]> source.dussan.org Git - gitea.git/log
gitea.git
22 months agoFix key signature error page (#22229) (#22231)
Gusted [Wed, 28 Dec 2022 20:16:18 +0000 (21:16 +0100)]
Fix key signature error page (#22229) (#22231)

- Backport of #22229
- When the GPG key contains an error, such as an invalid signature or an
email address that does not match the user.A page will be shown that
says you must provide a signature for the token.
- This page had two errors: one had the wrong translation key and the
other tried to use an undefined variable
[`.PaddedKeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/models/asymkey/gpg_key.go#L65-L72),
which is a function implemented on the `GPGKey` struct, given that we
don't have that, we use
[`KeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/routers/web/user/setting/keys.go#L102)
which is [the fingerprint of the
publickey](https://pkg.go.dev/golang.org/x/crypto/openpgp/packet#PublicKey.KeyIdString)
and is a valid way for opengpg to refer to a key.

<!--

Please check the following:

1. Make sure you are targeting the `main` branch, pull requests on
release branches are only allowed for bug fixes.
2. Read contributing guidelines:
https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
3. Describe what your pull request does and which issue you're targeting
(if any)

-->

22 months agoUse complete SHA to create and query commit status (#22244) (#22258)
Jason Song [Wed, 28 Dec 2022 10:03:01 +0000 (18:03 +0800)]
Use complete SHA to create and query commit status (#22244) (#22258)

Backport #22244.

Fix #13485.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoAllow empty assignees on pull request edit (#22150) (#22213)
KN4CK3R [Thu, 22 Dec 2022 12:40:54 +0000 (13:40 +0100)]
Allow empty assignees on pull request edit (#22150) (#22213)

Backport of #22150

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoFix container layer display overflow (#22208) (#22212)
Lauris BH [Thu, 22 Dec 2022 11:27:30 +0000 (13:27 +0200)]
Fix container layer display overflow (#22208) (#22212)

Backport #22208

23 months agoUpdate changelog for 1.17.4 (#22198) v1.17.4
Lunny Xiao [Wed, 21 Dec 2022 21:36:07 +0000 (05:36 +0800)]
Update changelog for 1.17.4 (#22198)

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
23 months agofix: update libcurl in docs pipeline (#22205)
John Olheiser [Wed, 21 Dec 2022 20:09:55 +0000 (14:09 -0600)]
fix: update libcurl in docs pipeline (#22205)

Backport https://github.com/go-gitea/gitea/pull/22203

Signed-off-by: jolheiser <john.olheiser@gmail.com>
23 months agoNormalize NuGet package version on upload (#22186) (#22201)
KN4CK3R [Wed, 21 Dec 2022 17:01:11 +0000 (18:01 +0100)]
Normalize NuGet package version on upload (#22186) (#22201)

Backport of #22186

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
23 months agoDisable auto tag to prepare next 1.17 release (#22180)
Lunny Xiao [Tue, 20 Dec 2022 18:14:07 +0000 (02:14 +0800)]
Disable auto tag to prepare next 1.17 release (#22180)

Disable auto tag so that 1.17 release will not tag `:1`.

23 months agoCheck for zero time instant in TimeStamp.IsZero() (#22171) (#22173)
Gusted [Tue, 20 Dec 2022 02:07:41 +0000 (03:07 +0100)]
Check for zero time instant in TimeStamp.IsZero() (#22171) (#22173)

- Backport of #22171
- Currently, the 'IsZero' function for 'TimeStamp' just checks if the
unix time is zero, which is not the behavior of 'Time.IsZero()', but
Gitea is using this method in accordance with the behavior of
'Time.IsZero()'.
  - Adds a new condition to check for the zero time instant.
- Fixes a bug where non-expiring GPG keys where shown as they expired on
Jan 01, 0001.
  - Related https://codeberg.org/Codeberg/Community/issues/791

23 months agoDo not list active repositories as unadopted (#22034) (#22167)
Christian Ullrich [Mon, 19 Dec 2022 12:48:57 +0000 (13:48 +0100)]
Do not list active repositories as unadopted (#22034) (#22167)

Backport #22034

This fixes a bug where, when searching unadopted repositories, active
repositories will be listed as well. This is because the size of the
array of repository names to check is larger by one than the
`IterateBufferSize`.

For an `IterateBufferSize` of 50, the original code will pass 51
repository names but set the query to `LIMIT 50`. If all repositories in
the query are active (i.e. not unadopted) one of them will be omitted
from the result. Due to the `ORDER BY` clause it will be the oldest (or
least recently modified) one.

Co-authored-by: Christian Ullrich <christian.ullrich@traditionsa.lu>
23 months agoCorrectly handle moved files in apply patch (#22118) (#22136)
zeripath [Thu, 15 Dec 2022 15:28:05 +0000 (15:28 +0000)]
Correctly handle moved files in apply patch (#22118) (#22136)

Backport #22118

Moved files in a patch will result in git apply returning:

```
error: {filename}: No such file or directory
```

This wasn't handled by the git apply patch code. This PR adds handling
for this.

Fix #22083

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
23 months agoFix condition for is_internal (#22095) (#22131)
KN4CK3R [Wed, 14 Dec 2022 17:49:44 +0000 (18:49 +0100)]
Fix condition for is_internal (#22095) (#22131)

Backport of #22095

I changed it to a static condition because it needs a new version of
xorm which is only available in 1.19. This change is valid because
`SearchLatestVersions` is never called to list internal versions and
there will no change to this behaviour in <1.19.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
23 months agoFix warn in database structs sync (#22111)
Lunny Xiao [Tue, 13 Dec 2022 14:03:14 +0000 (22:03 +0800)]
Fix warn in database structs sync (#22111)

Fix #21880

23 months agoFix sorting admin user list by last login (#22081) (#22106)
aceArt-GmbH [Tue, 13 Dec 2022 01:18:20 +0000 (02:18 +0100)]
Fix sorting admin user list by last login (#22081) (#22106)

Backport of  #22081

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
23 months agoFix permission check on issue/pull lock (#22114)
Lunny Xiao [Mon, 12 Dec 2022 19:59:28 +0000 (03:59 +0800)]
Fix permission check on issue/pull lock (#22114)

Fix #22110

23 months agoWorkaround for container registry push/pull errors (#21862) (#22069)
KN4CK3R [Sat, 10 Dec 2022 14:22:41 +0000 (15:22 +0100)]
Workaround for container registry push/pull errors (#21862) (#22069)

Backport of #21862

23 months agoFix issue/PR numbers (#22037) (#22045)
Jason Song [Tue, 6 Dec 2022 14:15:38 +0000 (22:15 +0800)]
Fix issue/PR numbers (#22037) (#22045)

Backport #22037.

When deleting a closed issue, we should update both `NumIssues`and
`NumClosedIssues`, or `NumOpenIssues`(`= NumIssues -NumClosedIssues`)
will be wrong. It's the same for pull requests.

Releated to #21557.

Alse fixed two harmless problems:

- The SQL to check issue/PR total numbers is wrong, that means it will
update the numbers even if they are correct.
- Replace legacy `num_issues = num_issues + 1` operations with
`UpdateRepoIssueNumbers`.

23 months agoHandle empty author names (#21902) (#22028)
zeripath [Tue, 6 Dec 2022 03:49:28 +0000 (03:49 +0000)]
Handle empty author names (#21902) (#22028)

Backport #21902

Although git does expect that author names should be of the form: `NAME
<EMAIL>` some users have been able to create commits with: `<EMAIL>`

Fix #21900

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lauris BH <lauris@nix.lv>
23 months agoOn Tag/Branch Exist Check, dont panic if repo is nil (#21787) (#21789)
6543 [Mon, 5 Dec 2022 10:20:37 +0000 (11:20 +0100)]
On Tag/Branch Exist Check, dont panic if repo is nil (#21787) (#21789)

Backport #21787

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
23 months agoFix ListBranches to handle empty case (#21921) (#22025)
Lunny Xiao [Sun, 4 Dec 2022 21:57:33 +0000 (05:57 +0800)]
Fix ListBranches to handle empty case (#21921) (#22025)

Fix #21910
Backport #21921

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
23 months agoFix button in branch list, avoid unexpected page jump before restore branch actually...
Xinyu Zhou [Thu, 24 Nov 2022 16:02:42 +0000 (00:02 +0800)]
Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562) (#21927)

Backport #21562

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoFix vertical align of committer avatar rendered by email address (#21884) (#21919)
Xinyu Zhou [Thu, 24 Nov 2022 04:00:43 +0000 (12:00 +0800)]
Fix vertical align of committer avatar rendered by email address (#21884) (#21919)

Backport #21884

Committer avatar rendered by `func AvatarByEmail` are not vertical align
as `func Avatar` does.

- Replace literals `ui avatar` and `ui avatar vm` with the constant
`DefaultAvatarClass`

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
2 years agoFix setting HTTP headers after write (#21833) (#21874)
KN4CK3R [Sun, 20 Nov 2022 20:14:27 +0000 (21:14 +0100)]
Fix setting HTTP headers after write (#21833) (#21874)

Backport #21833

2 years agoDo not allow Ghost access to limited visible user/org (#21849) (#21875)
KN4CK3R [Sun, 20 Nov 2022 12:35:26 +0000 (13:35 +0100)]
Do not allow Ghost access to limited visible user/org (#21849) (#21875)

Backport of #21849

Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoPrevent dangling user redirects (#21856) (#21859)
Gusted [Fri, 18 Nov 2022 14:24:49 +0000 (15:24 +0100)]
Prevent dangling user redirects (#21856) (#21859)

- Backport #21856
- It's possible that the `user_redirect` table contains a user id that
no longer exists.
  - Delete a user redirect upon deleting the user.
- Add a check for these dangling user redirects to check-db-consistency.

2 years agoFix enabling partial clones on 1.17 (#21809)
zeripath [Mon, 14 Nov 2022 07:58:11 +0000 (07:58 +0000)]
Fix enabling partial clones on 1.17 (#21809)

When backporting #20902 in #21058 there was a slight misbackport. It was
missed that we needed to remove the global command option before setting
the settings.

Fix #21805

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoPrevent panic in doctor command when running default checks (#21791) (#21808)
zeripath [Sun, 13 Nov 2022 22:43:40 +0000 (22:43 +0000)]
Prevent panic in doctor command when running default checks (#21791) (#21808)

Backport #21791

There was a bug introduced in #21352 due to a change of behaviour caused
by #19280. This causes a panic on running the default doctor checks
because the panic introduced by #19280 assumes that the only way
opts.StdOut and opts.Stderr can be set in RunOpts is deliberately.
Unfortunately, when running a git.Command the provided RunOpts can be
set, therefore if you share a common set of RunOpts these two values can
be set by the previous commands.

This PR stops using common RunOpts for the commands in that doctor check
but secondly stops RunCommand variants from changing the provided
RunOpts.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoUpgrade golang.org/x/crypto (#21792) (#21794)
Gusted [Sun, 13 Nov 2022 04:43:43 +0000 (05:43 +0100)]
Upgrade golang.org/x/crypto (#21792) (#21794)

- Backport #21792
- Update the crypto dependency to include
https://github.com/golang/crypto/commit/6fad3dfc18918c2ac9c112e46b32473bd2e5e2f9
  - Resolves #17798

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2 years agoLoad GitRepo in API before deleting issue (#21720) (#21795)
Jason Song [Sun, 13 Nov 2022 04:13:31 +0000 (12:13 +0800)]
Load GitRepo in API before deleting issue (#21720) (#21795)

Backport #21720.

Fix #20921.

The `ctx.Repo.GitRepo` has been used in deleting issues when the issue
is a PR.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoIgnore line anchor links with leading zeroes (#21728) (#21777)
silverwind [Fri, 11 Nov 2022 16:45:40 +0000 (17:45 +0100)]
Ignore line anchor links with leading zeroes (#21728) (#21777)

2 years agoAdd HEAD fix to gitea doctor (#21352) (#21751)
Xinyu Zhou [Fri, 11 Nov 2022 06:38:52 +0000 (14:38 +0800)]
Add HEAD fix to gitea doctor (#21352) (#21751)

Backport #21352

Due to a bug in presumably an older version of Gitea, multiple of my
repositories still have their HEADs pointing to a `master` branch while
the default branch on the UI is listed as `main`. This adds a `gitea
doctor` command that will fix all of the HEAD references for repos when
they're not synchronized with the default branch in the DB.

This will help with cloning to ensure that git automatically checks out
the right branch, instead of a nonexistent one.

Note: I'm not sure if I actually need to do more other than add a file
here. Will try testing this out on my server soon.

Co-authored-by: Clar Fon <15850505+clarfonthey@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years ago Init git module before database migration (#21764) (#21766)
wxiaoguang [Thu, 10 Nov 2022 14:22:45 +0000 (22:22 +0800)]
 Init git module before database migration (#21764) (#21766)

Backport #21764

Some database migrations depend on the git module.

2 years agoSet last login when activating account (#21731) (#21754)
Jason Song [Thu, 10 Nov 2022 03:15:28 +0000 (11:15 +0800)]
Set last login when activating account (#21731) (#21754)

Backport #21731.

Fix #21698.

Set the last login time to the current time when activating the user
successfully.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix UI language switching bug (#21597) (#21748)
Xinyu Zhou [Thu, 10 Nov 2022 02:13:36 +0000 (10:13 +0800)]
Fix UI language switching bug (#21597) (#21748)

Backport #21597

Related:
* https://github.com/go-gitea/gitea/pull/21596#issuecomment-1291450224

There was a bug when switching language by AJAX: the irrelevant POST
requests were processed by the target page's handler.

Now, use GET instead of POST. The GET requests should be harmless.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoRemove semver compatible flag and change pypi to an array of test cases (#21708)...
Wayne Starr [Wed, 9 Nov 2022 15:02:21 +0000 (09:02 -0600)]
Remove semver compatible flag and change pypi to an array of test cases (#21708) (#21729)

Backport (#21708)

This addresses #21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoAllow for resolution of NPM registry paths that match upstream (#21568) (#21723)
Wayne Starr [Wed, 9 Nov 2022 06:00:09 +0000 (00:00 -0600)]
Allow for resolution of NPM registry paths that match upstream (#21568) (#21723)

Backport (#21568)

This PR fixes issue #21567 allowing for package tarball URLs to match
the upstream registry (and GitLab/JFrog Artifactory URLs). It uses a
regex to parse the filename (which contains the NPM version) and does a
fuzzy search to pull it out. The regex was built/expanded from
http://json.schemastore.org/package,
https://github.com/Masterminds/semver, and
https://docs.npmjs.com/cli/v6/using-npm/semver and is testable here:
https://regex101.com/r/OydBJq/5

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoAllow local package identifiers for PyPI packages (#21690) (#21726)
Wayne Starr [Wed, 9 Nov 2022 01:10:25 +0000 (19:10 -0600)]
Allow local package identifiers for PyPI packages (#21690) (#21726)

Backport (#21690)

Fixes #21683

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoFix repository adoption on Windows (#21646) (#21651)
zeripath [Tue, 1 Nov 2022 19:24:37 +0000 (19:24 +0000)]
Fix repository adoption on Windows (#21646) (#21651)

Backport #21646

A bug was introduced in #17865 where filepath.Join is used to join
putative unadopted repository owner and names together. This is
incorrect as these names are then used as repository names - which shoud
have the '/' separator. This means that adoption will not work on
Windows servers.

Fix #21632

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoSync git hooks when config file path changed (#21619) (#21625)
Jason Song [Sun, 30 Oct 2022 03:16:09 +0000 (11:16 +0800)]
Sync git hooks when config file path changed (#21619) (#21625)

Backport #21619 .

A patch to #17335.

Just like AppPath, Gitea writes its own CustomConf into git hook scripts
too. If Gitea's CustomConf changes, then the git push may fail.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoFix package access for admins and inactive users (#21580) (#21592)
KN4CK3R [Fri, 28 Oct 2022 01:38:59 +0000 (03:38 +0200)]
Fix package access for admins and inactive users (#21580) (#21592)

Backport of #21580

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix `Timestamp.IsZero` (#21593) (#21604)
KN4CK3R [Thu, 27 Oct 2022 08:47:47 +0000 (10:47 +0200)]
Fix `Timestamp.IsZero` (#21593) (#21604)

Backport of #21593

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoAdded check for disabled Packages (#21540) (#21614)
Xinyu Zhou [Thu, 27 Oct 2022 04:34:32 +0000 (12:34 +0800)]
Added check for disabled Packages (#21540) (#21614)

Backport #21540

At the moment, If admin disable Packages, still show the Packages on the
admin dashboard.

This patch added a check to hide the Packages entry.

2 years agoFix issues count bug (#21600)
Lunny Xiao [Wed, 26 Oct 2022 12:42:45 +0000 (20:42 +0800)]
Fix issues count bug (#21600)

backport #21557

2 years agoUpdate milestone counters when issue is deleted (#21459) (#21586)
Ashley Nelson [Wed, 26 Oct 2022 07:44:05 +0000 (02:44 -0500)]
Update milestone counters when issue is deleted (#21459) (#21586)

Backports #21459

When actions besides "delete" are performed on issues, the milestone
counter is updated. However, since deleting issues goes through a
different code path, the associated milestone's count wasn't being
updated, resulting in inaccurate counts until another issue in the same
milestone had a non-delete action performed on it.

I verified this change fixes the inaccurate counts using a local docker
build.

Co-authored-by: 6543 <6543@obermui.de>
2 years agoSuppress `ExternalLoginUserNotExist` error (#21504) (#21572)
KN4CK3R [Tue, 25 Oct 2022 16:08:05 +0000 (18:08 +0200)]
Suppress `ExternalLoginUserNotExist` error (#21504) (#21572)

Backport of #21504

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agosupport binary deploy in npm packages (#21589)
eleith [Tue, 25 Oct 2022 06:13:27 +0000 (23:13 -0700)]
support binary deploy in npm packages (#21589)

backport of #21372 for v1.17.4

-------------------

npm package.json supports binary packaging:
https://docs.npmjs.com/cli/v8/configuring-npm/package-json#bin

the npm registry documents that the binary references will be attached
to the abbreviated version object:

https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-object

unfortunately their api documentation leaves this out:
https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-objectdoc

which is likely to be the reason this was left out in gitea's initial
implementation

this response is critical for npm to install the binary in the .bin
folder so as to be included on the users default bin path, resulting in
immediate access to any binaries provided by the package

i have tested upload and installing through npm and can confirm the npm
registry now responds with bin in the version metadata and results in
the binary being available after install.

this fixes https://github.com/go-gitea/gitea/issues/21303

Co-authored-by: eleith <online-github@eleith.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoSessionUser protection against nil pointer dereference (#21581)
Paweł Bogusławski [Mon, 24 Oct 2022 19:05:35 +0000 (21:05 +0200)]
SessionUser protection against nil pointer dereference (#21581)

Backport #21358

`SessionUser` should be protected against passing `sess` = `nil` to
avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in

https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: https://github.com/go-gitea/gitea/pull/18452

2 years agoCase-insensitive NuGet symbol file GUID (#21409) (#21575)
Hubert Wawrzyńczyk [Mon, 24 Oct 2022 11:57:19 +0000 (13:57 +0200)]
Case-insensitive NuGet symbol file GUID (#21409) (#21575)

Backport of #21409

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoPrevent Authorization header for presigned LFS urls (#21531) (#21569)
KN4CK3R [Mon, 24 Oct 2022 03:18:31 +0000 (05:18 +0200)]
Prevent Authorization header for presigned LFS urls (#21531) (#21569)

Backport of #21531

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoUpdate binding to fix bugs (#21560)
Lunny Xiao [Mon, 24 Oct 2022 01:17:13 +0000 (09:17 +0800)]
Update binding to fix bugs (#21560)

backport #21556, Fix #19698

2 years agoCheck for valid user token in integration tests (#21520) (#21529)
silverwind [Sat, 22 Oct 2022 09:22:11 +0000 (11:22 +0200)]
Check for valid user token in integration tests (#21520) (#21529)

Backport #21520

Added checks for logged user token.

Some builds fail at unrelated tests, due to missing token.

Co-authored-by: Vladimir Yakovlev <nagos@inbox.ru>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoFix generating compare link (#21519) (#21530)
Lunny Xiao [Fri, 21 Oct 2022 12:59:27 +0000 (20:59 +0800)]
Fix generating compare link (#21519) (#21530)

Fix #6318, backport #21519

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoIgnore error when retrieving changed PR review files (#21487) (#21524)
delvh [Thu, 20 Oct 2022 15:25:54 +0000 (17:25 +0200)]
Ignore error when retrieving changed PR review files (#21487) (#21524)

When a PR reviewer reviewed a file on a commit that was later gc'ed,
they would always get a `500` response from then on when loading the PR.
This PR simply ignores that error and instead marks all files as
unchanged.
This approach was chosen as the only feasible option without diving into
**a lot** of error handling.

Fixes #21392
Backport of #21487

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoEnable Monaco automaticLayout (#21516)
silverwind [Wed, 19 Oct 2022 20:12:37 +0000 (22:12 +0200)]
Enable Monaco automaticLayout (#21516)

Enable
[`automaticLayout`](https://microsoft.github.io/monaco-editor/api/interfaces/monaco.editor.IDiffEditorOptions.html#automaticLayout)
for monaco so it can reflow itself.

Fixes: https://github.com/go-gitea/gitea/issues/21508
2 years agoFix incorrect notification commit url (#21479) (#21483)
wxiaoguang [Tue, 18 Oct 2022 07:46:13 +0000 (15:46 +0800)]
Fix incorrect notification commit url (#21479) (#21483)

Backport #21479

For normal commits the notification url was wrong because oldCommitID is
received from the shrinked commits list.

This PR moves the commits list shrinking after the oldCommitID
assignment.

2 years agoDisplay total commit count in hook message (#21400) (#21481)
KN4CK3R [Mon, 17 Oct 2022 14:37:44 +0000 (16:37 +0200)]
Display total commit count in hook message (#21400) (#21481)

Backport of #21400

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoEnforce grouped NuGet search results (#21442) (#21480)
KN4CK3R [Mon, 17 Oct 2022 05:07:19 +0000 (07:07 +0200)]
Enforce grouped NuGet search results (#21442) (#21480)

Backport of #21442

2 years agoReturn 404 when user is not found on avatar (#21476) (#21477)
Gusted [Sun, 16 Oct 2022 16:56:58 +0000 (16:56 +0000)]
Return 404 when user is not found on avatar (#21476) (#21477)

- Backport #21476
- Instead of returning a 500 Internal Server when the user wasn't found,
return 404 Not found.

2 years agoChangelog v1.17.3 (#21456) v1.17.3
6543 [Sat, 15 Oct 2022 13:08:17 +0000 (15:08 +0200)]
Changelog v1.17.3 (#21456)

2 years agoimprove code quality (#21464) (#21463)
6543 [Sat, 15 Oct 2022 12:24:39 +0000 (14:24 +0200)]
improve code quality (#21464) (#21463)

Backport #21464 and #21465

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoDo DB update after merge in hammer context (#21401) (#21416)
zeripath [Wed, 12 Oct 2022 07:52:21 +0000 (08:52 +0100)]
Do DB update after merge in hammer context (#21401) (#21416)

Backport #21401

When merge was changed to run in the background context, the db updates
were still running in request context. This means that the merge could
be successful but the db not be updated.

This PR changes both these to run in the hammer context, this is not
complete rollback protection but it's much better.

Fix #21332

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoAdd Num{Issues,Pulls} stats checks (#21404) (#21414)
Gusted [Wed, 12 Oct 2022 06:47:48 +0000 (06:47 +0000)]
Add Num{Issues,Pulls} stats checks (#21404) (#21414)

Backport #21404

Currently `repository.Num{Issues,Pulls}` weren't checked and could
become out-of-consistency. Adds these two checks to `CheckRepoStats`.

Fix incorrect SQL query for `repository.NumClosedPulls`, the check
should be for `repo_num_pulls`.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoBump `golang.org/x/text` (#21412) (#21413)
Gusted [Tue, 11 Oct 2022 19:00:55 +0000 (19:00 +0000)]
Bump `golang.org/x/text` (#21412) (#21413)

- Backport #21412
- Update the `golang.org/x/text` dependency, this fixes [a security
issue](https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ).

2 years agoStop logging CheckPath returns error: context canceled (#21064) (#21405)
zeripath [Tue, 11 Oct 2022 08:35:29 +0000 (09:35 +0100)]
Stop logging CheckPath returns error: context canceled (#21064) (#21405)

Backport #21064

We should only log CheckPath errors if they are not simply due to
context cancellation - and we should add a little more context to the
error message.

Fix #20709

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoSet SemverCompatible to false for Conan packages (#21275) (#21366)
KN4CK3R [Mon, 10 Oct 2022 12:46:09 +0000 (14:46 +0200)]
Set SemverCompatible to false for Conan packages (#21275) (#21366)

Backport of #21275

2 years agoMake NuGet service index publicly accessible (#21242) (#21277)
KN4CK3R [Sat, 8 Oct 2022 15:23:41 +0000 (17:23 +0200)]
Make NuGet service index publicly accessible (#21242) (#21277)

Backport of #21242

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2 years agoParse OAuth Authorization header when request omits client secret (#21351) (#21374)
M Hickford [Sat, 8 Oct 2022 08:53:17 +0000 (09:53 +0100)]
Parse OAuth Authorization header when request omits client secret (#21351) (#21374)

Backport #21351

This fixes error "unauthorized_client: invalid client secret" when
client includes secret in Authorization header rather than request body.
OAuth spec permits both:
https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1

Clients in possession of a client password MAY use the HTTP Basic
authentication scheme ... Alternatively, the authorization server MAY
support including the client credentials in the request-body

Sanity validation that client id and client secret in request are
consistent with Authorization header.

Improve error descriptions. Error codes remain the same.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2 years agoIgnore port for OAuth2 loopback redirect URIs (#21293) (#21373)
M Hickford [Sat, 8 Oct 2022 01:52:35 +0000 (02:52 +0100)]
Ignore port for OAuth2 loopback redirect URIs (#21293) (#21373)

Backport #21293

Following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3

Fixes #21285

2 years agoTag list should include draft releases with existing tags (#21263) (#21365)
Jason Song [Fri, 7 Oct 2022 10:59:42 +0000 (18:59 +0800)]
Tag list should include draft releases with existing tags (#21263) (#21365)

Backport #21263.

Before, a tag for a draft release disappeared in the tag list, fix #21262.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoFix linked account translation (#21331) (#21334)
John Olheiser [Wed, 5 Oct 2022 14:25:34 +0000 (09:25 -0500)]
Fix linked account translation (#21331) (#21334)

2 years agoFix missing m.Run() in TestMain (#21341)
wxiaoguang [Wed, 5 Oct 2022 04:17:16 +0000 (12:17 +0800)]
Fix missing m.Run() in TestMain (#21341)

Backport #21340, add the missing m.Run()

2 years agoForeign ID conflicts if ID is 0 for each item (#21271) (#21272)
techknowlogick [Sun, 2 Oct 2022 21:43:30 +0000 (17:43 -0400)]
Foreign ID conflicts if ID is 0 for each item (#21271) (#21272)

The default is 0 if not defined, and that causes dupe index errors

Backport of #21271

2 years agoUpdate bluemonday (#21281) (#21287)
6543 [Wed, 28 Sep 2022 14:15:22 +0000 (16:15 +0200)]
Update bluemonday (#21281) (#21287)

Backport #21281

https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.20

Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoFix empty container layer history and UI (#21251) (#21278)
KN4CK3R [Tue, 27 Sep 2022 15:10:19 +0000 (17:10 +0200)]
Fix empty container layer history and UI (#21251) (#21278)

Backport of #21251

2 years agoUse absolute links in feeds (#21229) (#21265)
KN4CK3R [Mon, 26 Sep 2022 17:49:22 +0000 (19:49 +0200)]
Use absolute links in feeds (#21229) (#21265)

Backport of #21229

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years ago Use en-US as fallback when using other default language (#21200) (#21256)
wxiaoguang [Sun, 25 Sep 2022 14:14:57 +0000 (22:14 +0800)]
 Use en-US as fallback when using other default language (#21200) (#21256)

Only en-US has complete translations. When use other language as
default, the en-US should still be used as fallback.

Backport #21200, Close #21199

2 years ago Make Clone in VSCode link get updated correctly (#21225) (#21226)
wxiaoguang [Fri, 23 Sep 2022 04:10:26 +0000 (12:10 +0800)]
 Make Clone in VSCode link get updated correctly (#21225) (#21226)

Backport #21225, fix for #21128 (also in 1.17.3), close #21224

The indent was incorrect before, so this PR did some formatting work.

Bypass Golang's template bug for JS string interpolation. And since
there are JS lint rules for templates, so the string interpolation is
also a must.

2 years agoRespect `REQUIRE_SIGNIN_VIEW` for packages (#20873) (#21232)
KN4CK3R [Fri, 23 Sep 2022 03:25:53 +0000 (05:25 +0200)]
Respect `REQUIRE_SIGNIN_VIEW` for packages (#20873) (#21232)

Backport of #20873

When REQUIRE_SIGNIN_VIEW = true, even with public repositories, you can only see them after you login. The packages should not be accessed without login.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoPrevent invalid behavior for file reviewing when loading more files (#21230) (#21234)
delvh [Fri, 23 Sep 2022 00:45:51 +0000 (02:45 +0200)]
Prevent invalid behavior for file reviewing when loading more files (#21230) (#21234)

Backport of #21230

The problem was that many PR review components loaded by `Show more`
received the same ID as previous batches, which confuses browsers (when
clicked). All such occurrences should now be fixed.

Additionally improved the background of the `viewed` checkbox.

Fixes #21228.
Fixes #20681.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2 years agoUse Go 1.19 fmt for Gitea 1.17, sync emoji data (#21239)
wxiaoguang [Thu, 22 Sep 2022 13:58:31 +0000 (21:58 +0800)]
Use Go 1.19 fmt for Gitea 1.17, sync emoji data (#21239)

The images used by Gitea's drone pipeline were upgraded to Go 1.19.x
It causes the lint fails because Go 1.19 uses new code format.

This PR partially backport #20758 (including the emoji-data sync),
partially fix the format manually.

2 years agoTreat git object mode 40755 as directory (#21195) (#21218)
wxiaoguang [Tue, 20 Sep 2022 16:40:23 +0000 (00:40 +0800)]
Treat git object mode 40755 as directory (#21195) (#21218)

Backport #21195

Git uses 040000 for tree object, but some users may get 040755 for
unknown reasons, fix #21190

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoMake the vscode clone link respect transport protocol (#20557) (#21128)
Abdul Monim [Tue, 20 Sep 2022 14:01:24 +0000 (20:01 +0600)]
Make the vscode clone link respect transport protocol (#20557) (#21128)

Backports #20557

Co-authored-by: Norwin <noerw@users.noreply.github.com>
Co-authored-by: Munim Munna <6266677+monim67@users.noreply.github.com>
2 years agoAllow uppercase ASCII alphabet in PyPI package names (#21095) (#21217)
KN4CK3R [Tue, 20 Sep 2022 09:37:24 +0000 (11:37 +0200)]
Allow uppercase ASCII alphabet in PyPI package names (#21095) (#21217)

Backport of #21095

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix limited user cannot view himself's profile (#21212)
Lunny Xiao [Tue, 20 Sep 2022 08:00:46 +0000 (16:00 +0800)]
Fix limited user cannot view himself's profile (#21212)

backport #21210, fix #21206

If user and viewer are equal the method should return true.
Also the common organization check was wrong as count can never be less then 0.

Tests are on main branch.

2 years agoFix template bug of admin monitor (#21209)
Lunny Xiao [Tue, 20 Sep 2022 00:15:08 +0000 (08:15 +0800)]
Fix template bug of admin monitor (#21209)

backport #21208

2 years agoFix reaction of issues (#21185) (#21196)
Jason Song [Sun, 18 Sep 2022 04:04:09 +0000 (12:04 +0800)]
Fix reaction of issues (#21185) (#21196)

Backport #21185.

Fix #20860.

`CommentID` in `FindReactionsOptions` should be -1 to search reactions
with zero comment id.

https://github.com/go-gitea/gitea/blob/8351172b6e5221290dc5b2c81e159e2eec0b43c8/models/issues/reaction.go#L108-L121

Co-authored-by: Lauris BH <lauris@nix.lv>
2 years agoFix CSV diff for added/deleted files (#21189) (#21193)
wxiaoguang [Sat, 17 Sep 2022 10:53:04 +0000 (18:53 +0800)]
Fix CSV diff for added/deleted files (#21189) (#21193)

Backport #21189
Fixes #21184
Regression of #19552

Instead of using `GetBlobByPath`, use the already existing instances.

2 years agoFix pagination limit parameter problem (#21111)
Tyrone Yeh [Thu, 8 Sep 2022 12:00:42 +0000 (20:00 +0800)]
Fix pagination limit parameter problem (#21111)

backport #21109

Co-authored-by: 6543 <6543@obermui.de>
2 years agoAdd MD5 back to template helper functions to avoid breaking (#21102)
wxiaoguang [Wed, 7 Sep 2022 11:30:52 +0000 (19:30 +0800)]
Add MD5 back to template helper functions to avoid breaking (#21102)

In #20932 the MD5 helper function was removed from template context,
it breaks user's customized templates.

This PR adds the MD5 helper function back.

2 years agoAdd changelog for v1.17.2 (#21089) v1.17.2
Lunny Xiao [Tue, 6 Sep 2022 21:32:20 +0000 (05:32 +0800)]
Add changelog for v1.17.2 (#21089)

Co-authored-by: John Olheiser <john+github@jolheiser.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2 years agoFix sub folder in repository missing add file dropdown (#21069) (#21083)
Tyrone Yeh [Tue, 6 Sep 2022 08:42:05 +0000 (16:42 +0800)]
Fix sub folder in repository missing add file dropdown (#21069) (#21083)

Backport #21069

In repository sub folder missing add file dropdown menu, Probably broken since #20602

2 years agoFix hard-coded timeout and error panic in API archive download endpoint (#20925)...
zeripath [Tue, 6 Sep 2022 06:54:47 +0000 (07:54 +0100)]
Fix hard-coded timeout and error panic in API archive download endpoint (#20925) (#21051)

Backport #20925

This commit updates the `GET /api/v1/repos/{owner}/{repo}/archive/{archive}`
endpoint which prior to this PR had a couple of issues.

1. The endpoint had a hard-coded 20s timeout for the archiver to complete after
   which a 500 (Internal Server Error) was returned to client. For a scripted
   API client there was no clear way of telling that the operation timed out and
   that it should retry.

2. Whenever the timeout _did occur_, the code used to panic. This was caused by
   the API endpoint "delegating" to the same call path as the web, which uses a
   slightly different way of reporting errors (HTML rather than JSON for
   example).

   More specifically, `api/v1/repo/file.go#GetArchive` just called through to
   `web/repo/repo.go#Download`, which expects the `Context` to have a `Render`
   field set, but which is `nil` for API calls. Hence, a `nil` pointer error.

The code addresses (1) by dropping the hard-coded timeout. Instead, any
timeout/cancelation on the incoming `Context` is used.

The code addresses (2) by updating the API endpoint to use a separate call path
for the API-triggered archive download. This avoids producing HTML-errors on
errors (it now produces JSON errors).

Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Signed-off-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Peter Gardfjäll <peter.gardfjall.work@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2 years agoFix delete user missed some comments (#21067) (#21068)
Lunny Xiao [Mon, 5 Sep 2022 22:48:57 +0000 (06:48 +0800)]
Fix delete user missed some comments (#21067) (#21068)

2 years agoDelete unreferenced packages when deleting a package version (#20977) (#21060)
zeripath [Sun, 4 Sep 2022 16:17:48 +0000 (17:17 +0100)]
Delete unreferenced packages when deleting a package version (#20977) (#21060)

Backport #20977

Delete a package if its last version got deleted. Otherwise removing the owner works only after the clean up job ran.

Fix #20969

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoRedirect if user does not exist on admin pages (#20981) (#21059)
zeripath [Sun, 4 Sep 2022 16:17:35 +0000 (17:17 +0100)]
Redirect if user does not exist on admin pages (#20981) (#21059)

Backport #20981

When on /admin/users/ endpoints if the user is no longer in the DB,
redirect instead of causing a http 500.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2 years agoSet uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (...
zeripath [Sun, 4 Sep 2022 16:17:27 +0000 (17:17 +0100)]
Set uploadpack.allowFilter etc on gitea serv to enable partial clones with ssh (#20902) (#21058)

Backport #20902

When setting.Git.DisablePartialClone is set to false then the web server will add filter support to web http. It does this by using`-c` command arguments but this will not work on gitea serv as the upload-pack and receive-pack commands do not support this.

Instead we move these options into the .gitconfig instead.

Fix #20400

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agoFix 500 on time in timeline API (#21052) (#21057)
qwerty287 [Sun, 4 Sep 2022 15:12:37 +0000 (17:12 +0200)]
Fix 500 on time in timeline API (#21052) (#21057)

Backport #21052

Before converting a TrackedTime for the API we need to load its attributes - otherwise we get an NPE.

Fix #21041

2 years agoFill the specified ref in webhook test payload (#20961) (#21055)
Jason Song [Sun, 4 Sep 2022 15:12:01 +0000 (23:12 +0800)]
Fill the specified ref in webhook test payload (#20961) (#21055)

Backport #20961

The webhook payload should use the right ref when it‘s specified in the testing request.

The compare URL should not be empty, a URL like `compare/A...A` seems useless in most cases but is helpful when testing.

2 years agoAdd another index for Action table on postgres (#21033) (#21054)
zeripath [Sun, 4 Sep 2022 15:11:02 +0000 (16:11 +0100)]
Add another index for Action table on postgres (#21033) (#21054)

Backport #21033

In #21031 we have discovered that on very big tables postgres will use a
search involving the sort term in preference to the restrictive index.

Therefore we add another index for postgres and update the original migration.

Fix #21031

Signed-off-by: Andrew Thornton <art27@cantab.net>
2 years agofix broken insecureskipverify handling in rediss connection uris (#20967) (#21053)
zeripath [Sun, 4 Sep 2022 13:59:20 +0000 (14:59 +0100)]
fix broken insecureskipverify handling in rediss connection uris (#20967) (#21053)

Backport #20967

Currently, it's impossible to connect to self-signed TLS encrypted redis instances. The problem lies in inproper error handling, when building redis tls options - only invalid booleans are allowed to be used in `tlsConfig` builder. The problem is, when `strconv.ParseBool(...)` returns error, it always defaults to false - meaning it's impossible to set `tlsOptions.InsecureSkipVerify` to true.

Fixes #19213

Co-authored-by: Igor Rzegocki <ajgon@users.noreply.github.com>