Commit graph

777 commits

Author SHA1 Message Date
Lunny Xiao
7d7ea45465
Fix automerge will not work because of some events haven't been triggered (#30780)
Replace #25741
Close #24445
Close #30658
Close #20646
~Depends on #30805~

Since #25741 has been rewritten totally, to make the contribution
easier, I will continue the work in this PR. Thanks @6543

---------

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit c6cf96d31d80ab79d370a6192fd761b4443daec2)

Conflicts:
	tests/integration/editor_test.go
	trivial context conflict because of 75ce1e2ac1 [GITEA] Allow user to select email for file operations in Web UI
	tests/integration/pull_merge_test.go
	trivial context conflicts in imports because more tests were added in Forgejo
2024-05-26 19:01:36 +02:00
wxiaoguang
f6e50abd65
Fix data-race during testing (#30999)
Fix #30992

(cherry picked from commit 47accfebbd69e5f47d1b97a3e39cf181fab7e597)

Conflicts:
	models/unit/unit.go
	trivial context conflict because of
	e07b0e75ff Add a direct link from repo header to unit settings
2024-05-26 18:28:26 +02:00
Earl Warren
a05eb66c99
tests(web): verify compressed files are not re-compressed
the test file used has a size below the default threshold and will
never be compressed because of that, regardless of its extension. Reduce
the threshold to 10 bytes otherwise the test is a false positive.
2024-05-25 23:54:28 +02:00
Earl Warren
509a077ec0 Merge pull request 'mysql: faster user deletion (hook_task query) for mariadb 10' (#3865) from oliverpool/forgejo:join_delete_hook_task into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3865
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-24 12:44:03 +00:00
oliverpool
bb165fadf6 test: check hook_task deletion
move test to integration to ensure Sqlite + MySQL testing
2024-05-24 10:31:41 +02:00
Gergely Nagy
fd9ee1901b
tests: Add a test for code expansion on PRs
This adds a new test case to `TestCompareCodeExpand` to exercise the
case where we're viewing a PR's diff.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-24 10:30:38 +02:00
wxiaoguang
a62a887649
Fix incorrect "blob excerpt" link when comparing files (#31013)
When comparing files between the base repo and forked repo, the "blob
excerpt" link should point to the forked repo, because the commit
doesn't exist in base repo.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit f48cc501c46a2d34eb701561f01d888d689d60d5)

Conflicts:
	- templates/repo/diff/section_split.tmpl
	- templates/repo/diff/section_unified.tmpl
          Resolved the conflict by picking Gitea's change over ours, and
	  porting it.
	- tests/integration/compare_test.go
	  Kept our test, but picked the "compare all of the relevant
	  links" part of the Gitea test.
2024-05-24 10:08:24 +02:00
Michael Jerger
b01f3bb2a1 federated-star: finalize receive activity (#3871)
PR will finalize the ability to receive a federated star from a remote instance.

This is part of: https://codeberg.org/forgejo/forgejo/pulls/1680

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3871
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2024-05-24 00:25:57 +00:00
Earl Warren
d8e21e673d Merge pull request 'Creation of federated user' (#3792) from meissa/forgejo:forgejo-federated-pr3 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3792
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-22 11:11:42 +00:00
Clemens
1c24e2dec6 Removed test case from integration test which will be added in a later pr 2024-05-22 12:37:52 +02:00
oliverpool
c19b1cc76d test-sha256: skip push-create
See #3783 why it is hard to support
2024-05-21 21:24:06 +02:00
oliverpool
7e1f7f6a50 test-sha256: GitPushCreate 2024-05-21 21:24:06 +02:00
Michael Jerger
735d9629cf add more integration testcases 2024-05-21 18:49:31 +02:00
Earl Warren
74e07656d2 Merge pull request '[gitea] week 2024-21 cherry pick (gitea/main -> forgejo)' (#3838) from algernon/wcp/2024-21 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3838
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-21 08:05:01 +00:00
Earl Warren
fb1338537b Merge pull request '[FEAT] Wiki Search' (#3847) from snematoda/wiki-search-grep into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3847
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-21 06:27:30 +00:00
Mai-Lapyst
d4b1ed859c Port: Fix issue/PR title edit (gitea#30858) (#3797)
This PR ports [gitea#30858](https://github.com/go-gitea/gitea/pull/30858) / [this commit](5c236bd4c0) to forgejo.

[week 2024-20 cherry pick](https://codeberg.org/forgejo/forgejo/pulls/3729)

## Tests
- [ ] Click "edit" to get into edit mode, change the title and then use Alt+Enter to save the title

## Screenshots

Before:
![grafik](/attachments/bb0b2562-7da0-4205-a647-3270d66f2ad7)
![grafik](/attachments/c3d05a21-659d-4616-b357-87de57232182)

After:
![grafik](/attachments/d9af6966-3282-439b-a845-76618a24b9a6)
![grafik](/attachments/5acd6684-69c4-41a4-8e27-7cb75fe3c7e4)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3797
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Co-committed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
2024-05-20 23:32:48 +00:00
Léana 江
3561cc710b [I18N] Injected updated time in translation string (#3837)
Hello,

It is more idiomatic to put the date/time before the action in Mandarin (in this context). To achieve this, instead of having the time following the string that's passed to the translating function, I added it as a parameter so that one can reference it and reorder the sentence for better translatability.

Only Traditional Chinese has been changed at the time of opening this PR, as this is more of a proof of concept and I would like to have feedbacks on whether this is a good solution or is there a better alternative.

Thank you and have a nice day :)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3837
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Léana 江 <leana.jiang+git@icloud.com>
Co-committed-by: Léana 江 <leana.jiang+git@icloud.com>
2024-05-20 18:47:35 +00:00
Shiny Nematoda
ec4f5495ba feat: wiki search using git-grep
+ add release note
2024-05-20 13:48:50 +00:00
Gergely Nagy
d6915f4d5f
badges: Relax the default workflow badge conditions
Previously, if no branch was explicitly specified for a workflow, it
defaulted to the default branch of the repo. This worked fine for
workflows that were triggered on push, but it prevented showing badges
for workflows that only run on tags, or on schedule - since they do not
run on a specific branch.

Thus, relax the conditions, and if no branch is specified, just return
the latest run of the given workflow. If one is specified, *then*
restrict it to said branch.

Fixes #3487.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-20 11:20:11 +02:00
Haoyuan (Bill) Xing
6cb8c81de1 Add minimal implementation for RubyGems compact index API. (#3811)
Current package registry for RubyGems does not work with Bundler, because it implements neither the [compact index](https://guides.rubygems.org/rubygems-org-compact-index-api/) or the [dependency API](https://guides.rubygems.org/rubygems-org-api/). As a result, bundler complains about finding non-existing dependencies when installing anything with dependency: `revealed dependencies not in the API or the lockfile`.

This patch provides a minimal implementation for the compact index API to solve this issue. Specifically, we implemented a version that does not cache the results / do incremental updates; which is consistent with the current implementation.

Testing:
  * Modified existing integration tests.
  * Manually Verified bundler is able to parse the served versions / info file.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3811
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Haoyuan (Bill) Xing <me@hoppinglife.com>
Co-committed-by: Haoyuan (Bill) Xing <me@hoppinglife.com>
2024-05-19 23:30:41 +00:00
KN4CK3R
597dcd864a
Protected tag is no internal server error (#30962)
Fixes #30959

Adds an API test for protected tags.
Fix existing tag in combination with fixtures.

(cherry picked from commit b1d8f13bd0ecd9c576ebf2ecbd9c7dbeb3f5254f)
2024-05-19 13:12:35 +02:00
Zettat123
8e1de85980
Support using label names when changing issue labels (#30943)
Resolve #30917

Make the APIs for adding labels and replacing labels support both label
IDs and label names so the
[`actions/labeler`](https://github.com/actions/labeler) action can work
in Gitea.

<img width="600px"
src="https://github.com/go-gitea/gitea/assets/15528715/7835c771-f637-4c57-9ce5-e4fbf56fa0d3"
/>

(cherry picked from commit b3beaed147466739de0c24fd80206b5af8b71617)

Conflicts:
	- modules/structs/issue_label.go
	  Resolved by applying the Gitea change by hand.
	- tests/integration/api_issue_label_test.go
	  Resolved by copying the new tests.
2024-05-19 13:12:35 +02:00
Michael Jerger
b2c3eb1644 add migration & enhance int-test 2024-05-16 18:25:16 +02:00
oliverpool
67effd6985 test-sha256: APICreateFile 2024-05-16 11:01:47 +02:00
oliverpool
df8aaeb1d5 test-sha256: APICreateBranch 2024-05-16 10:54:40 +02:00
oliverpool
348182f4b3 test-sha256: PushDeployKeyOnEmptyRepo 2024-05-16 10:54:40 +02:00
oliverpool
e3e82d02ad test: useless duplication 2024-05-16 09:56:13 +02:00
oliverpool
2ac3dcbd43 test: hook post-receive for sha256 repos
failing push-to-create for sha256 will be fixed in a followup PR
2024-05-15 16:27:00 +02:00
Earl Warren
77092c7a0c Merge pull request 'Federation: Parse ActorId & cache FederationHost' (#3662) from meissa/forgejo:forgejo-federated-parse-actorId into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3662
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-14 22:42:02 +00:00
Shiny Nematoda
b6ca8abcfd [FEAT] support searching non default branches/tags when using git-grep (#3654)
resolves https://codeberg.org/forgejo/forgejo/pulls/3639#issuecomment-1806676 and https://codeberg.org/forgejo/forgejo/pulls/3513#issuecomment-1794990

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3654
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2024-05-14 15:41:03 +00:00
Earl Warren
1b3e6a4831 Merge pull request '[gitea] week 2024-20 cherry pick (gitea-github/main -> forgejo)' (#3729) from earl-warren/wcp/2024-20 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3729
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-05-14 12:23:10 +00:00
Gergely Nagy
220c3fe3b3
Expand code diffs against the commits repo
When expanding code diffs, the expansion should search for more context
in the commits repo, rather than in the repo in context, because the
commit may not be available in the base repo. For example, when
previewing a pull request, the commit is not in the target repo yet -
it's in the fork.

Fixes #3746.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-14 10:25:28 +02:00
Michael Jerger
fc38e56373 enhance test & fix reviews 2024-05-14 08:24:31 +02:00
Zettat123
8f0f6bf89c
Update issue indexer after merging a PR (#30715)
Fix #30684

(cherry picked from commit f09e68ec33262d5356779572a0b1c66e6e86590f)

Conflicts:
	tests/integration/pull_merge_test.go
	trivial context conflict
2024-05-12 20:03:10 +02:00
Lunny Xiao
7d3ca90dfe
Fix various problems around projects board view (#30696)
The previous implementation will start multiple POST requests from the
frontend when moving a column and another bug is moving the default
column will never be remembered in fact.

- [x] This PR will allow the default column to move to a non-first
position
- [x] And it also uses one request instead of multiple requests when
moving the columns
- [x] Use a star instead of a pin as the icon for setting the default
column action
- [x] Inserted new column will be append to the end
- [x] Fix #30701 the newly added issue will be append to the end of the
default column
- [x] Fix when deleting a column, all issues in it will be displayed
from UI but database records exist.
- [x] Add a limitation for columns in a project to 20. So the sorting
will not be overflow because it's int8.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a303c973e0264dab45a787c4afa200e183e0d953)

Conflicts:
	routers/web/web.go
	e91733468ef726fc9365aa4820cdd5f2ddfdaa23 Add missing database transaction for new issue (#29490) was not cherry-picked
	services/issue/issue.go
	fe6792dff3 Enable/disable owner and repo projects independently (#28805) was not cherry-picked
2024-05-12 20:03:10 +02:00
Michael Jerger
33648f2a4c add second federated instance to integration test 2024-05-10 17:30:34 +02:00
Gergely Nagy
ac4d535dbf
templates: Be more forgiving about missing package metadata
When rendering templates for packages, be more forgiving about missing
metadata. For some repository types - like maven - metadata is uploaded
separately. If that upload fails, or does not happen, there will be no
metadata.

In that case, Forgejo should handle it gracefully, and render as much of
the information as possible, without erroring out. Rendering without
metadata allows one to delete a partial package, while if we throw
errors, that becomes a whole lot harder.

This patch adjusts the generic metadata template, and also the maven
template. There may be more cases of the same problem lying around.

Fixes #3663.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-10 12:07:24 +02:00
Earl Warren
456b82d2bb Merge pull request '[PORT] gitea#29674: Add result check in TestAPIEditUser' (#3686) from algernon/forgejo:gitea/port/29674 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3686
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-09 18:35:29 +00:00
yp05327
f81890fa95
Add result check in TestAPIEditUser (#29674)
Fix #29514
There are too many usage of `NewRequestWithValues`, so there's no need
to check all of them.
Just one is enough I think.

(cherry picked from commit ecd1d96f494d2400f7659165ff9376354edda395)

Conflicts:
	- tests/integration/api_admin_test.go
	  Conflict resolved by manually applying the change to
	  `full_name`.
2024-05-09 19:26:21 +02:00
Gergely Nagy
9cb2aa989a
Teach activities.GetFeeds() how to avoid returning duplicates
Before explaining the fix itself, lets look at the `action` table, and
how it is populated. Data is only ever inserted into it via
`activities_model.NotifyWatchers`, which will:

- Insert a row for each activity with `UserID` set to the acting user's
  ID - this is the original activity, and is always inserted if anything
  is to be inserted at all.
- It will insert a copy of each activity with the `UserID` set to the
  repo's owner, if the owner is an Organization, and isn't the acting
  user.
- It will insert a copy of each activity for every watcher of the repo,
  as long as the watcher in question has read permission to the repo
  unit the activity is about.

This means that if a repository belongs to an organizations, for most
activities, it will have at least two rows in the table. For
repositories watched by people other than their owner, an additional row
for each watcher.

These are useful duplicates, because they record which activities are
relevant for a particular user. However, for cases where we wish to see
the activities that happen around a repository, without limiting the
results to a particular user, we're *not* interested in the duplicates
stored for the watchers and the org. We only need the originals.

And this is what this change does: it introduces an additional option to
`GetFeedsOptions`: `OnlyPerformedByActor`. When this option is set,
`activities.GetFeeds()` will only return the original activities, where
the user id and the acting user id are the same. As these are *always*
inserted, we're not missing out on any activities. We're just getting
rid of the duplicates. As this is an additional `AND` condition, it can
never introduce items that would not have been included in the result
set before, it can only reduce, not extend.

These duplicates were only affecting call sites where `RequestedRepo`
was set, but `RequestedUser` and `RequestedTeam` were not. Both of those
call sites were updated to set `OnlyPerformedByActor`. As a result,
repository RSS feeds, and the `/repos/{owner}/{repo}/activities/feeds`
API end points no longer return dupes, only the original activities.

Rather than hardcoding this behaviour into `GetFeeds()` itself, I chose
to implement it as an explicit option, for the sake of clarity.

Fixes Codeberg/Community#684, and addresses gitea#20986.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-09 18:33:33 +02:00
Yaroslav Halchenko
2b2fd2728c Add codespell support and fix a good number of typos with its help (#3270)
More about codespell: https://github.com/codespell-project/codespell .

I personally introduced it to dozens if not hundreds of projects already and so far only positive feedback.

```
❯ grep lint-spell Makefile
	@echo " - lint-spell                       lint spelling"
	@echo " - lint-spell-fix                   lint spelling and fix issues"
lint: lint-frontend lint-backend lint-spell
lint-fix: lint-frontend-fix lint-backend-fix lint-spell-fix
.PHONY: lint-spell
lint-spell: lint-codespell
.PHONY: lint-spell-fix
lint-spell-fix: lint-codespell-fix
❯ git grep lint- -- .forgejo/
.forgejo/workflows/testing.yml:      - run: make --always-make -j$(nproc) lint-backend checks-backend # ensure the "go-licenses" make target runs
.forgejo/workflows/testing.yml:      - run: make lint-frontend
```
so how would you like me to invoke `lint-codespell` on CI? (without that would be IMHO very suboptimal and let typos sneak in)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3270
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-05-09 13:49:37 +00:00
Earl Warren
a2c8fe0370 Merge pull request '[gitea] week 2024-19 cherry pick (gitea-github/main -> forgejo)' (#3639) from earl-warren/wcp/2024-19 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3639
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-05-07 22:47:53 +00:00
Earl Warren
3f6e4af5a9 Merge pull request 'UI: Hide hidden email from own profile, again' (#3636) from n0toose/profile/hide-unhidden-hidden-email into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3636
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-05-07 10:39:01 +00:00
Michael Jerger
2177d38e9c feat(federation): validate like activities (#3494)
First step on the way to #1680

The PR will

* accept like request on the api
* validate activity in a first level

You can find

* architecture at: https://codeberg.org/meissa/forgejo/src/branch/forgejo-federated-star/docs/unsure-where-to-put/federation-architecture.md

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3494
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
2024-05-07 07:59:49 +00:00
0ko
b034ab5a8e [UI] Allow org members to navigate between the org and the dashboard
- add a new button to the org view that is only shown to the org members
- add integration test to verify the expected navigatability
- add a new translation string to that button
- fix display style of "View <orgname>" button on the dashboard
- fix gap size between buttons on the org view by utilizing the common class top-right-buttons
2024-05-05 23:14:57 +05:00
Kemal Zebari
e388822e9d
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
2024-05-05 12:15:40 +01:00
yp05327
6a4bc0289d
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services

(cherry picked from commit a50026e2f30897904704895362da0fb12c7e5b26)

Conflicts:
	models/issues/issue_update.go
	routers/api/v1/repo/issue.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
Kemal Zebari
9cd0441cd3
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

(cherry picked from commit 872caa17c0a30d95f85ab75c068d606e07bd10b3)

Conflicts:
	tests/integration/api_comment_attachment_test.go
	tests/integration/api_issue_attachment_test.go
	trivial context conflict because of 'allow setting the update date on issues and comments'
2024-05-05 12:15:40 +01:00
wxiaoguang
4e35e5b8ae
Skip gzip for some well-known compressed file types (#30796)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit be112c1fc30f87a248b30f48e891d1c8c18e8280)

Conflicts:
	routers/web/web.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/1533
2024-05-05 12:15:40 +01:00
Panagiotis "Ivory" Vasilopoulos
d03be77665 UI: Hide hidden email from own profile, again
This is a follow-up for 5e1bd8af5f, which
was my first commit to Gitea. It is also a follow up for the
Gitea PR #29300 (https://github.com/go-gitea/gitea/pull/23900) created
by myself, which turned stale.

This change partially restores the behavior of Gitea PR #23747
(https://github.com/go-gitea/gitea/pull/23747) by wxiaoguang, but
maintains the lock.

The original idea was to differentiate things from GitHub and GitLab a
little bit, and show the email address on the profile. The profile is
not only a place where the user chooses to show how they present
themselves on an instance, it is also a place where they can assess
their relationship *with* the instance, as it provides features such
as the Public Activity feed that can be only shown to the user, in
private.

It's, in some way, a dashboard. The email was shown there to remind
the user that this is the primary email that will be used by a supposed
administrator to contact them. There were other motivations behind that
change as well, but, long story short, the idea did not work very well,
as some people (e.g. people livestreaming on the Internet, or 'normal'
users sharing their screens) do not want to put their email address
out there when showing their screen to other people.

Other alternatives, such as blurring the text or only showing the real
email address, were explored, but were rejected because of
browser compatibility and simplicity reasons. The padlock icon that
is shown when showing the email address to other people has been kept.
One viable alternative could be displaying the placeholder email
instead, but that requires some more thought.

Fixes https://codeberg.org/forgejo/forgejo/issues/1950.
2024-05-05 13:08:31 +02:00
silverwind
9792a377e4
Fix tautological conditions (#30735)
As discovered by https://github.com/go-gitea/gitea/pull/30729.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 610802df85933e7a190a705bc3f7800da87ce868)

Conflicts:
	tests/integration/git_test.go
	trivial conflict because of https://codeberg.org/forgejo/forgejo/pulls/2834
2024-05-05 08:59:40 +01:00
6543
51b8d964c8
Get repo assignees and reviewers should ignore deactivated users (#30770) (#30782)
Backport  #30770

If an user is deactivated, it should not be in the list of users who are
suggested to be assigned or review-requested.

old assignees or reviewers are not affected.

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit f2d8ccc5bb2df25557cc0d4d23f2cdd029358274)

Conflicts:
	models/repo/user_repo_test.go
	because there is one less fixture user compared to Gitea
2024-05-05 08:53:27 +01:00
Chongyi Zheng
c504461b66
Resolve lint for unused parameter and unnecessary type arguments (#30750)
Resolve all cases for `unused parameter` and `unnecessary type
arguments`

Related: #30729

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit e80466f7349164ce4cf3c07bdac30d736d20f035)

Conflicts:
	modules/markup/markdown/transform_codespan.go
	modules/setting/incoming_email.go
	routers/api/v1/admin/user_badge.go
	routers/private/hook_pre_receive.go
	tests/integration/repo_search_test.go
	resolved by discarding the change, this is linting only and
	for the sake of avoiding future conflicts
2024-05-05 08:38:16 +01:00
Earl Warren
c9624d4cdb Merge pull request 'Add an immutable tarball link to archive download headers for Nix' (#3615) from jadeprime/forgejo:jade/nix-tarball-link into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3615
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-04 07:01:02 +00:00
Jade Lovelace
6631f56ebf Add an immutable tarball link to archive download headers for Nix
This allows `nix flake metadata` and nix in general to lock a *branch*
tarball link in a manner that causes it to fetch the correct commit even
if the branch is updated with a newer version.

For further context, Nix flakes are a feature that, among other things,
allows for "inputs" that are "github:someuser/somerepo",
"https://some-tarball-service/some-tarball.tar.gz",
"sourcehut:~meow/nya" or similar. This feature allows our users to fetch
tarballs of git-based inputs to their builds rather than using git to
fetch them, saving significant download time.

There is presently no gitea or forgejo specific fetcher in Nix, and we
don't particularly wish to have one. Ideally (as a developer on a Nix
implementation myself) we could just use the generic tarball fetcher and
not add specific forgejo support, but to do so, we need additional
metadata to know which commit a given *branch* tarball represents, which
is the purpose of the Link header added here.

The result of this patch is that a Nix user can specify `inputs.something.url =
"https://forgejo-host/some/project/archive/main.tar.gz"` in flake.nix
and get a link to some concrete tarball for the actual commit in the
lock file, then when they run `nix flake update` in the future, they
will get the latest commit in that branch.

Example of it working locally:

 » nix flake metadata --refresh 'http://localhost:3000/api/v1/repos/jade/cats/archive/main.tar.gz?dir=configs/nix'
Resolved URL:  http://localhost:3000/api/v1/repos/jade/cats/archive/main.tar.gz?dir=configs/nix
Locked URL:    804ede182b.tar.gz?dir=configs
/nix&narHash=sha256-yP7KkDVfuixZzs0fsqhSETXFC0y8m6nmPLw2GrAMxKQ%3D
Description:   Computers with the nixos
Path:          /nix/store/s856c6yqghyan4v0zy6jj19ksv0q22nx-source
Revision:      804ede182b6b66469b23ea4d21eece52766b7a06
Last modified: 2024-05-02 00:48:32

For details on the header value, see:
56763ff918/doc/manual/src/protocols/tarball-fetcher.md
2024-05-03 15:21:45 -07:00
JakobDev
d50efa626a Show repo count in blocked users tab (#3601)
Fixes #3595

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3601
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-05-02 15:51:27 +00:00
Earl Warren
9bc866124b Merge pull request 'Use PostFormValue instead of PostForm.Get' (#3563) from algernon/forgejo:s/Req.PostForm.Get/Req.PostFormValue/g into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3563
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-02 15:48:28 +00:00
Gergely Nagy
b08aef967e
Use PostFormValue instead of PostForm.Get
In `repo.RemoveDependency`, use `PostFormValue` instead of
`PostForm.Get`. The latter requires `ParseForm()` to be called prior,
and in this case, has no benefit over `PostFormValue` anyway (which
calls `ParseForm()` if necessary).

While this currently does not cause any issue as far as I can tell, it
feels like a bug lying in wait for the perfect opportunity. Lets squash
it before it can do harm.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-02 10:51:07 +02:00
Gergely Nagy
21911bfe57
Add a test case for unsubscribing from an issue
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 11:06:38 +02:00
Gergely Nagy
8cc5d5dc78
tests: Support creating a declarative repo without AutoInit
To be able to easily test cases where the repository does not have any
code, where the git repo itself is completely uninitialized, lets
support a case where the `AutoInit` property is false.

For the sake of backwards compatibility, if the option is not set either
way, it will default to `true`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-05-01 11:06:38 +02:00
Earl Warren
79ffb2de47 Merge pull request '[gitea] week 2024-18 cherry pick (gitea-github/main -> forgejo)' (#3513) from earl-warren/wcp/2024-18 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3513
Reviewed-by: jean-daricade <jean-daricade@noreply.codeberg.org>
2024-04-30 06:42:26 +00:00
Earl Warren
ce2becb55e Merge pull request 'feat: implement PKCE when acting as oauth2 client (for user login)' (#3307) from oliverpool/forgejo:pkce into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3307
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-29 10:58:17 +00:00
oliverpool
e1d93950ad feat: implement PKCE when acting as oauth2 client (for user login)
Closes #2766
2024-04-29 11:20:26 +02:00
Beowulf
fb5e36bc6f
Fixes that the settings button moves in the overflow menu
and the add more button is on the right

This fix moves the settings button back to the right and the add more
button back to the left.
2024-04-28 23:31:31 +02:00
Beowulf
c54896ba70 Show repo activities even if only code unit active or git repo is empty but issue is active (#3455)
When all repository units are deactivated except for the code unit, the activity tab will not be shown.
Since the activities tab also shows contributing stats, it would be good to show the activities tab also when only code is active.
This commit changes the behavior when the activities tab is shown.
Previous it would only be shown when Issues, Pull-Requests or Releases are activated. Now it would additionally be shown when the code unit is activated.

Refs: #3429

| Before (Code + Issues - Owner) | Before (Code - Viewer) | After (Code + Issues - Owner) | After (Code - Viewer) |
| -- | -- | -- | -- |
| ![image](/attachments/2af997bc-1f38-48c6-bdf3-cfbd7087b220)  | ![image](/attachments/ef1797f0-5c9a-4a1a-ba82-749f3ab4f403) | ![image](/attachments/fd28a96c-04ca-407e-a70d-d28b393f223d) | ![image](/attachments/2cd0d559-a6de-4ca0-a736-29c5fea81b5a) |
|  | `/activity` returns 404 for everyone | ![image](/attachments/e0e97d8f-48cb-4c16-a505-1fafa46c4b8e)  | - |

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3455
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
2024-04-28 13:47:52 +00:00
Chongyi Zheng
7517e70740
Use ProtonMail/go-crypto for opengpg in tests (#30736)
(cherry picked from commit 8b8b48ef5fb1c5c164d5534ea4b8049f1db26ce9)

Conflicts:
	go.mod
	trivial context confllict
2024-04-28 15:39:02 +02:00
Chongyi Zheng
781789e779
Replace deprecated math/rand functions (#30733)
Suggested by logs in #30729

- Remove `math/rand.Seed`
`rand.Seed is deprecated: As of Go 1.20 there is no reason to call Seed
with a random value.`
- Replace `math/rand.Read`
`rand.Read is deprecated: For almost all use cases, [crypto/rand.Read]
is more appropriate.`
- Replace `math/rand` with `math/rand/v2`, which is available since Go
1.22

(cherry picked from commit 7b8e418da1e082786b844562a05864ec1177ce97)
2024-04-28 15:39:02 +02:00
Kemal Zebari
4ed372af13
Prevent allow/reject reviews on merged/closed PRs (#30686)
Resolves #30675.

(cherry picked from commit dd301cae1c40c9ef2805bd13af6b09a81ff4f5d7)

Conflicts:
	tests/integration/pull_review_test.go
	trivial context conflict in import
2024-04-28 15:39:01 +02:00
Bo-Yi Wu
7b456a28d1
feat(api): enhance Actions Secrets Management API for repository (#30656)
- Add endpoint to list repository action secrets in API routes
- Implement `ListActionsSecrets` function to retrieve action secrets
from the database
- Update Swagger documentation to include the new
`/repos/{owner}/{repo}/actions/secrets` endpoint
- Add `actions` package import and define new routes for actions,
secrets, variables, and runners in `api.go`.
- Refactor action-related API functions into `Action` struct methods in
`org/action.go` and `repo/action.go`.
- Remove `actionAPI` struct and related functions, replacing them with
`NewAction()` calls.
- Rename `variables.go` to `action.go` in `org` directory.
- Delete `runners.go` and `secrets.go` in both `org` and `repo`
directories, consolidating their content into `action.go`.
- Update copyright year and add new imports in `org/action.go`.
- Implement `API` interface in `services/actions/interface.go` for
action-related methods.
- Remove individual action-related functions and replace them with
methods on the `Action` struct in `repo/action.go`.

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Signed-off-by: appleboy <appleboy.tw@gmail.com>
(cherry picked from commit 852547d0dc70299589c7bf8d00ea462ed709b8e5)

Conflicts:
	routers/api/v1/api.go
	trivial conflict because of Fix #2512 /api/forgejo/v1/version auth check (#2582)
2024-04-28 15:39:01 +02:00
silverwind
12b199c5e5
Enable more revive linter rules (#30608)
Noteable additions:

- `redefines-builtin-id` forbid variable names that shadow go builtins
- `empty-lines` remove unnecessary empty lines that `gofumpt` does not
remove for some reason
- `superfluous-else` eliminate more superfluous `else` branches

Rules are also sorted alphabetically and I cleaned up various parts of
`.golangci.yml`.

(cherry picked from commit 74f0c84fa4245a20ce6fb87dac1faf2aeeded2a2)

Conflicts:
	.golangci.yml
	apply the linter recommendations to Forgejo code as well
2024-04-28 15:39:00 +02:00
Earl Warren
e8361b3c0e Merge pull request 'Move settings button back to the right in repo and org header' (#3462) from Beowulf/forgejo:move-repo-settings-btn-back-to-right into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3462
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-28 06:20:32 +00:00
Baptiste Daroussin
08f5a25d3b ldap: default domain name (#3414)
When the ldap synchronizer is look for an email address and fails at
finding one, it falls back at creating one using "localhost.local"
domain.

This new field makes this domain name configurable.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3414
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Baptiste Daroussin <bapt@FreeBSD.org>
Co-committed-by: Baptiste Daroussin <bapt@FreeBSD.org>
2024-04-26 22:38:58 +00:00
Beowulf
f9628f883d
Move settings button back to the right in repo and org header
This will move the settings button back to the right, like known from
older versions.
For this, the overflow-menu was changed when a setting button is
available. If no settings button is available, the behavior will not
change.

Fixes #3301
2024-04-26 23:59:08 +02:00
Earl Warren
c864448dc9 Merge pull request 'services/convert: Convert a Repository's ObjectFormatName too' (#3464) from algernon/forgejo:i-object-exclamationmark-format-name into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3464
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-26 08:27:41 +00:00
Gergely Nagy
2385f3c9db
services/convert: Convert a Repository's ObjectFormatName too
When converting a `repo_model.Repository` to `api.Repository`, copy the
`ObjectFormatName` field too.

Fixes #3458.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-26 09:25:30 +02:00
Earl Warren
4036448c02
fix(ui): /settings/lfs/find 500 error (take 2)
Make the test actually fails on error and not just report failure on
the output and succeed.
2024-04-25 23:00:11 +02:00
Earl Warren
94d7523f83 Merge pull request '[BUG] save empty comments' (#3442) from oliverpool/forgejo:empty_comments into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3442
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-25 19:32:28 +00:00
Earl Warren
302daddcd1 Merge pull request 'Implement remote user login source and promotion to regular user' (#2465) from earl-warren/forgejo:wip-remote-user into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2465
2024-04-25 15:25:05 +00:00
Earl Warren
078229a5e4
fix(ui): /settings/lfs/find 500 error
When in the repository settings, visiting

- `LFS` to `/{owner}/{repo}/settings/lfs`
- `Find pointer files` to `/{owner}/{repo}/settings/lfs/pointers`
- `Find commits` to `/{owner}/{repo}/settings/lfs/find?oid=...`

failed with an error 500 because of an incorrect evaluation of the
template.

Regression introduced by
cbf923e87b

A test is added to visit the page and guard against future
regressions.

Refs: https://codeberg.org/forgejo/forgejo/issues/3438
2024-04-25 16:37:12 +02:00
Earl Warren
7cabc5670d
Implement remote user login source and promotion to regular user
A remote user (UserTypeRemoteUser) is a placeholder that can be
promoted to a regular user (UserTypeIndividual). It represents users
that exist somewhere else. Although the UserTypeRemoteUser already
exists in Forgejo, it is neither used or documented.

A new login type / source (Remote) is introduced and set to be the login type
of remote users.

Type        UserTypeRemoteUser
LogingType  Remote

The association between a remote user and its counterpart in another
environment (for instance another forge) is via the OAuth2 login
source:

LoginName   set to the unique identifier relative to the login source
LoginSource set to the identifier of the remote source

For instance when migrating from GitLab.com, a user can be created as
if it was authenticated using GitLab.com as an OAuth2 authentication
source.

When a user authenticates to Forejo from the same authentication
source and the identifier match, the remote user is promoted to a
regular user. For instance if 43 is the ID of the GitLab.com OAuth2
login source, 88 is the ID of the Remote loging source, and 48323
is the identifier of the foo user:

Type        UserTypeRemoteUser
LogingType  Remote
LoginName   48323
LoginSource 88
Email       (empty)
Name        foo

Will be promoted to the following when the user foo authenticates to
the Forgejo instance using GitLab.com as an OAuth2 provider. All users
with a LoginType of Remote and a LoginName of 48323 are examined. If
the LoginSource has a provider name that matches the provider name of
GitLab.com (usually just "gitlab"), it is a match and can be promoted.

The email is obtained via the OAuth2 provider and the user set to:

Type        UserTypeIndividual
LogingType  OAuth2
LoginName   48323
LoginSource 43
Email       foo@example.com
Name        foo

Note: the Remote login source is an indirection to the actual login
source, i.e. the provider string my be set to a login source that does
not exist yet.
2024-04-25 13:03:49 +02:00
oliverpool
0d37f3a79b test: empty existing comment 2024-04-25 11:20:04 +02:00
Earl Warren
1e0642b086 Merge pull request 'api: The repo wiki APIs should respect WikiBranch' (#3430) from algernon/forgejo:master-of-branches into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3430
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-25 05:37:25 +00:00
Earl Warren
d0bfd3e523 Merge pull request 'tests: Refactor CreateDeclarativeRepo' (#3432) from algernon/forgejo:declaration-of-repositorytance into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3432
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-24 22:38:14 +00:00
Gergely Nagy
a1dfe07bfc
tests: Test the Wiki APIs with a non-master branch
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-25 00:36:58 +02:00
Gergely Nagy
6d2f645363
tests: Let CreateDeclarativeRepoWithOptions create a Wiki too
Add a new member to `DeclarativeRepoOptions`: `WikiBranch`. If
specified, create a Wiki with the given branch, and a single "Home"
page.

This will be used by an upcoming test.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-25 00:36:58 +02:00
Earl Warren
bdb729a5f2 Merge pull request 'fix(cli): admin user create first user never require a password change' (#3412) from earl-warren/forgejo:wip-cli-user-create into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3412
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-04-24 22:12:05 +00:00
Gergely Nagy
e7fcf3f189
tests: Refactor CreateDeclarativeRepo
Lets introduce a new helper function,
`CreateDeclarativeRepoWithOptions`! This is almost the same as the
existing `CreateDeclarativeRepo` helper, but instead of taking a list of
random parameters the author thought of at the time of its introduction,
it takes a `DeclarativeRepoOptions` struct, with optional members.

This makes it easier to extend the function, as new members can be added
without breaking or having to update existing callsites, as long as the
newly added members default to compatible values.

`CreateDeclarativeRepo` is then reimplemented on top of the new
function. Callsites aren't updated yet, we can do that organically,
whenever touching code that uses the older function.

No new functionality is introduced just yet, this is merely a refactor.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-24 23:39:47 +02:00
JakobDev
1bce2dc5c5 [FEAT]Add Option to hide Release Archive links (#3139)
This adds a new options to releases to hide the links to the automatically generated archives. This is useful, when the automatically generated Archives are broken e.g. because of Submodules.

![grafik](/attachments/5686edf6-f318-4175-8459-89c33973b181)
![grafik](/attachments/74a8bf92-2abb-47a0-876d-d41024770d0b)

Note:
This juts hides the Archives from the UI. Users can still download 5the Archive if they know t correct URL.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3139
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-04-24 15:15:55 +00:00
Earl Warren
b9424e634f
test(cli): admin user change-password --must-change-password 2024-04-24 15:43:27 +02:00
Earl Warren
eb74846d7d
test(cli): admin user create and must change password value 2024-04-24 15:43:24 +02:00
Earl Warren
c22110cf21 Merge pull request 'Fix user search paging' (#3379) from algernon/forgejo:paging-all-users-exclamationmark into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3379
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-22 23:12:28 +00:00
Gergely Nagy
9b85f97835
Fix user search paging
When searching for users, page the results by default, and respect the
default paging limits.

This makes queries like '/api/v1/users/search?limit=1' actually work.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-23 00:06:05 +02:00
Earl Warren
54285319f6
fix(incoming): allow replies to comments
- allow attachments to code comments
- incoming mails from issue comments are now identified as comments

Fixes: https://codeberg.org/forgejo/forgejo/issues/3374
2024-04-23 00:05:12 +02:00
silverwind
3918db10c8
Run go generate and go vet on all packages (#30529)
Fixes: https://github.com/go-gitea/gitea/issues/30512

I think this does mean those tools would run on a potential `vendor`
directory, but I'm not sure we really support vendoring of dependencies
anymore.

`release` has a `vendor` prerequisite so likely the source tarballs
contain vendor files?

(cherry picked from commit 8e12ef911a1d10dedb03e3127c42ca76f9850aca)

Conflicts:
	- Makefile
	  Manually adjusted the changes.
2024-04-21 16:28:16 +02:00
Bo-Yi Wu
e025ec0131
feat(api): implement branch/commit comparison API (#30349)
- Add new `Compare` struct to represent comparison between two commits
- Introduce new API endpoint `/compare/*` to get commit comparison
information
- Create new file `repo_compare.go` with the `Compare` struct definition
- Add new file `compare.go` in `routers/api/v1/repo` to handle
comparison logic
- Add new file `compare.go` in `routers/common` to define `CompareInfo`
struct
- Refactor `ParseCompareInfo` function to use `common.CompareInfo`
struct
- Update Swagger documentation to include the new API endpoint for
commit comparison
- Remove duplicate `CompareInfo` struct from
`routers/web/repo/compare.go`
- Adjust base path in Swagger template to be relative (`/api/v1`)

GitHub API
https://docs.github.com/en/rest/commits/commits?apiVersion=2022-11-28#compare-two-commits

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit c70e442ce4b99e2a1f1bf216afcfa1ad78d1925a)

Conflicts:
	- routers/api/v1/swagger/repo.go
	  Conflict resolved by manually adding the lines from the Gitea
	  PR.
2024-04-21 11:58:18 +02:00
Gergely Nagy
8eba631f8d
hooks: Harden when we accept push options that change repo settings
It is possible to change some repo settings (its visibility, and
template status) via `git push` options: `-o repo.private=true`, `-o
repo.template=true`.

Previously, there weren't sufficient permission checks on these, and
anyone who could `git push` to a repository - including via an AGit
workflow! - was able to change either of these settings. To guard
against this, the pre-receive hook will now check if either of these
options are present, and if so, will perform additional permission
checks to ensure that these can only be set by a repository owner or
an administrator. Additionally, changing these settings is disabled for
forks, even for the fork's owner.

There's still a case where the owner of a repository can change the
visibility of it, and it will not propagate to forks (it propagates to
forks when changing the visibility via the API), but that's an
inconsistency, not a security issue.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Signed-off-by: Earl Warren <contact@earl-warren.org>
2024-04-19 16:53:14 +02:00
0ko
67d6c674df Merge pull request 'Remove EasyMDE from various areas' (#2916) from 0ko/forgejo:easymde into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2916
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-19 13:48:34 +00:00
Earl Warren
6316e21be2
fix(tests): 30s to cancel processes to avoid false negatives
on slower machines it can take more than 1 second to cancel leftover
tasks
2024-04-18 18:47:49 +02:00
Earl Warren
d07f12e010 Merge pull request 'Do not require login_name & source_id for /admin/user/{username}' (#3278) from algernon/forgejo:leave-your-name-at-the-door into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3278
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-17 11:05:13 +00:00
Gergely Nagy
d07c8c821c
Do not require login_name & source_id for /admin/user/{username}
When editing a user via the API, do not require setting `login_name` or
`source_id`: for local accounts, these do not matter. However, when
editing a non-local account, require *both*, as before.

Fixes #1861.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-17 10:33:52 +02:00