21643 commits

This branch

This branch

All branches

Author	SHA1	Message	Date
angelnu	1b9d1240eb	add test	2024-11-16 18:12:40 +01:00
angelnu	d2dc4fae3a	review changes	2024-11-16 18:12:40 +01:00
angelnu	e434ecdaca	check IsCommitExist	2024-11-16 18:12:40 +01:00
Earl Warren	569a67327c	Merge pull request 'bug: correctly generate oauth2 jwt signing key' (#5986) from gusted/improve-oauth2-jwt into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5986 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>	2024-11-16 17:04:31 +00:00
Gusted	146824badc	Merge pull request 'feat: improve GetLatestCommitStatusForPairs' (#5983) from gusted/improve-commit-pairs into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5983 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Reviewed-by: Otto <otto@codeberg.org>	2024-11-16 15:54:40 +00:00
Earl Warren	eaa66f85f6	Merge pull request '[gitea] week 2024-46 cherry pick (gitea/main -> forgejo)' (#5988) from earl-warren/wcp/2024-46 into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5988 Reviewed-by: Gusted <gusted@noreply.codeberg.org>	2024-11-16 15:49:01 +00:00
Earl Warren	969a6ab24a	chore(release-notes): notes for the week 2024-46 weekly cherry pick	2024-11-16 15:25:37 +01:00
Gusted	7d59060dc6	bug: correctly generate oauth2 jwt signing key ... - When RS256, RS384, ES384, ES512 was specified as the JWT signing algorithm they would generate RS512 and ES256 respectively. - Added unit test.	2024-11-16 15:17:19 +01:00
silverwind	308812a82e	Fix mermaid diagram height when initially hidden (#32457) ... In a hidden iframe, `document.body.clientHeight` is not reliable. Use `IntersectionObserver` to detect the visibility change and update the height there. Fixes: https://github.com/go-gitea/gitea/issues/32392 <img width="885" alt="image" src="https://github.com/user-attachments/assets/a95ef6aa-27e7-443f-9d06-400ef27919ae"> (cherry picked from commit b55a31eb6a894feb5508e350ff5e9548b2531bd6)	2024-11-16 15:12:25 +01:00
Zettat123	fc26becba4	Fix broken releases when re-pushing tags (#32435) ... Fix #32427 (cherry picked from commit 35bcd667b23de29a7b0d0bf1090fb10961d3aca3) Conflicts: - tests/integration/repo_tag_test.go Resolved by manually copying the added test, and also manually adjusting the imported Go modules.	2024-11-16 15:12:25 +01:00
Lunny Xiao	013cc1dee4	Only query team tables if repository is under org when getting assignees (#32414) ... It's unnecessary to query the team table if the repository is not under organization when getting assignees. (cherry picked from commit 1887c75c35c1d16372b1dbe2b792e374b558ce1f)	2024-11-16 14:57:11 +01:00
Gusted	6d0f2c1b82	Merge pull request 'Update module google.golang.org/grpc to v1.68.0 (forgejo)' (#5969) from renovate/forgejo-google.golang.org-grpc-1.x into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5969 Reviewed-by: Gusted <gusted@noreply.codeberg.org>	2024-11-16 12:25:41 +00:00
Gusted	2cccc02e76	feat: improve GetLatestCommitStatusForPairs ... - Simplify the function into a single SQL query. This may or may not help with a monster query we are seeing in Codeberg that is using 400MiB and takes 50MiB to simply log the query. The result is now capped to the actual latest index, - Add unit test.	2024-11-16 13:23:40 +01:00
Earl Warren	356aa6521b	Merge pull request 'fix: extend forgejo_auth_token table (part two)' (#5984) from earl-warren/forgejo:wip-forgejo-auth-token into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5984 Reviewed-by: Gusted <gusted@noreply.codeberg.org>	2024-11-16 11:56:02 +00:00
Earl Warren	cf323a3d55	fix: extend forgejo_auth_token table (part two) ... Add the default value of the purpose field to both the table and the migration. The table in v9 and v7 backport already have the default value. ALTER TABLE `forgejo_auth_token` ADD `purpose` TEXT NOT NULL [] - Cannot add a NOT NULL column with default value NULL	2024-11-16 10:53:46 +01:00
Gusted	6bab3c374c	Merge pull request 'Update github.com/grafana/go-json digest to f14426c (forgejo)' (#5980) from renovate/forgejo-github.com-grafana-go-json-digest into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5980 Reviewed-by: Gusted <gusted@noreply.codeberg.org>	2024-11-16 03:07:17 +00:00
Gusted	570e8cec9e	Merge pull request 'Update dependency tailwindcss to v3.4.15 (forgejo)' (#5966) from renovate/forgejo-tailwindcss-3.x into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5966 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2024-11-16 02:23:37 +00:00
Michael Kriese	bf810fa8d3	Merge pull request 'ci: upload all e2e artifacts' (#5973) from viceice/ci/e2e-artifacts into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5973	2024-11-16 00:34:34 +00:00
Renovate Bot	66dfb2813c	Update github.com/grafana/go-json digest to f14426c	2024-11-16 00:03:23 +00:00
Earl Warren	95a8987844	Merge pull request 'chore(release-notes): fix the v9.0.2 links' (#5978) from earl-warren/forgejo:wip-release-notes into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5978 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2024-11-15 22:48:55 +00:00
Earl Warren	9fd2df6e30	chore(release-notes): fix the v9.0.2 links	2024-11-15 22:59:52 +01:00
Michael Kriese	5406310f3e	ci: upload all e2e artifacts	2024-11-15 15:01:39 +01:00
Michael Kriese	b21cc70dd7	Merge pull request 'chore: fix e2e' (#5977) from gusted/fix-e2e into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5977 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2024-11-15 13:33:50 +00:00
Gusted	4a5d9d4b78	chore: fix e2e ... - Regression from #5948 - Use proper permission. - Remove debug statement	2024-11-15 14:02:16 +01:00
Earl Warren	1e1b162cbe	Merge pull request 'fix: 15 November 2024 security fixes batch' (#5974) from earl-warren/forgejo:wip-security-15-11 into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5974 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Otto <otto@codeberg.org>	2024-11-15 11:19:50 +00:00
Earl Warren	b1bc294955	chore(release-notes): 15 November 2024 security fixes	2024-11-15 11:17:14 +01:00
Michael Kriese	01ab0583f5	Merge pull request 'test: fix e2e tests' (#5968) from viceice/test/e2e-fixes into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5968	2024-11-15 10:16:18 +00:00
Gusted	786dfc7fb8	fix: add ID check for updating push mirror interval ... - Ensure that the specified push mirror ID belongs to the requested repository, otherwise it is possible to modify the intervals of the push mirrors that do not belong to the requested repository. - Integration test added.	2024-11-15 10:59:36 +01:00
Gusted	061abe6004	fix: don't show private forks in forks list ... - If a repository is forked to a private or limited user/organization, the fork should not be visible in the list of forks depending on the doer requesting the list of forks. - Added integration testing for web and API route.	2024-11-15 10:59:36 +01:00
Gusted	3e3ef76808	fix: require code permissions for branch feed ... - The RSS and atom feed for branches exposes details about the code, it therefore should be guarded by the requirement that the doer has access to the code of that repository. - Added integration testing.	2024-11-15 10:59:36 +01:00
Gusted	7067cc7da4	fix: strict matching of allowed content for sanitizer ... - _Simply_ add `^$` to regexp that didn't had it yet, this avoids any content being allowed that simply had the allowed content as a substring. - Fix file-preview regex to have `$` instead of `*`.	2024-11-15 10:59:36 +01:00
Gusted	e6bbecb02d	fix: disallow basic authorization when security keys are enrolled ... - This unifies the security behavior of enrolling security keys with enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use basic authorization (user:password) to make API request on behalf of the user, this is now also the case when you enroll security keys. - The usage of access tokens are the only method to make API requests on behalf of the user when a 2FA method is enrolled for the user. - Integration test added.	2024-11-15 10:59:36 +01:00
Gusted	b70196653f	fix: anomynous users code search for private/limited user's repository ... - Consider private/limited users in the `AccessibleRepositoryCondition` query, previously this only considered private/limited organization. This limits the ability for anomynous users to do code search on private/limited user's repository - Unit test added.	2024-11-15 10:59:36 +01:00
Gusted	9508aa7713	Improve usage of HMAC output for mailer tokens ... - If the incoming mail feature is enabled, tokens are being sent with outgoing mails. These tokens contains information about what type of action is allow with such token (such as replying to a certain issue ID), to verify these tokens the code uses the HMAC-SHA256 construction. - The output of the HMAC is truncated to 80 bits, because this is recommended by RFC2104, but RFC2104 actually doesn't recommend this. It recommends, if truncation should need to take place, it should use max(80, hash_len/2) of the leftmost bits. For HMAC-SHA256 this works out to 128 bits instead of the currently used 80 bits. - Update to token version 2 and disallow any usage of token version 1, token version 2 are generated with 128 bits of HMAC output. - Add test to verify the deprecation of token version 1 and a general MAC check test.	2024-11-15 10:59:36 +01:00
Gusted	1ce33aa38d	fix: extend forgejo_auth_token table ... - Add a `purpose` column, this allows the `forgejo_auth_token` table to be used by other parts of Forgejo, while still enjoying the no-compromise architecture. - Remove the 'roll your own crypto' time limited code functions and migrate them to the `forgejo_auth_token` table. This migration ensures generated codes can only be used for their purpose and ensure they are invalidated after their usage by deleting it from the database, this also should help making auditing of the security code easier, as we're no longer trying to stuff a lot of data into a HMAC construction. -Helper functions are rewritten to ensure a safe-by-design approach to these tokens. - Add the `forgejo_auth_token` to dbconsistency doctor and add it to the `deleteUser` function. - TODO: Add cron job to delete expired authorization tokens. - Unit and integration tests added.	2024-11-15 10:59:36 +01:00
Michael Kriese	0fa436c373	Merge pull request 'ci: use oci mirror images' (#5963) from viceice/ci/oci-mirror into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5963 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>	2024-11-15 08:22:35 +00:00
Michael Kriese	296935b0d7	Merge pull request 'chore: improve preparing tests' (#5948) from gusted/improve-testz into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5948 Reviewed-by: Otto <otto@codeberg.org> Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2024-11-15 07:35:22 +00:00
Michael Kriese	1c25bbe773	test: fix e2e tests	2024-11-15 08:29:58 +01:00
Michael Kriese	c8d97e5594	ci: use oci mirror images	2024-11-15 08:19:50 +01:00
Earl Warren	e426a52a87	Merge pull request 'chore(release-notes): update the v9.0.2 & v7.0.11 links' (#5943) from earl-warren/forgejo:wip-release-notes into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5943	2024-11-15 07:11:46 +00:00
Michael Kriese	faa796feb9	Merge pull request 'ci: proper job name' (#5964) from viceice/ci/job-name into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5964 Reviewed-by: Antonin Delpeuch <wetneb@noreply.codeberg.org>	2024-11-15 07:02:58 +00:00
Renovate Bot	cdc38ace39	Update module google.golang.org/grpc to v1.68.0	2024-11-15 02:03:08 +00:00
Renovate Bot	4043377377	Update dependency tailwindcss to v3.4.15	2024-11-15 00:09:10 +00:00
Michael Kriese	19c9e0a0c2	ci: proper job name	2024-11-15 00:48:45 +01:00
Earl Warren	ef9a0c8d3d	Merge pull request 'Update module code.forgejo.org/forgejo/act to v1.22.0 (forgejo)' (#5949) from renovate/forgejo-code.forgejo.org-forgejo-act-1.x into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5949 Reviewed-by: Michael Kriese <michael.kriese@gmx.de>	2024-11-14 23:28:23 +00:00
Otto	d1ad4dd561	Merge pull request 'Highlight user mention in comments and commit messages' (#5899) from 0ko/forgejo:mention-highlight into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5899 Reviewed-by: Otto <otto@codeberg.org>	2024-11-14 17:46:03 +00:00
Otto	b92863b024	Merge pull request 'ci: use tmpfs for service storage' (#5958) from viceice/ci/use-tmpfs into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5958 Reviewed-by: Otto <otto@codeberg.org>	2024-11-14 17:44:22 +00:00
Michael Kriese	91fda7ee81	Merge pull request 'test: use sqlite in-memory db for integration' (#5956) from viceice/test/integration/use-sqlite-in-memory-db into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5956 Reviewed-by: Gusted <gusted@noreply.codeberg.org> Reviewed-by: Otto <otto@codeberg.org>	2024-11-14 17:14:39 +00:00
Michael Kriese	8a4407ef72	ci: use tmpfs for service storage	2024-11-14 17:27:48 +01:00
Michael Kriese	a8beeff422	Merge pull request 'ci: disable mysql binlog' (#5957) from viceice/ci/mysql/no-bin-log into forgejo ... Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5957 Reviewed-by: Gusted <gusted@noreply.codeberg.org>	2024-11-14 16:26:48 +00:00