]> source.dussan.org Git - gitea.git/log
gitea.git
2 years agoMake NuGet service index publicly accessible (#21242) (#21277)
KN4CK3R [Sat, 8 Oct 2022 15:23:41 +0000 (17:23 +0200)]
Make NuGet service index publicly accessible (#21242) (#21277)

Backport of #21242

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2 years agoParse OAuth Authorization header when request omits client secret (#21351) (#21374)
M Hickford [Sat, 8 Oct 2022 08:53:17 +0000 (09:53 +0100)]
Parse OAuth Authorization header when request omits client secret (#21351) (#21374)

Backport #21351

This fixes error "unauthorized_client: invalid client secret" when
client includes secret in Authorization header rather than request body.
OAuth spec permits both:
https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1

Clients in possession of a client password MAY use the HTTP Basic
authentication scheme ... Alternatively, the authorization server MAY
support including the client credentials in the request-body

Sanity validation that client id and client secret in request are
consistent with Authorization header.

Improve error descriptions. Error codes remain the same.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoIgnore port for OAuth2 loopback redirect URIs (#21293) (#21373)
M Hickford [Sat, 8 Oct 2022 01:52:35 +0000 (02:52 +0100)]
Ignore port for OAuth2 loopback redirect URIs (#21293) (#21373)

Backport #21293

Following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3

Fixes #21285

2 years agoTag list should include draft releases with existing tags (#21263) (#21365)
Jason Song [Fri, 7 Oct 2022 10:59:42 +0000 (18:59 +0800)]
Tag list should include draft releases with existing tags (#21263) (#21365)

Backport #21263.

Before, a tag for a draft release disappeared in the tag list, fix #21262.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoFix linked account translation (#21331) (#21334)
John Olheiser [Wed, 5 Oct 2022 14:25:34 +0000 (09:25 -0500)]
Fix linked account translation (#21331) (#21334)

2 years agoFix missing m.Run() in TestMain (#21341)
wxiaoguang [Wed, 5 Oct 2022 04:17:16 +0000 (12:17 +0800)]
Fix missing m.Run() in TestMain (#21341)

Backport #21340, add the missing m.Run()

2 years agoForeign ID conflicts if ID is 0 for each item (#21271) (#21272)
techknowlogick [Sun, 2 Oct 2022 21:43:30 +0000 (17:43 -0400)]
Foreign ID conflicts if ID is 0 for each item (#21271) (#21272)

The default is 0 if not defined, and that causes dupe index errors

Backport of #21271

2 years agoUpdate bluemonday (#21281) (#21287)
6543 [Wed, 28 Sep 2022 14:15:22 +0000 (16:15 +0200)]
Update bluemonday (#21281) (#21287)

Backport #21281

https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.20

Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoFix empty container layer history and UI (#21251) (#21278)
KN4CK3R [Tue, 27 Sep 2022 15:10:19 +0000 (17:10 +0200)]
Fix empty container layer history and UI (#21251) (#21278)

Backport of #21251

2 years agoUse absolute links in feeds (#21229) (#21265)
KN4CK3R [Mon, 26 Sep 2022 17:49:22 +0000 (19:49 +0200)]
Use absolute links in feeds (#21229) (#21265)

Backport of #21229

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years ago Use en-US as fallback when using other default language (#21200) (#21256)
wxiaoguang [Sun, 25 Sep 2022 14:14:57 +0000 (22:14 +0800)]
 Use en-US as fallback when using other default language (#21200) (#21256)

Only en-US has complete translations. When use other language as
default, the en-US should still be used as fallback.

Backport #21200, Close #21199

2 years ago Make Clone in VSCode link get updated correctly (#21225) (#21226)
wxiaoguang [Fri, 23 Sep 2022 04:10:26 +0000 (12:10 +0800)]
 Make Clone in VSCode link get updated correctly (#21225) (#21226)

Backport #21225, fix for #21128 (also in 1.17.3), close #21224

The indent was incorrect before, so this PR did some formatting work.

Bypass Golang's template bug for JS string interpolation. And since
there are JS lint rules for templates, so the string interpolation is
also a must.

2 years agoRespect `REQUIRE_SIGNIN_VIEW` for packages (#20873) (#21232)
KN4CK3R [Fri, 23 Sep 2022 03:25:53 +0000 (05:25 +0200)]
Respect `REQUIRE_SIGNIN_VIEW` for packages (#20873) (#21232)

Backport of #20873

When REQUIRE_SIGNIN_VIEW = true, even with public repositories, you can only see them after you login. The packages should not be accessed without login.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoPrevent invalid behavior for file reviewing when loading more files (#21230) (#21234)
delvh [Fri, 23 Sep 2022 00:45:51 +0000 (02:45 +0200)]
Prevent invalid behavior for file reviewing when loading more files (#21230) (#21234)

Backport of #21230

The problem was that many PR review components loaded by `Show more`
received the same ID as previous batches, which confuses browsers (when
clicked). All such occurrences should now be fixed.

Additionally improved the background of the `viewed` checkbox.

Fixes #21228.
Fixes #20681.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoUse Go 1.19 fmt for Gitea 1.17, sync emoji data (#21239)
wxiaoguang [Thu, 22 Sep 2022 13:58:31 +0000 (21:58 +0800)]
Use Go 1.19 fmt for Gitea 1.17, sync emoji data (#21239)

The images used by Gitea's drone pipeline were upgraded to Go 1.19.x
It causes the lint fails because Go 1.19 uses new code format.

This PR partially backport #20758 (including the emoji-data sync),
partially fix the format manually.

2 years agoTreat git object mode 40755 as directory (#21195) (#21218)
wxiaoguang [Tue, 20 Sep 2022 16:40:23 +0000 (00:40 +0800)]
Treat git object mode 40755 as directory (#21195) (#21218)

Backport #21195

Git uses 040000 for tree object, but some users may get 040755 for
unknown reasons, fix #21190

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoMake the vscode clone link respect transport protocol (#20557) (#21128)
Abdul Monim [Tue, 20 Sep 2022 14:01:24 +0000 (20:01 +0600)]
Make the vscode clone link respect transport protocol (#20557) (#21128)

Backports #20557

Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: Munim Munna <6266677+monim67@users.noreply.github.com>
2 years agoAllow uppercase ASCII alphabet in PyPI package names (#21095) (#21217)
KN4CK3R [Tue, 20 Sep 2022 09:37:24 +0000 (11:37 +0200)]
Allow uppercase ASCII alphabet in PyPI package names (#21095) (#21217)

Backport of #21095

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix limited user cannot view himself's profile (#21212)
Lunny Xiao [Tue, 20 Sep 2022 08:00:46 +0000 (16:00 +0800)]
Fix limited user cannot view himself's profile (#21212)

backport #21210, fix #21206

If user and viewer are equal the method should return true.
Also the common organization check was wrong as count can never be less then 0.

Tests are on main branch.

2 years agoFix template bug of admin monitor (#21209)
Lunny Xiao [Tue, 20 Sep 2022 00:15:08 +0000 (08:15 +0800)]
Fix template bug of admin monitor (#21209)

backport #21208

2 years agoFix reaction of issues (#21185) (#21196)
Jason Song [Sun, 18 Sep 2022 04:04:09 +0000 (12:04 +0800)]
Fix reaction of issues (#21185) (#21196)

Backport #21185.

Fix #20860.

`CommentID` in `FindReactionsOptions` should be -1 to search reactions
with zero comment id.

https://github.com/go-gitea/gitea/blob/8351172b6e5221290dc5b2c81e159e2eec0b43c8/models/issues/reaction.go#L108-L121

Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoFix CSV diff for added/deleted files (#21189) (#21193)
wxiaoguang [Sat, 17 Sep 2022 10:53:04 +0000 (18:53 +0800)]
Fix CSV diff for added/deleted files (#21189) (#21193)

Backport #21189
Fixes #21184
Regression of #19552

Instead of using `GetBlobByPath`, use the already existing instances.

2 years agoFix pagination limit parameter problem (#21111)
Tyrone Yeh [Thu, 8 Sep 2022 12:00:42 +0000 (20:00 +0800)]
Fix pagination limit parameter problem (#21111)

backport #21109

Co-authored-by: 6543 <6543@obermui.de>
2 years agoAdd MD5 back to template helper functions to avoid breaking (#21102)
wxiaoguang [Wed, 7 Sep 2022 11:30:52 +0000 (19:30 +0800)]
Add MD5 back to template helper functions to avoid breaking (#21102)

In #20932 the MD5 helper function was removed from template context,
it breaks user's customized templates.

This PR adds the MD5 helper function back.

2 years agoAdd changelog for v1.17.2 (#21089) v1.17.2
Lunny Xiao [Tue, 6 Sep 2022 21:32:20 +0000 (05:32 +0800)]
Add changelog for v1.17.2 (#21089)

Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoFix sub folder in repository missing add file dropdown (#21069) (#21083)
Tyrone Yeh [Tue, 6 Sep 2022 08:42:05 +0000 (16:42 +0800)]
Fix sub folder in repository missing add file dropdown (#21069) (#21083)

Backport #21069

In repository sub folder missing add file dropdown menu, Probably broken since #20602

2 years agoFix hard-coded timeout and error panic in API archive download endpoint (#20925)...
zeripath [Tue, 6 Sep 2022 06:54:47 +0000 (07:54 +0100)]
Fix hard-coded timeout and error panic in API archive download endpoint (#20925) (#21051)

Backport #20925

This commit updates the `GET /api/v1/repos/{owner}/{repo}/archive/{archive}`
endpoint which prior to this PR had a couple of issues.

1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
   which a 500 (Internal Server Error) was returned to client. For a scripted
   API client there was no clear way of telling that the operation timed out and
   that it should retry.

2. Whenever the timeout _did occur_, the code used to panic. This was caused by
   the API endpoint "delegating" to the same call path as the web, which uses a
   slightly different way of reporting errors (HTML rather than JSON for
   example).

   More specifically, `api/v1/repo/file.go#GetArchive` just called through to
   `web/repo/repo.go#Download`, which expects the `Context` to have a `Render`
   field set, but which is `nil` for API calls. Hence, a `nil` pointer error.

The code addresses (1) by dropping the hard-coded timeout. Instead, any
timeout/cancelation on the incoming `Context` is used.

The code addresses (2) by updating the API endpoint to use a separate call path
for the API-triggered archive download. This avoids producing HTML-errors on
errors (it now produces JSON errors).

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix delete user missed some comments (#21067) (#21068)
Lunny Xiao [Mon, 5 Sep 2022 22:48:57 +0000 (06:48 +0800)]
Fix delete user missed some comments (#21067) (#21068)

2 years agoDelete unreferenced packages when deleting a package version (#20977) (#21060)
zeripath [Sun, 4 Sep 2022 16:17:48 +0000 (17:17 +0100)]
Delete unreferenced packages when deleting a package version (#20977) (#21060)

Backport #20977

Delete a package if its last version got deleted. Otherwise removing the owner works only after the clean up job ran.

Fix #20969

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoRedirect if user does not exist on admin pages (#20981) (#21059)
zeripath [Sun, 4 Sep 2022 16:17:35 +0000 (17:17 +0100)]
Redirect if user does not exist on admin pages (#20981) (#21059)

Backport #20981

When on /admin/users/ endpoints if the user is no longer in the DB,
redirect instead of causing a http 500.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoSet uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (...
zeripath [Sun, 4 Sep 2022 16:17:27 +0000 (17:17 +0100)]
Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902) (#21058)

Backport #20902

When setting.Git.DisablePartialClone is set to false then the web server will add filter support to web http. It does this by using`-c` command arguments but this will not work on gitea serv as the upload-pack and receive-pack commands do not support this.

Instead we move these options into the .gitconfig instead.

Fix #20400

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix 500 on time in timeline API (#21052) (#21057)
qwerty287 [Sun, 4 Sep 2022 15:12:37 +0000 (17:12 +0200)]
Fix 500 on time in timeline API (#21052) (#21057)

Backport #21052

Before converting a TrackedTime for the API we need to load its attributes - otherwise we get an NPE.

Fix #21041

2 years agoFill the specified ref in webhook test payload (#20961) (#21055)
Jason Song [Sun, 4 Sep 2022 15:12:01 +0000 (23:12 +0800)]
Fill the specified ref in webhook test payload (#20961) (#21055)

Backport #20961

The webhook payload should use the right ref when it‘s specified in the testing request.

The compare URL should not be empty, a URL like `compare/A...A` seems useless in most cases but is helpful when testing.

2 years agoAdd another index for Action table on postgres (#21033) (#21054)
zeripath [Sun, 4 Sep 2022 15:11:02 +0000 (16:11 +0100)]
Add another index for Action table on postgres (#21033) (#21054)

Backport #21033

In #21031 we have discovered that on very big tables postgres will use a
search involving the sort term in preference to the restrictive index.

Therefore we add another index for postgres and update the original migration.

Fix #21031

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agofix broken insecureskipverify handling in rediss connection uris (#20967) (#21053)
zeripath [Sun, 4 Sep 2022 13:59:20 +0000 (14:59 +0100)]
fix broken insecureskipverify handling in rediss connection uris (#20967) (#21053)

Backport #20967

Currently, it's impossible to connect to self-signed TLS encrypted redis instances. The problem lies in inproper error handling, when building redis tls options - only invalid booleans are allowed to be used in `tlsConfig` builder. The problem is, when `strconv.ParseBool(...)` returns error, it always defaults to false - meaning it's impossible to set `tlsOptions.InsecureSkipVerify` to true.

Fixes #19213

Co-authored-by: Igor Rzegocki <ajgon@users.noreply.github.com>
2 years agoAdd more checks in migration code (#21011) (#21050)
zeripath [Sun, 4 Sep 2022 13:41:21 +0000 (14:41 +0100)]
Add more checks in migration code (#21011) (#21050)

Backport #21011

When migrating add several more important sanity checks:

* SHAs must be SHAs
* Refs must be valid Refs
* URLs must be reasonable

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoAdd Dev, Peer and Optional dependencies to npm PackageMetadataVersion (#21017) (...
José Carlos [Sat, 3 Sep 2022 19:11:03 +0000 (21:11 +0200)]
Add Dev, Peer and Optional dependencies to npm PackageMetadataVersion (#21017) (#21044)

Backport #21017

Set DevDependencies, PeerDependencies & OptionalDependencies in npm package metadatas

Fix https://github.com/go-gitea/gitea/issues/21013

2 years agoImprove arc-green code theme (#21039) (#21042)
silverwind [Sat, 3 Sep 2022 17:51:09 +0000 (19:51 +0200)]
Improve arc-green code theme (#21039) (#21042)

Backport #21039

- Increase contrasts overall
- Add various missing theme classes
- Ensure strings and constants are colored the same across languages

2 years agoAdd down key check has tribute container (#21016) (#21038)
Tyrone Yeh [Sat, 3 Sep 2022 13:36:27 +0000 (21:36 +0800)]
Add down key check has tribute container (#21016) (#21038)

Backport #21016

Fixes an issue where users would not be able to select by pressing the down arrow when using @TAG above a message

Bug videos:

https://user-images.githubusercontent.com/1255041/188095999-c4ccde18-e53b-4251-8a14-d90c4042d768.mp4

2 years agoDo not add links to Posters or Assignees with ID < 0 (#20577) (#21037)
zeripath [Sat, 3 Sep 2022 12:51:10 +0000 (13:51 +0100)]
Do not add links to Posters or Assignees with ID < 0 (#20577) (#21037)

Backport #20577

There are several places in templates/repo/issue/view_content/comments.tmpl where links are made to Posters or Assignees who are Ghosts or have IDs <0.

Fix #20559

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix modified due date message (#20388) (#21032)
Lucas Azevedo [Fri, 2 Sep 2022 19:18:34 +0000 (16:18 -0300)]
Fix modified due date message (#20388) (#21032)

Backport #20388

2 years agoFix missed sort bug (#21006)
Lunny Xiao [Wed, 31 Aug 2022 15:40:29 +0000 (23:40 +0800)]
Fix missed sort bug (#21006)

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2 years agoFix input.value attr for RequiredClaimName/Value (#20946) (#21001)
John Olheiser [Wed, 31 Aug 2022 14:57:03 +0000 (09:57 -0500)]
Fix input.value attr for RequiredClaimName/Value (#20946) (#21001)

Values set for RequiredClaimName and RequiredClaimValue do not show up on UI.
Fix typo `values` to `value`.

Co-authored-by: soumyadey <soumya.dey@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agofix: remove redundant if (#20997)
Jason Song [Tue, 30 Aug 2022 21:16:33 +0000 (05:16 +0800)]
fix: remove redundant if (#20997)

2 years agoTranslations for repo buttons (#20834)
John Olheiser [Mon, 29 Aug 2022 14:37:53 +0000 (09:37 -0500)]
Translations for repo buttons (#20834)

* Translations

Signed-off-by: jolheiser <john.olheiser@gmail.com>
* Update locale_de-DE.ini

* Update locales

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2 years agoFix download archiver of a commit (#20962) (#20971)
Lunny Xiao [Sun, 28 Aug 2022 11:29:34 +0000 (19:29 +0800)]
Fix download archiver of a commit (#20962) (#20971)

2 years agoChange review buttons to icons to make space for text (#20934) (#20978)
silverwind [Sat, 27 Aug 2022 20:52:00 +0000 (22:52 +0200)]
Change review buttons to icons to make space for text (#20934) (#20978)

The layout on the review code view was broken depending on length of the text. Change all three buttons to icons with tooltip to make more space for these long texts.

Fixes: #20922
2 years agoEnable contenthash in filename for dynamic assets (#20813) (#20932)
silverwind [Thu, 25 Aug 2022 06:16:20 +0000 (08:16 +0200)]
Enable contenthash in filename for dynamic assets (#20813) (#20932)

This should solve the main problem of dynamic assets getting stale after
a version upgrade. Everything not affected will use query-string based
cache busting, which includes files loaded via HTML or worker scripts.

2 years agoReturn 404 NotFound if requested attachment does not exist (#20886) (#20941)
zeripath [Thu, 25 Aug 2022 03:30:41 +0000 (04:30 +0100)]
Return 404 NotFound if requested attachment does not exist (#20886) (#20941)

Backport #20886

Add code to test if GetAttachmentByID returns an ErrAttachmentNotExist error
and return NotFound instead of InternalServerError

Fix #20884

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoDisable doctor logging on panic (#20847) (#20898)
zeripath [Wed, 24 Aug 2022 14:04:41 +0000 (15:04 +0100)]
Disable doctor logging on panic (#20847) (#20898)

Backport #20847

If permissions are incorrect for writing to the doctor log simply disable the log file
instead of panicing.

Related #20570

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
2 years agoSet no-tags in git fetch on compare (#20893) (#20936)
zeripath [Tue, 23 Aug 2022 20:42:55 +0000 (21:42 +0100)]
Set no-tags in git fetch on compare (#20893) (#20936)

Backport #20893

In the compare endpoint the git fetch is restricted to a certain branch however,
this does not completely prevent tag acquisition/pollution as git fetch will collect
any tags on that branch.

This causes pollution of the tag namespace and could cause confusion by users.

This PR adds `--no-tags` to the `git fetch` call.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoIn PushMirrorsIterate and MirrorsIterate if limit is negative do not set it (#20837...
zeripath [Tue, 23 Aug 2022 16:38:52 +0000 (17:38 +0100)]
In PushMirrorsIterate and MirrorsIterate if limit is negative do not set it (#20837) (#20899)

Backport #20837

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoFix mirror address setting not working (#20850) (#20904)
zeripath [Tue, 23 Aug 2022 14:14:02 +0000 (15:14 +0100)]
Fix mirror address setting not working (#20850) (#20904)

Backport #20850

This patch fixes the issue that the mirror address field is ignored from the repo setting form.

Co-authored-by: Gary Wang <wzc782970009@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoAllow multiple metadata files for Maven packages (#20674) (#20916)
KN4CK3R [Tue, 23 Aug 2022 02:00:58 +0000 (04:00 +0200)]
Allow multiple metadata files for Maven packages (#20674) (#20916)

* Allow file overwrite for meta files.

* Added tests.

* lint

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years ago Don't open new page for ext wiki on same repository (#20725) (#20910)
Gusted [Mon, 22 Aug 2022 23:58:11 +0000 (01:58 +0200)]
 Don't open new page for ext wiki on same repository (#20725) (#20910)

* Don't open new page for ext wiki on same repository (#20725)

- Backport of #20725
  - When the external wiki has been set to a file on the repository, don't open the page on a tab.
  - Resolves #20657

* Gofmt

* Fix line

Co-authored-by: zeripath <art27@cantab.net>
2 years agoPad GPG Key ID with preceding zeroes (#20878) (#20885)
zeripath [Mon, 22 Aug 2022 18:35:18 +0000 (19:35 +0100)]
Pad GPG Key ID with preceding zeroes (#20878) (#20885)

Backport #20878

The go crypto library does not pad keyIDs to 16 characters with preceding zeroes. This
is a somewhat confusing thing for most users who expect these to have preceding zeroes.

This PR prefixes any sub 16 length KeyID with preceding zeroes and removes preceding
zeroes from KeyIDs inputted on the API.

Fix #20876

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoIncrease Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) (#20911)
zeripath [Mon, 22 Aug 2022 14:17:21 +0000 (15:17 +0100)]
Increase Content field size of gpg_key and public_key to MEDIUMTEXT (#20896) (#20911)

Backport #20896

Unfortunately some keys are too big to fix within the 65535 limit of TEXT on MySQL
this causes issues with these large keys.

Therefore increase these fields to MEDIUMTEXT.

Unfortunately the migration in #20896 cannot be backported to 1.17 so
affected users will have to use `gitea doctor recreate-table gpg_key public_key`

Fix #20894

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix push mirror address backend get error Address cause setting page display error...
zeripath [Mon, 22 Aug 2022 06:14:48 +0000 (07:14 +0100)]
Fix push mirror address backend get error Address cause setting page display error (#20593) (#20901)

2 years agoFix panic when an invalid oauth2 name is passed (#20820) (#20900)
zeripath [Mon, 22 Aug 2022 03:23:48 +0000 (04:23 +0100)]
Fix panic when an invalid oauth2 name is passed (#20820) (#20900)

2 years agoRemove calls to load Mirrors in user.Dashboard (#20855) (#20897)
zeripath [Mon, 22 Aug 2022 01:46:56 +0000 (02:46 +0100)]
Remove calls to load Mirrors in user.Dashboard (#20855) (#20897)

Backport #20855

Whilst looking at #20840 I noticed that the Mirrors data doesn't appear
to be being used therefore we can remove this and in fact none of the
related code is used elsewhere so it can also be removed.

Related #20840
Related #20804

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix SQL Query for `SearchTeam` (#20844) (#20872)
Gusted [Sun, 21 Aug 2022 18:31:51 +0000 (20:31 +0200)]
Fix SQL Query for `SearchTeam` (#20844) (#20872)

Backport #20844

Currently the function takes in the UserID option, but isn't being used within the SQL query. This patch fixes that by checking that only teams are being returned that the user belongs to.

Fix  #20829

2 years agoUpdate codemirror to 5.65.8 (#20875)
silverwind [Sun, 21 Aug 2022 16:25:46 +0000 (18:25 +0200)]
Update codemirror to 5.65.8 (#20875)

Includes fix for https://github.com/codemirror/codemirror5/issues/6893.

2 years agoDouble check CloneURL is acceptable (#20869) (#20892)
zeripath [Sun, 21 Aug 2022 14:42:48 +0000 (15:42 +0100)]
Double check CloneURL is acceptable (#20869) (#20892)

Backport #20869

Some Migration Downloaders provide re-writing of CloneURLs that may point to
unallowed urls. Recheck after the CloneURL is rewritten.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoEnsure that graceful start-up is informed of unused SSH listener (#20877)
JonRB [Sun, 21 Aug 2022 12:18:22 +0000 (13:18 +0100)]
Ensure that graceful start-up is informed of unused SSH listener (#20877)

The graceful manager waits for 4 listeners to be created or to be told that they are not needed. If it is not told about them it will indefinitely and timeout.

This leads to SVC hosts not being told of being in the readyState but on Unix would lead to the termination of the process.

There was an unfortunate regression in #20299 which missed this subtly and in the case whereby SSH is disabled the `builtinUnused()` is not called.

This PR adds a call to `builtinUnused()` when not using the builtin ssh to allow `createServerWaitGroup.Done()` to be called.

In addition it was noted that the if/else clauses for timeout informing of the SVC host were in the wrong order. These have been swapped.

Fix #20609

2 years agoRework repo buttons (#20602, #20718) (#20719)
silverwind [Sat, 20 Aug 2022 14:49:16 +0000 (16:49 +0200)]
Rework repo buttons (#20602, #20718) (#20719)

* Rework repo buttons (#20602)

* Rework repo buttons

- Replace "New PR" and "Go to File" button with Icon Button
- Move all "Add File" actions into a dropdown button
- Remove most custom styling of clone buttons
- Margin and wiki tweaks

Buttons are now all equal height, mobile layout wraps gracefully.

Fixes: https://github.com/go-gitea/gitea/issues/13671
Replaces: https://github.com/go-gitea/gitea/pull/20375

* Restore history button and hide add button when unable to add (#20718)

Fix two regressions from #20602:

- Restore the 'History' button that was previously unable to render
  because it's show condition was never hit
- Hide the 'Add File' button when there would be no items in the
  dropdown.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoFix the mode of custom dir to 0700 in docker-rootless (#20861) (#20867)
wxiaoguang [Sat, 20 Aug 2022 03:54:12 +0000 (11:54 +0800)]
Fix the mode of custom dir to 0700 in docker-rootless (#20861) (#20867)

2 years agoFix UI mis-align for PR commit history (#20845) (#20859)
wxiaoguang [Fri, 19 Aug 2022 08:54:33 +0000 (16:54 +0800)]
Fix UI mis-align for PR commit history (#20845) (#20859)

2 years agoupdate changelog v1.17.1
techknowlogick [Thu, 18 Aug 2022 19:34:24 +0000 (15:34 -0400)]
update changelog

2 years agoPrevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate...
zeripath [Thu, 18 Aug 2022 18:55:34 +0000 (19:55 +0100)]
Prevent 500 is head repo does not have PullRequest unit in IsUserAllowedToUpdate (#20839) (#20848)

Backport #20621

Some repositories do not have the PullRequest unit present in their configuration
and unfortunately the way that IsUserAllowedToUpdate currently works assumes
that this is an error instead of just returning false.

This PR simply swallows this error allowing the function to return false.

Fix #20621

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix owners cannot create organization repos bug (#20841) (#20854)
zeripath [Thu, 18 Aug 2022 18:54:48 +0000 (19:54 +0100)]
Fix owners cannot create organization repos bug (#20841) (#20854)

Backport #20841

* Fix owners cannot create organization repos bug

* Fix api

* Update routers/api/v1/org/team.go

Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2 years agoChangelog 1.17.1 (#20833)
zeripath [Thu, 18 Aug 2022 18:52:04 +0000 (19:52 +0100)]
Changelog 1.17.1 (#20833)

* Changelog 1.17.1

 ## [1.17.1](https://github.com/go-gitea/gitea/releases/tag/1.17.1) - 2022-08-17

* SECURITY
  * Correctly escape within tribute.js (#20831) (#20832)
* FEATURES
  * Add support for NuGet API keys (#20721) (#20734)
* ENHANCEMENTS
  * Display project in issue list (#20583)
  * Add disable download source configuration (#20548) (#20579)
* BUGFIXES
  * Use the total issue count for UI (#20785) (#20827)
  * Add proxy host into allow list (#20798) (#20819)
  * Add missing translation for queue flush workers (#20791) (#20792)
  * Improve comment header for mobile (#20781) (#20789)
  * Fix git.Init for doctor sub-command (#20782) (#20783)
  * Check webhooks slice length before calling xorm (#20642) (#20768)
  * Remove manual rollback for failed generated repositories (#20639) (#20762)
  * Use correct field name in npm template (#20675) (#20760)
  * Keep download count on Container tag overwrite (#20728) (#20735)
  * Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
  * Use request timeout for git service rpc (#20689) (#20693)
  * Send correct NuGet status codes (#20647) (#20677)
  * Use correct context to get package content (#20673) (#20676)
  * Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)
  * Add default commit messages to PR for squash merge (#20618) (#20645)
  * Fix package upload for files >32mb (#20622) (#20635)
  * Fix the new-line copy-paste for rendered code (#20612)
  * Clean up and fix clone button script (#20415 & #20600) (#20599)
  *  Fix default merge style (#20564) (#20565)
  * Add repository condition for issue count (#20454) (#20496)
* MISC
  * Make branch icon stand out more (#20726) (#20774)
  * Fix loading button with invalid form (#20754) (#20759)
  * Add username check to doctor (#20140) (#20671)
  * Enable Wire 2 for Internal SSH Server (#20616) (#20617)
  *  Fix SecToTime edge-cases (#20610) (#20611)

Signed-off-by: Andrew Thornton <art27@cantab.net>
* Apply suggestions from code review

Co-authored-by: John Olheiser <john+github@jolheiser.com>
* Update CHANGELOG.md

Co-authored-by: delvh <dev.lh@web.de>
* Update CHANGELOG.md

* Update CHANGELOG.md

* update changelog

* Update CHANGELOG.md

Co-authored-by: John Olheiser <john+github@jolheiser.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoCheck Mirror exists before linking its Repo (#20840) (#20842)
Lunny Xiao [Thu, 18 Aug 2022 08:57:40 +0000 (16:57 +0800)]
Check Mirror exists before linking its Repo (#20840) (#20842)

In MirrorRepositoryList.loadAttributes there is some code to load the Mirror entries
from the database. This assumes that every Repository which has IsMirror set has
a Mirror associated in the DB. This association is incorrect in the case of
Mirror repository under creation when there is no Mirror entry in the DB until
completion.

Unfortunately LoadAttributes makes this incorrect assumption and presumes that a
Mirror will always be loaded. This then causes a panic.

This PR simply double checks if there a Mirror before attempting to link back to
its Repo. Unfortunately it should be expected that there may be other cases where
this incorrect assumption causes further problems.

Fix #20804

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoAdd migrate repo archiver and packages storage support on command line (#20757) ...
Lunny Xiao [Thu, 18 Aug 2022 01:27:56 +0000 (09:27 +0800)]
Add migrate repo archiver and packages storage support on command line (#20757) (#20806)

* Add migrate repo archiver and packages storage support on command line (#20757)

* Add migrate repo archiver and packages storage support on command line

* Fix typo

* Use stdCtx

* Use packageblob and fix command description

* Add migrate packages unit tests

* Fix comment year

* Fix the migrate storage command line description

* Update cmd/migrate_storage.go

Co-authored-by: zeripath <art27@cantab.net>
* Update cmd/migrate_storage.go

Co-authored-by: zeripath <art27@cantab.net>
* Update cmd/migrate_storage.go

Co-authored-by: zeripath <art27@cantab.net>
* Fix test

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
* bug fix

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoCheck issue labels slice length before calling xorm Insert(#20655) (#20836)
zeripath [Wed, 17 Aug 2022 22:36:56 +0000 (23:36 +0100)]
Check issue labels slice length before calling xorm Insert(#20655) (#20836)

Backport #20655

Fix #20654

Co-authored-by: Gabriel Vasile <gabriel.vasile@email.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoExecutable check always returns true for windows (#20637) (#20835)
zeripath [Wed, 17 Aug 2022 22:34:29 +0000 (23:34 +0100)]
Executable check always returns true for windows (#20637) (#20835)

Backport #20637

Windows doesn't have the concept of "executable" POSIX bits so for now always return true to minimise doctor and logging noise. Addresses #20636

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: JonRB <4564448+eeyrjmr@users.noreply.github.com>
Co-authored-by: silverwind <me@silverwind.io>
2 years agoCorrectly escape within tribute.js (#20831) (#20832)
zeripath [Wed, 17 Aug 2022 20:09:28 +0000 (21:09 +0100)]
Correctly escape within tribute.js (#20831) (#20832)

Backport #20831

When writing html in tribute.js ensure that strings are properly escaped.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoUse the total issue count for UI (#20785) (#20827)
parnic [Wed, 17 Aug 2022 17:25:07 +0000 (12:25 -0500)]
Use the total issue count for UI (#20785) (#20827)

Backport #20785

This fixes a problem where the "All" line item on the Issues or Pull Requests page was only showing the count of the selected repos instead of the total of all issues/prs in all repos.

The "total number of shown issues" number is now stashed in a different context variable in case it wants to be used by the frontend later. It's currently not being used.

Fixes #20574

2 years agofix merge (#20819)
Lunny Xiao [Wed, 17 Aug 2022 15:33:26 +0000 (23:33 +0800)]
fix merge (#20819)

2 years agoImprove comment header for mobile (#20781) (#20789)
Gusted [Mon, 15 Aug 2022 11:09:46 +0000 (11:09 +0000)]
Improve comment header for mobile (#20781) (#20789)

- Backport #20781
  - Since b9e8fa5 the avatar will be inlined into the comment header, so there's more room for the actual comment container(thus more text per line in the comment body). However this didn't take into consideration that the flex didn't allow any wrapping and thus was shrinking the avatar. Well this isn't a perfect solution, as you ideally all want these elements to be individually wrapped(such that comment-header-right can be on the same line as comment-header-left, which now causes a new line in certain situations). It's a better solution than the current CSS and to not mess with the desktop CSS/HTML.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoAdd missing translation for queue flush workers (#20791) (#20792)
Gusted [Sun, 14 Aug 2022 20:03:04 +0000 (20:03 +0000)]
Add missing translation for queue flush workers (#20791) (#20792)

- Backport #20791
  - Add a missing translation key and value for the flush worker indication
  - Resolves #20770

2 years agoFix git.Init for doctor sub-command (#20782) (#20783)
wxiaoguang [Sat, 13 Aug 2022 16:32:44 +0000 (00:32 +0800)]
Fix git.Init for doctor sub-command (#20782) (#20783)

2 years agoMake branch icon stand out more (#20726) (#20774)
Gusted [Fri, 12 Aug 2022 19:38:17 +0000 (19:38 +0000)]
Make branch icon stand out more (#20726) (#20774)

- Backport #20726
  - Currently the branch icon is "squashed" between the two branch names and feels a bit "amateur-ish" to my feeling(relative to other UI elements).
  - This patch tries to improve that by making the icon bigger and by adding some margin to not have a "squashed" icon.
  - This patch also includes a "fix", for some reason this symbol is not centering correctly. So apply allign-items: center to the top div

2 years agoAdd disable download source configuration (#20548) (#20579)
Lunny Xiao [Fri, 12 Aug 2022 15:53:10 +0000 (23:53 +0800)]
Add disable download source configuration (#20548) (#20579)

* Add disable download source configuration (#20548)

Add configuration to enable/disable download source from UI.

Co-authored-by: zeripath <art27@cantab.net>
* Fix BaseVars not used in renderering

* Fix disabled open in vscode menu when disabling download source from UI

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoCheck webhooks slice length before calling xorm (#20642) (#20768)
Lunny Xiao [Fri, 12 Aug 2022 08:36:45 +0000 (16:36 +0800)]
Check webhooks slice length before calling xorm (#20642) (#20768)

Fixes: #20641
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Gabriel Vasile <gabriel.vasile@email.com>
2 years agoRemove manual rollback for failed generated repositories (#20639) (#20762)
wxiaoguang [Thu, 11 Aug 2022 10:11:49 +0000 (18:11 +0800)]
Remove manual rollback for failed generated repositories (#20639) (#20762)

Generating repositories from a template is done inside a transaction.
Manual rollback on error is not needed and it always results in error
"repository does not exist".

Co-authored-by: Gabriel Vasile <gabriel.vasile@email.com>
2 years agoFix loading button with invalid form (#20754) (#20759)
silverwind [Thu, 11 Aug 2022 08:26:09 +0000 (10:26 +0200)]
Fix loading button with invalid form (#20754) (#20759)

Previously, if a invalid form was submitted (for example issue with no
title), the form could not be re-submitted again because the button
would not stay stuck in loading state. Fix that by hooking the 'submit'
event instead which triggers only when the form is valid.

2 years agoUse correct field name. (#20675) (#20760)
KN4CK3R [Thu, 11 Aug 2022 07:43:18 +0000 (09:43 +0200)]
Use correct field name. (#20675) (#20760)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoAdd support for NuGet API keys (#20721) (#20734)
KN4CK3R [Tue, 9 Aug 2022 21:56:18 +0000 (23:56 +0200)]
Add support for NuGet API keys (#20721) (#20734)

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoKeep download count on Container tag overwrite (#20728) (#20735)
KN4CK3R [Tue, 9 Aug 2022 15:33:45 +0000 (17:33 +0200)]
Keep download count on Container tag overwrite (#20728) (#20735)

Co-authored-by: 6543 <6543@obermui.de>
2 years agoFix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)
Lunny Xiao [Mon, 8 Aug 2022 15:58:11 +0000 (23:58 +0800)]
Fix v220 migration to be compatible for MSSQL 2008 r2 (#20702) (#20707)

2 years ago Fix SecToTime edge-cases (#20610) (#20611)
Gusted [Mon, 8 Aug 2022 05:09:12 +0000 (05:09 +0000)]
 Fix SecToTime edge-cases (#20610) (#20611)

2 years agoUpdate issues.ref_closing_from in locale_ru-RU.ini (#20699)
Maxim Slipenko [Sun, 7 Aug 2022 10:32:07 +0000 (13:32 +0300)]
Update issues.ref_closing_from in locale_ru-RU.ini (#20699)

2 years agoUse request timeout for git service rpc (#20689) (#20693)
parnic [Sun, 7 Aug 2022 02:37:48 +0000 (21:37 -0500)]
Use request timeout for git service rpc (#20689) (#20693)

This enables git.Command's Run to optionally use the given context directly so its deadline will be respected. Otherwise, it falls back to the previous behavior of using the supplied timeout or a default timeout value of 360 seconds.

repo's serviceRPC() calls now use the context's deadline (which is unset/unlimited) instead of the default 6-minute timeout. This means that large repo clones will no longer arbitrarily time out on the upload-pack step, and pushes can take longer than 6 minutes on the receive-pack step.

Fixes #20680

2 years agoUse correct context to get package content (#20673) (#20676)
KN4CK3R [Fri, 5 Aug 2022 18:55:16 +0000 (20:55 +0200)]
Use correct context to get package content (#20673) (#20676)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoSend correct NuGet status codes (#20647) (#20677)
KN4CK3R [Fri, 5 Aug 2022 01:38:04 +0000 (03:38 +0200)]
Send correct NuGet status codes (#20647) (#20677)

* Fixed status codes.

* Fixed status codes.

2 years agoAdd username check to doctor (#20140) (#20671)
John Olheiser [Thu, 4 Aug 2022 16:07:07 +0000 (11:07 -0500)]
Add username check to doctor (#20140) (#20671)

* Add username check to doctor

- Add a new breaking change detector to Gitea's doctor, which checks if
all users still have a valid username according to Gitea. Given from
time-to-time we need to make changes, either due to new routes or due to
security, it's for a instance's admin to check if all users still have a
valid username.

* Fix extra argument

* Apply suggestions from code review

* Apply suggestions from code review

2 years agoFix the JS error "EventSource is not defined" caused by some non-standard browsers...
wxiaoguang [Thu, 4 Aug 2022 11:20:54 +0000 (19:20 +0800)]
Fix the JS error "EventSource is not defined" caused by some non-standard browsers (#20584) (#20663)

2 years agoAdd default commit messages to PR for squash merge (#20618) (#20645)
wxiaoguang [Thu, 4 Aug 2022 03:11:59 +0000 (11:11 +0800)]
Add default commit messages to PR for squash merge (#20618) (#20645)

Keep the same behavior as 1.16

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Tyrone Yeh <tyrone_yeh@draytek.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2 years agoFix package upload for files >32mb (#20622) (#20635)
KN4CK3R [Tue, 2 Aug 2022 22:45:38 +0000 (00:45 +0200)]
Fix package upload for files >32mb (#20622) (#20635)

* Rewind file before first read.
* Added tests.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoAdjust line detection in highlight.go (#20612)
wxiaoguang [Tue, 2 Aug 2022 17:37:28 +0000 (01:37 +0800)]
Adjust line detection in highlight.go (#20612)

The code for detection of lines in highlight.go is somewhat too complex
and doesn't take account of how Chroma is actually splitting things into
lines for us.

Remove both the .line and .cl classes from Chroma's HTML which made
the old conditional work again. This fixed Copy of YAML files while also
reducing the amount of rendered HTML nodes.

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>