summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Fix key signature error page (#22229) (#22230)Gusted2022-12-303-6/+20
| | | | | | | | | | | | | | | - Backport of #22229 - When the GPG key contains an error, such as an invalid signature or an email address that does not match the user.A page will be shown that says you must provide a signature for the token. - This page had two errors: one had the wrong translation key and the other tried to use an undefined variable [`.PaddedKeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/models/asymkey/gpg_key.go#L65-L72), which is a function implemented on the `GPGKey` struct, given that we don't have that, we use [`KeyID`](https://github.com/go-gitea/gitea/blob/e81ccc406bf723a5a58d685e7782f281736affd4/routers/web/user/setting/keys.go#L102) which is [the fingerprint of the publickey](https://pkg.go.dev/golang.org/x/crypto/openpgp/packet#PublicKey.KeyIdString) and is a valid way for opengpg to refer to a key.
* Frontport 1.17.4 changelog and Add 1.18.0 changelog (#22215)v1.18.0Lunny Xiao2022-12-291-1/+75
| | | | | Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Yarden Shoham <hrsi88@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Add more test directory to exclude dir of air, remove watching templates ↵Lunny Xiao2022-12-293-4/+7
| | | | | | | | | | | | | | | | | | from air include dir because gitea has internal mechanism (#22246) (#22247) backport #22246 Since #20218 introduced internal watching template, template watching should be removed from `air`. This will prevent restart the whole server once the template files changed to speed up developing when using `make watch`. To ensure `make watch` will reuse template watching, this PR introduced a new ENV `GITEA_RUN_MODE` to make sure `make watch` will always run in a dev mode of Gitea so that template watching will open. This PR also added more exclude testdata directories. Co-authored-by: 6543 <6543@obermui.de>
* refactor auth interface to return error when verify failure (#22119) (#22259)Lunny Xiao2022-12-2915-79/+111
| | | | | | | | | | | | | | | | | | | | | | | | | | | backport #22119 This PR changed the Auth interface signature from `Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) *user_model.User` to `Verify(http *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error)`. There is a new return argument `error` which means the verification condition matched but verify process failed, we should stop the auth process. Before this PR, when return a `nil` user, we don't know the reason why it returned `nil`. If the match condition is not satisfied or it verified failure? For these two different results, we should have different handler. If the match condition is not satisfied, we should try next auth method and if there is no more auth method, it's an anonymous user. If the condition matched but verify failed, the auth process should be stop and return immediately. This will fix #20563 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Jason Song <i@wolfogre.com>
* Use complete SHA to create and query commit status (#22244) (#22257)Jason Song2022-12-2819-23/+68
| | | | | | | | | | | | | Backport #22244. Fix #13485. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Remove ReverseProxy authentication from the API (#22219) (#22251)Lunny Xiao2022-12-271-9/+3
| | | | | | | | | | | | | | | | | | | | | | | | backport from #22219 Since we changed the /api/v1/ routes to disallow session authentication we also removed their reliance on CSRF. However, we left the ReverseProxy authentication here - but this means that POSTs to the API are no longer protected by CSRF. Now, ReverseProxy authentication is a kind of session authentication, and is therefore inconsistent with the removal of session from the API. This PR proposes that we simply remove the ReverseProxy authentication from the API and therefore users of the API must explicitly use tokens or basic authentication. Replace #22077 Close #22221 Close #22077 Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* Update bleve and zapx to fix unaligned atomic (#22031) (#22218)zeripath2022-12-222-38/+37
| | | | | | | | | | | | | | Backport #22031 There is an unaligned atomic field in zapx 15.3.5 which should have been fixed in a subsequent patch This bug causes issues on 32bit builds. Update bleve and zapx to account for this. Fix #21957 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix container layer display overflow (#22208) (#22211)Lauris BH2022-12-221-1/+1
| | | Backport #22208
* Allow empty assignees on pull request edit (#22150) (#22214)KN4CK3R2022-12-221-0/+5
| | | | | Backport of #22150 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add setting to disable the git apply step in test patch (#22130) (#22170)zeripath2022-12-224-4/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Backport #22130 For a long time Gitea has tested PR patches using a git apply --check method, and in fact prior to the introduction of a read-tree assisted three-way merge in #18004, this was the only way of checking patches. Since #18004, the git apply --check method has been a fallback method, only used when the read-tree three-way merge method has detected a conflict. The read-tree assisted three-way merge method is much faster and less resource intensive method of detecting conflicts. #18004 kept the git apply method around because it was thought possible that this fallback might be able to rectify conflicts that the read-tree three-way merge detected. I am not certain if this could ever be the case. Given the uncertainty here and the now relative stability of the read-tree method - this PR makes using this fallback optional but enables it by default. A `log.Critical` has been added which will alert if the `git apply --check` method was successful at checking a PR that `read-tree` failed on. The hope is that none of these log.Critical messages will be found and there will be no significant difference in conflict detection. Thus we will be able to remove the git apply fallback in future, and/or improve the read-tree three-way merge method to catch any conflicts that git apply method might have been able to fix. An additional benefit for anyone who disables the check method is that patch checking should be significantly less resource intensive and much quicker. (See https://github.com/go-gitea/gitea/issues/22083\#issuecomment-1347961737) Ref #22083 Signed-off-by: Andrew Thornton <art27@cantab.net> <!-- Please check the following: 1. Make sure you are targeting the `main` branch, pull requests on release branches are only allowed for bug fixes. 2. Read contributing guidelines: https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md 3. Describe what your pull request does and which issue you're targeting (if any) --> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Normalize NuGet package version on upload (#22186) (#22200)KN4CK3R2022-12-214-21/+36
| | | | | Backport of #22186 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* fix: update libcurl in docs pipeline (#22204)John Olheiser2022-12-211-1/+2
| | | | | | Backport https://github.com/go-gitea/gitea/pull/22203 Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: silverwind <me@silverwind.io>
* Check for zero time instant in TimeStamp.IsZero() (#22171) (#22172)Gusted2022-12-201-3/+8
| | | | | | | | | | | - Backport of #22171 - Currently, the 'IsZero' function for 'TimeStamp' just checks if the unix time is zero, which is not the behavior of 'Time.IsZero()', but Gitea is using this method in accordance with the behavior of 'Time.IsZero()'. - Adds a new condition to check for the zero time instant. - Fixes a bug where non-expiring GPG keys where shown as they expired on Jan 01, 0001. - Related https://codeberg.org/Codeberg/Community/issues/791
* Ensure that plain files are rendered correctly even when containing ↵zeripath2022-12-194-23/+41
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ambiguous characters (#22017) (#22160) Backport #22017 As recognised in #21841 the rendering of plain text files is somewhat incorrect when there are ambiguous characters as the html code is double escaped. In fact there are several more problems here. We have a residual isRenderedHTML which is actually simply escaping the file - not rendering it. This is badly named and gives the wrong impression. There is also unusual behaviour whether the file is called a Readme or not and there is no way to get to the source code if the file is called README. In reality what should happen is different depending on whether the file is being rendered a README at the bottom of the directory view or not. 1. If it is rendered as a README on a directory - it should simply be escaped and rendered as `<pre>` text. 2. If it is rendered as a file then it should be rendered as source code. This PR therefore does: 1. Rename IsRenderedHTML to IsPlainText 2. Readme files rendered at the bottom of the directory are rendered without line numbers 3. Otherwise plain text files are rendered as source code. Replace #21841 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Do not list active repositories as unadopted (#22034) (#22166)Christian Ullrich2022-12-191-1/+1
| | | | | | | | | | | | | | | | Backport #22034 This fixes a bug where, when searching unadopted repositories, active repositories will be listed as well. This is because the size of the array of repository names to check is larger by one than the `IterateBufferSize`. For an `IterateBufferSize` of 50, the original code will pass 51 repository names but set the query to `LIMIT 50`. If all repositories in the query are active (i.e. not unadopted) one of them will be omitted from the result. Due to the `ORDER BY` clause it will be the oldest (or least recently modified) one. Co-authored-by: Christian Ullrich <christian.ullrich@traditionsa.lu>
* Local storage should not store files as executable (#22162) (#22163)zeripath2022-12-191-1/+2
| | | | | | | | | | | | | | Backport #22162 The PR #21198 introduced a probable security vulnerability which resulted in making all storage files be marked as executable. This PR ensures that these are forcibly marked as non-executable. Fix #22161 Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix heatmap first color being unused (#22158)silverwind2022-12-181-0/+7
| | | | | | | | | | Backport #22157. vue3-calendar-heatmap has the behaviour that the first and second colors are mapped to values null and 0, meaning the second color was not used as intended for values > 0. I think this is a behaviour change from previous vue2 version that was missed during the upgrade. This change makes first and second values the same, so the heatmap can now use one additional color for meaningful values.
* Fix margin and alignment in dashboard repolist (#22120) (#22122)silverwind2022-12-162-4/+8
| | | | | Backport #22120 to 1.18. Seems this has recently regressed, previously, there was a significant whitespace between icon and text, but it seems to be gone, so I added the margin.
* Correctly handle moved files in apply patch (#22118) (#22135)zeripath2022-12-151-0/+3
| | | | | | | | | | | | | | | | | Backport #22118 Moved files in a patch will result in git apply returning: ``` error: {filename}: No such file or directory ``` This wasn't handled by the git apply patch code. This PR adds handling for this. Fix #22083 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Fix condition for is_internal (#22095) (#22132)KN4CK3R2022-12-142-3/+4
| | | | | | | | | | | Backport of #22095 I changed it to a static condition because it needs a new version of xorm which is only available in 1.19. This change is valid because `SearchLatestVersions` is never called to list internal versions and there will no change to this behaviour in <1.19. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Make gitea work using cmd.exe again (#22073) (#22133)zeripath2022-12-141-0/+7
| | | | | | | | | | | | | | Backport #22073 Gitea will attempt to lookup its location using LookPath however, this fails on cmd.exe if gitea is in the current working directory. exec.LookPath will return an exec.ErrDot error which we can test for and then simply using filepath.Abs(os.Args[0]) to absolute gitea against the current working directory. Fix #22063 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix sorting admin user list by last login (#22081) (#22107)aceArt-GmbH2022-12-132-2/+6
|
* Fix parallel creating commit status bug with tests (#21911) (#21989)Lunny Xiao2022-12-133-65/+101
| | | | | | backport #21911 backport #21998 Co-authored-by: silverwind <me@silverwind.io>
* Fix permission check on issue/pull lock (#22113)Lunny Xiao2022-12-121-3/+2
| | | backport #22110
* Workaround for container registry push/pull errors (#21862) (#22068)KN4CK3R2022-12-105-4/+103
| | | | | Backport of #21862 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix issue/PR numbers (#22037) (#22044)Jason Song2022-12-073-9/+11
| | | | | | | | | | | | | | | | | | Backport #22037. When deleting a closed issue, we should update both `NumIssues`and `NumClosedIssues`, or `NumOpenIssues`(`= NumIssues -NumClosedIssues`) will be wrong. It's the same for pull requests. Releated to #21557. Alse fixed two harmless problems: - The SQL to check issue/PR total numbers is wrong, that means it will update the numbers even if they are correct. - Replace legacy `num_issues = num_issues + 1` operations with `UpdateRepoIssueNumbers`. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Handle empty author names (#21902) (#22027)zeripath2022-12-062-2/+8
| | | | | | | | | | | | Backport #21902 Although git does expect that author names should be of the form: `NAME <EMAIL>` some users have been able to create commits with: `<EMAIL>` Fix #21900 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add dumb-init to rootless docker (#22046)Michael Kriese2022-12-061-1/+2
| | | - backport #21775
* Use GhostUser if needed for TrackedTimes (#22021) (#22029)zeripath2022-12-052-15/+24
| | | | | | | | | | | | | Backport #22021 When getting tracked times out of the db and loading their attributes handle not exist errors in a nicer way. (Also prevent an NPE.) Fix #22006 Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Ensure that Chinese punctuation is not ambiguous when locale is Chinese ↵zeripath2022-12-051-0/+6
| | | | | | | | | | | | | | (#22019) (#22030) Backport #22019 Although there are per-locale fallbacks for ambiguity the locale names for Chinese do not quite match our locales. This PR simply maps zh-CN on to zh-hans and other zh variants on to zh-hant. Ref #20999 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix ListBranches to handle empty case (#21921) (#22024)Lunny Xiao2022-12-041-26/+34
| | | | | | | | Fix #21910 Backport #21921 Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Do not emit ambiguous character warning on rendered pages (#22016) (#22018)zeripath2022-12-041-1/+3
| | | | | | | | | | | | | | | Backport #22016 The real sensitivity of ambiguous characters is in source code - therefore warning about them in rendered pages causes too many warnings. Therefore simply remove the warning on rendered pages. The escape button will remain available and it is present on the view source page. Fix #20999 Signed-off-by: Andrew Thornton <art27@cantab.net>
* On tag/branch-exist check, dont panic if repo is nil (#21787) (#21788)65432022-12-042-2/+2
| | | | | backport #21787
* Use path not filepath in template filenames (#21993) (#22022)zeripath2022-12-041-3/+3
| | | | | | | | | | | | Backport #21993 Paths in git are always separated by `/` not `\` - therefore we should `path` and not `filepath` Fix #21987 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
* Multiple improvements for comment edit diff (#21990) (#22007)silverwind2022-12-024-29/+51
| | | | | | | | | | | | | | Backport #21990 - Use explicit avatar size so when JS copies the HTML, the size gets copied with it - Replace icon font use with SVG - Improve styling and diff rendering - Sort lists in `svg.js` Fixes: https://github.com/go-gitea/gitea/issues/21924 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Correct the fallbacks for mailer configuration (#21945) (#21953)zeripath2022-11-275-94/+96
| | | | | | | | | | | | | | | | | Backport #21945 Unfortunately the fallback configuration code for [mailer] that were added in #18982 are incorrect. When you read a value from an ini section that key is added. This leads to a failure of the fallback mechanism. Further there is also a spelling mistake in the startTLS configuration. This PR restructures the mailer code to first map the deprecated settings on to the new ones - and then use ini.MapTo to map those on to the struct with additional validation as necessary. Ref #21744 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Fix markdown anchor re-clicking (#21931) (#21946)silverwind2022-11-271-6/+9
| | | | | | | | | Backport #21931. The hashchange event did not fire on re-click of a active anchor. Instead, use the click event which always fires. Fixes: https://github.com/go-gitea/gitea/issues/21680 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: zeripath <art27@cantab.net>
* Prevent NPE if trying to restore an already restored deleted branch (#21940) ↵zeripath2022-11-252-0/+10
| | | | | | | | | | | | | | (#21944) Backport #21940 If a deleted-branch has already been restored, a request to restore it again will cause a NPE. This PR adds detection for this case, but also disables buttons when they're clicked in order to help prevent accidental repeat requests. Fix #21930 Signed-off-by: Andrew Thornton <art27@cantab.net>
* Add support for HEAD requests in Maven registry (#21834) (#21929)KN4CK3R2022-11-2519-39/+161
| | | | | Backport of #21834 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix button in branch list, avoid unexpected page jump before restore branch ↵Xinyu Zhou2022-11-251-11/+15
| | | | | | | | | actually done (#21562) (#21928) Backport #21562 Signed-off-by: Xinyu Zhou <i@sourcehut.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Lauris BH <lauris@nix.lv>
* add changelog for 1.18.0-rc1 (#21829)v1.18.0-rc1techknowlogick2022-11-241-0/+176
| | | Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix flex layout for repo list icons (#21896) (#21920)Xinyu Zhou2022-11-241-2/+2
| | | | | | | | Backport #21896 #20241 Added a tooltip, which does not satisfy the flex layout, and the icons are not aligned Signed-off-by: Xinyu Zhou <i@sourcehut.net>
* Fix vertical align of committer avatar rendered by email address (#21884) ↵Xinyu Zhou2022-11-242-5/+9
| | | | | | | | | | | | | (#21918) Backport #21884 Committer avatar rendered by `func AvatarByEmail` are not vertical align as `func Avatar` does. - Replace literals `ui avatar` and `ui avatar vm` with the constant `DefaultAvatarClass` Signed-off-by: Xinyu Zhou <i@sourcehut.net>
* Fix setting HTTP headers after write (#21833) (#21877)KN4CK3R2022-11-225-54/+68
| | | | | Backport of #21833 Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Do not allow Ghost access to limited visible user/org (#21849) (#21876)KN4CK3R2022-11-201-2/+3
| | | | Backport of #21849
* Color and Style enhancements (#21784, #21799) (#21868)silverwind2022-11-2014-133/+81
| | | | | | | | Backport #21784 Backport #21799 These PRs provide tweaks and simplification to the less/css selectors, simplifying text color selectors and tweak arc-green colors with a follow-up to adjust the timeline See the original PRs for more details
* Support comma-delimited string as labels in issue template (#21831) (#21873)Jason Song2022-11-207-133/+362
| | | | | | | | | | | | | | Backport #21831. The [labels in issue YAML templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms#top-level-syntax) can be a string array or a comma-delimited string, so a single string should be valid labels. The old codes committed in #20987 ignore this, that's why the warning is displayed: <img width="618" alt="image" src="https://user-images.githubusercontent.com/9418365/202112642-93dc72d0-71c3-40a2-9720-30fc2d48c97c.png"> Fixes #17877.
* Prevent dangling user redirects (#21856) (#21858)Gusted2022-11-182-0/+4
| | | | | | | - Backport #21856 - It's possible that the `user_redirect` table contains a user id that no longer exists. - Delete a user redirect upon deleting the user. - Add a check for these dangling user redirects to check-db-consistency.
* Ignore issue template with a special name (#21830) (#21835)Jason Song2022-11-162-3/+46
| | | | | | | | | | | | | | | | | Backport #21830. A file in `ISSUE_TEMPLATE` with the name `config.yml` shouldn't be treated as a YAML template, it's for [configuring the template chooser](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/configuring-issue-templates-for-your-repository#configuring-the-template-chooser). The old code tried to ignore the file, but it didn't work, caused by #20987. That's why the warning is displayed: <img width="415" alt="image" src="https://user-images.githubusercontent.com/9418365/202094067-804c42fe-0e9e-4fc5-bf01-d95fa336f54f.png"> Note that this PR is not an implementation of `config.yml`, there will be another one to do it.
* Prevent panic in doctor command when running default checks (#21791) (#21807)zeripath2022-11-142-12/+24
| | | | | | | | | | | | | | | | | Backport #21791 There was a bug introduced in #21352 due to a change of behaviour caused by #19280. This causes a panic on running the default doctor checks because the panic introduced by #19280 assumes that the only way opts.StdOut and opts.Stderr can be set in RunOpts is deliberately. Unfortunately, when running a git.Command the provided RunOpts can be set, therefore if you share a common set of RunOpts these two values can be set by the previous commands. This PR stops using common RunOpts for the commands in that doctor check but secondly stops RunCommand variants from changing the provided RunOpts. Signed-off-by: Andrew Thornton <art27@cantab.net>