1
1
mirror of https://github.com/go-gitea/gitea synced 2024-12-25 01:54:26 +00:00
Commit Graph

4238 Commits

Author SHA1 Message Date
Giteabot
b7c944b9e4
Prevent anonymous container access if RequireSignInView is enabled (#28877) (#28882)
Backport #28877 by @KN4CK3R

Fixes #28875

If `RequireSignInView` is enabled, the ghost user has no access rights.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-01-22 01:44:38 +08:00
Giteabot
8c7bda8755
Fix incorrect PostgreSQL connection string for Unix sockets (#28865) (#28870)
Backport #28865 by @sdvcrx

Fix #28864

Co-authored-by: sdvcrx <memory.silentvoyage@gmail.com>
2024-01-21 16:06:34 +00:00
Giteabot
e3dfb512d6
Warn that DISABLE_QUERY_AUTH_TOKEN is false only if it's explicitly defined (#28783) (#28868)
Backport #28783 by @yardenshoham

So we don't warn on default behavior

- Fixes https://github.com/go-gitea/gitea/issues/28758
- Follows https://github.com/go-gitea/gitea/pull/28390

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2024-01-21 15:21:22 +00:00
Giteabot
0d50f27469
Fix archive creating LFS hooks and breaking pull requests (#28848) (#28851)
Backport #28848 by @brechtvl

When LFS hooks are present in gitea-repositories, operations like git
push for creating a pull request fail. These repositories are not meant
to include LFS files or git push them, that is handled separately. And
so they should not have LFS hooks.

Installing git-lfs on some systems (like Debian Linux) will
automatically set up /etc/gitconfig to create LFS hooks in repositories.
For most git commands in Gitea this is not a problem, either because
they run on a temporary clone or the git command does not create LFS
hooks.

But one case where this happens is git archive for creating repository
archives. To fix that, add a GIT_CONFIG_NOSYSTEM=1 to disable using the
system configuration for that command.

According to a comment, GIT_CONFIG_NOSYSTEM is not used for all git
commands because the system configuration can be intentionally set up
for Gitea to use.

Resolves #19810, #21148

Co-authored-by: Brecht Van Lommel <brecht@blender.org>
2024-01-21 14:43:31 +00:00
Giteabot
8b5c9186a5
Remove duplicated checkinit on git module (#28824) (#28831)
Backport #28824 by @lunny

`checkInit` has been invoked in `InitSimple`. So it's unnecessary to
invoke it twice in `InitFull`.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-17 10:16:33 +00:00
Giteabot
4746291b08
Use refname:strip-2 instead of refname:short when syncing tags (#28797) (#28811)
Backport #28797 by @lunny

Fix #28694 

Generally, `refname:short` should be equal to `refname:lstrip=2` except
`core.warnAmbiguousRefs is used to select the strict abbreviation mode.`

ref:
https://git-scm.com/docs/git-for-each-ref#Documentation/git-for-each-ref.txt-refname

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-16 07:33:33 +00:00
KN4CK3R
022552d5b6
Rework markup link rendering (#26745) (#28803)
Backport #26745
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary>

https://try.gitea.io/KN4CK3R


![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>
2024-01-16 02:13:29 +00:00
Giteabot
cbf366643b
Use correct has error check for internal responses (#28796) (#28798)
Backport #28796 by @wxiaoguang

`resp != nil` doesn't mean the request really succeeded. Add a comment
for requestJSONResp to clarify the behavior.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-01-15 13:13:35 +01:00
Giteabot
df694f6a7d
Fix nil pointer panic when exec some gitea cli command (#28791) (#28795)
Backport #28791 by @yp05327

panic:

![image](https://github.com/go-gitea/gitea/assets/18380374/7fcde2ad-1d42-4b60-b120-3b60a8926e8e)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/49d9f0ca-e590-4a35-8ca2-1317d1b7c939)

Co-authored-by: yp05327 <576951401@qq.com>
2024-01-15 08:05:30 +00:00
Lunny Xiao
6e29242ebb
Fix schedule tasks bugs (#28691) (#28780)
Fix #28157
Backport #28691 

This PR fix the possible bugs about actions schedule.

- Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to
service layer
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when actions unit has been disabled
or global disabled.
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when default branch changed.
2024-01-14 23:54:22 +01:00
Giteabot
9f0c709637
Show description as tooltip instead of title for labels (#28754) (#28766)
Backport #28754 by @delvh

Follow GitHubs behavior of showing the label description as a tooltip
instead of the browser native title.

## Before

![grafik](https://github.com/go-gitea/gitea/assets/51889757/70448327-467b-4bee-b799-40a442a5ce16)


## After

![grafik](https://github.com/go-gitea/gitea/assets/51889757/abe7d700-148b-4cef-a487-6b0f8f20b212)

Co-authored-by: delvh <dev.lh@web.de>
2024-01-12 10:45:07 +08:00
Giteabot
f220f4231a
Add -F to commit search to treat keywords as strings (#28744) (#28748)
Backport #28744 by @me-heer

Fixes #28269

The [default
behavior](https://git-scm.com/docs/git-log#Documentation/git-log.txt---basic-regexp)
of --grep in git log is to interpret the keyword as a regular
expression. This causes the search to fail in the cases where the search
keyword contains a `[`, since `[` is a special character used in grep.

If we want our keywords to be interpreted as 'strings', we should use
[-F
flag](https://git-scm.com/docs/git-log#Documentation/git-log.txt---basic-regexp).

Co-authored-by: Mihir Joshi <mihir67mj@gmail.com>
2024-01-10 21:29:01 +01:00
Giteabot
7f833d8f71
Fix panic when parsing empty pgsql host (#28708) (#28709)
Backport #28708 by wxiaoguang

Regression of #27723
Fix #28705

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-01-06 20:05:49 +08:00
wxiaoguang
83457805bb
Make template DateTime show proper tooltip (#28677) (#28683)
Backport #28677
2024-01-03 18:41:03 +08:00
wxiaoguang
2165729d16
Avoid cycle-redirecting user/login page (#28636) (#28658)
Backport #28636

Fix #28231, and remove some unused code.
2023-12-30 20:50:08 +08:00
wxiaoguang
7a2786ca6c
Refactor CORS handler (#28587) (#28611)
Backport #28587, the only conflict is the test file.

The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098
2023-12-25 21:01:24 +08:00
Giteabot
f096635622
Fix the issue ref rendering for wiki (#28556) (#28559)
Backport #28556 by wxiaoguang

Fix #28526, regression of 
* #26365

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-20 22:51:25 +08:00
Giteabot
411310d698
chore(api): support ignore password if login source type is LDAP for creating user API (#28491) (#28525)
Backport #28491 by @appleboy

- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-19 11:14:06 +08:00
wxiaoguang
a3f403f438
Add option to disable ambiguous unicode characters detection (#28454) (#28499)
Backport #28454 (the only conflict is caused by some comments)

* Close #24483
* Close #28123
* Close #23682
* Close #23149
2023-12-18 12:20:37 +08:00
Giteabot
8ee1ed877b
Initalize stroage for orphaned repository doctor (#28487) (#28490)
Backport #28487 by @earl-warren

- When a repository is orphaned and has objects stored in any of the
storages such as repository avatar or attachments the delete function
would error, because the storage module wasn't initalized.
- Add code to initialize the storage module.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1954

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-12-16 22:06:37 +08:00
Giteabot
f144521aea
Deprecate query string auth tokens (#28390) (#28430)
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 13:45:00 +08:00
Giteabot
1ec622db24
Improve doctor cli behavior (#28422) (#28424)
Backport #28422 by wxiaoguang

1. Do not sort the "checks" slice again and again when "Register", it
just wastes CPU when the Gitea instance runs
2. If a check doesn't exist, tell the end user
3. Add some tests

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-11 16:28:27 +00:00
Giteabot
272ae03341
Make gogit Repository.GetBranchNames consistent (#28348) (#28386)
Backport #28348 by @AdamMajer

nogogit GetBranchNames() lists branches sorted in reverse commit date
order. On the other hand the gogit implementation doesn't apply any
ordering resulting in unpredictable behaviour. In my case, the unit
tests requiring particular order fail

    repo_branch_test.go:24:
                Error Trace:
               ./gitea/modules/git/repo_branch_test.go:24
                Error:          elements differ

                                extra elements in list A:
                                ([]interface {}) (len=1) {
                                 (string) (len=6) "master"
                                }

                                extra elements in list B:
                                ([]interface {}) (len=1) {
                                 (string) (len=7) "branch1"
                                }

                                listA:
                                ([]string) (len=2) {
                                 (string) (len=6) "master",
                                 (string) (len=7) "branch2"
                                }

                                listB:
                                ([]string) (len=2) {
                                 (string) (len=7) "branch1",
                                 (string) (len=7) "branch2"
                                }
                Test:           TestRepository_GetBranches

To fix this, we sort branches based on their commit date in gogit
implementation.

Fixes: #28318

Co-authored-by: Adam Majer <amajer@suse.de>
2023-12-07 13:03:27 -05:00
Giteabot
8f2805f757
Fix incorrect default value of [attachment].MAX_SIZE (#28373) (#28376)
Backport #28373 by @capvor

In the documents, the `[attachment] MAX_SIZE` default value should be 4.

Reference the source code `modules/setting/attachment.go` line 29.

Co-authored-by: capvor <capvor@sina.com>
2023-12-06 19:32:23 +00:00
Giteabot
5eaf91e919
Use filepath instead of path to create SQLite3 database file (#28374) (#28378)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Fix #28300
2023-12-06 11:22:18 -06:00
Giteabot
fef34790bb
Convert git commit summary to valid UTF8. (#28356) (#28358)
Backport #28356 by @darrinsmart

The summary string ends up in the database, and (at least) MySQL &
PostgreSQL require valid UTF8 strings.

Fixes #28178

Co-authored-by: darrinsmart <darrin@djs.to>
Co-authored-by: Darrin Smart <darrin@filmlight.ltd.uk>
2023-12-05 09:19:08 +00:00
Giteabot
e15fe85335
Read previous info from git blame (#28306) (#28310)
Backport #28306 by @KN4CK3R

Fixes #28280

Reads the `previous` info from the `git blame` output instead of
calculating it afterwards.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-12-01 08:27:35 +01:00
wxiaoguang
4f5122a7fe
Ignore "non-existing" errors when getDirectorySize calculates the size (#28276) (#28285)
Backport #28276

The git command may operate the git directory (add/remove) files in any
time.

So when the code iterates the directory, some files may disappear during
the "walk". All "IsNotExist" errors should be ignored.
2023-11-30 16:39:16 +00:00
Giteabot
d2908b2794
Meilisearch: require all query terms to be matched (#28293) (#28296)
Co-authored-by: Brecht Van Lommel <brecht@blender.org>
2023-11-29 09:38:04 -06:00
pitpalme
7cae4dfc00
Fix delete-orphaned-repos (#28200) (#28202)
Backport #28200

gitea doctor failed at checking and fixing 'delete-orphaned-repos',
because table name 'user' needs quoting to be correctly recognized by at
least PostgreSQL.

fixes #28199
2023-11-24 14:54:14 -05:00
Giteabot
23838c2c2e
Make CORS work for oauth2 handlers (#28184) (#28185)
Backport #28184

Fix #25473

Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`,
it never really worked, because it still lacks the "OPTIONS" handler.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-11-23 22:27:00 +08:00
Giteabot
9bfee5014b
Add guide page to actions when there's no workflows (#28145) (#28153)
Backport #28145 by @yp05327

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/599d40c1-9b8d-4189-9286-c9c36fb780dd)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/848a73d1-aaec-478f-93a7-adcc7ee18907)

Co-authored-by: yp05327 <576951401@qq.com>
2023-11-22 02:29:54 +00:00
Giteabot
56bedf2bcc
Change default size of attachments and repo files (#28100) (#28106)
Backport #28100 by @lng2020

https://github.com/go-gitea/gitea/pull/27946 forgets to change them in
code. Sorry about that.

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
2023-11-17 13:30:42 +01:00
Giteabot
f7567f798d
Fix incorrect pgsql conn builder behavior (#28085) (#28098)
Backport #28085 by @wxiaoguang

Fix #28083 and fix the tests

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-11-17 10:45:04 +00:00
Giteabot
2691b345e6
Render email addresses as such if followed by punctuation (#27987) (#27992)
Backport #27987 by @yardenshoham

Added the following characters to the regular expression for the email:

- ,
- ;
- ?
- !

Also added a test case.

- Fixes #27616 

# Before

![image](https://github.com/go-gitea/gitea/assets/20454870/c57eac26-f281-43ef-a51d-9c9a81b63efa)

# After

![image](https://github.com/go-gitea/gitea/assets/20454870/fc7d5c08-4350-4af0-a7f0-d1444d2d75af)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2023-11-11 13:26:18 +08:00
Giteabot
a8e505a44b
Unify two factor check (#27915) (#27929)
Backport #27915 by @KN4CK3R

Fixes #27819

We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-11-06 18:07:22 +00:00
Giteabot
28e3d0b0d3
Remove action runners on user deletion (#27902) (#27908)
Backport #27902 by @earl-warren

- On user deletion, delete action runners that the user has created.
- Add a database consistency check to remove action runners that have
nonexistent belonging owner.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1720

(cherry picked from commit 009ca7223dab054f7f760b7ccae69e745eebfabb)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-05 13:20:00 +00:00
Giteabot
c074af6a6d
refactor postgres connection string building (#27723) (#27869)
Backport #27723 by @mpldr

This patchset changes the connection string builder to use net.URL and
the host/port parser to use the stdlib function for splitting host from
port. It also adds a footnote about a potentially required portnumber
for postgres UNIX sockets.

Fixes: #24552

Co-authored-by: Moritz Poldrack <33086936+mpldr@users.noreply.github.com>
2023-11-01 23:19:02 +00:00
wxiaoguang
6ac2ade97d
Clean up template locale usage (#27856) (#27857)
Backport #27856

The only conflict is `ThemeName` in `500.tmpl`, it has been resolved
manually by keeping using old
`{{.SignedUser.Theme}}{{else}}{{DefaultTheme}}`
2023-10-31 17:35:55 +01:00
Giteabot
18a782f73d
Fix package webhook (#27839) (#27855)
Backport #27839 by @lunny

Fix #23742

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-31 11:26:28 +01:00
Giteabot
25acbfed36
Close all hashed buffers (#27787) (#27790)
Backport #27787 by @KN4CK3R

Add missing `.Close()` calls. The current code does not delete the
temporary files if the data grows over 32mb.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-25 22:24:25 +02:00
Giteabot
cb9e10f971
Fix label render containing invalid HTML (#27752) (#27762)
Backport #27752 by @earl-warren

- The label HTML contained a quote that wasn't being closed.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1651

(cherry picked from commit e2bc2c9a1fff482c49dbeb3a51e4e1c698bf506c)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-10-24 09:39:13 +08:00
6543
aabcf2d7ad
Add doctor dbconsistency fix to delete repos with no owner (#27290) (#27693)
Backport #27290
2023-10-22 02:21:41 +02:00
Giteabot
8885108c42
Improve feed icons and feed merge text color (#27498) (#27716)
Backport #27498 by @silverwind

1. Improve various feed icons
2. Fix merge message color


<img width="763" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/3f5bcb23-6d90-4c63-85f2-46bd7e1c96d6">
<img width="769" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/466c37b4-e2f4-42bb-922d-b86596cdc6d0">


Fixes: https://github.com/go-gitea/gitea/issues/27495
Continues: https://github.com/go-gitea/gitea/pull/27356

Co-authored-by: silverwind <me@silverwind.io>
2023-10-21 12:29:06 +02:00
Giteabot
dab40cd5f4
Support allowed hosts for webhook to work with proxy (#27655) (#27675)
Backport #27655 by @wolfogre

When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-10-18 15:07:52 +02:00
Giteabot
8cf7548a18
Improve retrying index issues (#27554) (#27634)
Backport #27554 by @wolfogre

Fix #27540

Co-authored-by: Jason Song <i@wolfogre.com>
2023-10-16 09:55:53 +08:00
Giteabot
478e7042f5
Increase queue length (#27555) (#27562)
Backport #27555 by @wolfogre

It should be OK to increase the default queue length since the default
type is "level".

IMO, the old default length (100) is a little too small. See
https://github.com/go-gitea/gitea/issues/27540#issuecomment-1754269491

IIRC, a larger length could lead to more memory usage only when the type
is "channel," but it's an obscure case. Otherwise, it's just a limit
(for "level" or "redis").

Co-authored-by: Jason Song <i@wolfogre.com>
2023-10-10 20:22:26 +08:00
Giteabot
8c969cdf9c
Fix environment-to-ini inherited key bug (#27543) (#27546)
Backport #27543 by @wxiaoguang

Fix  #27541

The INI package has a quirk: by default, the keys are inherited.
When maintaining the keys, the newly added sub key should not be
affected by the parent key.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-09 17:46:58 +00:00
Giteabot
fb5ae2ab94
Restore warning commit status (#27504) (#27529)
Backport #27504 by @silverwind

Partial revert of https://github.com/go-gitea/gitea/pull/25839. This
commit status is used by a number of external integrations, so I think
we should not remove it (See
https://github.com/go-gitea/gitea/pull/25839#issuecomment-1729002077).
This is a rare case where an existing migration needed to be alterted to
avoid data loss.

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
2023-10-09 11:56:02 +08:00
Giteabot
aaf35ee49c
Refactor system setting (#27000) (#27452)
Backport #27000 by @wxiaoguang

This PR reduces the complexity of the system setting system.

It only needs one line to introduce a new option, and the option can be
used anywhere out-of-box.

It is still high-performant (and more performant) because the config
values are cached in the config system.


![image](https://github.com/go-gitea/gitea/assets/2114189/f8cdd743-1145-41ab-9f8f-3996aa97d440)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-05 10:37:59 +00:00