Presently, attempting to rename a non-local (e.g. Oauth2 or LDAP) user
results in an error, even if the requester is an administrator. As far
as I can tell, this is a security feature, not architectural in nature,
as automatic account linking could be used to take control of another
user's account. This is not a concern for an administrator, who we
should trust to know what they are doing.
This patch allows admins, and only admins, to rename non-local users.
Fixes https://github.com/go-gitea/gitea/issues/18308 (sort of)
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Permission & protection check:
- Fix Delete Release permission check
- Fix Update Pull Request with rebase branch protection check
- Fix Issue Dependency permission check
- Fix Delete Comment History ID check
Information leaking:
- Show unified message for non-existing user and invalid password
- Fix#35984
- Don't expose release draft to non-writer users.
- Make API returns signature's email address instead of the user
profile's.
Auth & Login:
- Avoid GCM OAuth2 attempt when OAuth2 is disabled
- Fix#35510
---------
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This patch amends https://github.com/go-gitea/gitea/pull/27507.
Since https://github.com/go-gitea/gitea/pull/35072, `selectable` css
class can be used for providing hover effect for tables. This patch let
the wiki page be able to make use of that css class, and we can safely
remove the custom css for this purpose.
Behavior is not changed.
----
Side note: I made this patch locally months ago but completely forget to
submit it as a PR 😂
Consistently use a `star` icon to highlight the default column of a
project.
The icon is both shown while viewing the project, as well as while
changing the default status of this column.
<img width="1065" height="370" alt="image"
src="https://github.com/user-attachments/assets/1ca5773d-8eec-4b90-ad0b-22b1f4bd4cfd"
/>
`GITEA_PR_ID` is already part of the env variables available in the
githooks, but it contains a database ID instead of commonly used index
that is part of `owner/repo!index`
This would allow developers to keep a local file that'd add personal
makefile targets for niche convenience customization without having to
have the git workspace polluted with uncommitted changes.
---------
Signed-off-by: techknowlogick <techknowlogick@gitea.com>
From [docs](https://go.dev/doc/toolchain#config):
> The go line declares the minimum required Go version for using the
module or workspace. For compatibility reasons, if the go line is
omitted from a go.mod file, the module is considered to have an implicit
go 1.16 line, and if the go line is omitted from a go.work file, the
workspace is considered to have an implicit go 1.18 line.
> The toolchain line declares a suggested toolchain to use with the
module or workspace. As described in “[Go toolchain
selection](https://go.dev/doc/toolchain#select)” below, the go command
may run this specific toolchain when operating in that module or
workspace if the default toolchain’s version is less than the suggested
toolchain’s version. If the toolchain line is omitted, the module or
workspace is considered to have an implicit toolchain goV line, where V
is the Go version from the go line.
This is better than setting `go` to the latest version which may break
builds when that go version is unavailable, for example with
`GOTOOLCHAIN=local` in the official go docker images.
Fix#35852, the root problem is that the "name" field is heavily abused
(since #6816, and no way to get a clear fix)
There are still a lot of legacy problems in old code.
Co-authored-by: Giteabot <teabot@gitea.io>
Current template uses the owner followed by the instance URL as the repo
name. Technically this can work if the repo happens to be named the
exact same way. But if, for example, you follow [the
docs](https://docs.gitea.com/usage/packages/arch/#publish-a-package),
you'll end up with a package in `core` while the pacman conf refers to a
non-existent repo `testuser.gitea.example.com`. Whatever is in the
square brackets get substituted in for `$repo`, so we do not want
anything except the exact repo name there.
And since it's now referring to the repo and not the owner, I've updated
the pacman conf to show all repositories.
---------
Co-authored-by: Giteabot <teabot@gitea.io>
`flake-utils` is currently only used for outputting system-specific dev
shells. This can actually be achieved only using functionality already
present within `nixpkgs`, thus there is no need for an extra dependency.
Additionally, we move to use the `packages` and `env` args for `mkShell`
to more clearly outline what they are used for.
---
Further reading:
https://determinate.systems/blog/best-practices-for-nix-at-work/#avoid-flake-helper-libraries-if-possible
As a side note, using `with` to import large scopes is [discouraged by
official Nix
resources](https://nix.dev/guides/best-practices#with-scopes), so an
alternative approach to list installed packages could be something like
this:
```nix
packages =
(builtins.attrValues {
inherit (pkgs)
# generic
git
git-lfs
gnumake
gnused
gnutar
gzip
zip
# frontend
cairo
pixman
pkg-config
# linting
uv
# backend
gofumpt
sqlite
;
inherit
# frontend
nodejs
pnpm
# linting
python3
# backend
go
;
})
++ linuxOnlyInputs;
```
But I saw this as too pedantic to include in the initial PR.
Co-authored-by: 6543 <6543@obermui.de>
https://github.com/golangci/golangci-lint/releases/tag/v2.6.0
- `modernize` linter is enabled, this is the same as `gopls modernize`
- ~~`perfsprint` linter is disabled because it conflicts with
`modernize` (maybe there is a middle ground)~~
- gocritic `deprecatedComment` is disabled as it conflicts with
`go-swagger`
