aboutsummaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Refactor markup render system (#32589)wxiaoguang2024-11-221-11/+6
| | | | This PR mainly moves some code and introduces `RenderContext.WithXxx` functions
* Enhancing Gitea OAuth2 Provider with Granular Scopes for Resource Access ↵Marcell Mars2024-11-221-0/+430
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | (#32573) Resolve #31609 This PR was initiated following my personal research to find the lightest possible Single Sign-On solution for self-hosted setups. The existing solutions often seemed too enterprise-oriented, involving many moving parts and services, demanding significant resources while promising planetary-scale capabilities. Others were adequate in supporting basic OAuth2 flows but lacked proper user management features, such as a change password UI. Gitea hits the sweet spot for me, provided it supports more granular access permissions for resources under users who accept the OAuth2 application. This PR aims to introduce granularity in handling user resources as nonintrusively and simply as possible. It allows third parties to inform users about their intent to not ask for the full access and instead request a specific, reduced scope. If the provided scopes are **only** the typical ones for OIDC/OAuth2—`openid`, `profile`, `email`, and `groups`—everything remains unchanged (currently full access to user's resources). Additionally, this PR supports processing scopes already introduced with [personal tokens](https://docs.gitea.com/development/oauth2-provider#scopes) (e.g. `read:user`, `write:issue`, `read:group`, `write:repository`...) Personal tokens define scopes around specific resources: user info, repositories, issues, packages, organizations, notifications, miscellaneous, admin, and activitypub, with access delineated by read and/or write permissions. The initial case I wanted to address was to have Gitea act as an OAuth2 Identity Provider. To achieve that, with this PR, I would only add `openid public-only` to provide access token to the third party to authenticate the Gitea's user but no further access to the API and users resources. Another example: if a third party wanted to interact solely with Issues, it would need to add `read:user` (for authorization) and `read:issue`/`write:issue` to manage Issues. My approach is based on my understanding of how scopes can be utilized, supported by examples like [Sample Use Cases: Scopes and Claims](https://auth0.com/docs/get-started/apis/scopes/sample-use-cases-scopes-and-claims) on auth0.com. I renamed `CheckOAuthAccessToken` to `GetOAuthAccessTokenScopeAndUserID` so now it returns AccessTokenScope and user's ID. In the case of additional scopes in `userIDFromToken` the default `all` would be reduced to whatever was asked via those scopes. The main difference is the opportunity to reduce the permissions from `all`, as is currently the case, to what is provided by the additional scopes described above. Screenshots: ![Screenshot_20241121_121405](https://github.com/user-attachments/assets/29deaed7-4333-4b02-8898-b822e6f2463e) ![Screenshot_20241121_120211](https://github.com/user-attachments/assets/7a4a4ef7-409c-4116-9d5f-2fe00eb37167) ![Screenshot_20241121_120119](https://github.com/user-attachments/assets/aa52c1a2-212d-4e64-bcdf-7122cee49eb6) ![Screenshot_20241121_120018](https://github.com/user-attachments/assets/9eac318c-e381-4ea9-9e2c-3a3f60319e47) --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add line-through for deleted branch on pull request view page (#32500)Lunny Xiao2024-11-211-1/+2
| | | | | | | | | | | | | Base branch deleted ![图片](https://github.com/user-attachments/assets/bc45aa33-d514-47c8-885a-de9732f2f3d5) branch deleted comment ![图片](https://github.com/user-attachments/assets/83729bbb-2ee8-4bd3-b6f1-780d2daad3d4) Head branch deleted ![图片](https://github.com/user-attachments/assets/90120b22-34a9-4387-aae9-5c882e8d421a)
* disable gravatar in test (#32529)Rowan Bohde2024-11-211-1/+1
| | | | | When running e2e tests on flaky networks, gravatar can cause a timeout and test failures. Turn off, and populate avatars on e2e test suite run to make them reliable.
* Refactor push mirror find and add check for updating push mirror (#32539)Lunny Xiao2024-11-182-43/+80
| | | Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Refactor find forks and fix possible bugs that weak permissions check (#32528)Lunny Xiao2024-11-182-0/+132
| | | | | | | | | | | - Move models/GetForks to services/FindForks - Add doer as a parameter of FindForks to check permissions - Slight performance optimization for get forks API with batch loading of repository units - Add tests for forking repository to organizations --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix basic auth with webauthn (#32531)Lunny Xiao2024-11-161-0/+53
|
* Improve testing and try to fix MySQL hanging (#32515)wxiaoguang2024-11-159-171/+93
| | | | | | | | | | | | | | | | | | | | By some CI fine tunes (`run tests`), SQLite & MSSQL could complete in about 12~13 minutes (before > 14), MySQL could complete in 18 minutes (before: about 23 or even > 30) Major changes: 1. use tmpfs for MySQL storage 1. run `make test-mysql` instead of `make integration-test-coverage` because the code coverage is not really used at the moment. 1. refactor testlogger to make it more reliable and be able to report stuck stacktrace 1. do not requeue failed items when a queue is being flushed (failed items would keep failing and make flush uncompleted) 1. reduce the file sizes for testing 1. use math ChaCha20 random data instead of crypot/rand (for testing purpose only) 1. no need to `DeleteRepository` in `TestLinguist` 1. other related refactoring to make code easier to maintain
* Reduce integration test overhead (#32475)Rowan Bohde2024-11-1473-269/+4
| | | | | | | | | | | | | In profiling integration tests, I found a couple places where per-test overhead could be reduced: * Avoiding disk IO by synchronizing instead of deleting & copying test Git repository data. This saves ~100ms per test on my machine * When flushing queues in `PrintCurrentTest`, invoke `FlushWithContext` in a parallel. --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Refactor render system (#32492)wxiaoguang2024-11-141-3/+24
| | | | | | | | | | | | | | | | | | | There were too many patches to the Render system, it's really difficult to make further improvements. This PR clears the legacy problems and fix TODOs. 1. Rename `RenderContext.Type` to `RenderContext.MarkupType` to clarify its usage. 2. Use `ContentMode` to replace `meta["mode"]` and `IsWiki`, to clarify the rendering behaviors. 3. Use "wiki" mode instead of "mode=gfm + wiki=true" 4. Merge `renderByType` and `renderByFile` 5. Add more comments ---- The problem of "mode=document": in many cases it is not set, so many non-comment places use comment's hard line break incorrectly
* Fix LFS route mock, realm, middleware names (#32488)wxiaoguang2024-11-131-14/+16
| | | | | | | | | | 1. move "internal-lfs" route mock to "common-lfs" 2. fine tune tests 3. fix "realm" strings, according to RFC: https://datatracker.ietf.org/doc/html/rfc2617: * realm = "realm" "=" realm-value * realm-value = quoted-string 4. clarify some names of the middlewares, rename `ignXxx` to `optXxx` to match `reqXxx`, and rename ambiguous `requireSignIn` to `reqGitSignIn`
* Fix test fixtures for user2/lfs.git (#32477)wxiaoguang2024-11-126-8/+13
|
* Refactor LFS SSH and internal routers (#32473)wxiaoguang2024-11-125-147/+238
| | | | | | | | | | | | | | | | | | Gitea instance keeps reporting a lot of errors like "LFS SSH transfer connection denied, pure SSH protocol is disabled". When starting debugging the problem, there are more problems found. Try to address most of them: * avoid unnecessary server side error logs (change `fail()` to not log them) * figure out the broken tests/user2/lfs.git (added comments) * avoid `migratePushMirrors` failure when a repository doesn't exist (ignore them) * avoid "Authorization" (internal&lfs) header conflicts, remove the tricky "swapAuth" and use "X-Gitea-Internal-Auth" * make internal token comparing constant time (it wasn't a serous problem because in a real world it's nearly impossible to timing-attack the token, but good to fix and backport) * avoid duplicate routers (introduce AddOwnerRepoGitLFSRoutes) * avoid "internal (private)" routes using session/web context (they should use private context) * fix incorrect "path" usages (use "filepath") * fix incorrect mocked route point handling (need to check func nil correctly) * split some tests from "git general tests" to "git misc tests" (to keep "git_general_test.go" simple) Still no correct result for Git LFS SSH tests. So the code is kept there (`tests/integration/git_lfs_ssh_test.go`) and a FIXME explains the details.
* Add reviewers selection to new pull request (#32403)Calvin K2024-11-094-5/+12
| | | | | | | | | | Users could add reviewers when creating new PRs. --------- Co-authored-by: splitt3r <splitt3r@users.noreply.github.com> Co-authored-by: Sebastian Sauer <sauer.sebastian@gmail.com> Co-authored-by: bb-ben <70356237+bboerben@users.noreply.github.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix broken releases when re-pushing tags (#32435)Zettat1232024-11-081-0/+47
| | | Fix #32427
* Include file extension checks in attachment API (#32151)Kemal Zebari2024-11-063-2/+83
| | | | | | From testing, I found that issue posters and users with repository write access are able to edit attachment names in a way that circumvents the instance-level file extension restrictions using the edit attachment APIs. This snapshot adds checks for these endpoints.
* Updated tokenizer to better matching when search for code snippets (#32261)Bruno Sofiato2024-11-0612-5/+6
| | | | | | | | | | | | | | | | | | | | This PR improves the accuracy of Gitea's code search. Currently, Gitea does not consider statements such as `onsole.log("hello")` as hits when the user searches for `log`. The culprit is how both ES and Bleve are tokenizing the file contents (in both cases, `console.log` is a whole token). In ES' case, we changed the tokenizer to [simple_pattern_split](https://www.elastic.co/guide/en/elasticsearch/reference/current/analysis-simplepatternsplit-tokenizer.html#:~:text=The%20simple_pattern_split%20tokenizer%20uses%20a,the%20tokenization%20is%20generally%20faster.). In such a case, tokens are words formed by digits and letters. In Bleve's case, it employs a [letter](https://blevesearch.com/docs/Tokenizers/) tokenizer. Resolves #32220 --------- Signed-off-by: Bruno Sofiato <bruno.sofiato@gmail.com>
* Fix milestone deadline and date related problems (#32339)Lunny Xiao2024-11-052-15/+12
| | | | | | | | | Use zero instead of 9999-12-31 for deadline Fix #32291 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>
* Refactor RepoRefByType (#32413)wxiaoguang2024-11-051-10/+10
| | | | | 1. clarify the "filepath" could(should) contain "{ref}" 2. remove unclear RepoRefLegacy and RepoRefAny, use RepoRefUnknown to guess 3. by the way, avoid using AppURL
* Refactor tests to prevent from unnecessary preparations (#32398)wxiaoguang2024-11-013-51/+55
|
* Add artifacts test fixture (#30300)Kyle D.2024-11-017-37/+69
| | | | | | | | | | | | Closes https://github.com/go-gitea/gitea/issues/30296 - Adds a DB fixture for actions artifacts - Adds artifacts test files - Clears artifacts test files between each run - Note: I initially initialized the artifacts only for artifacts tests, but because the files are small it only takes ~8ms, so I changed it to always run in test setup for simplicity - Fix some otherwise flaky tests by making them not depend on previous tests
* Fix db engine (#32351)wxiaoguang2024-10-271-0/+35
| | | Fix #32349
* Make admins adhere to branch protection rules (#32248)Tim2024-10-231-0/+47
| | | | | | | | | | | | This introduces a new flag `BlockAdminMergeOverride` on the branch protection rules that prevents admins/repo owners from bypassing branch protection rules and merging without approvals or failing status checks. Fixes #17131 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Giteabot <teabot@gitea.io>
* Make git push options accept short name (#32245)wxiaoguang2024-10-121-0/+57
| | | | | Just like what most CLI parsers do: `--opt` means `opt=true` Then users could use `-o force-push` as `-o force-push=true`
* Allow code search by filename (#32210)Bruno Sofiato2024-10-1124-5/+90
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a large and complex PR, so let me explain in detail its changes. First, I had to create new index mappings for Bleve and ElasticSerach as the current ones do not support search by filename. This requires Gitea to recreate the code search indexes (I do not know if this is a breaking change, but I feel it deserves a heads-up). I've used [this approach](https://www.elastic.co/guide/en/elasticsearch/reference/7.17/analysis-pathhierarchy-tokenizer.html) to model the filename index. It allows us to efficiently search for both the full path and the name of a file. Bleve, however, does not support this out-of-box, so I had to code a brand new [token filter](https://blevesearch.com/docs/Token-Filters/) to generate the search terms. I also did an overhaul in the `indexer_test.go` file. It now asserts the order of the expected results (this is important since matches based on the name of a file are more relevant than those based on its content). I've added new test scenarios that deal with searching by filename. They use a new repo included in the Gitea fixture. The screenshot below depicts how Gitea shows the search results. It shows results based on content in the same way as the current version does. In matches based on the filename, the first seven lines of the file contents are shown (BTW, this is how GitHub does it). ![image](https://github.com/user-attachments/assets/9d938d86-1a8d-4f89-8644-1921a473e858) Resolves #32096 --------- Signed-off-by: Bruno Sofiato <bruno.sofiato@gmail.com>
* Allow maintainers to view and edit files of private repos when "Allow ↵Zettat1232024-10-111-0/+78
| | | | | maintainers to edit" is enabled (#32215) Fix #31539
* Improve the maintainblity of the reserved username list (#32229)wxiaoguang2024-10-101-36/+9
|
* Move admin routers from /admin to /-/admin (#32189)Lunny Xiao2024-10-104-13/+12
| | | | | | | Resolve #32181 --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Refactor CSRF token (#32216)wxiaoguang2024-10-1025-116/+80
|
* Fix bug when a token is given public only (#32204)Lunny Xiao2024-10-083-1/+57
|
* Add support for searching users by email (#30908)yp053272024-10-041-0/+36
| | | | | | | Fix #30898 we have an option `SearchByEmail`, so enable it, then we can search user by email. Also added a test for it.
* Fix PR creation on forked repositories (#31863)Job2024-10-041-0/+27
| | | Resolves #20475
* add {{TEST_MINIO_ENDPOINT}} for local testing "with/without" docker + fix ↵sommerf-lf2024-10-033-7/+15
| | | | | | | | | | | | | | | | | | pgsql testing doc (#32105) while testing i found out that testing locally as documented in the changed README.md for pgsql isn't working because of the minio dependency. reworked this to by default be still docker, but allow for for local with only minio in docker and testing on bare metal. also depending on this: fixed docs for running pgsql test Closes: #32168 (by changing documentation for pgsql tests) Closes: #32169 (by changing documentation, Makefile & pgsql.ini.tmpl: adding {{TEST_MINIO_ENDPOINT}}) sry for the combined pr, but when testing I ran into this issue and first thought they were related and now finally address the same problem: not beeing able to run pgsql integration tests as described in the according README.md
* Make oauth2 code clear. Move oauth2 provider code to their own ↵Lunny Xiao2024-10-021-14/+14
| | | | | | packages/files (#32148) Fix #30266 Replace #31533
* Support repo license (#24872)yp053272024-10-016-3/+85
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Close #278 Close #24076 ## Solutions: - Use [google/licenseclassifier](https://github.com/google/licenseclassifier/) Test result between [google/licensecheck](https://github.com/google/licensecheck) and [go-license-detector](https://github.com/go-enry/go-license-detector): https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167 Test result between [google/licensecheck](https://github.com/google/licensecheck) and [google/licenseclassifier](https://github.com/google/licenseclassifier/): https://github.com/go-gitea/gitea/pull/24872#issuecomment-1576092178 - Generate License Convert Name List to avoid import license templates with same contents Gitea automatically get latest license data from[ spdx/license-list-data](https://github.com/spdx/license-list-data). But unfortunately, some license templates have same contents. #20915 [click here to see the list](https://github.com/go-gitea/gitea/pull/24872#issuecomment-1584141684) So we will generate a list of these license templates with same contents and create a new file to save the result when using `make generate-license`. (Need to decide the save path) - Save License info into a new table `repo_license` Can easily support searching repo by license in the future. ## Screen shot Single License: ![image](https://github.com/go-gitea/gitea/assets/18380374/41260bd7-0b4c-4038-8592-508706cffa9f) Multiple Licenses: ![image](https://github.com/go-gitea/gitea/assets/18380374/34ce2f73-7e18-446b-9b96-ecc4fb61bd70) Triggers: - [x] Push commit to default branch - [x] Create repo - [x] Mirror repo - [x] When Default Branch is changed, licenses should be updated Todo: - [x] Save Licenses info in to DB when there's a change to license file in the commit - [x] DB Migration - [x] A nominal test? - [x] Select which library to use(https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167) - [x] API Support - [x] Add repo license table - ~Select license in settings if there are several licenses(Not recommended)~ - License board(later, not in this PR) ![image](https://github.com/go-gitea/gitea/assets/18380374/2c3c3bf8-bcc2-4c6d-8ce0-81d1a9733878) --------- Co-authored-by: silverwind <me@silverwind.io> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Denys Konovalov <kontakt@denyskon.de> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: 6543 <m.huber@kithara.com> Co-authored-by: a1012112796 <1012112796@qq.com> Co-authored-by: techknowlogick <techknowlogick@gitea.com>
* Fix the logic of finding the latest pull review commit ID (#32139)Zettat1232024-10-012-1/+35
| | | Fix #31423
* Ensure `GetCSRF` doesn't return an empty token (#32130)Jason Song2024-09-303-11/+9
| | | | | | | | | | | | Since page templates keep changing, some pages that contained forms with CSRF token no longer have them. It leads to some calls of `GetCSRF` returning an empty string, which fails the tests. Like https://github.com/go-gitea/gitea/blob/3269b04d61ffe6a7ce462cd05ee150e4491124e8/tests/integration/attachment_test.go#L62-L63 The test did try to get the CSRF token and provided it, but it was empty.
* Fix bug in getting merged pull request by commit (#32079)Zettat1232024-09-241-0/+16
|
* Fix rename branch permission bug (#32066)Lunny Xiao2024-09-221-4/+4
| | | | | | The previous implementation requires admin permission to rename branches which should be write permission. Fix #31993
* Fix artifact v4 upload above 8MB (#31664)ChristopherHX2024-09-221-0/+130
| | | | | | | | | | | | Multiple chunks are uploaded with type "block" without using "appendBlock" and eventually out of order for bigger uploads. 8MB seems to be the chunk size This change parses the blockList uploaded after all blocks to get the final artifact size and order them correctly before calculating the sha256 checksum over all blocks Fixes #31354
* Add bin to Composer Metadata (#32099)Jamie Schouten2024-09-211-1/+7
| | | | | | | | | | | | | This PR addresses the missing `bin` field in Composer metadata, which currently causes vendor-provided binaries to not be symlinked to `vendor/bin` during installation. In the current implementation, running `composer install` does not publish the binaries, leading to issues where expected binaries are not available. By properly declaring the `bin` field, this PR ensures that binaries are correctly symlinked upon installation, as described in the [Composer documentation](https://getcomposer.org/doc/articles/vendor-binaries.md).
* Fix upload maven pacakge parallelly (#31851)Lunny Xiao2024-09-211-0/+33
| | | | | | | Use globallock for maven package uploads. Thanks @tlusser for the test code. Depends on ~#31813~
* Fix incorrect `/tokens` api (#32085)KN4CK3R2024-09-201-20/+11
| | | | | | | | | | Fixes #32078 - Add missing scopes output. - Disallow empty scope. --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Fix: database not update release when using `git push --tags --force` (#32040)Exploding Dragon2024-09-181-0/+36
| | | | | | | link: https://codeberg.org/forgejo/forgejo/issues/4274 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor CSRF protector (#32057)wxiaoguang2024-09-183-33/+8
| | | | | | Remove unused CSRF options, decouple "new csrf protector" and "prepare" logic, do not redirect to home page if CSRF validation falis (it shouldn't happen in daily usage, if it happens, redirecting to home doesn't help either but just makes the problem more complex for "fetch")
* Add missing comment reply handling (#32050)KN4CK3R2024-09-171-139/+143
| | | | | | | | | Fixes #31937 - Add missing comment reply handling - Use `onGiteaRun` in the test because the fixtures are not present otherwise (did this behaviour change?) Compare without whitespaces.
* Handle invalid target when creating releases using API (#31841)Kemal Zebari2024-09-121-0/+18
| | | | | | | A 500 status code was thrown when passing a non-existent target to the create release API. This snapshot handles this error and instead throws a 404 status code. Discovered while working on #31840.
* bump to go 1.23 (#31855)techknowlogick2024-09-102-4/+4
|
* Remove SHA1 for support for ssh rsa signing (#31857)Wim2024-09-071-1/+1
| | | | | | | | | | | | https://github.com/go-fed/httpsig seems to be unmaintained. Switch to github.com/42wim/httpsig which has removed deprecated crypto and default sha256 signing for ssh rsa. No impact for those that use ed25519 ssh certificates. This is a breaking change for: - gitea.com/gitea/tea (go-sdk) - I'll be sending a PR there too - activitypub using deprecated crypto (is this actually used?)
* Fix nuget/conan/container packages upload bugs (#31967)Lunny Xiao2024-09-053-70/+383
|