Earl Warren
eaa66f85f6
Merge pull request '[gitea] week 2024-46 cherry pick (gitea/main -> forgejo)' ( #5988 ) from earl-warren/wcp/2024-46 into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5988
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-16 15:49:01 +00:00
Gusted
e4eb82b738
fix: use better code to group UID and stopwatches
...
- Instead of having code that relied on the result being sorted (which
wasn't specified in the query and therefore not safe to assume so). Use
a map where it doesn't care if the result that we get from the database
is sorted or not.
- Added unit test.
2024-11-16 15:59:02 +01:00
Earl Warren
969a6ab24a
chore(release-notes): notes for the week 2024-46 weekly cherry pick
2024-11-16 15:25:37 +01:00
Gusted
7d59060dc6
bug: correctly generate oauth2 jwt signing key
...
- When RS256, RS384, ES384, ES512 was specified as the JWT signing
algorithm they would generate RS512 and ES256 respectively.
- Added unit test.
2024-11-16 15:17:19 +01:00
silverwind
308812a82e
Fix mermaid diagram height when initially hidden ( #32457 )
...
In a hidden iframe, `document.body.clientHeight` is not reliable. Use
`IntersectionObserver` to detect the visibility change and update the
height there.
Fixes: https://github.com/go-gitea/gitea/issues/32392
<img width="885" alt="image"
src="https://github.com/user-attachments/assets/a95ef6aa-27e7-443f-9d06-400ef27919ae ">
(cherry picked from commit b55a31eb6a894feb5508e350ff5e9548b2531bd6)
2024-11-16 15:12:25 +01:00
Zettat123
fc26becba4
Fix broken releases when re-pushing tags ( #32435 )
...
Fix #32427
(cherry picked from commit 35bcd667b23de29a7b0d0bf1090fb10961d3aca3)
Conflicts:
- tests/integration/repo_tag_test.go
Resolved by manually copying the added test, and also manually
adjusting the imported Go modules.
2024-11-16 15:12:25 +01:00
Gusted
02a2dbef69
feat: default to generating EdDSA for OAuth JWT signing key
2024-11-16 15:03:28 +01:00
Lunny Xiao
013cc1dee4
Only query team tables if repository is under org when getting assignees ( #32414 )
...
It's unnecessary to query the team table if the repository is not under
organization when getting assignees.
(cherry picked from commit 1887c75c35c1d16372b1dbe2b792e374b558ce1f)
2024-11-16 14:57:11 +01:00
Gusted
6d0f2c1b82
Merge pull request 'Update module google.golang.org/grpc to v1.68.0 (forgejo)' ( #5969 ) from renovate/forgejo-google.golang.org-grpc-1.x into forgejo
...
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (redis) (push) Blocked by required conditions
testing / test-remote-cacher (valkey) (push) Blocked by required conditions
testing / test-remote-cacher (garnet) (push) Blocked by required conditions
testing / test-remote-cacher (redict) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5969
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-16 12:25:41 +00:00
Gusted
2cccc02e76
feat: improve GetLatestCommitStatusForPairs
...
- Simplify the function into a single SQL query. This may or may not
help with a monster query we are seeing in Codeberg that is using 400MiB
and takes 50MiB to simply log the query. The result is now capped to the
actual latest index,
- Add unit test.
2024-11-16 13:23:40 +01:00
Earl Warren
356aa6521b
Merge pull request 'fix: extend forgejo_auth_token
table (part two)' ( #5984 ) from earl-warren/forgejo:wip-forgejo-auth-token into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5984
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-16 11:56:02 +00:00
Earl Warren
cf323a3d55
fix: extend forgejo_auth_token
table (part two)
...
Add the default value of the purpose field to both the table and the
migration. The table in v9 and v7 backport already have the default
value.
ALTER TABLE `forgejo_auth_token` ADD `purpose` TEXT NOT NULL [] - Cannot add a NOT NULL column with default value NULL
2024-11-16 10:53:46 +01:00
Gusted
6bab3c374c
Merge pull request 'Update github.com/grafana/go-json digest to f14426c (forgejo)' ( #5980 ) from renovate/forgejo-github.com-grafana-go-json-digest into forgejo
...
/ release (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (redis) (push) Blocked by required conditions
testing / test-remote-cacher (valkey) (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / test-remote-cacher (garnet) (push) Blocked by required conditions
testing / test-remote-cacher (redict) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5980
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-16 03:07:17 +00:00
Gusted
570e8cec9e
Merge pull request 'Update dependency tailwindcss to v3.4.15 (forgejo)' ( #5966 ) from renovate/forgejo-tailwindcss-3.x into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5966
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-16 02:23:37 +00:00
Michael Kriese
bf810fa8d3
Merge pull request 'ci: upload all e2e artifacts' ( #5973 ) from viceice/ci/e2e-artifacts into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5973
2024-11-16 00:34:34 +00:00
Renovate Bot
66dfb2813c
Update github.com/grafana/go-json digest to f14426c
2024-11-16 00:03:23 +00:00
Earl Warren
95a8987844
Merge pull request 'chore(release-notes): fix the v9.0.2 links' ( #5978 ) from earl-warren/forgejo:wip-release-notes into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5978
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-15 22:48:55 +00:00
Earl Warren
9fd2df6e30
chore(release-notes): fix the v9.0.2 links
2024-11-15 22:59:52 +01:00
Michael Kriese
7f707b2a6f
ci: disable postgresql fsync
2024-11-15 15:29:06 +01:00
Michael Kriese
5406310f3e
ci: upload all e2e artifacts
2024-11-15 15:01:39 +01:00
Michael Kriese
b21cc70dd7
Merge pull request 'chore: fix e2e' ( #5977 ) from gusted/fix-e2e into forgejo
...
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (redis) (push) Blocked by required conditions
testing / test-remote-cacher (valkey) (push) Blocked by required conditions
testing / test-remote-cacher (garnet) (push) Blocked by required conditions
testing / test-remote-cacher (redict) (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5977
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-15 13:33:50 +00:00
Gusted
4a5d9d4b78
chore: fix e2e
...
- Regression from #5948
- Use proper permission.
- Remove debug statement
2024-11-15 14:02:16 +01:00
Earl Warren
1e1b162cbe
Merge pull request 'fix: 15 November 2024 security fixes batch' ( #5974 ) from earl-warren/forgejo:wip-security-15-11 into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5974
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-15 11:19:50 +00:00
Earl Warren
b1bc294955
chore(release-notes): 15 November 2024 security fixes
2024-11-15 11:17:14 +01:00
Michael Kriese
01ab0583f5
Merge pull request 'test: fix e2e tests' ( #5968 ) from viceice/test/e2e-fixes into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5968
2024-11-15 10:16:18 +00:00
Gusted
786dfc7fb8
fix: add ID check for updating push mirror interval
...
- Ensure that the specified push mirror ID belongs to the requested
repository, otherwise it is possible to modify the intervals of the push
mirrors that do not belong to the requested repository.
- Integration test added.
2024-11-15 10:59:36 +01:00
Gusted
061abe6004
fix: don't show private forks in forks list
...
- If a repository is forked to a private or limited user/organization,
the fork should not be visible in the list of forks depending on the
doer requesting the list of forks.
- Added integration testing for web and API route.
2024-11-15 10:59:36 +01:00
Gusted
3e3ef76808
fix: require code permissions for branch feed
...
- The RSS and atom feed for branches exposes details about the code, it
therefore should be guarded by the requirement that the doer has access
to the code of that repository.
- Added integration testing.
2024-11-15 10:59:36 +01:00
Gusted
7067cc7da4
fix: strict matching of allowed content for sanitizer
...
- _Simply_ add `^$` to regexp that didn't had it yet, this avoids any
content being allowed that simply had the allowed content as a
substring.
- Fix file-preview regex to have `$` instead of `*`.
2024-11-15 10:59:36 +01:00
Gusted
e6bbecb02d
fix: disallow basic authorization when security keys are enrolled
...
- This unifies the security behavior of enrolling security keys with
enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use
basic authorization (user:password) to make API request on behalf of the
user, this is now also the case when you enroll security keys.
- The usage of access tokens are the only method to make API requests on
behalf of the user when a 2FA method is enrolled for the user.
- Integration test added.
2024-11-15 10:59:36 +01:00
Gusted
b70196653f
fix: anomynous users code search for private/limited user's repository
...
- Consider private/limited users in the `AccessibleRepositoryCondition`
query, previously this only considered private/limited organization.
This limits the ability for anomynous users to do code search on
private/limited user's repository
- Unit test added.
2024-11-15 10:59:36 +01:00
Gusted
9508aa7713
Improve usage of HMAC output for mailer tokens
...
- If the incoming mail feature is enabled, tokens are being sent with
outgoing mails. These tokens contains information about what type of
action is allow with such token (such as replying to a certain issue
ID), to verify these tokens the code uses the HMAC-SHA256 construction.
- The output of the HMAC is truncated to 80 bits, because this is
recommended by RFC2104, but RFC2104 actually doesn't recommend this. It
recommends, if truncation should need to take place, it should use
max(80, hash_len/2) of the leftmost bits. For HMAC-SHA256 this works out
to 128 bits instead of the currently used 80 bits.
- Update to token version 2 and disallow any usage of token version 1,
token version 2 are generated with 128 bits of HMAC output.
- Add test to verify the deprecation of token version 1 and a general
MAC check test.
2024-11-15 10:59:36 +01:00
Gusted
1ce33aa38d
fix: extend forgejo_auth_token
table
...
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.
2024-11-15 10:59:36 +01:00
Michael Kriese
0fa436c373
Merge pull request 'ci: use oci mirror images' ( #5963 ) from viceice/ci/oci-mirror into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5963
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-15 08:22:35 +00:00
Michael Kriese
296935b0d7
Merge pull request 'chore: improve preparing tests' ( #5948 ) from gusted/improve-testz into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5948
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-15 07:35:22 +00:00
Michael Kriese
1c25bbe773
test: fix e2e tests
2024-11-15 08:29:58 +01:00
Michael Kriese
c8d97e5594
ci: use oci mirror images
2024-11-15 08:19:50 +01:00
Earl Warren
e426a52a87
Merge pull request 'chore(release-notes): update the v9.0.2 & v7.0.11 links' ( #5943 ) from earl-warren/forgejo:wip-release-notes into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5943
2024-11-15 07:11:46 +00:00
Michael Kriese
faa796feb9
Merge pull request 'ci: proper job name' ( #5964 ) from viceice/ci/job-name into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5964
Reviewed-by: Antonin Delpeuch <wetneb@noreply.codeberg.org>
2024-11-15 07:02:58 +00:00
Renovate Bot
cdc38ace39
Update module google.golang.org/grpc to v1.68.0
2024-11-15 02:03:08 +00:00
Renovate Bot
4043377377
Update dependency tailwindcss to v3.4.15
2024-11-15 00:09:10 +00:00
Michael Kriese
c226b4d00a
feat: use oci mirror for tonistiigi/xx
image
2024-11-15 00:55:43 +01:00
Michael Kriese
19c9e0a0c2
ci: proper job name
2024-11-15 00:48:45 +01:00
Earl Warren
ef9a0c8d3d
Merge pull request 'Update module code.forgejo.org/forgejo/act to v1.22.0 (forgejo)' ( #5949 ) from renovate/forgejo-code.forgejo.org-forgejo-act-1.x into forgejo
...
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/redis:7.2 options:--tmpfs /bitnami/redis/data]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/valkey:7.2 options:--tmpfs /bitnami/redis/data]) (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 options:--tmpfs /data]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch options:--tmpfs /data]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5949
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-14 23:28:23 +00:00
Otto
d1ad4dd561
Merge pull request 'Highlight user mention in comments and commit messages' ( #5899 ) from 0ko/forgejo:mention-highlight into forgejo
...
/ release (push) Waiting to run
testing / backend-checks (push) Waiting to run
testing / frontend-checks (push) Waiting to run
testing / test-unit (push) Blocked by required conditions
testing / test-e2e (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/redis:7.2 options:--tmpfs /bitnami/redis/data]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:docker.io/bitnami/valkey:7.2 options:--tmpfs /bitnami/redis/data]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:registry.redict.io/redict:7.3.0-scratch options:--tmpfs /data]) (push) Blocked by required conditions
testing / test-remote-cacher (map[image:ghcr.io/microsoft/garnet-alpine:1.0.14 options:--tmpfs /data]) (push) Blocked by required conditions
testing / test-mysql (push) Blocked by required conditions
testing / test-pgsql (push) Blocked by required conditions
testing / test-sqlite (push) Blocked by required conditions
testing / security-check (push) Blocked by required conditions
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5899
Reviewed-by: Otto <otto@codeberg.org>
2024-11-14 17:46:03 +00:00
Otto
b92863b024
Merge pull request 'ci: use tmpfs for service storage' ( #5958 ) from viceice/ci/use-tmpfs into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5958
Reviewed-by: Otto <otto@codeberg.org>
2024-11-14 17:44:22 +00:00
Michael Kriese
91fda7ee81
Merge pull request 'test: use sqlite in-memory db for integration' ( #5956 ) from viceice/test/integration/use-sqlite-in-memory-db into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5956
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-14 17:14:39 +00:00
Michael Kriese
8a4407ef72
ci: use tmpfs for service storage
2024-11-14 17:27:48 +01:00
Michael Kriese
a8beeff422
Merge pull request 'ci: disable mysql binlog' ( #5957 ) from viceice/ci/mysql/no-bin-log into forgejo
...
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5957
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-14 16:26:48 +00:00
Michael Kriese
eda83cc7ed
ci: disable mysql binlog
2024-11-14 16:39:34 +01:00