zeripath [Mon, 28 Mar 2022 03:17:21 +0000 (04:17 +0100)]
Only send webhook events to active system webhooks and only deliver to active hooks (#19234)
There is a bug in the system webhooks whereby the active state is not checked when
webhooks are prepared and there is a bug that deactivating webhooks do not prevent
queued deliveries.
* Only add SystemWebhooks to the prepareWebhooks list if they are active
* At the time of delivery if the underlying webhook is not active mark it
as "delivered" but with a failed delivery so it does not get delivered.
Fix #19220
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
zeripath [Sun, 27 Mar 2022 14:40:17 +0000 (15:40 +0100)]
Touch mirrors on even on fail to update (#19217)
* Touch mirrors on even on fail to update
If a mirror fails to be synchronised it should be pushed to the bottom of the queue
of the awaiting mirrors to be synchronised. At present if there LIMIT number of
broken mirrors they can effectively prevent all other mirrors from being synchronized
as their last_updated time will remain earlier than other mirrors.
zeripath [Sun, 27 Mar 2022 09:09:56 +0000 (10:09 +0100)]
Do not include global arguments in process manager (#19226)
The git command by default adds a number of global arguments. These are not
helpful to be displayed in the process manager and so should be skipped for
default process descriptions.
zeripath [Sun, 27 Mar 2022 07:05:01 +0000 (08:05 +0100)]
Prevent intermittent failures in RepoIndexerTest (#19225)
The RepoIndexerTest is failing with considerable frequency due to a race inherrent in
its design. This PR adjust this test to avoid the reliance on waiting for the populate
repo indexer to run and forcibly adds the repo to the queue. It then flushes the queue.
It may be worth separating out the tests somewhat by testing the Index function
directly away from the queue however, this forceful method should solve the current
problem.
Abheek Dhawan [Sun, 27 Mar 2022 02:56:28 +0000 (21:56 -0500)]
Set the default branch for repositories generated from templates (#19136)
* Set the default branch for repositories generated from templates
* Allows default branch to be set through the API for repos generated from templates
* Update swagger API template
* Only set default branch to the one from the template if not specified
* Use specified default branch if it exists while generating git commits
Fix #19082
Co-authored-by: John Olheiser <john.olheiser@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
zeripath [Sat, 26 Mar 2022 21:13:04 +0000 (21:13 +0000)]
Make cron task no notice on success (#19221)
Change all cron tasks to make them no notice on success default. Instead if a user
wants notices on success they need to add NOTICE_ON_SUCCESS=true instead.
## :warning: BREAKING :warning:
This changes the cron config so that notices on success are no longer set by default
and breaks NO_SUCCESS_NOTICE settings. Instead users who want notices on success
must set NOTICE_ON_SUCCESS=true instead.
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Update custom/conf/app.example.ini
KN4CK3R [Sat, 26 Mar 2022 09:04:22 +0000 (10:04 +0100)]
Add `ContextUser` to http request context (#18798)
This PR adds a middleware which sets a ContextUser (like GetUserByParams before) in a single place which can be used by other methods. For routes which represent a repo or org the respective middlewares set the field too.
Also fix a bug in modules/context/org.go during refactoring.
Gusted [Wed, 23 Mar 2022 22:57:09 +0000 (23:57 +0100)]
Fix showing issues in your repositories (#18916)
- Make a restriction on which issues can be shown based on if you the user or team has write permission to the repository.
- Fixes a issue whereby you wouldn't see any associated issues with a specific team on a organization if you wasn't a member(fixed by zeroing the User{ID} in the options).
- Resolves #18913
MeIchthys [Wed, 23 Mar 2022 16:46:50 +0000 (12:46 -0400)]
Update issue_no_dependencies description (#19112)
To be more consistent and concise we could change the issue_no_dependencies from: `This issue currently doesn't have any dependencies. ` to `No dependencies set.` like we do for the due date and others.
zeripath [Wed, 23 Mar 2022 16:12:36 +0000 (16:12 +0000)]
Prevent redirect to Host (2) (#19175)
Unhelpfully Locations starting with `/\` will be converted by the
browser to `//` because ... well I do not fully understand. Certainly
the RFCs and MDN do not indicate that this would be expected. Providing
"compatibility" with the (mis)behaviour of a certain proprietary OS is
my suspicion. However, we clearly have to protect against this.
Therefore we should reject redirection locations that match the regular
expression: `^/[\\\\/]+`
Andrew Thornton [Wed, 23 Mar 2022 16:08:27 +0000 (16:08 +0000)]
Prevent start panic due to missing DotEscape function
Unfortunately #19169 causing a panic at startup in prod mode. This was hidden by dev
mode because the templates are compiled dynamically there. The issue is that DotEscape
is not in the original FuncMap at the time of compilation which causes a panic.
a1012112796 [Wed, 23 Mar 2022 13:40:12 +0000 (21:40 +0800)]
Fix compare link in active feeds for new branch (#19149)
When a new branch is pushed the old SHA is always listed as the empty sha and thus the compare link that is created does not work correctly.
Therefore when creating the compare link for new branches:
1. Attempt to get the parent of the first commit and use that as the basis
for the compare link.
2. If this is not possible make a comparison to the default branch
3. Finally if that is not possible simply do not show a compare link.
However, there are multiple broken compare links remaining therefore, in order for these to not break we will simply make the compare link redirect to the default branch.
Fix #19144
Signed-off-by: a1012112796 <1012112796@qq.com> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Andrew Thornton <art27@cantab.net>
zeripath [Wed, 23 Mar 2022 12:34:20 +0000 (12:34 +0000)]
Try to prevent autolinking of displaynames by email readers (#19169)
Unfortunately many email readers will (helpfully) detect url or url-like names and
automatically create links to them, even in HTML emails. This is not ideal when
usernames can have dots in them.
This PR tries to prevent this behaviour by sticking ZWJ characters between dots and
also set the meta tag to prevent format detection.
Not every email template has been changed in this way - just the activation emails but
it may be that we should be setting the above meta tag in all of our emails too.
wxiaoguang [Wed, 23 Mar 2022 01:15:54 +0000 (09:15 +0800)]
Remove the Go version in UI, add a link on Gitea Version to show config details (Go/Git version) (#19173)
This PR mainly helps maintainers to save time from asking the issue reporters to get the correct version.
There are so many reporters that have difficulty to get the correct Gitea version. Some of they just report Go version.
The Go version doesn't help debug except in very limited circumstances. Instead, there is a new link on the Gitea version, the link is for the admin/config page which shows all version information, including Gitea, Go, Git, it could help more.
Robin [Tue, 22 Mar 2022 05:50:31 +0000 (06:50 +0100)]
[docs] Enhance container selection in docker dump (#14292)
* Enhance container selection in docker dump
The problem with the previous query was, that it sometimes selected multiple containers, which make the command file with a hard to understand message. Now, use '^...$' to make sure a regex full match.
zeripath [Mon, 21 Mar 2022 08:09:42 +0000 (08:09 +0000)]
Use IterateBufferSize whilst querying repositories during adoption check (#19140)
The adoption page checks directories to see if they are repositories by querying the
db on a per user basis. This can lead to problems if a user has a large number of
repositories or putative repositories.
This PR changes the buffering to check the db in IterataeBufferSize batches instead.
Gusted [Sun, 20 Mar 2022 21:04:51 +0000 (21:04 +0000)]
Fix NPE `/repos/issues/search` when not signed in (#19154)
- Don't panic when on
`/repos/issues/search?{created,assigned,mentioned,review_requested}=true`
when client didn't pass any authentication.
- Resolves #19115
zeripath [Fri, 18 Mar 2022 14:19:02 +0000 (14:19 +0000)]
Add warning to set SENDMAIL_ARGS to -- (#19102)
Even with #17688 email addresses that contain an initial `-` may still be present in the db and it may in future still be possible to imagine a situation whereby initial `-` are repermitted.
This PR simply updates the documentation to warn users to set their SENDMAIL_ARGS with a terminal `--` to prevent this possibility email addresses being interpreted as options.
zeripath [Fri, 18 Mar 2022 09:57:07 +0000 (09:57 +0000)]
Do not send activation email if manual confirm is set (#19119)
If the mailer is configured then even if Manual confirm is set an activation email
is still being sent because `handleUserCreated` is not checking for this case.
Fix #17263
Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Store the foreign ID of issues during migration (#18446)
Storing the foreign identifier of an imported issue in the database is a prerequisite to implement idempotent migrations or mirror for issues. It is a baby step towards mirroring that introduces a new table.
At the moment when an issue is created by the Gitea uploader, it fails if the issue already exists. The Gitea uploader could be modified so that, instead of failing, it looks up the database to find an existing issue. And if it does it would update the issue instead of creating a new one. However this is not currently possible because an information is missing from the database: the foreign identifier that uniquely represents the issue being migrated is not persisted. With this change, the foreign identifier is stored in the database and the Gitea uploader will then be able to run a query to figure out if a given issue being imported already exists.
The implementation of mirroring for issues, pull requests, releases, etc. can be done in three steps:
1. Store an identifier for the element being mirrored (issue, pull request...) in the database (this is the purpose of these changes)
2. Modify the Gitea uploader to be able to update an existing repository with all it contains (issues, pull request...) instead of failing if it exists
3. Optimize the Gitea uploader to speed up the updates, when possible.
The second step creates code that does not yet exist to enable idempotent migrations with the Gitea uploader. When a migration is done for the first time, the behavior is not changed. But when a migration is done for a repository that already exists, this new code is used to update it.
The third step can use the code created in the second step to optimize and speed up migrations. For instance, when a migration is resumed, an issue that has an update time that is not more recent can be skipped and only newly created issues or updated ones will be updated. Another example of optimization could be that a webhook notifies Gitea when an issue is updated. The code triggered by the webhook would download only this issue and call the code created in the second step to update the issue, as if it was in the process of an idempotent migration.
The ForeignReferences table is added to contain local and foreign ID pairs relative to a given repository. It can later be used for pull requests and other artifacts that can be mirrored. Although the foreign id could be added as a single field in issues or pull requests, it would need to be added to all tables that represent something that can be mirrored. Creating a new table makes for a simpler and more generic design. The drawback is that it requires an extra lookup to obtain the information. However, this extra information is only required during migration or mirroring and does not impact the way Gitea currently works.
The foreign identifier of an issue or pull request is similar to the identifier of an external user, which is stored in reactions, issues, etc. as OriginalPosterID and so on. The representation of a user is however different and the ability of users to link their account to an external user at a later time is also a logic that is different from what is involved in mirroring or migrations. For these reasons, despite some commonalities, it is unclear at this time how the two tables (foreign reference and external user) could be merged together.
The ForeignID field is extracted from the issue migration context so that it can be dumped in files with dump-repo and later restored via restore-repo.
The GetAllComments downloader method is introduced to simplify the implementation and not overload the Context for the purpose of pagination. It also clarifies in which context the comments are paginated and in which context they are not.
The Context interface is no longer useful for the purpose of retrieving the LocalID and ForeignID since they are now both available from the PullRequest and Issue struct. The Reviewable and Commentable interfaces replace and serve the same purpose.
The Context data member of PullRequest and Issue becomes a DownloaderContext to clarify that its purpose is not to support in memory operations while the current downloader is acting but is not otherwise persisted. It is, for instance, used by the GitLab downloader to store the IsMergeRequest boolean and sort out issues.
silverwind [Wed, 16 Mar 2022 02:50:26 +0000 (03:50 +0100)]
Use `go run` for tool dependencies, require go 1.17 (#18874)
This ensures the tools only run in the versions we've tested and it also
does not polute PATH with those tools so they are truly isolated. This
syntax of `go run` requires go 1.17, so the minimum version is set
accordingly.
Gusted [Wed, 16 Mar 2022 01:59:53 +0000 (01:59 +0000)]
Update golang.org/x/crypto (#19097)
* Update golang.org/x/crypto
- Update dependency to include fix for CVE.
- See https://groups.google.com/g/golang-announce/c/-cp44ypCT5s/m/wmegxkLiAQAJ?utm_medium=email&utm_source=footer
zeripath [Thu, 10 Mar 2022 20:23:15 +0000 (20:23 +0000)]
If rendering has failed due to a net.OpError stop rendering (attempt 2) (#19049)
Unfortunately #18642 does not work because a `*net.OpError` does not implement
the `Is` interface to make `errors.Is` work correctly - thus leading to the
irritating conclusion that a `*net.OpError` is not a `*net.OpError`.
Here we keep the `errors.Is` because presumably this will be fixed at
some point in the golang main source code but also we add a simply type
cast to also check.
Norwin [Tue, 8 Mar 2022 21:48:47 +0000 (22:48 +0100)]
Allow users to self-request a PR review (#19030)
The review request feature was added in https://github.com/go-gitea/gitea/pull/10756,
where the doer got explicitly excluded from available reviewers. I don't see a
functionality or security related reason to forbid this case.
As shown by GitHubs implementation, it may be useful to self-request a review,
to be reminded oneselves about reviewing, while communicating to team mates that a
review is missing.
singuliere [Sun, 6 Mar 2022 19:00:41 +0000 (20:00 +0100)]
Add Index to comment for migrations and mirroring (#18806)
Comments have an id (see Gitea[0], GitLab[1], GitHub[2], etc.), and the
comment migration format must represent it during migrations so that
it can be used during mirroring or incremental migrations.
projects / gitea.git / log