoun field for user profiles, as suggested here 3 years ago: https://github.com/go-gitea/gitea/issues/13990

![A Forgejo profile showing pronouns to the right of the user's username](/attachments/2e5ff300-d333-46db-9074-f030f199843c)

I made this for [my own instance](https://git.gay/h) and didn't initially think I'd make a PR because of the previous closed issue, but I thought I'd ask the Forgejo matrix chat to see if there was any support and there was!

I'm told I should make a database migration, some help as to how to do that would be appreciated.

Co-authored-by: hazycora <hazysu@riseup.net>
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3076
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-04-06 13:23:43 +00:00
Earl Warren 1065ee4a60 Merge pull request '[v7.0/forgejo] Fix #3030 add Cache-Control header for health-check' (#3074) from bp-v7.0/forgejo-323d7ad-84f5115-d2ff8f8-b210a3e into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3074
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-06 09:55:19 +00:00
Ada 8ddfd26d97 Add health-check test
(cherry picked from commit 84f5115bd1)
2024-04-06 08:44:23 +00:00
Ada 12c28641ab Remove old proxy backwards compatibility
(cherry picked from commit d2ff8f8720)
2024-04-06 08:44:23 +00:00
Ada 3eab81fdea Fix #3030 add Cache-Control header for health-check
(cherry picked from commit b210a3ebd5)
2024-04-06 08:44:23 +00:00
Michael Kriese 091400b656 feat: improve nuget nuspec api
(cherry picked from commit bc72fd7f46)
2024-04-06 08:32:53 +00:00
oliverpool 4ad42a4e3f [REFACTOR] webhook shared code to prevent import cycles
(cherry picked from commit 04a398a1af)
2024-04-05 19:36:03 +00:00
iminfinity cb0c6b52be add label filters in org/{org_name}/issues
(cherry picked from commit 8d13ed4a8d)
2024-04-04 17:37:56 +00:00
0ko 4ef8b139f2 [GITEA] Apply changes to archived labels
This is a squashed result of conflict resolution for the following commits from Gitea:
- 36de5b299b
- 9a93b1816e
- 712e19fa6f
- 83850cc479

It is lacking CSS rule for archived labels, though.

Changes in this commit are authored by:
- 6543
- delvh
- silverwind

(cherry picked from commit 4b09dd11ec)
2024-04-03 20:14:39 +00:00
oliverpool 585e6137f7 [TESTS] pull review deleted from gitea#29888
Instead of db.TruncateBeans(db.DefaultContext, &issues_model.Review{}), reviews are deleted using issue.DeleteReview

(cherry picked from commit 6b857193ff)
2024-04-03 08:13:14 +00:00
Gusted b4f566fdf5 [BUG] Use correct template for commitmail error
- Use the correct template that was given when there's an error in
retrieving which git identity should be used.
- Remove the error from the exception list.
2024-04-02 14:59:34 +00:00
Aravinth Manivannan e13854c305 fix: respond with JSON Resource Descriptor Content-Type per RFC7033 2024-04-02 09:41:57 +00:00
Gusted 029bcd361a [FEAT] Configure if protected branch rule should apply to admins
- Currently protected branch rules do not apply to admins, however in
some cases (like in the case of Forgejo project) you might also want to
apply these rules to admins to avoid accidental merges.
- Add new option to configure this on a per-rule basis.
- Adds integration tests.
- Resolves #65
2024-04-01 19:31:43 +00:00
Gergely Nagy 923035e418 Highlight signed tags like signed commits
This makes signed tags show a badge in the tag list similar to signed
commits in the commit list, and a more verbose block when viewing a
single tag. Works for both GPG and SSH signed tags.

Fixes #1316.

Work sponsored by @glts.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-01 13:42:11 +00:00
oliverpool 84eeab59af [REFACTOR] add Icon to webhook.Interface 2024-03-31 07:20:19 +00:00
oliverpool 7f03fdf9f9 [REFACTOR] use Icon from interface in webhook list 2024-03-31 07:20:18 +00:00
Kemal Zebari 23676bfea7
Prevent re-review and dismiss review actions on closed and merged PRs (#30065)
Resolves #29965.

---
Manually tested this by:
- Following the
[installation](https://docs.gitea.com/next/installation/install-with-docker#basics)
guide (but built a local Docker image instead)
- Creating 2 users, one who is the `Owner` of a newly-created repository
and the other a `Collaborator`
- Had the `Collaborator` create a PR that the `Owner` reviews
- `Collaborator` resolves conversation and `Owner` merges PR

And with this change we see that we can no longer see re-request review
button for the `Owner`:

<img width="1351" alt="Screenshot 2024-03-25 at 12 39 18 AM"
src="https://github.com/go-gitea/gitea/assets/60799661/bcd9c579-3cf7-474f-a51e-b436fe1a39a4">

(cherry picked from commit 242b331260925e604150346e61329097d5731e77)
2024-03-30 07:17:32 +01:00