Commit graph

668 commits

Author SHA1 Message Date
Gusted
ce10ec2878 [SEC] Ensure propagation of API scopes for Conan and Container authentication
- The Conan and Container packages use a different type of
authentication. It first authenticates via the regular way (api tokens
or user:password, handled via `auth.Basic`) and then generates a JWT
token that is used by the package software (such as Docker) to do the
action they wanted to do. This JWT token didn't properly propagate the
API scopes that the token was generated for, and thus could lead to a
'scope escalation' within the Conan and Container packages, read
access to write access.
- Store the API scope in the JWT token, so it can be propagated on
subsequent calls that uses that JWT token.
- Integration test added.
- Resolves #5128

(cherry picked from commit 5a871f6095)
2024-08-28 08:44:58 +00:00
Giteabot
4c5e4e672d
Show lock owner instead of repo owner on LFS setting page (#31788) (#31817)
Backport #31788 by @wolfogre

Fix #31784.

Before:

<img width="1648" alt="image"
src="https://github.com/user-attachments/assets/03f32545-4a85-42ed-bafc-2b193a5d8023">

After:

<img width="1653" alt="image"
src="https://github.com/user-attachments/assets/e5bcaf93-49cb-421f-aac1-5122bc488b02">

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit a39fe5325266f1c079e0e54abc68e6470764eb44)

Conflicts:
	models/git/lfs_lock.go
  trivial context conflict
2024-08-18 07:01:03 +02:00
Zoupers Zou
8e8a07cc15
Fix #31185 try fix lfs download from bitbucket failed (#31201)
Fix #31185

(cherry picked from commit e25d6960b5749fbf7f88ebb6b27878c0459817da)
(cherry picked from commit baad8337f9)
2024-08-18 07:01:03 +02:00
Michael Kriese
7e847ad879 fix(agit): run full pr checks on force-push
(cherry picked from commit 2d05e922a2)
2024-08-13 18:26:33 +00:00
Gusted
e988d1a8bb [BUG] Return blocking errors as JSON errors
- These endspoints are since b71cb7acdc
JSON-based and should therefore return JSON errors.
- Integration tests adjusted.

(cherry picked from commit d97cf0e854)
2024-08-10 05:53:00 +00:00
forgejo-backport-action
0f7cd8d46a [v7.0/forgejo] fix(ui): handle out-of-bounds end line in code selection (#4820)
Backport of https://codeberg.org/forgejo/forgejo/pulls/4788.

- fallback to the last line, preventing TypeError
- add E2E test

Co-authored-by: Solomon Victorino <git@solomonvictorino.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4820
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-08-05 05:56:37 +00:00
TheFox0x7
072dd9f8bc enable linter testifylint on v7 (#4572)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4572
Co-authored-by: TheFox0x7 <thefox0x7@gmail.com>
Co-committed-by: TheFox0x7 <thefox0x7@gmail.com>
2024-07-30 19:42:06 +00:00
Gusted
bcc1e17775 [UI] Show AGit label on merged PR
- The label wasn't show on merged PRs.
- Integration test added

(cherry picked from commit 358ec8002e)
2024-07-29 14:23:45 +00:00
Earl Warren
9f1302f685 fix(api): issue state change is not idempotent
The PATCH if issue & pull request switched to use the service
functions instead. However, the service function changing the state is
not idempotent. Instead of doing nothing which changing from open to
open or close to close, it will fail with an error like:

 Issue [2472] 0 was already closed

Regression of: 6a4bc0289d

Fixes: https://codeberg.org/forgejo/forgejo/issues/4686
(cherry picked from commit e9e3b8c0f3)
2024-07-25 14:21:00 +00:00
Ikuyo
19dd7e9ebc Add missing trailing comma
(cherry picked from commit 859cc23dc2)
2024-07-23 13:01:36 +00:00
Ikuyo
422fe11271 Add devtest in reserved usernames test
(cherry picked from commit 90c0e9dace)
2024-07-23 13:01:36 +00:00
0ko
2dc87d389d
[v7.0/forgejo] ui: fix issue labels
* Fixes https://codeberg.org/forgejo/forgejo/issues/4522
* Fixes https://codeberg.org/forgejo/forgejo/issues/4522#issuecomment-2095542
* Fixes https://codeberg.org/forgejo/forgejo/issues/4544
* Fixes regression of https://codeberg.org/forgejo/forgejo/pulls/4486
* Fixes regression of some cherry-pick
* Fixes an overflow that wasn't even reported

* Revert changes done in https://codeberg.org/forgejo/forgejo/pulls/4486.
* Apply changes proposed in https://codeberg.org/forgejo/forgejo/issues/3875#issuecomment-1840611.
* Introduce new label `ugc-labels` to mark ui labels that are named by
users and therefore need special care. Currently the generic label
classes are used for too many things to work with them directly without
affecting other UI.
2024-07-23 00:53:32 +02:00
Gusted
2eac7b1402
[BUG] Fix panic on too high page number
- Fixes a panic where the file history router would panic if the page
number was set to a page where no commits would be returned. It now
returns a 404 in such case.
- Regresion of a5b1c1b0b3
- Panic log provided by @algernon.
- Minimal integration test added.

(cherry picked from commit 6a49e3f468)

Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-07-22 14:31:05 +02:00
Earl Warren
59a8bed2a2 Merge pull request '[v7.0/forgejo] Load attachments for /issues/comments/{id}' (#4528) from bp-v7.0/forgejo-fc4f914 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4528
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-16 13:49:59 +00:00
Gergely Nagy
9f592578f4 Load attachments for /issues/comments/{id}
The `/repos/{owner}/{repo}/issues/comments/{id}` API endpoint returns an
`assets` field, but the route handler did not load attachments, thus,
the field was never populated.

This patch fixes that, and adds a test to exercise it. The test fails
without the fix.

This addresses a bug discovered in Codeberg/Community#1607.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit fc4f914e71)
2024-07-16 12:44:47 +00:00
Gergely Nagy
61f36020cd Fix user search paging
When searching for users, page the results by default, and respect the
default paging limits.

This makes queries like '/api/v1/users/search?limit=1' actually work.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 9b85f97835)
2024-07-16 10:50:36 +00:00
Otto
58b35fd6d4 Merge branch 'v7.0/forgejo' into bp-v7.0/forgejo-e3665c3 2024-07-14 19:32:30 +00:00
fnetX
a56bc83bb2 revert [v7.0/forgejo] test: issue sidebar testing using playwright' (#4335)
revert Merge pull request '[v7.0/forgejo] test: issue sidebar testing using playwright' (#4335) from bp-v7.0/forgejo-fafc4f6 into v7.0/forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4335
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-14 17:46:40 +00:00
Earl Warren
f4fda5c7b2 tests(e2e): only run one test, not all of them each time
(cherry picked from commit e3665c3042)
2024-07-14 15:32:02 +00:00
Gusted
b2d3ae4dc0 [UI] Remove unnecessary vertical space in empty labels list
- Don't show the labels-list element, if no labels are selected.
- The labels-list was taking up vertical space, even if no labels were
selected which caused an inconsistency in how the sidebar looked.
- Adds integration test

(cherry picked from commit 013b89eb13)
2024-07-14 14:40:50 +00:00
Gusted
2e0e0b48f0 [BUG] Use correct SHA in GetCommitPullRequest
- The param wasn't `sha`, it was `ref`. Use this instead.
- Adds new integration tests.
- Resolves #4190
- Resolves #4025

(cherry picked from commit a8460bb132)
2024-07-06 21:00:31 +00:00
Otto Richter
b890d90874 test: issue sidebar testing using playwright (#4319)
Conclusion of https://codeberg.org/forgejo/forgejo/issues/3499

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4319
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>
(cherry picked from commit fafc4f6ad9)
2024-07-05 05:05:59 +00:00
0ko
d3a0eb3bdd ui: fix wrong string used in a search box (#4258)
Resolves https://codeberg.org/forgejo/forgejo/issues/4256.
Fixes regression caused by https://github.com/go-gitea/gitea/pull/29530/files#diff-b46ae540c8eb41d1ccaa1659489fcc47d72eee4c4f04dc83c5ccf4d6d1a3395eR45.

Preview:
Before - https://codeberg.org/forgejo/forgejo/attachments/d629f2e9-0d07-4719-9250-52d3ba9f4a9e
After - https://codeberg.org/forgejo/forgejo/attachments/6a5f5cb2-124d-4673-a387-8483125a89eb

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4258
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
(cherry picked from commit 28ceec6fad)
2024-06-28 16:29:11 +00:00
Twenty Panda
cc425ad87b test: coverage for /repos/{owner}/{repo}/issues?project=
Refs: https://codeberg.org/forgejo/forgejo/pulls/4215#issuecomment-2040651
(cherry picked from commit b18ba810a5)
2024-06-23 19:35:08 +00:00
Thomas Desveaux
f8774e3611
Fix NuGet Package API for $filter with Id equality (#31188) (#31242)
Backport #31188

Fixes issue when running `choco info pkgname` where `pkgname` is also a
substring of another package Id.

Relates to #31168

---

This might fix the issue linked, but I'd like to test it with more choco
commands before closing the issue in case I find other problems if
that's ok.
I'm pretty inexperienced with Go, so feel free to nitpick things.

Not sure I handled
[this](70f87e11b5/routers/api/packages/nuget/nuget.go (L135-L137))
in the best way, so looking for feedback on if I should fix the
underlying issue (`nil` might be a better default for `Value`?).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit ca414a7ccf5e26272662e360c44ac50221a0f2d4)
2024-06-09 11:49:18 +02:00
Earl Warren
8f88817c00 test(oauth): RFC 6749 Section 10.2 conformance
See:

1b088fade6 Prevent automatic OAuth grants for public clients
07fe5a8b13 use existing oauth grant for public client

(cherry picked from commit 592469464b)
2024-06-06 10:01:56 +00:00
Earl Warren
40bf161ff0 test(oauth): coverage for the redirection of a denied grant
See 886a675f62 Return `access_denied` error when an OAuth2 request is denied

(cherry picked from commit 32c882af91)
2024-06-05 14:19:38 +00:00
Lunny Xiao
d462b6d495
Fix push multiple branches error with tests (#31151)
(cherry picked from commit 5c1b550e00e9460078e00c41a32d206b260ef482)

Conflicts:
	tests/integration/git_push_test.go
	trivial context conflict because of
	2ac3dcbd43 test: hook post-receive for sha256 repos
(cherry picked from commit 62448bfb93)
(cherry picked from commit e8c776c79384c1c0a4d707ce5084b27347703848)
2024-06-03 09:47:51 +02:00
Earl Warren
bad8e72bcd
tests(integration): add TestPullMergeBranchProtect
Verify variations of branch protection that are in play when merging a
pull request as:

* instance admin
* repository admin / owner
* user with write permissions on the repository

In all cases the result is expected to be the same when merging
the pull request via:

* API
* web

Although the implementations are different.

(cherry picked from commit 793421bf59)

Conflicts:
	tests/integration/pull_merge_test.go
	trivial context conflict
2024-06-02 22:05:08 +02:00
Earl Warren
6827a4a669
test(integration): add protected file to doBranchProtect
A protected file pushed to a protected branch branch is not allowed.

(cherry picked from commit e0eba21ab7)
2024-06-02 22:00:40 +02:00
Earl Warren
e0cd813927
test(integration): refactor doBranchProtectPRMerge
* group test cases to clarify their purpose
* remove pull request branch protection tests, they are redundant
  with TestPullMergeBranchProtect

(cherry picked from commit 0d8478b82e)

Conflicts:
	tests/integration/git_test.go
	trivial context conflict
2024-06-02 22:00:18 +02:00
Earl Warren
9b17f6fd24
test(integration): refactor testPullMerge
* split into testPullMergeForm which can be called directly if
  the caller wants to specify extra parameters.
* testPullMergeForm can expect something different than StatusOK

(cherry picked from commit 20591d966e)
2024-06-02 21:53:46 +02:00
Earl Warren
9cd730a063
test(integration): refactor doAPIMergePullRequest
* http.StatusMethodNotAllowed can be expected: only retry if the
  error message is "Please try again later"
* split into doAPIMergePullRequestForm which can be called directly if
  the caller wants to specify extra parameters.

(cherry picked from commit 49aea9879b)
2024-06-02 21:53:46 +02:00
Earl Warren
68d803aae4
test(integration): refactor doProtectBranch
explicitly specify the parameters instead of providing them as
arguments so the caller has a more fine grain control over them.

(cherry picked from commit 70aa294cc1)
2024-06-02 21:53:46 +02:00
Earl Warren
b4d792d2a2
test(integration): add t.Helper() to reduce stack polution
Without the a testify stack is likely to not show the relevant test.

(cherry picked from commit 4c2ed3c35d)
2024-06-02 21:53:46 +02:00
Earl Warren
4cbfd383e9 tests(api): POST /repos/{owner}/{repo}/push_mirrors coverage
(cherry picked from commit 166bb2861f)
2024-06-02 15:45:31 +00:00
Jade Lovelace
900381d6e9 Add an immutable tarball link to archive download headers for Nix
This allows `nix flake metadata` and nix in general to lock a *branch*
tarball link in a manner that causes it to fetch the correct commit even
if the branch is updated with a newer version.

For further context, Nix flakes are a feature that, among other things,
allows for "inputs" that are "github:someuser/somerepo",
"https://some-tarball-service/some-tarball.tar.gz",
"sourcehut:~meow/nya" or similar. This feature allows our users to fetch
tarballs of git-based inputs to their builds rather than using git to
fetch them, saving significant download time.

There is presently no gitea or forgejo specific fetcher in Nix, and we
don't particularly wish to have one. Ideally (as a developer on a Nix
implementation myself) we could just use the generic tarball fetcher and
not add specific forgejo support, but to do so, we need additional
metadata to know which commit a given *branch* tarball represents, which
is the purpose of the Link header added here.

The result of this patch is that a Nix user can specify `inputs.something.url =
"https://forgejo-host/some/project/archive/main.tar.gz"` in flake.nix
and get a link to some concrete tarball for the actual commit in the
lock file, then when they run `nix flake update` in the future, they
will get the latest commit in that branch.

Example of it working locally:

 » nix flake metadata --refresh 'http://localhost:3000/api/v1/repos/jade/cats/archive/main.tar.gz?dir=configs/nix'
Resolved URL:  http://localhost:3000/api/v1/repos/jade/cats/archive/main.tar.gz?dir=configs/nix
Locked URL:    804ede182b.tar.gz?dir=configs
/nix&narHash=sha256-yP7KkDVfuixZzs0fsqhSETXFC0y8m6nmPLw2GrAMxKQ%3D
Description:   Computers with the nixos
Path:          /nix/store/s856c6yqghyan4v0zy6jj19ksv0q22nx-source
Revision:      804ede182b6b66469b23ea4d21eece52766b7a06
Last modified: 2024-05-02 00:48:32

For details on the header value, see:
56763ff918/doc/manual/src/protocols/tarball-fetcher.md

(cherry picked from commit 6631f56ebf)
2024-05-29 18:50:14 +00:00
Earl Warren
75554579a6 Merge pull request '[v7.0/forgejo] mysql: faster user deletion (hook_task query) for mariadb 10' (#3888) from bp-v7.0/forgejo-4ffda65-bb165fa into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3888
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-05-24 13:45:38 +00:00
oliverpool
cef84d7abf test: check hook_task deletion
move test to integration to ensure Sqlite + MySQL testing

(cherry picked from commit bb165fadf6)
2024-05-24 12:46:33 +00:00
Gergely Nagy
9ac51ddeb7 tests: Add a test for code expansion on PRs
This adds a new test case to `TestCompareCodeExpand` to exercise the
case where we're viewing a PR's diff.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit fd9ee1901b)
2024-05-24 12:45:35 +00:00
wxiaoguang
d3b4f9d326 Fix incorrect "blob excerpt" link when comparing files (#31013)
When comparing files between the base repo and forked repo, the "blob
excerpt" link should point to the forked repo, because the commit
doesn't exist in base repo.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit f48cc501c46a2d34eb701561f01d888d689d60d5)

Conflicts:
	- templates/repo/diff/section_split.tmpl
	- templates/repo/diff/section_unified.tmpl
          Resolved the conflict by picking Gitea's change over ours, and
	  porting it.
	- tests/integration/compare_test.go
	  Kept our test, but picked the "compare all of the relevant
	  links" part of the Gitea test.
(cherry picked from commit a62a887649)
2024-05-24 12:45:35 +00:00
Gergely Nagy
ef4c6abbb9 badges: Relax the default workflow badge conditions
Previously, if no branch was explicitly specified for a workflow, it
defaulted to the default branch of the repo. This worked fine for
workflows that were triggered on push, but it prevented showing badges
for workflows that only run on tags, or on schedule - since they do not
run on a specific branch.

Thus, relax the conditions, and if no branch is specified, just return
the latest run of the given workflow. If one is specified, *then*
restrict it to said branch.

Fixes #3487.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit d6915f4d5f)
2024-05-20 10:47:25 +00:00
Earl Warren
4ecbb2ef1b Merge pull request '[gitea] week 2024-20-v7.0 cherry pick (release/v1.22 -> v7.0/forgejo)' (#3772) from earl-warren/wcp/2024-20-v7.0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3772
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
2024-05-16 15:36:08 +00:00
oliverpool
d877f18092 test-sha256: APICreateFile
(cherry picked from commit 67effd6985)
2024-05-16 13:07:14 +00:00
oliverpool
32a0e1e2b4 test-sha256: APICreateBranch
(cherry picked from commit df8aaeb1d5)
2024-05-16 13:07:14 +00:00
oliverpool
ab4570d0cb test-sha256: PushDeployKeyOnEmptyRepo
(cherry picked from commit 348182f4b3)
2024-05-16 13:07:14 +00:00
oliverpool
7c40672ddf test: useless duplication
(cherry picked from commit e3e82d02ad)
2024-05-16 13:07:14 +00:00
oliverpool
6de1f714f3 test: hook post-receive for sha256 repos
failing push-to-create for sha256 will be fixed in a followup PR

(cherry picked from commit 2ac3dcbd43)
2024-05-15 21:08:15 +00:00
Zettat123
65529bd334
Update issue indexer after merging a PR (#30715)
Fix #30684

(cherry picked from commit f09e68ec33262d5356779572a0b1c66e6e86590f)

Conflicts:
	tests/integration/pull_merge_test.go
	trivial context conflict
(cherry picked from commit 8f0f6bf89c)

(cherry picked from commit df5513978a630355a28b6b42fcc63fe5d70652d8)
2024-05-14 16:00:57 +02:00
Lunny Xiao
d91839692f
Fix various problems around projects board view (#30696)
The previous implementation will start multiple POST requests from the
frontend when moving a column and another bug is moving the default
column will never be remembered in fact.

- [x] This PR will allow the default column to move to a non-first
position
- [x] And it also uses one request instead of multiple requests when
moving the columns
- [x] Use a star instead of a pin as the icon for setting the default
column action
- [x] Inserted new column will be append to the end
- [x] Fix #30701 the newly added issue will be append to the end of the
default column
- [x] Fix when deleting a column, all issues in it will be displayed
from UI but database records exist.
- [x] Add a limitation for columns in a project to 20. So the sorting
will not be overflow because it's int8.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a303c973e0264dab45a787c4afa200e183e0d953)

Conflicts:
	routers/web/web.go
	e91733468ef726fc9365aa4820cdd5f2ddfdaa23 Add missing database transaction for new issue (#29490) was not cherry-picked
	services/issue/issue.go
	fe6792dff3 Enable/disable owner and repo projects independently (#28805) was not cherry-picked
(cherry picked from commit 7d3ca90dfe)

(cherry picked from commit 084bec89ed7ae0816fc2d8db6784ad22523d1fc4)
2024-05-14 15:51:15 +02:00