]> source.dussan.org Git - gitea.git/log
gitea.git
22 months agofix gravatar disable bug (#22337)
Lunny Xiao [Wed, 4 Jan 2023 13:17:59 +0000 (21:17 +0800)]
fix gravatar disable bug (#22337)

22 months agofix: update settings table on install (#22326) (#22327)
John Olheiser [Tue, 3 Jan 2023 22:19:57 +0000 (16:19 -0600)]
fix: update settings table on install (#22326) (#22327)

Backport #22326

Signed-off-by: jolheiser <john.olheiser@gmail.com>
22 months agoAdd deprecated warning for DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR (#22324)
Kyle D [Tue, 3 Jan 2023 16:11:00 +0000 (11:11 -0500)]
Add deprecated warning for DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR (#22324)

Backport https://github.com/go-gitea/gitea/pull/22318

22 months agoFix sitemap (#22272) (#22320)
Jason Song [Tue, 3 Jan 2023 14:03:56 +0000 (22:03 +0800)]
Fix sitemap (#22272) (#22320)

Backport #22272.

Fix #22270.

Related to #18407.

The old code treated both sitemap and sitemap index as the format like:

```xml
...
<url>
  <loc>http://localhost:3000/explore/users/sitemap-1.xml</loc>
</url>
...
```

Actually, it's incorrect for sitemap index, it should be:

```xml
...
<sitemap>
  <loc>http://localhost:3000/explore/users/sitemap-1.xml</loc>
</sitemap>
...
```

See https://www.sitemaps.org/protocol.html

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
22 months agoDisplay error log when a modified template has an error so that it could recovery...
Lunny Xiao [Tue, 3 Jan 2023 11:39:58 +0000 (19:39 +0800)]
Display error log when a modified template has an error so that it could recovery when the error fixed (#22261) (#22321)

backport #22261

A drawback is the previous generated template has been cached, so you
cannot get error in the UI but only from log

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: delvh <dev.lh@web.de>
22 months agofix: code search title translation (#22285) (#22316)
John Olheiser [Tue, 3 Jan 2023 03:33:55 +0000 (21:33 -0600)]
fix: code search title translation (#22285) (#22316)

Backport #22285

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
22 months agoFix due date rendering the wrong date in issue (#22302) (#22306)
Yarden Shoham [Mon, 2 Jan 2023 12:42:39 +0000 (14:42 +0200)]
Fix due date rendering the wrong date in issue (#22302) (#22306)

Backport #22302

Previously, the last minute of the chosen date caused bad timezone
rendering.

For example, I chose January 4th, 2023.

### Before
```html
<time data-format="date" datetime="Wed, 04 Jan 2023 23:59:59 +0000">January 5, 2023</time>
```

### After
```html
<time data-format="date" datetime="2023-01-04">January 4, 2023</time>
```

---

Closes #21999

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
22 months agoFix get system setting bug when enabled redis cache (#22298)
Lunny Xiao [Sun, 1 Jan 2023 15:24:01 +0000 (23:24 +0800)]
Fix get system setting bug when enabled redis cache (#22298)

backport #22295, fix #22281

Co-authored-by: Lauris BH <lauris@nix.lv>
22 months agoFix bug of DisableGravatar default value (#22297)
Lunny Xiao [Sun, 1 Jan 2023 12:20:04 +0000 (20:20 +0800)]
Fix bug of DisableGravatar default value (#22297)

backport #22296

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
22 months agoAdd `sync_on_commit` option for push mirrors api (#22271) (#22292)
Chongyi Zheng [Sat, 31 Dec 2022 11:46:14 +0000 (06:46 -0500)]
Add `sync_on_commit` option for push mirrors api (#22271) (#22292)

Backport of #22271

22 months agoFix key signature error page (#22229) (#22230)
Gusted [Fri, 30 Dec 2022 04:53:23 +0000 (05:53 +0100)]
Fix key signature error page (#22229) (#22230)

- Backport of #22229
- When the GPG key contains an error, such as an invalid signature or an
email address that does not match the user.A page will be shown that
says you must provide a signature for the token.
- This page had two errors: one had the wrong translation key and the
other tried to use an undefined variable
[`.PaddedKeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/models/asymkey/gpg_key.go#L65-L72),
which is a function implemented on the `GPGKey` struct, given that we
don't have that, we use
[`KeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/routers/web/user/setting/keys.go#L102)
which is [the fingerprint of the
publickey](https://pkg.go.dev/golang.org/x/crypto/openpgp/packet#PublicKey.KeyIdString)
and is a valid way for opengpg to refer to a key.

22 months agoFrontport 1.17.4 changelog and Add 1.18.0 changelog (#22215) v1.18.0
Lunny Xiao [Thu, 29 Dec 2022 19:08:57 +0000 (03:08 +0800)]
Frontport 1.17.4 changelog and Add 1.18.0 changelog (#22215)

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
22 months agoAdd more test directory to exclude dir of air, remove watching templates from air...
Lunny Xiao [Thu, 29 Dec 2022 15:12:10 +0000 (23:12 +0800)]
Add more test directory to exclude dir of air, remove watching templates from air include dir because gitea has internal mechanism (#22246) (#22247)

backport #22246

Since #20218 introduced internal watching template, template watching
should be removed from `air`. This will prevent restart the whole server
once the template files changed to speed up developing when using `make
watch`.

To ensure `make watch` will reuse template watching, this PR introduced
a new ENV `GITEA_RUN_MODE` to make sure `make watch` will always run in
a dev mode of Gitea so that template watching will open.

This PR also added more exclude testdata directories.

Co-authored-by: 6543 <6543@obermui.de>
22 months agorefactor auth interface to return error when verify failure (#22119) (#22259)
Lunny Xiao [Thu, 29 Dec 2022 05:50:09 +0000 (13:50 +0800)]
refactor auth interface to return error when verify failure (#22119) (#22259)

backport #22119

This PR changed the Auth interface signature from `Verify(http
*http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.

There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.

Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.

This will fix #20563

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Jason Song <i@wolfogre.com>
23 months agoUse complete SHA to create and query commit status (#22244) (#22257)
Jason Song [Wed, 28 Dec 2022 10:03:21 +0000 (18:03 +0800)]
Use complete SHA to create and query commit status (#22244) (#22257)

Backport #22244.

Fix #13485.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoRemove ReverseProxy authentication from the API (#22219) (#22251)
Lunny Xiao [Tue, 27 Dec 2022 19:24:43 +0000 (03:24 +0800)]
Remove ReverseProxy authentication from the API (#22219) (#22251)

backport from #22219

Since we changed the /api/v1/ routes to disallow session authentication
we also removed their reliance on CSRF. However, we left the
ReverseProxy authentication here - but this means that POSTs to the API
are no longer protected by CSRF.

Now, ReverseProxy authentication is a kind of session authentication,
and is therefore inconsistent with the removal of session from the API.

This PR proposes that we simply remove the ReverseProxy authentication
from the API and therefore users of the API must explicitly use tokens
or basic authentication.

Replace #22077
Close #22221
Close #22077

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
23 months agoUpdate bleve and zapx to fix unaligned atomic (#22031) (#22218)
zeripath [Thu, 22 Dec 2022 15:45:38 +0000 (15:45 +0000)]
Update bleve and zapx to fix unaligned atomic (#22031) (#22218)

Backport #22031

There is an unaligned atomic field in zapx 15.3.5 which should have been
fixed in a subsequent patch

This bug causes issues on 32bit builds.

Update bleve and zapx to account for this.

Fix #21957

Signed-off-by: Andrew Thornton <art27@cantab.net>
23 months agoFix container layer display overflow (#22208) (#22211)
Lauris BH [Thu, 22 Dec 2022 13:26:48 +0000 (15:26 +0200)]
Fix container layer display overflow (#22208) (#22211)

Backport #22208

23 months agoAllow empty assignees on pull request edit (#22150) (#22214)
KN4CK3R [Thu, 22 Dec 2022 12:40:07 +0000 (13:40 +0100)]
Allow empty assignees on pull request edit (#22150) (#22214)

Backport of #22150

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoAdd setting to disable the git apply step in test patch (#22130) (#22170)
zeripath [Thu, 22 Dec 2022 10:59:10 +0000 (10:59 +0000)]
Add setting to disable the git apply step in test patch (#22130) (#22170)

Backport #22130

For a long time Gitea has tested PR patches using a git apply --check
method, and in fact prior to the introduction of a read-tree assisted
three-way merge in #18004, this was the only way of checking patches.

Since #18004, the git apply --check method has been a fallback method,
only used when the read-tree three-way merge method has detected a
conflict. The read-tree assisted three-way merge method is much faster
and less resource intensive method of detecting conflicts. #18004 kept
the git apply method around because it was thought possible that this
fallback might be able to rectify conflicts that the read-tree three-way
merge detected. I am not certain if this could ever be the case.

Given the uncertainty here and the now relative stability of the
read-tree method - this PR makes using this fallback optional but
enables it by default. A `log.Critical` has been added which will alert
if the `git apply --check` method was successful at checking a PR that
`read-tree` failed on.

The hope is that none of these log.Critical messages will be found and
there will be no significant difference in conflict detection. Thus we
will be able to remove the git apply fallback in future, and/or improve
the read-tree three-way merge method to catch any conflicts that git
apply method might have been able to fix.

An additional benefit for anyone who disables the check method is that
patch checking should be significantly less resource intensive and much
quicker.

(See
https://github.com/go-gitea/gitea/issues/22083\#issuecomment-1347961737)

Ref #22083

Signed-off-by: Andrew Thornton <art27@cantab.net>
<!--

Please check the following:

1. Make sure you are targeting the `main` branch, pull requests on
release branches are only allowed for bug fixes.
2. Read contributing guidelines:
https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
3. Describe what your pull request does and which issue you're targeting
(if any)

-->

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
23 months agoNormalize NuGet package version on upload (#22186) (#22200)
KN4CK3R [Wed, 21 Dec 2022 20:50:17 +0000 (21:50 +0100)]
Normalize NuGet package version on upload (#22186) (#22200)

Backport of #22186

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agofix: update libcurl in docs pipeline (#22204)
John Olheiser [Wed, 21 Dec 2022 19:39:05 +0000 (13:39 -0600)]
fix: update libcurl in docs pipeline (#22204)

Backport https://github.com/go-gitea/gitea/pull/22203

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
23 months agoCheck for zero time instant in TimeStamp.IsZero() (#22171) (#22172)
Gusted [Tue, 20 Dec 2022 02:04:46 +0000 (03:04 +0100)]
Check for zero time instant in TimeStamp.IsZero() (#22171) (#22172)

- Backport of #22171
- Currently, the 'IsZero' function for 'TimeStamp' just checks if the
unix time is zero, which is not the behavior of 'Time.IsZero()', but
Gitea is using this method in accordance with the behavior of
'Time.IsZero()'.
  - Adds a new condition to check for the zero time instant.
- Fixes a bug where non-expiring GPG keys where shown as they expired on
Jan 01, 0001.
  - Related https://codeberg.org/Codeberg/Community/issues/791

23 months agoEnsure that plain files are rendered correctly even when containing ambiguous charact...
zeripath [Mon, 19 Dec 2022 15:51:21 +0000 (15:51 +0000)]
Ensure that plain files are rendered correctly even when containing ambiguous characters (#22017) (#22160)

Backport #22017

As recognised in #21841 the rendering of plain text files is somewhat
incorrect when there are ambiguous characters as the html code is double
escaped. In fact there are several more problems here.

We have a residual isRenderedHTML which is actually simply escaping the
file - not rendering it. This is badly named and gives the wrong
impression.

There is also unusual behaviour whether the file is called a Readme or
not and there is no way to get to the source code if the file is called
README.

In reality what should happen is different depending on whether the file
is being rendered a README at the bottom of the directory view or not.

1. If it is rendered as a README on a directory - it should simply be
escaped and rendered as `<pre>` text.
2. If it is rendered as a file then it should be rendered as source
code.

This PR therefore does:
1. Rename IsRenderedHTML to IsPlainText
2. Readme files rendered at the bottom of the directory are rendered
without line numbers
3. Otherwise plain text files are rendered as source code.

Replace #21841

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoDo not list active repositories as unadopted (#22034) (#22166)
Christian Ullrich [Mon, 19 Dec 2022 12:48:38 +0000 (13:48 +0100)]
Do not list active repositories as unadopted (#22034) (#22166)

Backport #22034

This fixes a bug where, when searching unadopted repositories, active
repositories will be listed as well. This is because the size of the
array of repository names to check is larger by one than the
`IterateBufferSize`.

For an `IterateBufferSize` of 50, the original code will pass 51
repository names but set the query to `LIMIT 50`. If all repositories in
the query are active (i.e. not unadopted) one of them will be omitted
from the result. Due to the `ORDER BY` clause it will be the oldest (or
least recently modified) one.

Co-authored-by: Christian Ullrich <christian.ullrich@traditionsa.lu>
23 months agoLocal storage should not store files as executable (#22162) (#22163)
zeripath [Sun, 18 Dec 2022 23:12:25 +0000 (23:12 +0000)]
Local storage should not store files as executable (#22162) (#22163)

Backport #22162

The PR #21198 introduced a probable security vulnerability which
resulted in making all storage files be marked as executable.

This PR ensures that these are forcibly marked as non-executable.

Fix #22161

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
23 months agoFix heatmap first color being unused (#22158)
silverwind [Sun, 18 Dec 2022 13:18:07 +0000 (14:18 +0100)]
Fix heatmap first color being unused (#22158)

Backport #22157. vue3-calendar-heatmap has the behaviour that the first
and second colors are mapped to values null and 0, meaning the second
color was not used as intended for values > 0. I think this is a
behaviour change from previous vue2 version that was missed during the
upgrade.

This change makes first and second values the same, so the heatmap can
now use one additional color for meaningful values.

23 months agoFix margin and alignment in dashboard repolist (#22120) (#22122)
silverwind [Fri, 16 Dec 2022 19:57:22 +0000 (20:57 +0100)]
Fix margin and alignment in dashboard repolist (#22120) (#22122)

Backport #22120 to 1.18. Seems this has recently regressed, previously,
there was a significant whitespace between icon and text, but it seems
to be gone, so I added the margin.

23 months agoCorrectly handle moved files in apply patch (#22118) (#22135)
zeripath [Thu, 15 Dec 2022 00:59:16 +0000 (00:59 +0000)]
Correctly handle moved files in apply patch (#22118) (#22135)

Backport #22118

Moved files in a patch will result in git apply returning:

```
error: {filename}: No such file or directory
```

This wasn't handled by the git apply patch code. This PR adds handling
for this.

Fix #22083

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
23 months agoFix condition for is_internal (#22095) (#22132)
KN4CK3R [Wed, 14 Dec 2022 18:38:15 +0000 (19:38 +0100)]
Fix condition for is_internal (#22095) (#22132)

Backport of #22095

I changed it to a static condition because it needs a new version of
xorm which is only available in 1.19. This change is valid because
`SearchLatestVersions` is never called to list internal versions and
there will no change to this behaviour in <1.19.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
23 months agoMake gitea work using cmd.exe again (#22073) (#22133)
zeripath [Wed, 14 Dec 2022 13:13:16 +0000 (13:13 +0000)]
Make gitea work using cmd.exe again (#22073) (#22133)

Backport #22073

Gitea will attempt to lookup its location using LookPath however, this
fails on cmd.exe if gitea is in the current working directory.

exec.LookPath will return an exec.ErrDot error which we can test for and
then simply using filepath.Abs(os.Args[0]) to absolute gitea against the
current working directory.

Fix #22063

Signed-off-by: Andrew Thornton <art27@cantab.net>
23 months agoFix sorting admin user list by last login (#22081) (#22107)
aceArt-GmbH [Tue, 13 Dec 2022 22:37:33 +0000 (23:37 +0100)]
Fix sorting admin user list by last login (#22081) (#22107)

23 months agoFix parallel creating commit status bug with tests (#21911) (#21989)
Lunny Xiao [Tue, 13 Dec 2022 10:59:18 +0000 (18:59 +0800)]
Fix parallel creating commit status bug with tests (#21911) (#21989)

backport #21911
backport #21998

Co-authored-by: silverwind <me@silverwind.io>
23 months agoFix permission check on issue/pull lock (#22113)
Lunny Xiao [Mon, 12 Dec 2022 19:59:50 +0000 (03:59 +0800)]
Fix permission check on issue/pull lock (#22113)

backport #22110

23 months agoWorkaround for container registry push/pull errors (#21862) (#22068)
KN4CK3R [Sat, 10 Dec 2022 00:11:46 +0000 (01:11 +0100)]
Workaround for container registry push/pull errors (#21862) (#22068)

Backport of #21862

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoFix issue/PR numbers (#22037) (#22044)
Jason Song [Wed, 7 Dec 2022 06:20:12 +0000 (14:20 +0800)]
Fix issue/PR numbers (#22037) (#22044)

Backport #22037.

When deleting a closed issue, we should update both `NumIssues`and
`NumClosedIssues`, or `NumOpenIssues`(`= NumIssues -NumClosedIssues`)
will be wrong. It's the same for pull requests.

Releated to #21557.

Alse fixed two harmless problems:

- The SQL to check issue/PR total numbers is wrong, that means it will
update the numbers even if they are correct.
- Replace legacy `num_issues = num_issues + 1` operations with
`UpdateRepoIssueNumbers`.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoHandle empty author names (#21902) (#22027)
zeripath [Tue, 6 Dec 2022 13:16:47 +0000 (13:16 +0000)]
Handle empty author names (#21902) (#22027)

Backport #21902

Although git does expect that author names should be of the form: `NAME
<EMAIL>` some users have been able to create commits with: `<EMAIL>`

Fix #21900

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoAdd dumb-init to rootless docker (#22046)
Michael Kriese [Tue, 6 Dec 2022 11:01:58 +0000 (12:01 +0100)]
Add dumb-init to rootless docker (#22046)

- backport #21775

23 months agoUse GhostUser if needed for TrackedTimes (#22021) (#22029)
zeripath [Mon, 5 Dec 2022 12:20:37 +0000 (12:20 +0000)]
Use GhostUser if needed for TrackedTimes (#22021) (#22029)

Backport #22021

When getting tracked times out of the db and loading their attributes
handle not exist errors in a nicer way. (Also prevent an NPE.)

Fix #22006

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoEnsure that Chinese punctuation is not ambiguous when locale is Chinese (#22019)...
zeripath [Mon, 5 Dec 2022 09:20:38 +0000 (09:20 +0000)]
Ensure that Chinese punctuation is not ambiguous when locale is Chinese (#22019) (#22030)

Backport #22019

Although there are per-locale fallbacks for ambiguity the locale names
for Chinese do not quite match our locales. This PR simply maps zh-CN on
to zh-hans and other zh variants on to zh-hant.

Ref #20999

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
23 months agoFix ListBranches to handle empty case (#21921) (#22024)
Lunny Xiao [Sun, 4 Dec 2022 22:13:11 +0000 (06:13 +0800)]
Fix ListBranches to handle empty case (#21921) (#22024)

Fix #21910
Backport #21921

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
23 months agoDo not emit ambiguous character warning on rendered pages (#22016) (#22018)
zeripath [Sun, 4 Dec 2022 11:10:54 +0000 (11:10 +0000)]
Do not emit ambiguous character warning on rendered pages (#22016) (#22018)

Backport #22016

The real sensitivity of ambiguous characters is in source code -
therefore warning about them in rendered pages causes too many warnings.
Therefore simply remove the warning on rendered pages.

The escape button will remain available and it is present on the view
source page.

Fix #20999

Signed-off-by: Andrew Thornton <art27@cantab.net>
23 months agoOn tag/branch-exist check, dont panic if repo is nil (#21787) (#21788)
6543 [Sun, 4 Dec 2022 10:29:19 +0000 (11:29 +0100)]
On tag/branch-exist check, dont panic if repo is nil (#21787) (#21788)

backport #21787

23 months agoUse path not filepath in template filenames (#21993) (#22022)
zeripath [Sun, 4 Dec 2022 05:58:58 +0000 (05:58 +0000)]
Use path not filepath in template filenames (#21993) (#22022)

Backport #21993

Paths in git are always separated by `/` not `\` - therefore we should
`path` and not `filepath`

Fix #21987

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
23 months agoMultiple improvements for comment edit diff (#21990) (#22007)
silverwind [Fri, 2 Dec 2022 20:42:41 +0000 (21:42 +0100)]
Multiple improvements for comment edit diff (#21990) (#22007)

Backport #21990

- Use explicit avatar size so when JS copies the HTML, the size gets
copied with it
- Replace icon font use with SVG
- Improve styling and diff rendering
- Sort lists in `svg.js`

Fixes: https://github.com/go-gitea/gitea/issues/21924
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoCorrect the fallbacks for mailer configuration (#21945) (#21953)
zeripath [Sun, 27 Nov 2022 19:45:59 +0000 (19:45 +0000)]
Correct the fallbacks for mailer configuration (#21945) (#21953)

Backport #21945

Unfortunately the fallback configuration code for [mailer] that were
added in #18982 are incorrect. When you read a value from an ini section
that key is added. This leads to a failure of the fallback mechanism.
Further there is also a spelling mistake in the startTLS configuration.

This PR restructures the mailer code to first map the deprecated
settings on to the new ones - and then use ini.MapTo to map those on to
the struct with additional validation as necessary.

Ref #21744

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix markdown anchor re-clicking (#21931) (#21946)
silverwind [Sat, 26 Nov 2022 16:21:13 +0000 (17:21 +0100)]
Fix markdown anchor re-clicking (#21931) (#21946)

Backport #21931. The hashchange event did not fire on re-click of a
active anchor. Instead, use the click event which always fires.

Fixes: https://github.com/go-gitea/gitea/issues/21680
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoPrevent NPE if trying to restore an already restored deleted branch (#21940) (#21944)
zeripath [Fri, 25 Nov 2022 23:28:03 +0000 (23:28 +0000)]
Prevent NPE if trying to restore an already restored deleted branch (#21940) (#21944)

Backport #21940

If a deleted-branch has already been restored, a request to restore it
again will cause a NPE. This PR adds detection for this case, but also
disables buttons when they're clicked in order to help prevent
accidental repeat requests.

Fix #21930

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoAdd support for HEAD requests in Maven registry (#21834) (#21929)
KN4CK3R [Fri, 25 Nov 2022 11:46:28 +0000 (12:46 +0100)]
Add support for HEAD requests in Maven registry (#21834) (#21929)

Backport of #21834

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix button in branch list, avoid unexpected page jump before restore branch actually...
Xinyu Zhou [Thu, 24 Nov 2022 16:02:33 +0000 (00:02 +0800)]
Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21928)

Backport #21562

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoadd changelog for 1.18.0-rc1 (#21829) v1.18.0-rc1
techknowlogick [Thu, 24 Nov 2022 11:49:22 +0000 (06:49 -0500)]
add changelog for 1.18.0-rc1 (#21829)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix flex layout for repo list icons (#21896) (#21920)
Xinyu Zhou [Thu, 24 Nov 2022 06:44:07 +0000 (14:44 +0800)]
Fix flex layout for repo list icons (#21896) (#21920)

Backport #21896

#20241 Added a tooltip, which does not satisfy the flex layout, and the
icons are not aligned

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
2 years agoFix vertical align of committer avatar rendered by email address (#21884) (#21918)
Xinyu Zhou [Thu, 24 Nov 2022 02:52:20 +0000 (10:52 +0800)]
Fix vertical align of committer avatar rendered by email address (#21884) (#21918)

Backport #21884

Committer avatar rendered by `func AvatarByEmail` are not vertical align
as `func Avatar` does.

- Replace literals `ui avatar` and `ui avatar vm` with the constant
`DefaultAvatarClass`

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
2 years agoFix setting HTTP headers after write (#21833) (#21877)
KN4CK3R [Tue, 22 Nov 2022 01:00:42 +0000 (02:00 +0100)]
Fix setting HTTP headers after write (#21833) (#21877)

Backport of #21833

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoDo not allow Ghost access to limited visible user/org (#21849) (#21876)
KN4CK3R [Sun, 20 Nov 2022 19:37:20 +0000 (20:37 +0100)]
Do not allow Ghost access to limited visible user/org (#21849) (#21876)

Backport of #21849

2 years agoColor and Style enhancements (#21784, #21799) (#21868)
silverwind [Sun, 20 Nov 2022 10:47:02 +0000 (11:47 +0100)]
Color and Style enhancements (#21784, #21799) (#21868)

Backport #21784
Backport #21799

These PRs provide tweaks and simplification to the less/css selectors, simplifying text color selectors and tweak arc-green colors with a follow-up to adjust the timeline

See the original PRs for more details

2 years agoSupport comma-delimited string as labels in issue template (#21831) (#21873)
Jason Song [Sun, 20 Nov 2022 10:44:20 +0000 (18:44 +0800)]
Support comma-delimited string as labels in issue template (#21831) (#21873)

Backport #21831.

The [labels in issue YAML templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms#top-level-syntax)
can be a string array or a comma-delimited string, so a single string
should be valid labels.

The old codes committed in #20987 ignore this, that's why the warning is
displayed:

<img width="618" alt="image" src="https://user-images.githubusercontent.com/9418365/202112642-93dc72d0-71c3-40a2-9720-30fc2d48c97c.png">

Fixes #17877.

2 years agoPrevent dangling user redirects (#21856) (#21858)
Gusted [Fri, 18 Nov 2022 14:25:00 +0000 (15:25 +0100)]
Prevent dangling user redirects (#21856) (#21858)

- Backport #21856
- It's possible that the `user_redirect` table contains a user id that
no longer exists.
  - Delete a user redirect upon deleting the user.
- Add a check for these dangling user redirects to check-db-consistency.

2 years agoIgnore issue template with a special name (#21830) (#21835)
Jason Song [Wed, 16 Nov 2022 19:48:33 +0000 (03:48 +0800)]
Ignore issue template with a special name (#21830) (#21835)

Backport #21830.

A file in `ISSUE_TEMPLATE` with the name `config.yml` shouldn't be
treated as a YAML template, it's for [configuring the template
chooser](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser).

The old code tried to ignore the file, but it didn't work, caused by
#20987. That's why the warning is displayed:

<img width="415" alt="image"

src="https://user-images.githubusercontent.com/9418365/202094067-804c42fe-0e9e-4fc5-bf01-d95fa336f54f.png">

Note that this PR is not an implementation of `config.yml`, there will
be another one to do it.

2 years agoPrevent panic in doctor command when running default checks (#21791) (#21807)
zeripath [Mon, 14 Nov 2022 02:58:32 +0000 (02:58 +0000)]
Prevent panic in doctor command when running default checks (#21791) (#21807)

Backport #21791

There was a bug introduced in #21352 due to a change of behaviour caused
by #19280. This causes a panic on running the default doctor checks
because the panic introduced by #19280 assumes that the only way
opts.StdOut and opts.Stderr can be set in RunOpts is deliberately.
Unfortunately, when running a git.Command the provided RunOpts can be
set, therefore if you share a common set of RunOpts these two values can
be set by the previous commands.

This PR stops using common RunOpts for the commands in that doctor check
but secondly stops RunCommand variants from changing the provided
RunOpts.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoLoad GitRepo in API before deleting issue (#21720) (#21796)
Jason Song [Sun, 13 Nov 2022 05:54:24 +0000 (13:54 +0800)]
Load GitRepo in API before deleting issue (#21720) (#21796)

Backport #21720.

Fix #20921.

The `ctx.Repo.GitRepo` has been used in deleting issues when the issue
is a PR.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2 years ago Upgrade golang.org/x/crypto (#21792) (#21793)
Gusted [Sun, 13 Nov 2022 04:15:21 +0000 (05:15 +0100)]
 Upgrade golang.org/x/crypto (#21792) (#21793)

- Backport #21792
- Update the crypto dependency to include
https://github.com/golang/crypto/commit/6fad3dfc18918c2ac9c112e46b32473bd2e5e2f9
  - Resolves #17798

2 years agoIgnore line anchor links with leading zeroes (#21728) (#21776)
silverwind [Fri, 11 Nov 2022 13:14:16 +0000 (14:14 +0100)]
Ignore line anchor links with leading zeroes (#21728) (#21776)

Backport #21728
Fixes: https://github.com/go-gitea/gitea/issues/21722
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoSet last login when activating account (#21731) (#21755)
Jason Song [Fri, 11 Nov 2022 06:26:17 +0000 (14:26 +0800)]
Set last login when activating account (#21731) (#21755)

Backport #21731.

Fix #21698.

Set the last login time to the current time when activating the user
successfully.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years ago Revert unrelated changes for SMTP auth (#21767) (#21768)
wxiaoguang [Thu, 10 Nov 2022 21:11:56 +0000 (05:11 +0800)]
 Revert unrelated changes for SMTP auth (#21767) (#21768)

Backport #21767

The purpose of #18982 is to improve the SMTP mailer, but there were some
unrelated changes made to the SMTP auth in
https://github.com/go-gitea/gitea/pull/18982/commits/d60c43869420f5fc43ad19b454c9ae50dad65964

This PR reverts these unrelated changes, fix #21744

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years ago Init git module before database migration (#21764) (#21765)
wxiaoguang [Thu, 10 Nov 2022 14:22:41 +0000 (22:22 +0800)]
 Init git module before database migration (#21764) (#21765)

Backport #21764

Some database migrations depend on the git module.

2 years agoFix dashboard ignored system setting cache (#21621) (#21759)
Lunny Xiao [Thu, 10 Nov 2022 11:41:44 +0000 (19:41 +0800)]
Fix dashboard ignored system setting cache (#21621) (#21759)

backport #21621

This is a performance regression from #18058

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2 years agoFix UI language switching bug (#21597) (#21749)
Xinyu Zhou [Thu, 10 Nov 2022 02:14:32 +0000 (10:14 +0800)]
Fix UI language switching bug (#21597) (#21749)

Backport #21597

Related:
* https://github.com/go-gitea/gitea/pull/21596#issuecomment-1291450224

There was a bug when switching language by AJAX: the irrelevant POST
requests were processed by the target page's handler.

Now, use GET instead of POST. The GET requests should be harmless.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoRemove semver compatible flag and change pypi to an array of test cases (#21708)...
Wayne Starr [Wed, 9 Nov 2022 15:02:11 +0000 (09:02 -0600)]
Remove semver compatible flag and change pypi to an array of test cases (#21708) (#21730)

Backport (#21708)

This addresses #21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoQuick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)
Xinyu Zhou [Wed, 9 Nov 2022 13:19:44 +0000 (21:19 +0800)]
Quick fixes monaco-editor error: "vs.editor.nullLanguage" (#21734) (#21738)

Backport #21734

fixes: https://github.com/go-gitea/gitea/issues/21733

Uncaught Error: Language id "vs.editor.nullLanguage" is not configured
nor known

Note that this monaco-editor worked fine on 0.33.0 and broke on 0.34.0.
If upstream fixed, remove this code.

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoAllow local package identifiers for PyPI packages (#21690) (#21727)
Wayne Starr [Wed, 9 Nov 2022 01:10:06 +0000 (19:10 -0600)]
Allow local package identifiers for PyPI packages (#21690) (#21727)

Backport (#21690)

Fixes #21683

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoFix token generation when using INTERNAL_TOKEN_URI (#21669) (#21670)
wxiaoguang [Thu, 3 Nov 2022 20:54:25 +0000 (04:54 +0800)]
Fix token generation when using INTERNAL_TOKEN_URI (#21669) (#21670)

Backport #21669

Fix https://github.com/go-gitea/gitea/issues/21666
Caused by https://github.com/go-gitea/gitea/pull/19663

Before: when install, the INTERNAL_TOKEN was always generated and saved.
But the internal token may be already there by INTERNAL_TOKEN_URI

After: INTERNAL_TOKEN_URI file must be non-empty. When install, skip
internal token generation if the token exists.

2 years agoFix repository adoption on Windows (#21646) (#21650)
zeripath [Tue, 1 Nov 2022 22:32:03 +0000 (22:32 +0000)]
Fix repository adoption on Windows (#21646) (#21650)

Backport #21646

A bug was introduced in #17865 where filepath.Join is used to join
putative unadopted repository owner and names together. This is
incorrect as these names are then used as repository names - which shoud
have the '/' separator. This means that adoption will not work on
Windows servers.

Fix #21632

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix opaque background on mermaid diagrams (#21642) (#21652)
silverwind [Tue, 1 Nov 2022 22:31:17 +0000 (23:31 +0100)]
Fix opaque background on mermaid diagrams (#21642) (#21652)

Backport #21642

Browsers introduce a opaque background on iframes if the iframe
element's color-scheme does not match the document's color scheme which
in case of a dark theme results in a mismatch and the browser adds a
white background. Avoid this by specifying the same color scheme outside
and inside the iframe.

See https://fvsch.com/transparent-iframes for more info.

My initial attempt was to make the iframe document the same color-scheme
as the parent page (light or dark) but with that, there was a ugly
background flash on load in Chrome because Chrome apparently always
loads iframe in light scheme initially. Firefox still shows a background
flash on load but this is not possible to get rid of and it's certainly
a browser bug.

Before:
<img width="1147" alt="Screen Shot 2022-10-31 at 13 30 55"
src="https://user-images.githubusercontent.com/115237/199017132-9828aace-bdd0-4ede-8118-359e72bcf2fe.png">

After:
<img width="1152" alt="Screen Shot 2022-10-31 at 13 30 36"
src="https://user-images.githubusercontent.com/115237/199017137-989a9e67-3fe0-445f-a191-df5bf290dabf.png">

2 years agoDeal with markdown template without metadata (#21639) (#21654)
Jason Song [Tue, 1 Nov 2022 15:41:31 +0000 (23:41 +0800)]
Deal with markdown template without metadata (#21639) (#21654)

Backport #21639 .

Fixed #21636.

Related to #20987.

A markdown template without metadata should not be treated as an invalid
template.

And this PR fixed another bug that non-template files(neither .md nor
.yaml) are treated as yaml files.

<img width="504" alt="image"

src="https://user-images.githubusercontent.com/9418365/198968668-40082fa1-4f25-4d3e-9b73-1dbf6d1a7521.png">

2 years agoSync git hooks when config file path changed (#21619) (#21626)
Jason Song [Sun, 30 Oct 2022 03:17:11 +0000 (11:17 +0800)]
Sync git hooks when config file path changed (#21619) (#21626)

Backport #21619 .

A patch to #17335.

Just like AppPath, Gitea writes its own CustomConf into git hook scripts
too. If Gitea's CustomConf changes, then the git push may fail.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoUse CSS color-scheme instead of invert (#21616) (#21623)
silverwind [Sat, 29 Oct 2022 05:24:57 +0000 (07:24 +0200)]
Use CSS color-scheme instead of invert (#21616) (#21623)

Backport #21616 to 1.18

The
[`color-scheme`](https://developer.mozilla.org/en-US/docs/Web/CSS/color-scheme)
property changes the base color of certain form elements like the
datepicker icon in Chrome. Set it and remove the previous invert hack.

Before with invert removed:
<img width="840" alt="Screen Shot 2022-10-27 at 11 42 54"
src="https://user-images.githubusercontent.com/115237/198251927-b742e14e-0c62-492c-b667-ee6c69de4ad8.png">
<img width="238" alt="Screen Shot 2022-10-27 at 12 23 28"
src="https://user-images.githubusercontent.com/115237/198260413-37c1ca85-c2de-4c09-8b37-6aa8a23ab575.png">

After:
<img width="841" alt="Screen Shot 2022-10-27 at 11 43 05"
src="https://user-images.githubusercontent.com/115237/198251934-568fa291-0d18-4cd4-adec-58ae1ad90ab2.png">
<img width="839" alt="Screen Shot 2022-10-27 at 11 44 36"
src="https://user-images.githubusercontent.com/115237/198251936-a435105e-572b-41f6-8262-a53820f1d364.png">
<img width="243" alt="Screen Shot 2022-10-27 at 12 23 42"
src="https://user-images.githubusercontent.com/115237/198260432-5eaffc82-ffb8-4559-b1c2-08a39e8f4427.png">

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix `Timestamp.IsZero` (#21593) (#21603)
KN4CK3R [Thu, 27 Oct 2022 08:47:06 +0000 (10:47 +0200)]
Fix `Timestamp.IsZero` (#21593) (#21603)

Backport of #21593

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years ago Revert: auto generate INTERNAL_TOKEN (#21608) (#21609)
wxiaoguang [Thu, 27 Oct 2022 03:17:47 +0000 (11:17 +0800)]
 Revert: auto generate INTERNAL_TOKEN (#21608) (#21609)

Backport #21608

Follow #19663

Some users do cluster deployment, they still depend on this
auto-generating behavior.

2 years agoFix 500 on PR files API (#21602) (#21607)
qwerty287 [Wed, 26 Oct 2022 16:21:08 +0000 (18:21 +0200)]
Fix 500 on PR files API (#21602) (#21607)

Fixes an 500 error/panic if using the changed PR files API with pages
that should return empty lists because there are no items anymore.
`start-end` is then < 0 which ends in panic.

Backport https://github.com/go-gitea/gitea/pull/21602

<!--

Please check the following:

1. Make sure you are targeting the `main` branch, pull requests on
release branches are only allowed for bug fixes.
2. Read contributing guidelines:
https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
3. Describe what your pull request does and which issue you're targeting
(if any)

-->

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: delvh <dev.lh@web.de>
2 years agoRevert "Do not send notifications for draft releases (#21451)" (#21594) v1.18.0-rc0
techknowlogick [Tue, 25 Oct 2022 22:00:00 +0000 (18:00 -0400)]
Revert "Do not send notifications for draft releases (#21451)" (#21594)

This reverts commit a37e8b275d19c0daf160cc540d981ec4f3025a5a / #21451

Temporarily revert this PR to be able to continue discussion, and
potentially get it into 1.19.0

2 years agoChange `commits-table` column width (#21564)
KN4CK3R [Tue, 25 Oct 2022 17:00:37 +0000 (19:00 +0200)]
Change `commits-table` column width (#21564)

Fixes #21561

Before

![image](https://user-images.githubusercontent.com/20903656/197388658-0ea1d941-8bc7-4f10-b5db-4ece8602b13a.png)

After

![image](https://user-images.githubusercontent.com/20903656/197388665-78fb8421-105d-408d-84cf-a86b1cc61e2e.png)

2 years agoFix issues count bug (#21557)
Lunny Xiao [Tue, 25 Oct 2022 12:47:46 +0000 (20:47 +0800)]
Fix issues count bug (#21557)

fix #19349 , #19505

Co-authored-by: delvh <dev.lh@web.de>
2 years agoImprove code comment review on mobile (#21461)
Gusted [Tue, 25 Oct 2022 11:11:49 +0000 (11:11 +0000)]
Improve code comment review on mobile (#21461)

- Fix placement of avatar image, this was not placed in the
`comment-header-left` and add CSS to cover the limiting of width+height
of avatar for code-review comment on "Files changed" page. This fixes
the big noticeable avatar issue.
- Apply `margin-bottom` to the "next" button, so it's consistent with
the "previous" button.
- Make sure the "next"/"previous" start at `flex-start` on mobile and
not off-screen at `flex-end`. As well force them to have `flex: 1` so
they won't overflow on x-asis. This also requires the `width: 100%` for
the `.ui.buttons` div.
- Resolves #20074

### Before
<details><img width="512"
src="https://user-images.githubusercontent.com/25481501/195952930-09560cad-419f-43a3-a8a4-a4166c117994.jpg"></details>

### After
<details><img width="512"
src="https://user-images.githubusercontent.com/25481501/197340081-0365dfa8-4344-46b4-8702-a40c778c073f.jpg"></details>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2 years agoConsolidate remaining colors into variables (#21582)
silverwind [Tue, 25 Oct 2022 04:08:54 +0000 (06:08 +0200)]
Consolidate remaining colors into variables (#21582)

Remove remaining non-color variables in arc-green, so the theme is now
100% defined from variables (excluding inverts). Adjusted red/green to
match previous overwritten colors.

`--color-gold-light` is removed, it was unused and is not part of
fomantic colors.

<img width="772" alt="Screen Shot 2022-10-24 at 20 22 25"
src="https://user-images.githubusercontent.com/115237/197599339-1d1bf6e3-aa90-4f38-9753-24effd4b178d.png">
<img width="275" alt="Screen Shot 2022-10-24 at 20 25 52"
src="https://user-images.githubusercontent.com/115237/197599344-79c1d3ac-c709-4e30-a60b-4738af672c12.png">
<img width="446" alt="Screen Shot 2022-10-24 at 20 26 46"
src="https://user-images.githubusercontent.com/115237/197599346-f2ef6449-7efd-4f81-bbb6-e7bee4528f50.png">

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years ago[skip ci] Updated translations via Crowdin
Yarden Shoham [Tue, 25 Oct 2022 00:20:58 +0000 (00:20 +0000)]
[skip ci] Updated translations via Crowdin

2 years agoAdd sqlite vscode extension to Gitpod configuration (#21552)
Yarden Shoham [Mon, 24 Oct 2022 20:55:59 +0000 (23:55 +0300)]
Add sqlite vscode extension to Gitpod configuration (#21552)

It allows for quick database inspections in the IDE.

![image](https://user-images.githubusercontent.com/20454870/197355299-222f5027-aba8-4fe2-b1d4-fff93d5ccb3c.png)

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2 years agoReplace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551)
delvh [Mon, 24 Oct 2022 19:29:17 +0000 (21:29 +0200)]
Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551)

Found using
`find . -type f -name '*.go' -print -exec vim {} -c
':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;`

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoFix package access for admins and inactive users (#21580)
KN4CK3R [Mon, 24 Oct 2022 19:23:25 +0000 (21:23 +0200)]
Fix package access for admins and inactive users (#21580)

I noticed an admin is not allowed to upload packages for other users
because `ctx.IsSigned` was not set.
I added a check for `user.IsActive` and `user.ProhibitLogin` too because
both was not checked. Tests enforce this now.

Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoAllow for resolution of NPM registry paths that match upstream (#21568)
Wayne Starr [Mon, 24 Oct 2022 13:50:22 +0000 (08:50 -0500)]
Allow for resolution of NPM registry paths that match upstream (#21568)

This PR fixes issue #21567 allowing for package tarball URLs to match
the upstream registry (and GitLab/JFrog Artifactory URLs). It uses a
regex to parse the filename (which contains the NPM version) and does a
fuzzy search to pull it out. The regex was built/expanded from
http://json.schemastore.org/package,
https://github.com/Masterminds/semver, and
https://docs.npmjs.com/cli/v6/using-npm/semver and is testable here:
https://regex101.com/r/OydBJq/5

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoAdded missing headers on user packages page (#21172)
Vladimir Yakovlev [Mon, 24 Oct 2022 12:01:05 +0000 (15:01 +0300)]
Added missing headers on user packages page (#21172)

User packages page had missing tabs.

![packages-2](https://user-images.githubusercontent.com/183965/190411160-c8138a8c-dbc4-4cf1-af2c-52497a10cee8.png)

![packages-1](https://user-images.githubusercontent.com/183965/190411155-af2cb398-c9a0-4fcc-adcd-1711aaa28345.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoRecord OAuth client type at registration (#21316)
M Hickford [Mon, 24 Oct 2022 07:59:24 +0000 (09:59 +0200)]
Record OAuth client type at registration (#21316)

The OAuth spec [defines two types of
client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1),
confidential and public. Previously Gitea assumed all clients to be
confidential.

> OAuth defines two client types, based on their ability to authenticate
securely with the authorization server (i.e., ability to
>   maintain the confidentiality of their client credentials):
>
>   confidential
> Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
> restricted access to the client credentials), or capable of secure
client authentication using other means.
>
>   **public
> Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the resource
owner, such as an installed native application or a web browser-based
application), and incapable of secure client authentication via any
other means.**
>
> The client type designation is based on the authorization server's
definition of secure authentication and its acceptable exposure levels
of client credentials. The authorization server SHOULD NOT make
assumptions about the client type.

 https://datatracker.ietf.org/doc/html/rfc8252#section-8.4

> Authorization servers MUST record the client type in the client
registration details in order to identify and process requests
accordingly.

Require PKCE for public clients:
https://datatracker.ietf.org/doc/html/rfc8252#section-8.1

> Authorization servers SHOULD reject authorization requests from native
apps that don't use PKCE by returning an error message

Fixes #21299

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoadapt README_{Country}.md stype name in localizedExtensions (#21486)
a1012112796 [Mon, 24 Oct 2022 06:12:15 +0000 (14:12 +0800)]
adapt README_{Country}.md stype name in localizedExtensions (#21486)

This stype name is also used in many repos, example:
[``README_ZH.md``](https://github.com/go-gitea/gitea/blob/main/README_ZH.md)

Signed-off-by: a1012112796 <1012112796@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years agodump: Add option to skip index dirs (#21501)
Johan Van de Wauw [Mon, 24 Oct 2022 03:19:21 +0000 (05:19 +0200)]
dump: Add option to skip index dirs (#21501)

closes #20683

Add an option to gitea dump to skip the bleve indexes, which can become
quite large (in my case the same size as the repo's) and can be
regenerated after restore.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoUse recommended vscode configuration in gitpod environments (#21537)
Yarden Shoham [Mon, 24 Oct 2022 01:24:33 +0000 (04:24 +0300)]
Use recommended vscode configuration in gitpod environments (#21537)

To make go tests run in gitpod, the vscode settings.json must be in the
correct place in the filesystem

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2 years agoExpand "Go to File" button again, fix 'Add File' margin (#21543)
silverwind [Mon, 24 Oct 2022 01:23:04 +0000 (03:23 +0200)]
Expand "Go to File" button again, fix 'Add File' margin (#21543)

With https://github.com/go-gitea/gitea/pull/21428 we gained some space
so we are again able to show the "Go to File" button as text instead of
icon-only (the old icon was not particularily fitting anyways).

Before:
<img width="328" alt="image"
src="https://user-images.githubusercontent.com/115237/197334423-07731d9d-bf26-4aeb-95fa-490d9d0bf2a2.png">

After:
<img width="339" alt="Screen Shot 2022-10-22 at 12 28 01"
src="https://user-images.githubusercontent.com/115237/197334383-467c4107-09c9-4881-b75f-7f403eab7f3a.png">
<img width="413" alt="Screen Shot 2022-10-22 at 12 28 16"
src="https://user-images.githubusercontent.com/115237/197334384-f7d1fdda-a011-4138-ad1e-b52fc987501f.png">

2 years agoAdd yardenshoham to maintainers (#21566)
Yarden Shoham [Sun, 23 Oct 2022 16:09:21 +0000 (19:09 +0300)]
Add yardenshoham to maintainers (#21566)

[List of merged
PRs](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+author%3Ayardenshoham+is%3Amerged)
(with many more on the way!)

Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoRefactor git command arguments and make all arguments to be safe to be used (#21535)
wxiaoguang [Sun, 23 Oct 2022 14:44:45 +0000 (22:44 +0800)]
Refactor git command arguments and make all arguments to be safe to be used (#21535)

Follow #21464

Make all git command arguments strictly safe. Most changes are one-to-one replacing, keep all existing logic.

2 years agoUpdate binding to fix bugs (#21556)
Lunny Xiao [Sun, 23 Oct 2022 10:50:48 +0000 (18:50 +0800)]
Update binding to fix bugs (#21556)

Fix #19698

2 years agoLink mentioned user in markdown only if they are visible to viewer (#21554)
Yarden Shoham [Sun, 23 Oct 2022 09:13:52 +0000 (12:13 +0300)]
Link mentioned user in markdown only if they are visible to viewer (#21554)

We need to make sure a user can't confirm the existence of a user with
private visibility

* Follow up on #21533

### Before
#### User

![image](https://user-images.githubusercontent.com/20454870/197357580-340911d7-1659-4fc9-a9f6-7ed6bc3476b4.png)

#### Admin

![image](https://user-images.githubusercontent.com/20454870/197357676-a8f0ae63-8f80-4221-a9b5-b6311552910a.png)

### After
#### User

![image](https://user-images.githubusercontent.com/20454870/197357536-05616edb-7821-469d-8e51-6f8cb84c1362.png)

#### Admin

![image](https://user-images.githubusercontent.com/20454870/197357703-071fe984-de79-43aa-a77c-a85b046292a4.png)

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>