0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-27 09:54:15 -05:00
Commit graph

940 commits

Author SHA1 Message Date
JakobDev
d89003cc1b Fix API leaking Usermail if not logged in (#25097)
The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit ea385f5d39)
2023-08-05 11:43:54 +00:00
Gusted
5f769ef20d [GITEA] Show manual cron run's last time
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed this
task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949
- Backport #1087
2023-07-31 18:34:14 +00:00
Giteabot
4c3dcdf815
Warn instead of reporting an error when a webhook cannot be found (#26039) (#26211)
Backport #26039 by @puni9869

Attemp fix: #25744
Fixing the log level when we delete any repo then we get error hook not
found by id. That should be warn level to reduce the noise in the logs.

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit c5fe09db72)
2023-07-30 07:46:19 +02:00
Lunny Xiao
4640c53386
Fix bug when pushing to a pull request which enabled dismiss approval automatically (#25882) (#26158)
Fix #25858
Backport #25882

The option `dissmiss stale approvals` was listed on protected branch but
never implemented. This PR fixes that.

<img width="1006" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/60bfa968-4db7-4c24-b8be-2e5978f91bb9">

<img width="1021" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/8dabc14d-2dfe-40c2-94ed-24fcbf6e0e8f">

(cherry picked from commit 666038a06d)
2023-07-30 07:46:18 +02:00
Giteabot
9654d71bb2
Fix bugs in LFS meta garbage collection (#26122) (#26157)
Backport #26122 by @Zettat123

This PR

- Fix #26093. Replace `time.Time` with `timeutil.TimeStamp`
- Fix #26135. Add missing `xorm:"extends"` to `CountLFSMetaObject` for
LFS meta object query
- Add a unit test for LFS meta object garbage collection

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit a12d036a68)
2023-07-30 07:43:05 +02:00
Giteabot
2a4dcad472
Fix version in rpm repodata/primary.xml.gz (#26009) (#26048)
Co-authored-by: Peter Verraedt <peter.verraedt@gmail.com>
(cherry picked from commit 81f5a87eb4)
2023-07-24 07:59:10 +02:00
Giteabot
0593018dba
Fix SSPI auth panic (#25955) (#25969)
Backport #25955 by @wxiaoguang

Try to fix #25952

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 227c3b67e0)
2023-07-24 07:58:56 +02:00
Earl Warren
1371196064
Merge remote-tracking branch 'forgejo/v1.20/forgejo-moderation' into v1.20/forgejo 2023-07-17 08:01:23 +02:00
Earl Warren
c37099723e
Merge remote-tracking branch 'forgejo/v1.20/forgejo-branding' into v1.20/forgejo 2023-07-17 08:01:16 +02:00
Gusted
cdf6318f51
[MODERATION] organization blocking a user (#802)
- Resolves #476
- Follow up for: #540
- Ensure that the doer and blocked person cannot follow each other.
- Ensure that the block person cannot watch doer's repositories.
- Add unblock button to the blocked user list.
- Add blocked since information to the blocked user list.
- Add extra testing to moderation code.
- Blocked user will unwatch doer's owned repository upon blocking.
- Add flash messages to let the user know the block/unblock action was successful.
- Add "You haven't blocked any users" message.
- Add organization blocking a user.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/802
(cherry picked from commit 0505a10421)
(cherry picked from commit 37b4e6ef9b)
(cherry picked from commit 217475385a)
(cherry picked from commit f2c38ce5c2)
(cherry picked from commit 1edfb68137)
(cherry picked from commit 2cbc12dc74)
(cherry picked from commit 79ff020f18)
2023-07-17 00:26:42 +02:00
Gusted
dc9499bdf9
[MODERATION] user blocking
- Add the ability to block a user via their profile page.
- This will unstar their repositories and visa versa.
- Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations).
- Blocked users cannot comment on the doer's opened issues or pull requests.
- Blocked users cannot add reactions to doer's comments.
- Blocked users cannot cause a notification trough mentioning the doer.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540
(cherry picked from commit 687d852480)
(cherry picked from commit 0c32a4fde5)
(cherry picked from commit 1791130e3c)
(cherry picked from commit 00f411819f)
(cherry picked from commit e0c039b0e8)
(cherry picked from commit b5a058ef00)
(cherry picked from commit 5ff5460d28)
(cherry picked from commit 97bc6e619d)
2023-07-17 00:26:42 +02:00
Earl Warren
02ba08ca84
[BRANDING] define the forgejo webhook type
templates/swagger/v1_json.tmpl updated with `make generate-swagger`

(cherry picked from commit 88899c492e)
(cherry picked from commit 7171bd9617)
(cherry picked from commit 1a742446c1)
(cherry picked from commit d7c189d7b2)

Conflicts:
	routers/web/web.go
(cherry picked from commit cbdea868e4)
(cherry picked from commit 6cd150483b)
(cherry picked from commit 47246da8d3)
(cherry picked from commit f2aa0e6b76)
(cherry picked from commit 5a4fc69a16)
(cherry picked from commit 48e444ca09)
(cherry picked from commit 888e537811)
(cherry picked from commit 5121f493c9)
(cherry picked from commit 9394e55fdf)
(cherry picked from commit 3a2ce51768)
(cherry picked from commit 719ead3a65)
(cherry picked from commit 83e6f82e2a)
(cherry picked from commit 494a429b21)
(cherry picked from commit d30c90c0ab)
(cherry picked from commit 3c83b325c4)
(cherry picked from commit 470bffae63)
(cherry picked from commit 1d65921719)
(cherry picked from commit c101c2e0b9)
2023-07-17 00:25:56 +02:00
Earl Warren
7635da25dc
[BRANDING] add X-Forgejo-* headers
(cherry picked from commit 0a3388f93f)
(cherry picked from commit 7eba0a440a)
(cherry picked from commit eb9646c7ef)
(cherry picked from commit f1972578f5)

Conflicts:
(cherry picked from commit 7f96222fb4)
(cherry picked from commit e3c7c9fe7b)
(cherry picked from commit 84fdead902)
(cherry picked from commit 85148e1196)
(cherry picked from commit c0086bd70d)
(cherry picked from commit d1e31ef318)
(cherry picked from commit 681d3ed5c4)
(cherry picked from commit 76a3001f5b)
(cherry picked from commit a55a9567d3)
(cherry picked from commit aa7adc167d)
(cherry picked from commit d5354cb52c)
(cherry picked from commit 472c489996)
(cherry picked from commit dc816d065b)
(cherry picked from commit 3e9799148f)
(cherry picked from commit 85ede01671)
(cherry picked from commit 9c288b5b30)
(cherry picked from commit dcee31e20b)
(cherry picked from commit 11b984d74a)
2023-07-17 00:25:55 +02:00
Gusted
ffb9ffdc0e
[PRIVACY] Add a DNS method to fetch new updates
- Use TXT records in order to determine the latest available version.
- This addresses a valid privacy issue, as with HTTP requests the server
can keep track(estimated) of how many instances are using Forgejo, with
DNS that's basically not possible as the server will never receive any
data, as the only ones receiving data are DNS resolvers.

(cherry picked from commit 0baefb546a)
(cherry picked from commit e8ee41880b)
(cherry picked from commit 7eca4f3bf1)
(cherry picked from commit 6dde3992dc)
(cherry picked from commit fb3a37fbfc)
(cherry picked from commit 8304af1e9d)
(cherry picked from commit 0543a7d12a)
(cherry picked from commit c3a22933b7)
(cherry picked from commit e243707694)
(cherry picked from commit 7eb6d1bcf7)
(cherry picked from commit 1d7b9535cd)
(cherry picked from commit 05920dce67)
(cherry picked from commit f173f27d7c)
(cherry picked from commit 90e1c9340e)
(cherry picked from commit de68610ea7)
(cherry picked from commit 8d5757ea04)
(cherry picked from commit c7a7fff316)
(cherry picked from commit 39ac8b8fc1)
(cherry picked from commit 2f65c02905)
(cherry picked from commit 74b5133374)
(cherry picked from commit e31c34e893)
2023-07-17 00:24:23 +02:00
Gusted
edc1891471
[PRIVACY] Disable update_checker cron tasks
- This is being disabled as it will weekly connect to a domain.
- This only affects existing installations, as new installations will
have a explicit value being written into app.ini due to https://github.com/go-gitea/gitea/pull/21655

(cherry picked from commit cd0b8b6852)
(cherry picked from commit 58d43867ca)
(cherry picked from commit f290b91e50)
(cherry picked from commit 5bd6d75554)
(cherry picked from commit e5d0abb592)
(cherry picked from commit 4b381ce77e)
(cherry picked from commit b6a9b1390d)
(cherry picked from commit 3674362871)
(cherry picked from commit af0f606fc1)
(cherry picked from commit 49560da6fb)
(cherry picked from commit ca06e27c5b)
(cherry picked from commit 163df86df5)
(cherry picked from commit 0391c6ae42)
(cherry picked from commit f282f2d42f)
(cherry picked from commit 68d31cf247)
(cherry picked from commit cfd4a479e9)
(cherry picked from commit add969bdf6)
(cherry picked from commit c0f3f1f1e7)
(cherry picked from commit 9e0333e42c)
(cherry picked from commit a86fba10ac)
(cherry picked from commit 2e1c7e6641)
2023-07-17 00:24:23 +02:00
Giteabot
de8127e78b
fix incorrect repo url when changed the case of ownername (#25733) (#25881)
Backport #25733 by @hiifong

When only the casing of the username changes, update the owner name of the repo,
and keep the original logic consistent with other conditions.

example: assume your username is `gitea`, lowercase username is `gitea` too,
repo URL is `.../gitea/{repo}`.
You change your username to `Gitea`, `GiTea` or something like that,
as long as the lowercase username is still `gitea`, the repo URL remained `.../gitea/{repo}`.

this pr keeps the new username consistent with the repo URL.

Before:

![image](https://github.com/go-gitea/gitea/assets/89133723/84177296-f0ff-4176-84f1-1f9ec3f5b86f)
![image](https://github.com/go-gitea/gitea/assets/89133723/8f8f4a12-ecdd-4dec-af89-85c009b0ccfe)

After: 

![image](https://github.com/go-gitea/gitea/assets/89133723/0564edb6-9467-405a-8cd4-d6f70e6f614b)
![image](https://github.com/go-gitea/gitea/assets/89133723/554ecd6e-e5a1-43bc-a46d-99e988c2ff58)

Co-authored-by: hiifong <i@hiif.ong>
2023-07-15 19:47:24 +02:00
Giteabot
353dcc5ad4
Fix the error message when the token is incorrect (#25701) (#25836)
Backport #25701 by @CaiCandong

we refactored `userIDFromToken` for the token parsing part into a new
function `parseToken`. `parseToken` returns the string `token` from
request, and a boolean `ok` representing whether the token exists or
not. So we can distinguish between token non-existence and token
inconsistency in the `verfity` function, thus solving the problem of no
proper error message when the token is inconsistent.
close #24439  
related #22119

Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
Co-authored-by: Jason Song <i@wolfogre.com>
2023-07-12 10:18:27 +00:00
Giteabot
2b79d3fd52
For API attachments, use API URL (#25639) (#25814)
Backport #25639 by @lunny

Fix #25257

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-10 12:56:16 +00:00
Giteabot
a1bc2aa05e
Avoid amending the Rebase and Fast-forward merge if there is no message template (#25779) (#25809)
Backport #25779 by @wxiaoguang

Related #22669. Close #25177

After the fix:


![image](https://github.com/go-gitea/gitea/assets/2114189/0e900927-ea72-4f8f-bde6-5ed927cb02f4)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-10 10:23:54 +00:00
silverwind
24e64fe372
Replace interface{} with any (#25686) (#25687)
Same perl replacement as https://github.com/go-gitea/gitea/pull/25686
but for 1.20 to ease future backporting.
2023-07-04 23:41:32 -04:00
Giteabot
69bdcf41f3
Log the real reason when authentication fails (but don't show the user) (#25414) (#25660)
Backport #25414 by @lunny

Fix #24498

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-03 19:26:36 -04:00
Giteabot
8981f6d0fc
Fix content holes in Actions task logs file (#25560) (#25566)
Backport #25560 by @wolfogre

Fix #25451.

Bugfixes:
- When stopping the zombie or endless tasks, set `LogInStorage` to true
after transferring the file to storage. It was missing, it could write
to a nonexistent file in DBFS because `LogInStorage` was false.
- Always update `ActionTask.Updated` when there's a new state reported
by the runner, even if there's no change. This is to avoid the task
being judged as a zombie task.

Enhancement:
- Support `Stat()` for DBFS file.
- `WriteLogs` refuses to write if it could result in content holes.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-28 23:39:23 +00:00
Giteabot
9d69a4758e
Add Adopt repository event and handler (#25497) (#25518)
Backport #25497 by @lunny

Fix #14304

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-06-26 20:09:07 +00:00
John Olheiser
734fd93f59
Move some regexp out of functions (#25430) (#25445)
Partial backport of #25430

Not a bug, but worth backporting for efficiency.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-06-22 16:01:54 +00:00
Giteabot
203fe2841d
Fix Permission in API returned repository struct (#25388) (#25441)
Backport #25388 by @wolfogre

The old code generates `structs.Repository.Permissions` with only
`access.Permission.AccessMode`, however, it should check the units too,
or the value could be incorrect. For example,
`structs.Repository.Permissions.Push` could be false even the doer has
write access to code unit.

Should fix
https://github.com/renovatebot/renovate/issues/14059#issuecomment-1047961128
(Not reported by it, I just found it when I was looking into this bug)

---

Review tips:

The major changes are
- `modules/structs/repo.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-870406f6857117f8b03611c43fca0ab9ed6d6e76a2d0069a7c1f17e8fa9092f7
- `services/convert/repository.go`
https://github.com/go-gitea/gitea/pull/25388/files#diff-7736f6d2ae894c9edb7729a80ab89aa183b888a26a811a0c1fdebd18726a7101

And other changes are passive.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-22 17:01:42 +02:00
Giteabot
f18b8e7d8a
Change default email domain for LDAP users (#25425) (#25434)
Backport #25425 by @Zettat123

Fixes #21169

Change `localhost` to `localhost.local`

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-06-22 10:53:15 +00:00
sebastian-sauer
30a783879f
Show outdated comments in files changed tab (#24936) (#25428)
Backport #24936

If enabled show a clickable label in the comment. A click on the label
opens the Conversation tab with the comment focussed - there you're able
to view the old diff (or original diff the comment was created on).

**Screenshots**


![image](https://github.com/go-gitea/gitea/assets/1135157/63ab9571-a9ee-4900-9f02-94ab0095f9e7)


![image](https://github.com/go-gitea/gitea/assets/1135157/78f7c225-8d76-46f5-acfd-9b8aab988a6c)

When resolved and outdated:


![image](https://github.com/go-gitea/gitea/assets/1135157/6ece9ebd-c792-4aa5-9c35-628694e9d093)

Option to enable/disable this (stored in user settings - default is
disabled):


![image](https://github.com/go-gitea/gitea/assets/1135157/ed99dfe4-76dc-4c12-bd96-e7e62da50ab5)


![image](https://github.com/go-gitea/gitea/assets/1135157/e837a052-e92e-4a28-906d-9db5bacf93a6)

fixes #24913

Co-authored-by: silverwind <me@silverwind.io>
2023-06-22 08:34:42 +00:00
wxiaoguang
cb3173a1e9
Use "utf8mb4" for MySQL by default (#25432)
TBH, I don't see much difference from `Remove "CHARSET" config option
for MySQL, always use "utf8mb4"` #25413

Close #25413
2023-06-22 07:38:23 +02:00
Giteabot
6f1c95ec5b
Use the new download domain replace the old (#25405) (#25409)
Backport #25405 by @lunny

As title.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-06-21 03:59:51 +00:00
Giteabot
dfefe86045
Fix LDAP sync when Username Attribute is empty (#25278) (#25379)
Backport #25278 by @Zettat123

Fix #21072


![image](https://github.com/go-gitea/gitea/assets/15528715/96b30beb-7f88-4a60-baae-2e5ad8049555)

Username Attribute is not a required item when creating an
authentication source. If Username Attribute is empty, the username
value of LDAP user cannot be read, so all users from LDAP will be marked
as inactive by mistake when synchronizing external users.

This PR improves the sync logic, if username is empty, the email address
will be used to find user.

Co-authored-by: Zettat123 <zettat123@gmail.com>
2023-06-20 13:11:22 +08:00
yp05327
d686aa0d31
Fix profile render when the README.md size is larger than 1024 bytes (#25270)
Backport #25131
2023-06-15 01:39:34 +00:00
Giteabot
8fa9d9dcc9
Fix panic when migrating a repo from GitHub with issues (#25246) (#25247)
Backport #25246 by @wolfogre

Fix #25245. Regression of #23946.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-06-14 07:08:08 +00:00
Giteabot
21cd5c2f3d
Fix all possible setting error related storages and added some tests (#23911) (#25244)
Backport #23911 by @lunny

Follow up #22405

Fix #20703 

This PR rewrites storage configuration read sequences with some breaks
and tests. It becomes more strict than before and also fixed some
inherit problems.

- Move storage's MinioConfig struct into setting, so after the
configuration loading, the values will be stored into the struct but not
still on some section.
- All storages configurations should be stored on one section,
configuration items cannot be overrided by multiple sections. The
prioioty of configuration is `[attachment]` > `[storage.attachments]` |
`[storage.customized]` > `[storage]` > `default`
- For extra override configuration items, currently are `SERVE_DIRECT`,
`MINIO_BASE_PATH`, `MINIO_BUCKET`, which could be configured in another
section. The prioioty of the override configuration is `[attachment]` >
`[storage.attachments]` > `default`.
- Add more tests for storages configurations.
- Update the storage documentations.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-14 08:36:52 +02:00
Giteabot
9cef7a4600
Use inline SVG for built-in OAuth providers (#25171) (#25234)
Backport #25171 by @silverwind

The plan is that all built-in auth providers use inline SVG for more
flexibility in styling and to get the GitHub icon to follow
`currentcolor`. This only removes the `public/img/auth` directory and
adds the missing svgs to our svg build.

It should map the built-in providers to these SVGs and render them. If
the user has set a Icon URL, it should render that as an `img` tag
instead.

```
gitea-azure-ad
gitea-bitbucket
gitea-discord
gitea-dropbox
gitea-facebook
gitea-gitea
gitea-gitlab
gitea-google
gitea-mastodon
gitea-microsoftonline
gitea-nextcloud
gitea-twitter
gitea-yandex
octicon-mark-github
```

GitHub logo is now white again on dark theme:

<img width="431" alt="Screenshot 2023-06-12 at 21 45 34"
src="https://github.com/go-gitea/gitea/assets/115237/27a43504-d60a-4132-a502-336b25883e4d">

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-13 12:04:40 +00:00
Giteabot
506c70884a
Fix compatible for webhook ref type (#25195) (#25223)
Backport #25195 by @lunny

Fix #25185 
Caused by #24634

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-06-13 06:51:50 +00:00
Giteabot
5ff0f7d0ca
Add WithPullRequest for actionsNotifier (#25144) (#25197)
Backport #25144 by @Zettat123

Fix #25093

If
[`WithPullRequest`](679b1f7949/services/actions/notifier_helper.go (L90-L96))
is not called, the `Ref` in
[`notifyInput`](679b1f7949/services/actions/notifier_helper.go (L55-L65))
will be empty, so the workflows in the head branch will not be found and
triggered.
2023-06-12 17:08:09 +08:00
Giteabot
0058453fd9
Modify OAuth login ui and fix display name, iconurl related logic (#25030) (#25161)
Backport #25030 by @HesterG

Close #24808 

Co-Authour @wxiaoguang @silverwind 

1. Most svgs are found from https://worldvectorlogo.com/ , and some are
from conversion of png to svg. (facebook and nextcloud). And also
changed `templates/user/settings/security/accountlinks.tmpl`.

2. Fixed display name and iconurl related logic

# After

<img width="1436" alt="Screen Shot 2023-06-05 at 14 09 05"
src="https://github.com/go-gitea/gitea/assets/17645053/a5db39d8-1ab0-4676-82a4-fba60a1d1f84">

On mobile

<img width="378" alt="Screen Shot 2023-06-05 at 14 09 46"
src="https://github.com/go-gitea/gitea/assets/17645053/71d0f51b-baac-4f48-8ca2-ae0e013bd62e">


user/settings/security/accountlinks (The dropdown might be improved
later)

<img width="973" alt="Screen Shot 2023-06-01 at 10 01 44"
src="https://github.com/go-gitea/gitea/assets/17645053/27010e7e-2785-4fc5-8c49-b06621898f37">

Co-authored-by: HesterG <hestergong@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-06-09 10:59:18 +00:00
Lunny Xiao
11598885b3
Use RepositoryList instead of []*Repository (#25074) 2023-06-05 15:25:47 +08:00
Denys Konovalov
ca35dec18b
Add ability to set multiple redirect URIs in OAuth application UI (#25072)
OAuth applications can already have multiple redirect URIs if
created/edited over API.

This change allows for setting multiple redirect URIs through the UI as
a comma-separated list (e. g.
`https://example.org/redirect,https://redirect.example.org`)

<details>
<summary>Screenshots</summary>

![Bildschirmfoto vom 2023-06-04
17-14-40](https://github.com/go-gitea/gitea/assets/47871822/2206dc32-e7e4-4953-9ecb-e098890b3f54)
![Bildschirmfoto vom 2023-06-04
17-14-50](https://github.com/go-gitea/gitea/assets/47871822/cd97c73c-9310-44ee-a83a-b927a1ef94da)

</details>

Closes #25068
2023-06-05 15:00:12 +08:00
Jack Hay
18de83b2a3
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
    - `activitypub`
    - `admin` (hidden if user is not a site admin)
    - `misc`
    - `notification`
    - `organization`
    - `package`
    - `issue`
    - `repository`
    - `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
  -  `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
  - `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection

### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">

## tokenRequiresScopes  Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error

## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
   -  _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
   - _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
   - _This should be addressed in this PR_
   - For example: 
   ```go
	m.Group("/users/{username}/orgs", func() {
		m.Get("", reqToken(), org.ListUserOrgs)
		m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
   ```

## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default

Closes #24501
Closes #24799

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 20:57:16 +02:00
6543
af3deb0b30
GitLab migration: Sanitize response for reaction list (#25054) 2023-06-02 20:35:50 +00:00
wxiaoguang
a90988d63f
Update repo's default branch when adding new files in an empty one (#25017)
Fix #25014

Only API needs this fix. On the Web UI, users could only add new file on
the default branch.
2023-05-31 17:07:51 +08:00
谈笑风生间
a5acec329e
Rename NotifyPullReviewRequest to NotifyPullRequestReviewRequest (#24988)
after #24481

To keep consistent, maybe pull_request_review_request is better.

## what my pull request does

Rename NotifyPullReviewRequest to NotifyPullRequestReviewRequest.

<img width="1087" alt="image"
src="https://github.com/go-gitea/gitea/assets/75628309/2cf91f02-74f2-42fe-a998-0a039b821d8d">
2023-05-31 15:54:46 +08:00
6543
4c81dae297
Update github.com/google/go-github to v52 (#24004)
based on https://github.com/google/go-github/pull/2743

because of
https://github.com/go-gitea/gitea/pull/23946#discussion_r1160317554

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-05-31 00:31:51 +00:00
Yevhen Pavlov
a36c620583
Display file mode for new file and file mode changes (#24966)
This MR introduces the addition of file mode display support for both
new file creation and file mode changes, following a similar approach as
GitLab.

GitLab:

![изображение](https://github.com/go-gitea/gitea/assets/1969460/4c0d0d74-30b2-486c-ac12-ef2355b04c96)


Gitea:

![изображение](https://github.com/go-gitea/gitea/assets/1969460/8237fe99-2507-42c0-a40c-cd52ad355ab7)

Replaces: https://github.com/go-gitea/gitea/pull/23159
Closes: https://github.com/go-gitea/gitea/issues/23021

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-29 19:56:08 +02:00
Denys Konovalov
275d4b7e3f
API endpoint for changing/creating/deleting multiple files (#24887)
This PR creates an API endpoint for creating/updating/deleting multiple
files in one API call similar to the solution provided by
[GitLab](https://docs.gitlab.com/ee/api/commits.html#create-a-commit-with-multiple-files-and-actions).

To archive this, the CreateOrUpdateRepoFile and DeleteRepoFIle functions
in files service are unified into one function supporting multiple files
and actions.

Resolves #14619
2023-05-29 17:41:35 +08:00
wxiaoguang
18f26cfbf7
Improve queue and logger context (#24924)
Before there was a "graceful function": RunWithShutdownFns, it's mainly
for some modules which doesn't support context.

The old queue system doesn't work well with context, so the old queues
need it.

After the queue refactoring, the new queue works with context well, so,
use Golang context as much as possible, the `RunWithShutdownFns` could
be removed (replaced by RunWithCancel for context cancel mechanism), the
related code could be simplified.

This PR also fixes some legacy queue-init problems, eg:

* typo : archiver: "unable to create codes indexer queue" => "unable to
create repo-archive queue"
* no nil check for failed queues, which causes unfriendly panic

After this PR, many goroutines could have better display name:

![image](https://github.com/go-gitea/gitea/assets/2114189/701b2a9b-8065-4137-aeaa-0bda2b34604a)

![image](https://github.com/go-gitea/gitea/assets/2114189/f1d5f50f-0534-40f0-b0be-f2c9daa5fe92)
2023-05-26 07:31:55 +00:00
Lunny Xiao
f9cfd6ce5b
Use the type RefName for all the needed places and fix pull mirror sync bugs (#24634)
This PR replaces all string refName as a type `git.RefName` to make the
code more maintainable.

Fix #15367
Replaces #23070 
It also fixed a bug that tags are not sync because `git remote --prune
origin` will not remove local tags if remote removed.

We in fact should use `git fetch --prune --tags origin` but not `git
remote update origin` to do the sync.

Some answer from ChatGPT as ref.

> If the git fetch --prune --tags command is not working as expected,
there could be a few reasons why. Here are a few things to check:
> 
>Make sure that you have the latest version of Git installed on your
system. You can check the version by running git --version in your
terminal. If you have an outdated version, try updating Git and see if
that resolves the issue.
> 
>Check that your Git repository is properly configured to track the
remote repository's tags. You can check this by running git config
--get-all remote.origin.fetch and verifying that it includes
+refs/tags/*:refs/tags/*. If it does not, you can add it by running git
config --add remote.origin.fetch "+refs/tags/*:refs/tags/*".
> 
>Verify that the tags you are trying to prune actually exist on the
remote repository. You can do this by running git ls-remote --tags
origin to list all the tags on the remote repository.
> 
>Check if any local tags have been created that match the names of tags
on the remote repository. If so, these local tags may be preventing the
git fetch --prune --tags command from working properly. You can delete
local tags using the git tag -d command.

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-05-26 01:04:48 +00:00
JakobDev
aaa1094663
Add the ability to pin Issues (#24406)
This adds the ability to pin important Issues and Pull Requests. You can
also move pinned Issues around to change their Position. Resolves #2175.

## Screenshots

![grafik](https://user-images.githubusercontent.com/15185051/235123207-0aa39869-bb48-45c3-abe2-ba1e836046ec.png)

![grafik](https://user-images.githubusercontent.com/15185051/235123297-152a16ea-a857-451d-9a42-61f2cd54dd75.png)

![grafik](https://user-images.githubusercontent.com/15185051/235640782-cbfe25ec-6254-479a-a3de-133e585d7a2d.png)

The Design was mostly copied from the Projects Board.

## Implementation
This uses a new `pin_order` Column in the `issue` table. If the value is
set to 0, the Issue is not pinned. If it's set to a bigger value, the
value is the Position. 1 means it's the first pinned Issue, 2 means it's
the second one etc. This is dived into Issues and Pull requests for each
Repo.

## TODO
- [x] You can currently pin as many Issues as you want. Maybe we should
add a Limit, which is configurable. GitHub uses 3, but I prefer 6, as
this is better for bigger Projects, but I'm open for suggestions.
- [x] Pin and Unpin events need to be added to the Issue history.
- [x] Tests
- [x] Migration

**The feature itself is currently fully working, so tester who may find
weird edge cases are very welcome!**

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-05-25 15:17:19 +02:00
谈笑风生间
309354c70e
New webhook trigger for receiving Pull Request review requests (#24481)
close https://github.com/go-gitea/gitea/issues/16321

Provided a webhook trigger for requesting someone to review the Pull
Request.

Some modifications have been made to the returned `PullRequestPayload`
based on the GitHub webhook settings, including:
- add a description of the current reviewer object as
`RequestedReviewer` .
- setting the action to either **review_requested** or
**review_request_removed** based on the operation.
- adding the `RequestedReviewers` field to the issues_model.PullRequest.
This field will be loaded into the PullRequest through
`LoadRequestedReviewers()` when `ToAPIPullRequest` is called.

After the Pull Request is merged, I will supplement the relevant
documentation.
2023-05-24 22:06:27 -04:00