Commit Graph

4693 Commits

Author SHA1 Message Date
yp05327
75d0b61546
Fix the display of project type for deleted projects (#31732)
Fix: #31727
After:

![image](https://github.com/user-attachments/assets/1dfb4b31-3bd6-47f7-b126-650f33f453e2)
2024-07-30 04:37:43 +00:00
Jason Song
81fa471119
Set owner id to zero when GetRegistrationToken for repo (#31725)
Fix #31707.

It's split from #31724.

Although #31724 could also fix #31707, it has change a lot so it's not a
good idea to backport it.
2024-07-29 18:46:45 +00:00
Bo-Yi Wu
d39bce7f00
fix(api): owner ID should be zero when created repo secret (#31715)
- Change condition to include `RepoID` equal to 0 for organization
secrets

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-29 17:15:02 +00:00
Jason Song
bf5ae79c51
Fix API endpoint for registration-token (#31722)
Partially fix #31707. Related to #30656
2024-07-29 16:45:24 +00:00
yp05327
e0a408e6f3
Add permission check when creating PR (#31033)
user should be a collaborator of the base repo to create a PR
2024-07-29 02:21:22 +00:00
Zettat123
7dec8de914
Hide the "Details" link of commit status when the user cannot access actions (#30156)
Fix #26685

If a commit status comes from Gitea Actions and the user cannot access
the repo's actions unit (the user does not have the permission or the
actions unit is disabled), a 404 page will occur after clicking the
"Details" link. We should hide the "Details" link in this case.

<img
src="https://github.com/go-gitea/gitea/assets/15528715/68361714-b784-4bb5-baab-efde4221f466"
width="400px" />
2024-07-28 23:11:40 +08:00
Shivaram Lingamneni
e1cf760d2f
OIDC: case-insensitive comparison for auth scheme Basic (#31706)
@kylef pointed out on https://github.com/go-gitea/gitea/pull/31632 that
[RFC7617](https://www.rfc-editor.org/rfc/rfc7617.html#section-2)
mandates case-insensitive comparison of the scheme field `Basic`. #31632
copied a case-sensitive comparison from
https://github.com/go-gitea/gitea/pull/6293. This PR fixes both
comparisons.

The issue only affects OIDC, since the implementation for normal Gitea
endpoints is already correct:


930ca92d7c/services/auth/basic.go (L55-L58)
2024-07-26 19:51:45 +00:00
Shivaram Lingamneni
ecc8f2b047
add username to OIDC introspection response (#31688)
This field is specified as optional here:
https://datatracker.ietf.org/doc/html/rfc7662#section-2.2

It's used by some OIDC integrations, e.g.
https://emersion.fr/blog/2022/irc-and-oauth2/

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-25 12:36:05 +00:00
Adam Majer
bae87dfb09
Add return type to GetRawFileOrLFS and GetRawFile (#31680)
Document return type for the endpoints that fetch specific files from a
repository. This allows the swagger generated code to read the returned
data.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-25 14:06:19 +02:00
yp05327
cc044818c3
Support delete user email in admin panel (#31690)
![QQ_1721784609320](https://github.com/user-attachments/assets/23f08bf3-93f4-44d7-963d-10380ef8c1f1)

![QQ_1721784616403](https://github.com/user-attachments/assets/667cbd1e-5e21-4489-8d18-2a7be85190db)

![QQ_1721784626722](https://github.com/user-attachments/assets/495beb94-dfa2-481c-aa60-d5115cad1ae1)

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2024-07-25 18:11:04 +08:00
Stanislas Dolcini
d8f82cbc78
Use GetDisplayName() instead of DisplayName() to generate rss feeds (#31687)
Fixes #31491 The RSS feed converted ignored the setting used in the
application.
2024-07-25 17:33:02 +08:00
Shivaram Lingamneni
2f1cb1d289
fix OIDC introspection authentication (#31632)
See discussion on #31561 for some background.

The introspect endpoint was using the OIDC token itself for
authentication. This fixes it to use basic authentication with the
client ID and secret instead:

* Applications with a valid client ID and secret should be able to
  successfully introspect an invalid token, receiving a 200 response
  with JSON data that indicates the token is invalid
* Requests with an invalid client ID and secret should not be able
  to introspect, even if the token itself is valid

Unlike #31561 (which just future-proofed the current behavior against
future changes to `DISABLE_QUERY_AUTH_TOKEN`), this is a potential
compatibility break (some introspection requests without valid client
IDs that would previously succeed will now fail). Affected deployments
must begin sending a valid HTTP basic authentication header with their
introspection requests, with the username set to a valid client ID and
the password set to the corresponding client secret.
2024-07-23 12:43:03 +00:00
Denys Konovalov
a8d0c879c3
add skip secondary authorization option for public oauth2 clients (#31454) 2024-07-19 14:28:30 -04:00
Rowan Bohde
416c36f303
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

### Notes on updating permissions
Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-16 20:33:16 +02:00
wxiaoguang
72b6bc8caf
Refactor webhook (#31587)
A more complete fix for #31588

1. Make "generic" code more readable
2. Clarify HTML or Markdown for the payload content
2024-07-10 11:37:16 +00:00
Rowan Bohde
1ee59f0fa3
Allow disabling authentication related user features (#31535)
We have some instances that only allow using an external authentication
source for authentication. In this case, users changing their email,
password, or linked OpenID connections will not have any effect, and
we'd like to prevent showing that to them to prevent confusion.

Included in this are several changes to support this:
* A new setting to disable user managed authentication credentials
(email, password & OpenID connections)
* A new setting to disable user managed MFA (2FA codes & WebAuthn)
* Fix an issue where some templates had separate logic for determining
if a feature was disabled since it didn't check the globally disabled
features
* Hide more user setting pages in the navbar when their settings aren't
enabled

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-09 17:36:31 +00:00
Henry Goodman
12cb1d2998
Allow force push to protected branches (#28086)
Fixes #22722 

### Problem
Currently, it is not possible to force push to a branch with branch
protection rules in place. There are often times where this is necessary
(CI workflows/administrative tasks etc).

The current workaround is to rename/remove the branch protection,
perform the force push, and then reinstate the protections.

### Solution
Provide an additional section in the branch protection rules to allow
users to specify which users with push access can also force push to the
branch. The default value of the rule will be set to `Disabled`, and the
UI is intuitive and very similar to the `Push` section.

It is worth noting in this implementation that allowing force push does
not override regular push access, and both will need to be enabled for a
user to force push.

This applies to manual force push to a remote, and also in Gitea UI
updating a PR by rebase (which requires force push)

This modifies the `BranchProtection` API structs to add:
- `enable_force_push bool`
- `enable_force_push_whitelist bool`
- `force_push_whitelist_usernames string[]`
- `force_push_whitelist_teams string[]`
- `force_push_whitelist_deploy_keys bool`

### Updated Branch Protection UI:

<img width="943" alt="image"
src="https://github.com/go-gitea/gitea/assets/79623665/7491899c-d816-45d5-be84-8512abd156bf">

### Pull Request `Update branch by Rebase` option enabled with source
branch `test` being a protected branch:


![image](https://github.com/go-gitea/gitea/assets/79623665/e018e6e9-b7b2-4bd3-808e-4947d7da35cc)
<img width="1038" alt="image"
src="https://github.com/go-gitea/gitea/assets/79623665/57ead13e-9006-459f-b83c-7079e6f4c654">

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-07-05 18:21:56 +00:00
Anbraten
91745ae46f
Add Passkey login support (#31504)
closes #22015

After adding a passkey, you can now simply login with it directly by
clicking `Sign in with a passkey`.

![Screenshot from 2024-06-26
12-18-17](https://github.com/go-gitea/gitea/assets/6918444/079013c0-ed70-481c-8497-4427344bcdfc)

Note for testing. You need to run gitea using `https` to get the full
passkeys experience.

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-06-29 22:50:03 +00:00
wxiaoguang
43c7a2e7b1
Refactor names (#31405)
This PR only does "renaming":

* `Route` should be `Router` (and chi router is also called "router")
* `Params` should be `PathParam` (to distingush it from URL query param, and to match `FormString`)
* Use lower case for private functions to avoid exposing or abusing
2024-06-19 06:32:45 +08:00
wxiaoguang
21783a5752
Fix rendered wiki page link (#31398)
Fix #31395
2024-06-18 03:09:20 +00:00
wxiaoguang
37a4b233a0
Refactor repo unit "disabled" check (#31389)
1. There are already global "unit consts", no need to use context data, which is fragile
2. Remove the "String()" method from "unit", it would only cause rendering problems in templates

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-06-18 00:51:13 +00:00
wxiaoguang
d32648b204
Refactor route path normalization (#31381)
Refactor route path normalization and decouple it from the chi router.
Fix the TODO, fix the legacy strange path behavior.
2024-06-17 23:28:47 +00:00
6543
363c123598
Add cache test for admins (#31265)
Add a test to probe the cache similar to the email test func.


![image](https://github.com/go-gitea/gitea/assets/24977596/700e2733-586d-4091-900f-f5f71e6e94bf)


![image](https://github.com/go-gitea/gitea/assets/24977596/2a953802-18fc-4e81-a37d-24ebe1297365)


![image](https://github.com/go-gitea/gitea/assets/24977596/e00d62ad-bb60-41cc-9138-09993daee156)

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
2024-06-17 21:22:39 +02:00
wxiaoguang
0f09c22663
Improve rubygems package registry (#31357)
To make it work with Bundler:
https://guides.rubygems.org/rubygems-org-compact-index-api/

It only adds 2 new API endpoints and improves some tests, existing logic
is not changed.
2024-06-17 08:42:46 +00:00
Brecht Van Lommel
597d1da96b
Fix missing images in editor preview due to wrong links (#31299)
Parse base path and tree path so that media links can be correctly
created with /media/.

Resolves #31294

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-06-17 14:16:14 +08:00
6543
78e8296e11
Rename repo_model.SearchOrderByMap to repo_model.OrderByMap (#31359)
https://github.com/go-gitea/gitea/pull/30876#discussion_r1637112394
2024-06-15 06:45:02 +00:00
Zettat123
42718d32af
Allow downloading attachments of draft releases (#31369)
Fix #31362
2024-06-15 12:20:14 +08:00
wxiaoguang
84cbb6c4d2
Fix duplicate sub-path for avatars (#31365)
Fix #31361, and add tests

And this PR introduces an undocumented & debug-purpose-only config
option: `USE_SUB_URL_PATH`. It does nothing for end users, it only helps
the development of sub-path related problems.

And also fix #31366

Co-authored-by: @ExplodingDragon
2024-06-15 11:43:57 +08:00
mzroot
d4e4226c3c
Add tag protection via rest api #17862 (#31295)
Add tag protection manage via rest API.

---------

Co-authored-by: Alexander Kogay <kogay.a@citilink.ru>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-06-14 18:56:10 +02:00
6543
bb04311b0b
[Refactor] Unify repo search order by logic (#30876)
have repo OrderBy definitions defined in one place and use a single type
for OrderBy database options
2024-06-13 09:13:11 +00:00
wxiaoguang
47ca61d8ba
Improve detecting empty files (#31332)
Co-authored-by: silverwind <me@silverwind.io>
2024-06-13 01:06:46 +00:00
Rowan Bohde
45dbeb5600
Reduce memory usage for chunked artifact uploads to MinIO (#31325)
When using the MinIO storage driver for Actions Artifacts, we found that
the chunked artifact required significantly more memory usage to both
upload and merge than the local storage driver. This seems to be related
to hardcoding a value of `-1` for the size to the MinIO client [which
has a warning about memory usage in the respective
docs](https://pkg.go.dev/github.com/minio/minio-go/v7#Client.PutObject).
Specifying the size in both the upload and merge case reduces memory
usage of the MinIO client.

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-06-12 11:34:35 +00:00
silverwind
fc2d75f86d
Enable unparam linter (#31277)
Enable [unparam](https://github.com/mvdan/unparam) linter.

Often I could not tell the intention why param is unused, so I put
`//nolint` for those cases like webhook request creation functions never
using `ctx`.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
2024-06-11 18:47:45 +00:00
wxiaoguang
6106a61eff
Remove sub-path from container registry realm (#31293)
Container registry requires that the "/v2" must be in the root, so the
sub-path in AppURL should be removed
2024-06-09 16:29:29 +08:00
wxiaoguang
e728fd741b
Fix Activity Page Contributors dropdown (#31264)
Fix #31261
2024-06-06 10:28:33 +08:00
Thomas Desveaux
c888c933a9
Fix NuGet Package API for $filter with Id equality (#31188)
Fixes issue when running `choco info pkgname` where `pkgname` is also a
substring of another package Id.

Relates to #31168

---

This might fix the issue linked, but I'd like to test it with more choco
commands before closing the issue in case I find other problems if
that's ok.

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-06-04 06:45:56 +00:00
silverwind
0f0db6a14f
Remove unnecessary inline style for tab-size (#31224)
Move the rule to the parent node. `tab-size` is inherited so will work
just as before.
2024-06-03 17:21:45 +00:00
Lunny Xiao
2788a7ca27
Fix agit checkout command line hint & fix ShowMergeInstructions checking (#31219) 2024-06-03 06:45:21 +08:00
Lunny Xiao
352a2cae24
Performance improvements for pull request list API (#30490)
Fix #30483

---------

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-05-31 12:10:11 +00:00
Jason Song
572fa55fbc
Drop IDOrderDesc for listing Actions task and always order by id DESC (#31150)
Close #31066

Just follow what `FindRunOptions` and `FindScheduleOptions` do.
2024-05-31 02:30:02 +00:00
Lunny Xiao
fb7b743bd0
Azure blob storage support (#30995)
This PR implemented object storages(LFS/Packages/Attachments and etc.)
for Azure Blob Storage. It depends on azure official golang SDK and can
support both the azure blob storage cloud service and azurite mock
server.

Replace #25458
Fix #22527 

- [x] CI Tests
- [x] integration test, MSSQL integration tests will now based on
azureblob
  - [x] unit test 
- [x] CLI Migrate Storage
- [x] Documentation for configuration added

------

TODO (other PRs):
- [ ] Improve performance of `blob download`.

---------

Co-authored-by: yp05327 <576951401@qq.com>
2024-05-30 07:33:50 +00:00
Lunny Xiao
015efcd8bf
Use repo as of renderctx's member rather than a repoPath on metas (#29222)
Use a `gitrepo.Repository` in the markup's RenderContext but not store
the repository's path.
2024-05-30 07:04:01 +00:00
wxiaoguang
d612a24e3e
Ignore FindRecentlyPushedNewBranches err (#31164)
Fix #31163
2024-05-30 02:24:22 +00:00
wxiaoguang
34daee6baf
Fix markup preview (#31158)
Fix #31157

After:

![image](https://github.com/go-gitea/gitea/assets/2114189/4d918cce-cd0d-4601-9c81-4b32df1b0b38)
2024-05-29 16:28:55 +00:00
Jörg Thalheim
4fe415683e
Add an immutable tarball link to archive download headers for Nix (#31139)
This allows `nix flake metadata` and nix in general to lock a *branch*
tarball link in a manner that causes it to fetch the correct commit even
if the branch is updated with a newer version.

Co-authored-by: Jade Lovelace <software@lfcode.ca>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-28 15:30:34 +00:00
Lunny Xiao
b6f15c7948
Add missed return after ctx.ServerError (#31130) 2024-05-28 12:31:59 +03:00
metiftikci
aa92b13164
Prevent simultaneous editing of comments and issues (#31053)
fixes #22907 

Tested:
- [x] issue content edit
- [x] issue content change tasklist
- [x] pull request content edit
- [x] pull request change tasklist

![issue-content-edit](https://github.com/go-gitea/gitea/assets/29250154/a0828889-fb96-4bc4-8600-da92e3205812)
2024-05-27 15:34:18 +00:00
Lunny Xiao
98751108b1
Rename project board -> column to make the UI less confusing (#30170)
This PR split the `Board` into two parts. One is the struct has been
renamed to `Column` and the second we have a `Template Type`.

But to make it easier to review, this PR will not change the database
schemas, they are just renames. The database schema changes could be in
future PRs.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: yp05327 <576951401@qq.com>
2024-05-27 08:59:54 +00:00
Lunny Xiao
e695ba4755
Fix possible ui 500 if workflow's job is nil (#31092)
Fix #31087
2024-05-27 05:21:00 +00:00
metiftikci
47e715a70f
Fix View File button link if branch deleted on pull request files pages (#31063)
as title
2024-05-25 14:02:07 +00:00
yp05327
daf2a4c047
Fix wrong display of recently pushed notification (#25812)
There's a bug in #25715: 
If user pushed a commit into another repo with same branch name, the
no-related repo will display the recently pushed notification
incorrectly.
It is simple to fix this, we should match the repo id in the sql query.


![image](https://github.com/go-gitea/gitea/assets/18380374/9411a926-16f1-419e-a1b5-e953af38bab1)
The latest commit is 2 weeks ago.

![image](https://github.com/go-gitea/gitea/assets/18380374/52f9ab22-4999-43ac-a86f-6d36fb1e0411)

The notification comes from another repo with same branch name:

![image](https://github.com/go-gitea/gitea/assets/18380374/a26bc335-8e5b-4b9c-a965-c3dc3fa6f252)


After:
In forked repo:

![image](https://github.com/go-gitea/gitea/assets/18380374/ce6ffc35-deb7-4be7-8b09-184207392f32)
New PR Link will redirect to the original repo:

![image](https://github.com/go-gitea/gitea/assets/18380374/7b98e76f-0c75-494c-9462-80cf9f98e786)
In the original repo:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f6a821b-e51a-4bbd-9980-d9eb94a3c847)
New PR Link:

![image](https://github.com/go-gitea/gitea/assets/18380374/1ce8c879-9f11-4312-8c32-695d7d9af0df)

In the same repo:

![image](https://github.com/go-gitea/gitea/assets/18380374/64b56073-4d0e-40c4-b8a0-80be7a775f69)
New PR Link:

![image](https://github.com/go-gitea/gitea/assets/18380374/96e1b6a3-fb98-40ee-b2ee-648039fb0dcf)

08/15 Update:
Follow #26257, added permission check and logic fix mentioned in
https://github.com/go-gitea/gitea/pull/26257#discussion_r1294085203


2024/04/25 Update:
Fix #30611

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-21 17:00:35 +00:00
Denys Konovalov
9c8c9ff6d1
use existing oauth grant for public client (#31015)
Do not try to create a new authorization grant when one exists already,
thus preventing a DB-related authorization issue.

Fix https://github.com/go-gitea/gitea/pull/30790#issuecomment-2118812426

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-05-21 16:23:49 +00:00
wxiaoguang
fb1ad920b7
Refactor sha1 and time-limited code (#31023)
Remove "EncodeSha1", it shouldn't be used as a general purpose hasher
(just like we have removed "EncodeMD5" in #28622)

Rewrite the "time-limited code" related code and write better tests, the
old code doesn't seem quite right.
2024-05-20 15:12:50 +00:00
Zettat123
f1d9f18d96
Return access_denied error when an OAuth2 request is denied (#30974)
According to [RFC
6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1),
when the resource owner or authorization server denied an request, an
`access_denied` error should be returned. But currently in this case
Gitea does not return any error.

For example, if the user clicks "Cancel" here, an `access_denied` error
should be returned.

<img width="360px"
src="https://github.com/go-gitea/gitea/assets/15528715/be31c09b-4c0a-4701-b7a4-f54b8fe3a6c5"
/>
2024-05-20 07:17:00 +00:00
wxiaoguang
edbf74c418
Fix "force private" logic (#31012)
When creating a repo, the "FORCE_PRIVATE" config option should be
respected, `readonly` doesn't work for checkbox, so it should use
`disabled` attribute.
2024-05-20 00:56:45 +00:00
wxiaoguang
339bc8bc8f
Improve reverse proxy documents and clarify the AppURL guessing behavior (#31003)
Fix #31002

1. Mention Make sure `Host` and `X-Fowarded-Proto` headers are correctly passed to Gitea
2. Clarify the basic requirements and move the "general configuration" to the top
3. Add a comment for the "container registry"
4. Use 1.21 behavior if the reverse proxy is not correctly configured

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-05-19 14:56:08 +00:00
Lunny Xiao
58a03e9fad
Fix bug on avatar (#31008)
Co-authored-by: silverwind <me@silverwind.io>
2024-05-19 12:58:39 +08:00
wxiaoguang
821d2fc2a3
Simplify mirror repository API logic (#30963)
Fix #30921
2024-05-17 16:07:41 +00:00
wxiaoguang
effb405cae
Always load or generate oauth2 jwt secret (#30942)
Fix #30923
2024-05-14 14:21:38 +00:00
KN4CK3R
b1d8f13bd0
Protected tag is no internal server error (#30962)
Fixes #30959

Adds an API test for protected tags.
Fix existing tag in combination with fixtures.
2024-05-14 06:48:21 +00:00
Zettat123
b3beaed147
Support using label names when changing issue labels (#30943)
Resolve #30917

Make the APIs for adding labels and replacing labels support both label
IDs and label names so the
[`actions/labeler`](https://github.com/actions/labeler) action can work
in Gitea.

<img width="600px"
src="https://github.com/go-gitea/gitea/assets/15528715/7835c771-f637-4c57-9ce5-e4fbf56fa0d3"
/>
2024-05-13 04:28:53 +00:00
Lunny Xiao
26ae592234
Move reverproxyauth before session so the header will not be ignored even if user has login (#27821)
When a user logout and then login another user, the reverseproxy auth
should be checked before session otherwise the old user is still login.
2024-05-11 14:55:49 +00:00
wxiaoguang
7424f27cf3
Check if reverse proxy is correctly configured (#30890)
Follow #27011
Follow #30885

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-05-10 20:07:01 +08:00
Jason Song
b9396a9b85
Remove deprecated stuff for runners (#30930)
It's time (maybe somewhat late) to remove some deprecated stuff for the
runner.

- `x-runner-version`: runners needn't to report version in every
request, they will call `Declare`.
- `AgentLabels`: runners will report them as `Labels`.
2024-05-10 16:23:47 +08:00
yp05327
f7d2f695a4
Fix misspelling of mergable (#30896)
https://github.com/go-gitea/gitea/pull/25812#issuecomment-2099833692
Follow #30573
2024-05-08 16:11:43 +00:00
Lunny Xiao
a303c973e0
Fix various problems around projects board view (#30696)
# The problem
The previous implementation will start multiple POST requests from the
frontend when moving a column and another bug is moving the default
column will never be remembered in fact.

# What's changed

- [x] This PR will allow the default column to move to a non-first
position
- [x] And it also uses one request instead of multiple requests when
moving the columns
- [x] Use a star instead of a pin as the icon for setting the default
column action
- [x] Inserted new column will be append to the end
- [x] Fix #30701 the newly added issue will be append to the end of the
default column
- [x] Fix when deleting a column, all issues in it will be displayed
from UI but database records exist.
- [x] Add a limitation for columns in a project to 20. So the sorting
will not be overflow because it's int8.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-08 13:44:57 +00:00
Lunny Xiao
f5f921c095
Fix wrong transfer hint (#30889)
Fix #30187
2024-05-08 13:17:11 +00:00
wxiaoguang
67c1a07285
Refactor AppURL usage (#30885)
Fix #30883
Fix #29591

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-05-07 08:26:13 +00:00
Lunny Xiao
ebf0c96940
Move database operations of merging a pull request to post receive hook and add a transaction (#30805)
Merging PR may fail because of various problems. The pull request may
have a dirty state because there is no transaction when merging a pull
request. ref
https://github.com/go-gitea/gitea/pull/25741#issuecomment-2074126393

This PR moves all database update operations to post-receive handler for
merging a pull request and having a database transaction. That means if
database operations fail, then the git merging will fail, the git client
will get a fail result.

There are already many tests for pull request merging, so we don't need
to add a new one.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-07 07:36:48 +00:00
wxiaoguang
7c613f100e
Make sure git version&feature are always prepared (#30877)
Otherwise there would be more similar issues like #29287
2024-05-06 18:34:16 +02:00
wxiaoguang
0f3e717a1a
Improve grep search (#30843)
Reduce the context line number to 1, make "git grep" search respect the
include/exclude patter, and fix #30785
2024-05-03 09:13:48 +00:00
Kemal Zebari
9f0ef3621a
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.
2024-05-03 15:58:31 +08:00
yp05327
a50026e2f3
Fix no edit history after editing issue's title and content (#30814)
Fix #30807

reuse functions in services
2024-05-03 14:11:51 +08:00
wxiaoguang
53b55223d1
Ignore useless error message "broken pipe" (#30801)
Fix #30792
2024-05-03 02:39:36 +00:00
Bo-Yi Wu
e67fbe4f15
refactor: merge ListActionTasks func to action.go file (#30811)
Just merge actions.go file to action.go

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2024-05-02 17:43:29 +00:00
Archer
5c542ca94c
Prevent automatic OAuth grants for public clients (#30790)
This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section 10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-02 17:05:59 +00:00
Kemal Zebari
872caa17c0
Catch and handle unallowed file type errors in issue attachment API (#30791)
Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.
2024-05-02 16:33:31 +00:00
wxiaoguang
be112c1fc3
Skip gzip for some well-known compressed file types (#30796)
Co-authored-by: silverwind <me@silverwind.io>
2024-05-02 02:27:25 +00:00
wxiaoguang
6f7cd94a02
Fix bleve fuzziness (#30799)
Fix #30797
Fix #30317
2024-05-01 15:32:52 +03:00
Chester
6709e28da7
Add API endpoints for getting action jobs status (#26673)
Sample of response, it is similar to Github actions

ref
https://docs.github.com/en/rest/actions/workflow-runs?apiVersion=2022-11-28#list-workflow-runs-for-a-repository

``` json
{
    "workflow_runs": [
        {
            "id": 3,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 3,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo2.yaml",
            "url": "/chester/test/actions/runs/3",
            "created_at": "2023-08-22T13:41:33-04:00",
            "updated_at": "2023-08-22T13:41:37-04:00",
            "run_started_at": "2023-08-22T13:41:33-04:00"
        },
        {
            "id": 2,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "6d8d29a9f7a01ded8f8aeb64341cb31ee1ab5f19",
            "run_number": 2,
            "event": "push",
            "display_title": "More job",
            "status": "success",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/2",
            "created_at": "2023-08-22T13:41:30-04:00",
            "updated_at": "2023-08-22T13:41:33-04:00",
            "run_started_at": "2023-08-22T13:41:30-04:00"
        },
        {
            "id": 1,
            "name": "Explore-Gitea-Actions",
            "head_branch": "main",
            "head_sha": "e5369ab054cae79899ba36e45ee82811a6e0acd5",
            "run_number": 1,
            "event": "push",
            "display_title": "Add job",
            "status": "failure",
            "workflow_id": "demo.yaml",
            "url": "/chester/test/actions/runs/1",
            "created_at": "2023-08-22T13:15:21-04:00",
            "updated_at": "2023-08-22T13:18:10-04:00",
            "run_started_at": "2023-08-22T13:15:21-04:00"
        }
    ],
    "total_count": 3
}
```

---------

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
2024-05-01 09:40:23 +08:00
silverwind
610802df85
Fix tautological conditions (#30735)
As discovered by https://github.com/go-gitea/gitea/pull/30729.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-30 14:34:40 +02:00
wxiaoguang
61b495e5ab
Fix issue label rendering in the issue popup (#30763) 2024-04-30 02:36:32 +00:00
silverwind
a3d9f0d915
Fix all rounded borders, change affected tab menus to pills (#30707)
Fixes https://github.com/go-gitea/gitea/issues/30673, all 23 issues.
Notes:

- Tab bar menus had to change to pills because of unsolvable issue with
the border-radius as tab bar renders a overlapping border onto the box
below. And I think pills look better.
- Added padding to code editor empty preview message
- Hide monaco's built-in blue focus border, we don't need it and it
never showed before either.
- Label add menu is simplified, removing the nested segment.

<img width="1322" alt="Screenshot 2024-04-25 at 22 26 19"
src="https://github.com/go-gitea/gitea/assets/115237/7e394e0c-b7ad-417d-8e9f-12f1dea93ed1">
<img width="1326" alt="Screenshot 2024-04-25 at 22 28 00"
src="https://github.com/go-gitea/gitea/assets/115237/66c8499f-aa9f-4d95-8cca-ef13dfa82c65">
<img width="997" alt="Screenshot 2024-04-25 at 22 36 53"
src="https://github.com/go-gitea/gitea/assets/115237/07896102-c71d-4246-8173-c2bc2e1d3cae">
<img width="832" alt="Screenshot 2024-04-25 at 22 56 09"
src="https://github.com/go-gitea/gitea/assets/115237/d83afc96-08ca-4adc-baf4-3d02804be57c">
<img width="361" alt="Screenshot 2024-04-25 at 22 57 12"
src="https://github.com/go-gitea/gitea/assets/115237/c7371a68-00b5-47d8-84d0-ddc5268b2b2c">

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-29 20:53:15 +00:00
wxiaoguang
4daea7c603
Rename CodeIndexerEnabled to IsRepoIndexerEnabled (#30762)
Fix  #30761

Most places use `IsRepoIndexerEnabled` but not `CodeIndexerEnabled`, so
it should always use `IsRepoIndexerEnabled` for consistency.
2024-04-29 20:15:35 +00:00
Chongyi Zheng
e80466f734
Resolve lint for unused parameter and unnecessary type arguments (#30750)
Resolve all cases for `unused parameter` and `unnecessary type
arguments`

Related: #30729

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-29 08:47:56 +00:00
Micash
ad4e902d5a
Add support for npm bundleDependencies (#30751) 2024-04-29 16:19:06 +08:00
Chongyi Zheng
970965f6d8
Fix nil dereference on error (#30740)
In both cases, the `err` is nil because of `if` checks before

Reference: #30729
2024-04-28 12:13:57 +08:00
Kemal Zebari
dd301cae1c
Prevent allow/reject reviews on merged/closed PRs (#30686)
Resolves #30675.
2024-04-27 11:55:03 +00:00
silverwind
9b2536b78f
Update misspell to 0.5.1 and add misspellings.csv (#30573)
Misspell 0.5.0 supports passing a csv file to extend the list of
misspellings, so I added some common ones from the codebase. There is at
least one typo in a API response so we need to decided whether to revert
that and then likely remove the dict entry.
2024-04-27 08:03:49 +00:00
Bo-Yi Wu
852547d0dc
feat(api): enhance Actions Secrets Management API for repository (#30656)
- Add endpoint to list repository action secrets in API routes
- Implement `ListActionsSecrets` function to retrieve action secrets
from the database
- Update Swagger documentation to include the new
`/repos/{owner}/{repo}/actions/secrets` endpoint
- Add `actions` package import and define new routes for actions,
secrets, variables, and runners in `api.go`.
- Refactor action-related API functions into `Action` struct methods in
`org/action.go` and `repo/action.go`.
- Remove `actionAPI` struct and related functions, replacing them with
`NewAction()` calls.
- Rename `variables.go` to `action.go` in `org` directory.
- Delete `runners.go` and `secrets.go` in both `org` and `repo`
directories, consolidating their content into `action.go`.
- Update copyright year and add new imports in `org/action.go`.
- Implement `API` interface in `services/actions/interface.go` for
action-related methods.
- Remove individual action-related functions and replace them with
methods on the `Action` struct in `repo/action.go`.

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Signed-off-by: appleboy <appleboy.tw@gmail.com>
2024-04-26 21:11:49 +08:00
wxiaoguang
993736d838
Fix code search input for different views (#30678)
Now only show the "code search" on the repo home page, because it only
does global search.
So do not show it when viewing file or directory to avoid misleading
users (it doesn't search in a directory)
2024-04-26 11:21:04 +00:00
wxiaoguang
1e749b80d7
Add route handler info for debugging purpose (#30705)
Follow #30519
2024-04-26 09:09:49 +00:00
yp05327
2a3906d755
Improve job commit description (#30579)
Fix https://github.com/go-gitea/gitea/issues/30567

When job is a schedule:

![image](https://github.com/go-gitea/gitea/assets/18380374/b07e9d43-e8b7-4ee2-87b3-a7050c3a8ca5)
When it is a normal one:

![image](https://github.com/go-gitea/gitea/assets/18380374/0d58dab9-74bb-421b-8952-0578cdf21a52)

also add a 'space' behind  `:`

![image](https://github.com/go-gitea/gitea/assets/18380374/4cebece0-bfe6-4ad9-b806-e5c49bb9be43)


![image](https://github.com/go-gitea/gitea/assets/18380374/02da7681-474b-4c0f-9dad-b6558f6cb484)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-26 02:22:45 +00:00
wxiaoguang
6a0750177f
Allow to save empty comment (#30706)
Fix #29986
2024-04-26 01:17:43 +00:00
wxiaoguang
bffbbf5470
Improve oauth2 client "preferred username field" logic and the error handling (#30622)
Follow #30454
And fix #24957

When using "preferred_username", if no such field,
`extractUserNameFromOAuth2` (old `getUserName`) shouldn't return an
error. All other USERNAME options do not return such error.

And fine tune some logic and error messages, make code more stable and
more friendly to end users.
2024-04-25 11:22:32 +00:00
Lunny Xiao
8b3632435e
Fix a panic bug when head repository deleting (#30674)
When visiting a pull request files which head repository has been
deleted, it will panic because headrepo is nil.
2024-04-24 13:26:50 +08:00
wxiaoguang
b79e3db264
Initial support for colorblindness-friendly themes (#30625)
Initial support for #25680

This PR only adds some simple styles from GitHub, it is big enough and
it focuses on adding the necessary framework-level supports. More styles
could be fine-tuned later.
2024-04-24 00:18:41 +08:00
Lunny Xiao
8924d9b2ef
Fix compare api swagger (#30648)
The swagger format on #30349 is not right. This PR will fix it.
2024-04-23 02:22:43 +00:00
silverwind
74f0c84fa4
Enable more revive linter rules (#30608)
Noteable additions:

- `redefines-builtin-id` forbid variable names that shadow go builtins
- `empty-lines` remove unnecessary empty lines that `gofumpt` does not
remove for some reason
- `superfluous-else` eliminate more superfluous `else` branches

Rules are also sorted alphabetically and I cleaned up various parts of
`.golangci.yml`.
2024-04-22 11:48:42 +00:00
Bo-Yi Wu
6459c50278
fix(api): refactor branch and tag existence checks (#30618)
- Update branch existence check to also include tag existence check
- Adjust error message for branch/tag existence check

ref: https://github.com/go-gitea/gitea/pull/30349

---------

Signed-off-by: appleboy <appleboy.tw@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-22 00:19:59 +02:00
Lunny Xiao
e865de1e9d
Use maintained gziphandler (#30592)
Replace #27894

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-21 00:53:45 +00:00
wxiaoguang
48d4580dd5
Clarify permission "HasAccess" behavior (#30585)
Follow #30495

"HasAccess" behavior wasn't clear, to make it clear:

* Use a new name `HasAnyUnitAccess`, it will be easier to review related
code and permission problems.
* Separate everyone access mode to a separate field, then all calls to
HasAccess are reverted to old behavior before #30495.
* Add new tests.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-20 03:15:04 +00:00
wxiaoguang
f60e1a1af2
Fix HEAD method for robots.txt (#30603)
Fix #30601
2024-04-19 21:43:56 +08:00
wxiaoguang
eb24d973b0
Fix project description rendering for org (#30587)
Fix #30263


![image](https://github.com/go-gitea/gitea/assets/2114189/41cabe6c-f94a-4874-a26f-d01bb89bb28c)

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-19 07:58:56 +00:00
wxiaoguang
d1ba5f431b
Some following up changes for routes (#30550)
1. Switch back to the old order for `reqRepoAdmin, context.RepoRef()`
2. Add a routing function info for global NotFound
2024-04-18 09:36:19 +00:00
6543
be5be0ac81
Expose fuzzy search for issues/pulls (#29701)
close  #29685

---------

Signed-off-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
2024-04-18 00:16:52 +00:00
wxiaoguang
3feba9f1f4
Allow everyone to read or write a wiki by a repo unit setting (#30495)
Replace #6312
Help #5833
Wiki solution for #639
2024-04-17 15:58:37 +00:00
Michael Kriese
bafb80f80d
Support nuspec manifest download for nuget packages (#28921)
Support downloading nuget nuspec manifest[^1]. This is useful for
renovate because it uses this api to find the corresponding repository

- Store nuspec along with nupkg on upload
- allow downloading nuspec
- add doctor command to add missing nuspec files 


[^1]:
https://learn.microsoft.com/en-us/nuget/api/package-base-address-resource#download-package-manifest-nuspec

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-04-17 15:30:41 +00:00
Edward Zhang
02e183bf3f
Fix branch_protection api shows users/teams who has no readAccess (#30291)
Add some logic in `convert.ToBranchProtection` to return only the names
associated with readAccess instead of returning all names. This will
ensure consistency in behavior between the frontend and backend.
Fixes: #27694

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wenzhuo.zhang <wenzhuo.zhang@geely.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-17 15:24:07 +02:00
wxiaoguang
3e2e76e248
Refactor web routes (#30519)
Re-organize the routes in web.go and use ctx constants instead of `context.UnitTypes()`

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-17 08:31:37 +00:00
SimonErm
6ba0c371c2
Allow preferred_username as username source for OIDC (#30454)
This PR adds the preferred_username claim as a possible username source
for the oauth2_client.

Closes #21518
2024-04-16 05:41:39 +00:00
yp05327
cf9061f44a
Fix empty field login_name in API response JSON when creating user (#30511)
Fix #30508

ps: if `sourceID` is not set, `LoginName` will be ignored
2024-04-16 13:13:00 +08:00
Bo-Yi Wu
c70e442ce4
feat(api): implement branch/commit comparison API (#30349)
- Add new `Compare` struct to represent comparison between two commits
- Introduce new API endpoint `/compare/*` to get commit comparison
information
- Create new file `repo_compare.go` with the `Compare` struct definition
- Add new file `compare.go` in `routers/api/v1/repo` to handle
comparison logic
- Add new file `compare.go` in `routers/common` to define `CompareInfo`
struct
- Refactor `ParseCompareInfo` function to use `common.CompareInfo`
struct
- Update Swagger documentation to include the new API endpoint for
commit comparison
- Remove duplicate `CompareInfo` struct from
`routers/web/repo/compare.go`
- Adjust base path in Swagger template to be relative (`/api/v1`)

GitHub API
https://docs.github.com/en/rest/commits/commits?apiVersion=2022-11-28#compare-two-commits

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-04-16 11:45:04 +08:00
silverwind
4b1063f3db
Rewrite and restyle reaction selector and enable no-sizzle eslint rule (#30453)
Enable `no-sizzle` lint rule, there was only one use in `initCompReactionSelector` and:

- Remove all jQuery except the necessary fomantic dropdown init
- Remove the recursion, instead bind event listeners to common parent container nodes

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-14 18:44:11 +08:00
yp05327
af02b8a0e9
Fix network error when open/close organization/individual projects and redirect to project page (#30387)
Follow #27734


![image](https://github.com/go-gitea/gitea/assets/18380374/02ed6b9a-cbb6-4f49-a54a-ca76a0d052a9)

Updated:
Redirect to project page instead of project list page.
2024-04-13 16:17:01 +00:00
wxiaoguang
c248f010ad
Refactor cache and disable go-chi cache (#30417)
use built-in cache package to wrap external go-chi cache package
2024-04-13 08:38:44 +00:00
Lunny Xiao
9466fec879
Fix rename branch 500 when the target branch is deleted but exist in database (#30430)
Fix #30428
2024-04-12 13:11:16 +03:00
Zettat123
0fe9f93eb4
Check the token's owner and repository when registering a runner (#30406)
Fix #30378
2024-04-11 16:01:44 +08:00
Rafael
c1f76aea45
Use raw Wiki links for non-renderable Wiki files (#30273)
In Wiki pages, short-links created to local Wiki files were always
expanded as regular Wiki Links. In particular, if a link wanted to point
to a file that Gitea doesn't know how to render (e.g, a .zip file), a
user following the link would be silently redirected to the Wiki's home
page.

This change makes short-links* in Wiki pages be expanded to raw wiki
links, so these local wiki files may be accessed without manually
accessing their URL.

* only short-links ending in a file extension that isn't renderable are
affected.

Closes #27121.

Signed-off-by: Rafael Girão <rafael.s.girao@tecnico.ulisboa.pt>
Co-authored-by: silverwind <me@silverwind.io>
2024-04-10 17:49:57 +00:00
Lunny Xiao
263a716cb5
Performance optimization for git push (#30104)
Agit returned result should be from `ProcReceive` hook but not
`PostReceive` hook. Then for all non-agit pull requests, it will not
check the pull requests for every pushing `refs/pull/%d/head`.
2024-04-09 03:43:17 +00:00
Lunny Xiao
908426aa0f
Fix missed doer (#30231)
Fix #29879

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-08 21:26:41 +00:00
yp05327
7d66b9ea65
Avoid showing Failed to change the default wiki branch if repo has no wiki when saving repo settings (#30329) 2024-04-08 19:43:23 +08:00
wxiaoguang
83f83019ef
Clean up log messages (#30313)
`log.Xxx("%v")` is not ideal, this PR adds necessary context messages.
Remove some unnecessary logs.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-07 19:17:06 +08:00
wxiaoguang
bbe5cd7c92
Refactor startup deprecation messages (#30305)
It doesn't change logic, it only does:

1. Rename the variable and function names
2. Use more consistent format when mentioning config section&key
3. Improve some messages
2024-04-07 01:11:25 +00:00
wxiaoguang
ca5c895efb
Render embedded code preview by permlink in markdown (#30234)
The permlink in markdown will be rendered as a code preview block, like GitHub

Co-authored-by: silverwind <me@silverwind.io>
2024-04-02 17:48:27 +00:00
Zettat123
1ef2eb50d8
Remove scheduled action tasks if the repo is archived (#30224)
Fix #30220
2024-04-01 13:48:14 +00:00
wxiaoguang
751997ad34
Refactor file view & render (#30227)
The old code is inconsistent and fragile, and the UI isn't right.
2024-04-01 21:11:30 +08:00
wxiaoguang
6d34ce25b1
Do not allow different storage configurations to point to the same directory (#30169)
Replace #29171
2024-03-31 03:03:24 +00:00
Jack Hay
59d4aadba5
Add setting to disable user features when user login type is not plain (#29615)
## Changes
- Adds setting `EXTERNAL_USER_DISABLE_FEATURES` to disable any supported
user features when login type is not plain
- In general, this is necessary for SSO implementations to avoid
inconsistencies between the external account management and the linked
account
- Adds helper functions to encourage correct use
2024-03-29 16:05:41 +01:00
Lunny Xiao
8acc7aab4c
Refactor topic Find functions and add more tests for pagination (#30127)
This also fixed #22238
2024-03-29 11:38:16 +08:00
sillyguodong
62b073e6f3
Add API for Variables (#29520)
close #27801

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-03-28 20:40:35 +00:00
Kemal Zebari
242b331260
Prevent re-review and dismiss review actions on closed and merged PRs (#30065)
Resolves #29965.

---
Manually tested this by:
- Following the
[installation](https://docs.gitea.com/next/installation/install-with-docker#basics)
guide (but built a local Docker image instead)
- Creating 2 users, one who is the `Owner` of a newly-created repository
and the other a `Collaborator`
- Had the `Collaborator` create a PR that the `Owner` reviews
- `Collaborator` resolves conversation and `Owner` merges PR

And with this change we see that we can no longer see re-request review
button for the `Owner`:

<img width="1351" alt="Screenshot 2024-03-25 at 12 39 18 AM"
src="https://github.com/go-gitea/gitea/assets/60799661/bcd9c579-3cf7-474f-a51e-b436fe1a39a4">
2024-03-28 15:19:24 +00:00
Denys Konovalov
e5160185ed
Add default board to new projects, remove uncategorized pseudo-board (#29874)
On creation of an empty project (no template) a default board will be
created instead of falling back to the uneditable pseudo-board.

Every project now has to have exactly one default boards. As a
consequence, you cannot unset a board as default, instead you have to
set another board as default. Existing projects will be modified using a
cron job, additionally this check will run every midnight by default.

Deleting the default board is not allowed, you have to set another board
as default to do it.

Fixes #29873
Fixes #14679 along the way
Fixes #29853

Co-authored-by: delvh <dev.lh@web.de>
2024-03-27 20:54:32 +00:00
wxiaoguang
1ad48f781e
Relax generic package filename restrictions (#30135)
Now, the chars `=:;()[]{}~!@#$%^ &` are possible as well
Fixes #30134

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-03-27 16:55:05 +00:00
wxiaoguang
f1707f4562
Refactor render (#30136) 2024-03-27 13:14:34 +00:00
Lunny Xiao
538790ad1d
Put an edit file button on pull request files to allow a quick operation (#29697)
Resolve #23848

This PR put an edit file button on pull request files to allow a quick
edit for a file. After the edit finished, it will return back to the
viewed file position on pull request files tab.

It also use a branch view file link instead of commit link when it's a
non-commit pull request files view.

<img width="1532" alt="image"
src="https://github.com/go-gitea/gitea/assets/81045/3637ca4c-89d5-4621-847b-79702a44f617">

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-03-27 02:34:10 +00:00
crazeteam
ecbc9cee2b
Remove repetitive words (#30091)
remove repetitive words

Signed-off-by: crazeteam <lilujing@outlook.com>
2024-03-26 15:48:53 +08:00
silverwind
68ec9b4859
Migrate margin and padding helpers to tailwind (#30043)
This will conclude the refactor of 1:1 class replacements to tailwind,
except `gt-hidden`. Commands ran:

```bash
perl -p -i -e 's#gt-(p|m)([lrtbxy])?-0#tw-$1$2-0#g'   {web_src/js,templates,routers,services}/**/*
perl -p -i -e 's#gt-(p|m)([lrtbxy])?-1#tw-$1$2-0.5#g' {web_src/js,templates,routers,services}/**/*
perl -p -i -e 's#gt-(p|m)([lrtbxy])?-2#tw-$1$2-1#g'   {web_src/js,templates,routers,services}/**/*
perl -p -i -e 's#gt-(p|m)([lrtbxy])?-3#tw-$1$2-2#g'   {web_src/js,templates,routers,services}/**/*
perl -p -i -e 's#gt-(p|m)([lrtbxy])?-4#tw-$1$2-4#g'   {web_src/js,templates,routers,services}/**/*
perl -p -i -e 's#gt-(p|m)([lrtbxy])?-5#tw-$1$2-8#g'   {web_src/js,templates,routers,services}/**/*
```
2024-03-24 17:42:49 +01:00
wxiaoguang
4734d43e14
Support repo code search without setting up an indexer (#29998)
By using git's ability, end users (especially small instance users) do
not need to enable the indexer, they could also benefit from the code
searching feature.

Fix #29996


![image](https://github.com/go-gitea/gitea/assets/2114189/11b7e458-88a4-480d-b4d7-72ee59406dd1)


![image](https://github.com/go-gitea/gitea/assets/2114189/0fe777d5-c95c-4288-a818-0427680805b6)

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-03-24 17:05:00 +01:00
silverwind
db01bf6cc8
Various code view improvements (#30014)
1. Restore missing styles for message close icon
2. Move `code-line-button` so that it does not go off-screen on small
viewports
3. Make `code-line-button` look and behave like other buttons
4. Make `code-line-button` work in blame
5. Make the active selection span the whole line, not just the code part
6. Tweak colors, make dark theme code bg darker, make line numbers same
color in diff and file view.
7. Move code background to parent, fixing border radius and other
problems
8. Enable code wrap in blame
9. Improve blame responsiveness
10. Remove `--color-code-sidebar-bg` in blame, now it uses same
background as code
11. Rename `--color-active-line` to `--color-highlight-bg`
12. Add `--color-highlight-bg`
13. Fix button group borders on hover and border-right on last button.

<img width="1343" alt="Screenshot 2024-03-23 at 22 34 13"
src="https://github.com/go-gitea/gitea/assets/115237/fcbb919f-5dc3-43f0-97f6-870d6f412554">
<img width="1334" alt="Screenshot 2024-03-23 at 22 34 26"
src="https://github.com/go-gitea/gitea/assets/115237/ca44c3b7-4328-4645-ba49-b0dc6a5ac06d">

<img width="1338" alt="Screenshot 2024-03-23 at 22 34 57"
src="https://github.com/go-gitea/gitea/assets/115237/00eb0b5a-1ec7-4669-a94a-4602b9d1c1ac">
<img width="1337" alt="Screenshot 2024-03-23 at 22 34 42"
src="https://github.com/go-gitea/gitea/assets/115237/752edc4a-064f-413c-9dff-c086187fcd85">

Fixes: https://github.com/go-gitea/gitea/issues/18074
2024-03-24 12:14:03 +00:00
wxiaoguang
1cdc6c3a4e
Escape paths for find file correctly (#30026)
Fix #30020
2024-03-23 13:07:47 +00:00
Lunny Xiao
f8ab9dafb7
Use db.ListOptionsAll instead of db.ListOptions{ListAll: true} (#29995) 2024-03-22 13:53:52 +01:00
wxiaoguang
226231ea27
Fix some pending problems (#29985)
These changes are quite independent and trivial, so I don't want to open
too many PRs.

* https://github.com/go-gitea/gitea/pull/29882#discussion_r1529607091
    * the `f.Close` should be called properly
* the error message could be more meaningful
(https://github.com/go-gitea/gitea/pull/29882#pullrequestreview-1942557935)
*
https://github.com/go-gitea/gitea/pull/29859#pullrequestreview-1942324716
    * the new translation strings don't take arguments
* https://github.com/go-gitea/gitea/pull/28710#discussion_r1443778807
    * stale for long time
*  #28140 
    * a form was forgotten to be changed to work with backend code
2024-03-22 19:17:30 +08:00
Zettat123
2f060c5834
Fix bugs in rerunning jobs (#29955)
Fix #28761
Fix #27884
Fix #28093

## Changes

### Rerun all jobs
When rerun all jobs, status of the jobs with `needs` will be set to
`blocked` instead of `waiting`. Therefore, these jobs will not run until
the required jobs are completed.

### Rerun a single job
When a single job is rerun, its dependents should also be rerun, just
like GitHub does
(https://github.com/go-gitea/gitea/issues/28761#issuecomment-2008620820).
In this case, only the specified job will be set to `waiting`, its
dependents will be set to `blocked` to wait the job.

### Show warning if every job has `needs`
If every job in a workflow has `needs`, all jobs will be blocked and no
job can be run. So I add a warning message.

<img
src="https://github.com/go-gitea/gitea/assets/15528715/88f43511-2360-465d-be96-ee92b57ff67b"
width="480px" />
2024-03-22 03:19:17 +00:00
wxiaoguang
ca4107dc96
Refactor external URL detection (#29973)
Follow #29960, `IsExternalURL` is not needed anymore. 
Add some tests for `RedirectToCurrentSite`
2024-03-22 04:32:40 +08:00
wxiaoguang
cdb4d1a8db
Refactor StringsToInt64s (#29967)
And close #27176
2024-03-21 15:07:35 +00:00
Lunny Xiao
62f8174aa2
Performance improvements for pull request list page (#29900)
This PR will avoid load pullrequest.Issue twice in pull request list
page. It will reduce x times database queries for those WIP pull
requests.

Partially fix #29585

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-03-21 14:13:08 +01:00
wxiaoguang
01500957c2
Refactor URL detection (#29960)
"Redirect" functions should only redirect if the target is for current Gitea site.
2024-03-21 12:02:34 +00:00
Jason Song
f371f84fa3
Restore deleted branches when syncing (#29898)
Regression of #29493. If a branch has been deleted, repushing it won't
restore it.

Lunny may have noticed that, but I didn't delve into the comment then
overlooked it:
https://github.com/go-gitea/gitea/pull/29493#discussion_r1509046867

The additional comments added are to explain the issue I found during
testing, which are unrelated to the fixes.
2024-03-20 01:45:27 +00:00
Zettat123
656d8e2267
Fix milestoneID filter bug in issue list (#29897)
Fix #29717
2024-03-19 04:46:40 +00:00