Yarden Shoham [Tue, 21 Feb 2023 17:35:14 +0000 (19:35 +0200)]
Return empty url for submodule tree entries (#23043) (#23048)
Backport #23043
Close #22614.
Refer to [Github's
API](https://docs.github.com/en/rest/git/trees?apiVersion=2022-11-28#get-a-tree),
if a tree entry is a submodule, its url will be an empty string.
Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: delvh <leon@kske.dev> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Jason Song [Tue, 21 Feb 2023 15:42:22 +0000 (23:42 +0800)]
Add force_merge to merge request and fix checking mergable (#23010) (#23032)
Backport #23010.
Fix #23000.
The bug was introduced in #22633, and it seems that it has been noticed:
https://github.com/go-gitea/gitea/pull/22633#discussion_r1095395359 .
However, #22633 did nothing wrong, the logic should be "check if they is
admin only when `force` is true".
So we should provide the `ForceMerge` when merging from UI.
After this, an admin can also send a normal merge request with
`ForceMerge` false. So it fixes a potential bug: if the admin doesn't
want to do a force merge, they just see the green "Merge" button and
click it. At the same time, the status of the PR changed, and it
shouldn't be merged now, so the admin could send an unexpected force
merge.
In addition, I updated `ForceMerge *bool` to `ForceMerge bool`, I don't
see the reason to use a pointer.
And fixed the logic of CheckPullMergable to handle auto merge and force
merge correctly.
zeripath [Sun, 19 Feb 2023 07:35:52 +0000 (07:35 +0000)]
Provide the ability to set password hash algorithm parameters (#22942) (#22943)
Backport #22942
This PR refactors and improves the password hashing code within gitea
and makes it possible for server administrators to set the password
hashing parameters
In addition it takes the opportunity to adjust the settings for `pbkdf2`
in order to make the hashing a little stronger.
The majority of this work was inspired by PR #14751 and I would like to
thank @boppy for their work on this.
Thanks to @gusted for the suggestion to adjust the `pbkdf2` hashing
parameters.
Yarden Shoham [Fri, 17 Feb 2023 07:22:05 +0000 (09:22 +0200)]
Fix 404 error viewing the LFS file (#22945) (#22948)
Backport #22945
Fix #22734.
According to
[`view_file.tmpl`](https://github.com/go-gitea/gitea/blob/main/templates/repo/view_file.tmpl#L82),
`lfs_file.tmpl` should use `AssetUrlPrefix` instead of `AppSubUrl`.
Co-authored-by: Zettat123 <zettat123@gmail.com> Co-authored-by: Jason Song <i@wolfogre.com>
zeripath [Fri, 17 Feb 2023 02:19:24 +0000 (02:19 +0000)]
Fix blame view missing lines (#22826) (#22929)
Backport #22826
Creating a new buffered reader for every part of the blame can miss
lines, as it will read and buffer bytes that the next buffered reader
will not get.
---------
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Brecht Van Lommel <brecht@blender.org> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Yarden Shoham [Thu, 16 Feb 2023 03:19:46 +0000 (05:19 +0200)]
fix incorrect role labels for migrated issues and comments (#22914) (#22923)
Backport #22914
Fix #22797.
## Reason
If a comment was migrated from other platforms, this comment may have an
original author and its poster is always not the original author. When
the `roleDescriptor` func get the poster's role descriptor for a
comment, it does not check if the comment has an original author. So the
migrated comments' original authors might be marked as incorrect roles.
zeripath [Mon, 13 Feb 2023 03:17:36 +0000 (03:17 +0000)]
Improve trace logging for pulls and processes (#22633) (#22812)
Backport #22633
Our trace logging is far from perfect and is difficult to follow.
This PR:
* Add trace logging for process manager add and remove.
* Fixes an errant read file for git refs in getMergeCommit
* Brings in the pullrequest `String` and `ColorFormat` methods
introduced in #22568
* Adds a lot more logging in to testPR etc.
Ref #22578
--------- Signed-off-by: Andrew Thornton <art27@cantab.net>
This function will check whether "%" is the beginning of an escape
character. Obviously, the "%" in the example (hello%mother.txt) is not
that. So, the function will return a error.
### Solution:
We can escape "treePath" by call "url.PathEscape()" function firstly.
Gusted [Sat, 11 Feb 2023 08:11:54 +0000 (09:11 +0100)]
Use proxy for pull mirror (#22771) (#22772)
- Backport #22771
- Use the proxy (if one is specified) for pull mirrors syncs.
- Pulled the code from
https://github.com/go-gitea/gitea/blob/c2774d9e80d9a436d9c2044960369c4db227e3a0/modules/git/repo.go#L164-L170
- Downstream issue: https://codeberg.org/forgejo/forgejo/issues/302
Jason Song [Fri, 10 Feb 2023 03:36:58 +0000 (11:36 +0800)]
Fix isAllowed of escapeStreamer (#22814) (#22837)
Backport #22814.
The use of `sort.Search` is wrong: The slice should be sorted, and
`return >= 0` doen't mean it exists, see the
[manual](https://pkg.go.dev/sort#Search).
Yarden Shoham [Wed, 8 Feb 2023 08:39:42 +0000 (10:39 +0200)]
Fix restore repo bug, clarify the problem of ForeignIndex (#22776) (#22794)
Backport #22776
Fix #22581
TLDR: #18446 made a mess with ForeignIndex and triggered a design
flaw/bug of #16356, then a quick patch #21271 helped #18446, then the
the bug was re-triggered by #21721 .
Related:
* #16356
* BasicIssueContext
https://github.com/go-gitea/gitea/pull/16356/files#diff-7938eb670d42a5ead6b08121e16aa4537a4d716c1cf37923c70470020fb9d036R16-R27
* #18446
* If some issues were dumped without ForeignIndex, then they would be
imported as ForeignIndex=0
https://github.com/go-gitea/gitea/pull/18446/files#diff-1624a3e715d8fc70edf2db1630642b7d6517f8c359cc69d58c3958b34ba4ce5eR38-R39
* #21271
* It patched the above bug (somewhat), made the issues without
ForeignIndex could have the same value as LocalIndex
* #21721
* It re-triggered the zero-ForeignIndex bug.
ps: I am not sure whether the changes in `GetForeignIndex` are ideal (at
least, now it has almost the same behavior as BasicIssueContext in
#16356), it's just a quick fix. Feel free to edit on this PR directly or
replace it.
zeripath [Thu, 2 Feb 2023 07:45:57 +0000 (07:45 +0000)]
Fix bugs with WebAuthn preventing sign in and registration. (#22651) (#22721)
Partial Backport #22651
This PR fixes a longstanding bug within webauthn due to the backend
using URLEncodedBase64 but the javascript using decoding using plain
base64. This causes intermittent issues with users reporting decoding
errors.
Gusted [Mon, 30 Jan 2023 16:59:20 +0000 (17:59 +0100)]
Don't return duplicated users who can create org repo (#22560) (#22562)
- Backport of #22560
- Currently the function `GetUsersWhoCanCreateOrgRepo` uses a query that
is able to have duplicated users in the result, this is can happen under
the condition that a user is in team that either is the owner team or
has permission to create organization repositories.
- Add test code to simulate the above condition for user 3,
[`TestGetUsersWhoCanCreateOrgRepo`](https://github.com/go-gitea/gitea/blob/a1fcb1cfb84fd6b36c8fe9fd56588119fa4377bc/models/organization/org_test.go#L435)
is the test function that tests for this.
- The fix is quite trivial, use a map as a set to get distinct orgs.
zeripath [Sat, 28 Jan 2023 17:56:16 +0000 (17:56 +0000)]
Improve checkIfPRContentChanged (#22611) (#22644)
Backport #22611
The code for checking if a commit has caused a change in a PR is
extremely inefficient and affects the head repository instead of using a
temporary repository.
This PR therefore makes several significant improvements:
* A temporary repo like that used in merging.
* The diff code is then significant improved to use a three-way diff
instead of comparing diffs (possibly binary) line-by-line - in memory...
Yarden Shoham [Sat, 28 Jan 2023 15:51:00 +0000 (17:51 +0200)]
Link issue and pull requests status change in UI notifications directly to their event in the timelined view. (#22627) (#22642)
Backport #22627
Adding the related comment to the issue and pull request status change
in the UI notifications allows to navigate directly to the specific
event in its dedicated view, easing the reading of last comments and to
the editor for additional comments if desired.
Co-authored-by: Felipe Leopoldo Sologuren Gutiérrez <fsologureng@users.noreply.github.com>
Yarden Shoham [Tue, 24 Jan 2023 20:48:21 +0000 (22:48 +0200)]
Prevent duplicate labels when importing more than 99 (#22591) (#22598)
Backport #22591
Importing labels (via `gitea restore-repo`) did not split them up into
batches properly. The first "batch" would create all labels, the second
"batch" would create all labels except those in the first "batch", etc.
This meant that when importing more than 99 labels (the batch size)
there would always be duplicate ones.
This is solved by actually passing `labels[:lbBatchSize]` to the
`CreateLabels()` function, instead of the entire list `labels`.
Yarden Shoham [Fri, 20 Jan 2023 15:34:52 +0000 (17:34 +0200)]
Truncate commit summary on repo files table. (#22551) (#22552)
Backport #22551
There was an unintended regression in #21124 which assumed that
.commits-list .message-wrapper would only match the commit summaries on
/{owner}/{name}/commits/*. This assumption is incorrect as the
directory/file view also uses a .commits-list wrapper.
Rather than completely restructure this page this PR simply adjusts the
styling to again use display: inline-block; for #repo-files-table
.commit-list .message-wrapper
silverwind [Fri, 20 Jan 2023 05:18:58 +0000 (06:18 +0100)]
Mute all links in issue timeline (#22534)
Backport of https://github.com/go-gitea/gitea/pull/22533.
https://github.com/go-gitea/gitea/pull/21799 introduced a regression
where some links in the issue timeline were not muted any more. Fix it
by replacing all `class="text grey"` with `class="text grey
muted-links"` in the file.
zeripath [Thu, 19 Jan 2023 22:31:20 +0000 (22:31 +0000)]
When updating by rebase we need to set the environment for head repo (#22535) (#22536)
Backport #22535
The update by rebase code reuses the merge code but shortcircuits and
pushes back up to the head. However, it doesn't set the correct pushing
environment - and just uses the same environment as the base repo. This
leads to the push update failing and thence the PR becomes out-of-sync
with the head.
This PR fixes this and adjusts the trace logging elsewhere to help make
this clearer.
Fix #18802
Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
Haruo Kinoshita [Tue, 17 Jan 2023 08:57:17 +0000 (17:57 +0900)]
Fix migration from GitBucket (#22465)
Migration from GitBucket does not work due to a access for "Reviews" API
on GitBucket that makes 404 response.
This PR has following changes.
1. Made to stop access for Reviews API while migrating from GitBucket.
2. Added support for custom URL (e.g.
`http://example.com/gitbucket/owner/repository`)
3. Made to accept for git checkout URL
(`http://example.com/git/owner/repository.git`)
zeripath [Mon, 16 Jan 2023 20:17:22 +0000 (20:17 +0000)]
Fix Operator does not exist bug on explore page with ONLY_SHOW_RELEVANT_REPOS (#22454) (#22472)
Backport #22454
There is a mistake in the code for SearchRepositoryCondition where it
tests topics as a string. This is incorrect for postgres where topics is
cast and stored as json. topics needs to be cast to text for this to
work. (For some reason JSON_ARRAY_LENGTH does not work, so I have taken
the simplest solution of casting to text and doing a string comparison.)
zeripath [Sun, 15 Jan 2023 14:35:56 +0000 (14:35 +0000)]
Prevent panic on looking at api "git" endpoints for empty repos (#22457) (#22458)
Backport #22457
The API endpoints for "git" can panic if they are called on an empty
repo. We can simply allow empty repos for these endpoints without worry
as they should just work.
As described in the linked issue (#22091), semi-transparent UI elements
would result in JS errors due to the fact that the CSS `backgroundColor`
element was being matched by the pattern
`^rgb\((\d+),\s*(\d+),\s*(\d+)\)$`, which does not take the alpha
channel into account.
I changed the pattern to `^rgba?\((\d+),\s*(\d+),\s*(\d+).*\)$`. This
new pattern accepts both `rgb` and `rgba` tuples, and ignores the alpha
channel (that little `.*` at the end) from the sorting criteria. The
reason why I chose to ignore alpha is because when it comes to kanban
colour sorting, only the hue is important; the order of the panels
should stay the same, even if some of them are transparent.
Alternative solutions were discussed in the bug report and are included
here for completeness:
1. Change the regex from ^rgb\((\d+),\s*(\d+),\s*(\d+)\)$ to
^rgba?\((\d+),\s*(\d+),\s*(\d+)(,\s*(\d+(\.\d+)?))?\)$ (alpha channel is
a float or NaN on 5th group) and include the alpha channel in the
sorting criteria.
2. Rethink on why you're reading colours out of the CSS in the first
place, then reformat this sorting procedure.
zeripath [Sat, 14 Jan 2023 08:56:44 +0000 (08:56 +0000)]
fix: PR status layout on mobile (#21547) (#22441)
Backport #21547
This PR fixes the layout of PR status layouts on mobile. For longer
status context names or on very small screens the text would overflow
and push the "Details" and "Required" badges out of the container.
zeripath [Fri, 13 Jan 2023 23:23:39 +0000 (23:23 +0000)]
Remove duplicate "Actions" label in mobile view (#21974) (#22439)
Backport #21974
Closes #21973.
The "Actions" button on the commit view page is labelled twice in mobile
view. No other buttons on the page have a `mobile-only` extra label, so
this PR removes it.
for {
select {
case <-closedChan:
count++
fmt.Println(count)
if count == 2 {
close(toClose)
}
case <-toClose:
return
}
}
}
```
This PR double-checks that the contexts are closed outside of checking
if there is data in the dataChan. It also rationalises the WorkerPool
FlushWithContext because the previous implementation failed to handle
pausing correctly. This will probably fix the underlying problem in
#22145
zeripath [Fri, 13 Jan 2023 09:29:10 +0000 (09:29 +0000)]
Restore function to "Show more" buttons (#22399) (#22426)
Backport #22399
There was a serious regression in #21012 which broke the Show More
button on the diff page, and the show more button was also broken on the
file tree too.
This PR fixes this by resetting the pageData.diffFiles as the vue
watched value and reattachs a function to the show more button outside
of the file tree view.
Yarden Shoham [Tue, 10 Jan 2023 09:21:29 +0000 (11:21 +0200)]
Don't display stop watch top bar icon when disabled and hidden when click other place (#22374) (#22387)
Backport #22374
Fix #22286
When timetracking is disabled, the stop watch top bar icon should be
hidden. When the stop watch recording popup, it should be allowed to
hide with some operation. Now click any place on this page will hide the
popup window.
Gusted [Fri, 30 Dec 2022 04:53:23 +0000 (05:53 +0100)]
Fix key signature error page (#22229) (#22230)
- Backport of #22229
- When the GPG key contains an error, such as an invalid signature or an
email address that does not match the user.A page will be shown that
says you must provide a signature for the token.
- This page had two errors: one had the wrong translation key and the
other tried to use an undefined variable
[`.PaddedKeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/models/asymkey/gpg_key.go#L65-L72),
which is a function implemented on the `GPGKey` struct, given that we
don't have that, we use
[`KeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/routers/web/user/setting/keys.go#L102)
which is [the fingerprint of the
publickey](https://pkg.go.dev/golang.org/x/crypto/openpgp/packet#PublicKey.KeyIdString)
and is a valid way for opengpg to refer to a key.
Lunny Xiao [Thu, 29 Dec 2022 15:12:10 +0000 (23:12 +0800)]
Add more test directory to exclude dir of air, remove watching templates from air include dir because gitea has internal mechanism (#22246) (#22247)
backport #22246
Since #20218 introduced internal watching template, template watching
should be removed from `air`. This will prevent restart the whole server
once the template files changed to speed up developing when using `make
watch`.
To ensure `make watch` will reuse template watching, this PR introduced
a new ENV `GITEA_RUN_MODE` to make sure `make watch` will always run in
a dev mode of Gitea so that template watching will open.
This PR also added more exclude testdata directories.
Lunny Xiao [Thu, 29 Dec 2022 05:50:09 +0000 (13:50 +0800)]
refactor auth interface to return error when verify failure (#22119) (#22259)
backport #22119
This PR changed the Auth interface signature from `Verify(http
*http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) *user_model.User`
to
`Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess
SessionStore) (*user_model.User, error)`.
There is a new return argument `error` which means the verification
condition matched but verify process failed, we should stop the auth
process.
Before this PR, when return a `nil` user, we don't know the reason why
it returned `nil`. If the match condition is not satisfied or it
verified failure? For these two different results, we should have
different handler. If the match condition is not satisfied, we should
try next auth method and if there is no more auth method, it's an
anonymous user. If the condition matched but verify failed, the auth
process should be stop and return immediately.
This will fix #20563
Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Jason Song <i@wolfogre.com>
Lunny Xiao [Tue, 27 Dec 2022 19:24:43 +0000 (03:24 +0800)]
Remove ReverseProxy authentication from the API (#22219) (#22251)
backport from #22219
Since we changed the /api/v1/ routes to disallow session authentication
we also removed their reliance on CSRF. However, we left the
ReverseProxy authentication here - but this means that POSTs to the API
are no longer protected by CSRF.
Now, ReverseProxy authentication is a kind of session authentication,
and is therefore inconsistent with the removal of session from the API.
This PR proposes that we simply remove the ReverseProxy authentication
from the API and therefore users of the API must explicitly use tokens
or basic authentication.
Replace #22077
Close #22221
Close #22077
Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
projects / gitea.git / log