Backport #34142 by @lunny
Fix the bug when deleting orphaned issues attachments. The attachments
maybe stored on other storages service rather than disk.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #34573 by @raucao
This fixes 3 issues I encountered when debugging problems with our LDAP
sync:
1. The comparison of the hashed image data in `IsUploadAvatarChanged` is
wrong. It seems to be from before avatar hashing was changed and unified
in #22289. This results in the function always returning `true` for any
avatars, even if they weren't changed.
2. Even if there's no avatar to upload (i.e. no avatar available for the
LDAP entry), the upload function would still be called for every single
user, only to then fail, because the data isn't valid. This is
unnecessary.
3. Another small issue is that the comparison function (and thus hashing
of data) is called for every user, even if there is no avatar attribute
configured at all for the LDAP source. Thus, I switched the condition
nesting, so that no cycles are wasted when avatar sync isn't configured
in the first place.
I also added a trace log for when there is actually a new avatar being
uploaded for an existing user, which is now only shown when that is
actually the case.
Co-authored-by: Râu Cao <842+raucao@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #34512 by tclin914
If the message from form.MergeMessageField is empty, we will miss a "\n"
between the title and the "Co-authored-by:" line. The title and message
should have a blank line between of them.
Co-authored-by: Jim Lin <jim@andestech.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #34525 by @MarkusAmshove
closes#34171
Adds a new sort option `recentclose` for issues and pull requests which
will return items in a descending order of when they were closed
Co-authored-by: Markus Amshove <scm@amshove.org>
Backport #34514 by @silverwind
postgres 12 is end of life since 6 months. 13 and above are still
supported but I think it's overall better if we test a more recent
version of postgres because that's what new users will be running on.
Ref: https://endoflife.date/postgresql
Co-authored-by: silverwind <me@silverwind.io>
Backport #34355 by @lunny
The tags synchronization is very slow for a non-mirror repository with
many tags especially forking. This PR make all repositories' tags
synchronization use the same function and remove the low performance
synchronization function. The commit count of tag now will not be stored
into database when syncing. Since the commits count will always be read
from cache or git data, the `NumCommits` in the release table will be
updated for the first read from git data.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #34480 by @ChristopherHX
* previously deleting an already deleted runner returned http 500
* previously any database error for the get endpoint was http 404 and
never 500
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Backport #34449 by @ChristopherHX
* mssql does not support fetching 0 repositories
* remove paging by NumRepos that might be 0
* extend admin api test to purge user 2
Fixes#34448
Co-authored-by: ChristopherHX <christopher.homberger@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #34438 by @silverwind
In the comment editor, there is a bug in Firefox where the scroll
position unexpectedly moves up, which is annoying. This is not
reproducible in Chrome and Safari. To reproduce here are some steps:
- Go into an editable issue
- Scroll page to bottom
- Focus the textarea and press Return many times, causing the textarea
to get a scrollbar
- Scroll page to bottom again
- Press Return once more
- Page should not scroll up.
This fixes the bug by adding a temporary margin, and I verified it works
in all browsers.
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #34412 by wxiaoguang
Fix#34398, fix#33308
Remove all `repo.ComposeCommentMetas` from templates,
only use `repo` to render commit message.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #34370 by @GWDx
Issue: After switching the default branch, other branches are still
compared against the old default branch due to outdated divergence
cache.
Change: Clear the divergence cache in SetRepoDefaultBranch to ensure
correct comparisons against the new default branch.
Fixes#34369
Co-authored-by: GWDx <gwdx@mail.ustc.edu.cn>
Backport #34367 by bytedream
Files that should be stored in LFS and are uploaded/edited from the API
or web UI aren't stored in LFS. This may be a regression from #34154.
Co-authored-by: bytedream <bytedream@protonmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #34334 by @lunny
The `ci.HeadGitRepo` was opened and closed in the function
`ParseCompareInfo` but reused in the function `PrepareCompareDiff`.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #34323 by @tobiasbp
In the Gitea GUI, the user can see the time that _AccessTokens_ and
_PublicKeys_ were last used. This information is not returned by the
_/users/{username}/tokens_ and _/user/keys_ endpoints in the API. This
PR adds the missing data.
The time of last usage for for _tokens_ & _keys_ seem to be stored in
the _Updated_ field of the structs internally. For consistency, I have
used the name _updated_at_ for the new field returned by the _API_.
However, for the _API_ user, I don't think that name reflects the data
returned, as I believe it is the time of last usage. I propose that we
use the name _last_used_at_ instead. Let's hear reviewers opinion on
that.
* PublicKey
1. _last_used_at_: string($date-time)
* AccessToken
1. _created_at_: string($date-time) (for parity with public keys)
2. _last_used_at_: string($date-time)
Fix#34313
Co-authored-by: Tobias Balle-Petersen <tobiasbp@gmail.com>
Backport #34324 by @tobiasbp
If archive downloads are are disabled using
_DISABLE_DOWNLOAD_SOURCE_ARCHIVES_, archive links are still returned by
the API.
This PR changes the data returned, so the fields _zipball_url_ and
_tarball_url_ are omitted if archive downloads have been disabled.
Resolve#32159
Co-authored-by: Tobias Balle-Petersen <tobiasbp@gmail.com>
Fix#34224
The previous implementation in #33744 will get the pushed commits
changed files. But it's not always right when push a merged commit. This
PR reverted the logic in #33744 and will always get the PR's changed
files and get code owners.
Fix#880
Design:
1. A global setting `security.TWO_FACTOR_AUTH`.
* To support org-level config, we need to introduce a better "owner
setting" system first (in the future)
2. A user without 2FA can login and may explore, but can NOT read or
write to any repositories via API/web.
3. Keep things as simple as possible.
* This option only aggressively suggest users to enable their 2FA at the
moment, it does NOT guarantee that users must have 2FA before all other
operations, it should be good enough for real world use cases.
* Some details and tests could be improved in the future since this
change only adds a check and seems won't affect too much.
---------
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* fixes a fixture status to upload confirmed
* add another fixture as noise to break tests as soon they are exposed
to api
* v4 delete test added check that artifact is no longer visible in
internal api with status pending delete
* removal of http 404 on empty list: actions/upload-artifact@v4 now
backoff on http 404 of ListArtifacts endpoint
* fixes artifacts with pending delete etc. are able to be found and
downloaded if the storage is not freed
