summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Add package registry cleanup rules (#21658)KN4CK3R2022-11-201-13/+162
| | | | | | | | | | | | | | | | | | | | | | | | | Fixes #20514 Fixes #20766 Fixes #20631 This PR adds Cleanup Rules for the package registry. This allows to delete unneeded packages automatically. Cleanup rules can be set up from the user or org settings. Please have a look at the documentation because I'm not a native english speaker. Rule Form ![grafik](https://user-images.githubusercontent.com/1666336/199330792-c13918a6-e196-4e71-9f53-18554515edca.png) Rule List ![grafik](https://user-images.githubusercontent.com/1666336/199331261-5f6878e8-a80c-4985-800d-ebb3524b1a8d.png) Rule Preview ![grafik](https://user-images.githubusercontent.com/1666336/199330917-c95e4017-cf64-4142-a3e4-af18c4f127c3.png) Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add `context.Context` to more methods (#21546)KN4CK3R2022-11-198-20/+26
| | | | | | | This PR adds a context parameter to a bunch of methods. Some helper `xxxCtx()` methods got replaced with the normal name now. Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Add package registry quota limits (#21584)KN4CK3R2022-11-091-0/+34
| | | | | | | | | | Related #20471 This PR adds global quota limits for the package registry. Settings for individual users/orgs can be added in a seperate PR using the settings table. Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Remove semver compatible flag and change pypi to an array of test cases (#21708)Wayne Starr2022-11-081-3/+3
| | | | | | | | This addresses #21707 and adds a second package test case for a non-semver compatible version (this might be overkill though since you could also edit the old package version to have an epoch in front and see the error, this just seemed more flexible for the future). Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
* Allow local package identifiers for PyPI packages (#21690)KN4CK3R2022-11-071-2/+2
| | | | | Fixes #21683 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Improve valid user name check (#20136)wxiaoguang2022-11-041-4/+18
| | | | | | | | | | | | | Close https://github.com/go-gitea/gitea/issues/21640 Before: Gitea can create users like ".xxx" or "x..y", which is not ideal, it's already a consensus that dot filenames have special meanings, and `a..b` is a confusing name when doing cross repo compare. After: stricter Co-authored-by: Jason Song <i@wolfogre.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: delvh <dev.lh@web.de>
* Add Webhook authorization header (#20926)oliverpool2022-11-031-0/+47
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | _This is a different approach to #20267, I took the liberty of adapting some parts, see below_ ## Context In some cases, a weebhook endpoint requires some kind of authentication. The usual way is by sending a static `Authorization` header, with a given token. For instance: - Matrix expects a `Bearer <token>` (already implemented, by storing the header cleartext in the metadata - which is buggy on retry #19872) - TeamCity #18667 - Gitea instances #20267 - SourceHut https://man.sr.ht/graphql.md#authentication-strategies (this is my actual personal need :) ## Proposed solution Add a dedicated encrypt column to the webhook table (instead of storing it as meta as proposed in #20267), so that it gets available for all present and future hook types (especially the custom ones #19307). This would also solve the buggy matrix retry #19872. As a first step, I would recommend focusing on the backend logic and improve the frontend at a later stage. For now the UI is a simple `Authorization` field (which could be later customized with `Bearer` and `Basic` switches): ![2022-08-23-142911](https://user-images.githubusercontent.com/3864879/186162483-5b721504-eef5-4932-812e-eb96a68494cc.png) The header name is hard-coded, since I couldn't fine any usecase justifying otherwise. ## Questions - What do you think of this approach? @justusbunsi @Gusted @silverwind - ~~How are the migrations generated? Do I have to manually create a new file, or is there a command for that?~~ - ~~I started adding it to the API: should I complete it or should I drop it? (I don't know how much the API is actually used)~~ ## Done as well: - add a migration for the existing matrix webhooks and remove the `Authorization` logic there _Closes #19872_ Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: delvh <dev.lh@web.de>
* feat: notify doers of a merge when automerging (#21553)kolaente2022-11-031-3/+3
| | | | | | | | | | | | | | | | | | | | | | I found myself wondering whether a PR I scheduled for automerge was actually merged. It was, but I didn't receive a mail notification for it - that makes sense considering I am the doer and usually don't want to receive such notifications. But ideally I want to receive a notification when a PR was merged because I scheduled it for automerge. This PR implements exactly that. The implementation works, but I wonder if there's a way to avoid passing the "This PR was automerged" state down so much. I tried solving this via the database (checking if there's an automerge scheduled for this PR when sending the notification) but that did not work reliably, probably because sending the notification happens async and the entry might have already been deleted. My implementation might be the most straightforward but maybe not the most elegant. Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Split migrations folder (#21549)Lunny Xiao2022-11-021-2/+3
| | | | There are too many files in `models/migrations` folder so that I split them into sub folders.
* Replace all instances of fmt.Errorf(%v) with fmt.Errorf(%w) (#21551)delvh2022-10-241-1/+1
| | | | | | | | | Found using `find . -type f -name '*.go' -print -exec vim {} -c ':%s/fmt\.Errorf(\(.*\)%v\(.*\)err/fmt.Errorf(\1%w\2err/g' -c ':wq' \;` Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Andrew Thornton <art27@cantab.net> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix package access for admins and inactive users (#21580)KN4CK3R2022-10-242-0/+26
| | | | | | | | I noticed an admin is not allowed to upload packages for other users because `ctx.IsSigned` was not set. I added a check for `user.IsActive` and `user.ProhibitLogin` too because both was not checked. Tests enforce this now. Co-authored-by: Lauris BH <lauris@nix.lv>
* Allow for resolution of NPM registry paths that match upstream (#21568)Wayne Starr2022-10-241-1/+7
| | | | | | | | | | | | This PR fixes issue #21567 allowing for package tarball URLs to match the upstream registry (and GitLab/JFrog Artifactory URLs). It uses a regex to parse the filename (which contains the NPM version) and does a fuzzy search to pull it out. The regex was built/expanded from http://json.schemastore.org/package, https://github.com/Masterminds/semver, and https://docs.npmjs.com/cli/v6/using-npm/semver and is testable here: https://regex101.com/r/OydBJq/5 Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Record OAuth client type at registration (#21316)M Hickford2022-10-242-0/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The OAuth spec [defines two types of client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1), confidential and public. Previously Gitea assumed all clients to be confidential. > OAuth defines two client types, based on their ability to authenticate securely with the authorization server (i.e., ability to > maintain the confidentiality of their client credentials): > > confidential > Clients capable of maintaining the confidentiality of their credentials (e.g., client implemented on a secure server with > restricted access to the client credentials), or capable of secure client authentication using other means. > > **public > Clients incapable of maintaining the confidentiality of their credentials (e.g., clients executing on the device used by the resource owner, such as an installed native application or a web browser-based application), and incapable of secure client authentication via any other means.** > > The client type designation is based on the authorization server's definition of secure authentication and its acceptable exposure levels of client credentials. The authorization server SHOULD NOT make assumptions about the client type. https://datatracker.ietf.org/doc/html/rfc8252#section-8.4 > Authorization servers MUST record the client type in the client registration details in order to identify and process requests accordingly. Require PKCE for public clients: https://datatracker.ietf.org/doc/html/rfc8252#section-8.1 > Authorization servers SHOULD reject authorization requests from native apps that don't use PKCE by returning an error message Fixes #21299 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor git command arguments and make all arguments to be safe to be used ↵wxiaoguang2022-10-235-26/+26
| | | | | | | (#21535) Follow #21464 Make all git command arguments strictly safe. Most changes are one-to-one replacing, keep all existing logic.
* Require authentication for OAuth token refresh (#21421)M Hickford2022-10-231-12/+39
| | | | | | | | | | | | | | According to the OAuth spec https://datatracker.ietf.org/doc/html/rfc6749#section-6 when "Refreshing an Access Token" > The authorization server MUST ... require client authentication for confidential clients Fixes #21418 Co-authored-by: Gusted <williamzijl7@hotmail.com> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Check for valid user token in integration tests (#21520)Vladimir Yakovlev2022-10-201-2/+3
| | | | | | | | | | Added checks for logged user token. Some builds fail at unrelated tests, due to missing token. Example: https://drone.gitea.io/go-gitea/gitea/62011/2/14 Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add team member invite by email (#20307)KN4CK3R2022-10-191-0/+72
| | | | | | | | | | | | | | | | | | | | | | | Allows to add (not registered) team members by email. related #5353 Invite by mail: ![grafik](https://user-images.githubusercontent.com/1666336/178154779-adcc547f-c0b7-4a2a-a131-4e41a3d9d3ad.png) Pending invitations: ![grafik](https://user-images.githubusercontent.com/1666336/178154882-9d739bb8-2b04-46c1-a025-c1f4be26af98.png) Email: ![grafik](https://user-images.githubusercontent.com/1666336/178164716-f2f90893-7ba6-4a5e-a3db-42538a660258.png) Join form: ![grafik](https://user-images.githubusercontent.com/1666336/178154840-aaab983a-d922-4414-b01a-9b1a19c5cef7.png) Co-authored-by: Jack Hay <jjphay@gmail.com>
* Add some api integration tests (#18872)KN4CK3R2022-10-186-0/+400
| | | | | | | | | | depends on #18871 Added some api integration tests to help testing of #18798. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Enforce grouped NuGet search results (#21442)KN4CK3R2022-10-171-24/+66
| | | | | | | | Fixes #21434 Added tests to enforce this behaviour. Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Add support for Chocolatey/NuGet v2 API (#21393)KN4CK3R2022-10-131-73/+234
| | | | | | | | Fixes #21294 This PR adds support for NuGet v2 API. Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix #21406: Hide repo information from file view/blame mode (#21420)Neel2022-10-131-2/+77
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | # Summary The repo information such as description, stats and topics are getting displayed in the top-bar when viewing a file. This has been fixed to display the repo information only while navigating the repo and not while viewing or blaming a file from the repo ## Before fix Screenshot from the issue ![image](https://user-images.githubusercontent.com/47709856/195278543-9afbb735-7bd3-4f42-b3ba-da514c6989d2.png) ## After the fix - **Repo homepage** The repo description, topics and summary will be displayed ![image](https://user-images.githubusercontent.com/47709856/195443913-2ca967cd-6694-4a97-98d0-4d0750692b5d.png) - **When opening a file** The repo description, topic and summary has been conditionally hidden from the view <img width="1311" alt="image" src="https://user-images.githubusercontent.com/47709856/195278964-9479231c-62ad-4c0e-b438-2018f22289db.png"> - **When running blame on a file** > This was originally not part of the issue #21406. However the fix seems relevant for the blame view as well. <img width="1312" alt="image" src="https://user-images.githubusercontent.com/47709856/195279619-02010775-aec3-4c8d-a184-d2d838c797e8.png"> - **From within a directory** The repo description, topics and summary will not be displayed ![image](https://user-images.githubusercontent.com/47709856/195444080-ff5b2def-7e0f-47d7-b54a-7e9df5f9edd8.png) Supporting integration tests have also been added.
* Case-insensitive NuGet symbol file GUID (#21409)Hubert Wawrzyńczyk2022-10-121-1/+1
| | | | | | | NuGet symbol file lookup returned 404 on Visual Studio 2019 due to case-sensitive api router. The api router should accept case-insensitive GUID. Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Improve OAuth integration tests (#21390)M Hickford2022-10-121-32/+132
| | | | | | | In particular, test explicit error responses. No change to behaviour. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Use Name instead of DisplayName in LFS Lock (#21415)KN4CK3R2022-10-111-3/+4
| | | | | Fixes #21268 Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* npm package registry support for `bin` (#21372)eleith2022-10-081-0/+6
| | | | | | | | | | | | | | | | | | | | | Fix #21303 npm package.json supports binary packaging: https://docs.npmjs.com/cli/v8/configuring-npm/package-json#bin the npm registry documents that the binary references will be attached to the abbreviated version object: https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-object unfortunately their api documentation leaves this out: https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-objectdoc which is likely to be the reason this was left out in gitea's initial implementation this response is critical for npm to install the binary in the `.bin` folder so as to be included on the users default bin path, resulting in immediate access to any binaries provided by the package
* Add GET and DELETE endpoints for Docker blob uploads (#21367)KN4CK3R2022-10-071-2/+38
| | | | | | | | | | This PR adds support for https://docs.docker.com/registry/spec/api/#get-blob-upload https://docs.docker.com/registry/spec/api/#delete-blob-upload Both are not required by the OCI spec but some clients call these endpoints. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Make external issue tracker regexp configurable via API (#21338)Andrew Imeson2022-10-071-3/+15
| | | | | Fixes #21336 Signed-off-by: Andrew Imeson <andrew@andrewimeson.com>
* Set SemverCompatible to false for Conan packages (#21275)KN4CK3R2022-10-071-1/+1
| | | | | | | | Fixes #21250 Related #20414 Conan packages don't have to follow SemVer. The migration fixes the setting for all existing Conan and Generic (#20414) packages.
* Add name field for org api (#21270)KN4CK3R2022-09-293-4/+8
| | | | | | | | related #21205 The field `UserName` is not really usefull for an organization. This adds a second `Name` field. The [GitHub API](https://docs.github.com/en/rest/orgs/orgs#get-an-organization) uses `name` too. `UserName` should be deprecated then.
* Add API endpoint to get changed files of a PR (#21177)qwerty2872022-09-291-4/+44
| | | | | | | | | | This adds an api endpoint `/files` to PRs that allows to get a list of changed files. built upon #18228, reviews there are included closes https://github.com/go-gitea/gitea/issues/654 Co-authored-by: Anton Bracke <anton@ju60.de> Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Better repo API unit checks (#21130)John Olheiser2022-09-281-2/+1
| | | | | | | | | | | | | | | | | | | | This PR would presumably Fix #20522 Fix #18773 Fix #19069 Fix #21077 Fix #13622 ----- 1. Check whether unit type is currently enabled 2. Check if it _will_ be enabled via opt 3. Allow modification as necessary Signed-off-by: jolheiser <john.olheiser@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: 6543 <6543@obermui.de>
* Make NuGet service index publicly accessible (#21242)KN4CK3R2022-09-241-30/+50
| | | | | | | | | | | | Addition to #20734, Fixes #20717 The `/index.json` endpoint needs to be accessible even if the registry is private. The NuGet client uses this endpoint without authentification. The old fix only works if the NuGet cli is used with `--source <name>` but not with `--source <url>/index.json`. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* NPM Package Registry search API endpoint (#20280)Jack Vine2022-09-241-0/+31
| | | | | | | | | | Close #20098, in the NPM registry API, implemented to match what's described by https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#get-v1search Currently have only implemented the bare minimum to work with the [Unity Package Manager](https://docs.unity3d.com/Manual/upm-ui.html). Co-authored-by: Jack Vine <jackv@jack-lemur-suse.cat-prometheus.ts.net> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Prevent invalid behavior for file reviewing when loading more files (#21230)delvh2022-09-221-2/+2
| | | | | | | | | | | | | | The problem was that many PR review components loaded by `Show more` received the same ID as previous batches, which confuses browsers (when clicked). All such occurrences should now be fixed. Additionally improved the background of the `viewed` checkbox. Lastly, the `go-licenses.json` was automatically updated. Fixes #21228. Fixes #20681. Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Respect `REQUIRE_SIGNIN_VIEW` for packages (#20873)KN4CK3R2022-09-211-0/+13
| | | | | | | | Fix #20863 When REQUIRE_SIGNIN_VIEW = true, even with public repositories, you can only see them after you login. The packages should not be accessed without login. Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Fix user visible check (#21210)KN4CK3R2022-09-201-1/+1
| | | | | | | | | | Fixes #21206 If user and viewer are equal the method should return true. Also the common organization check was wrong as `count` can never be less then 0. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* [API] teamSearch show teams with no members if user is admin (#21204)65432022-09-191-0/+36
| | | close #21176
* Remove fomantic image module (#21145)silverwind2022-09-122-3/+3
| | | | | | | | | Remove this small, but unnecessary [module](https://fomantic-ui.com/elements/image.html) and use `img` selector over previous `.image`. Did a few tests, could not notice any visual regression. Co-authored-by: 6543 <6543@obermui.de> Co-authored-by: Lauris BH <lauris@nix.lv>
* Fix various typos (#21103)luzpaz2022-09-071-1/+1
| | | | | | | Found via `codespell -q 3 -S ./options/locale,./options/license,./public/vendor,./web_src/fomantic -L actived,allways,attachements,ba,befores,commiter,pullrequest,pullrequests,readby,splitted,te,unknwon` Co-authored-by: techknowlogick <techknowlogick@gitea.io>
* Move go-licenses to generate and separate generate into a frontend and ↵zeripath2022-09-057-0/+7
| | | | | | | | | | | | | | | | | | | | | | backend component (#21061) The `go-licenses` make task introduced in #21034 is being run on make vendor and occasionally causes an empty go-licenses file if the vendors need to change. This should be moved to the generate task as it is a generated file. Now because of this change we also need to split generation into two separate steps: 1. `generate-backend` 2. `generate-frontend` In the future it would probably be useful to make `generate-swagger` part of `generate-frontend` but it's not tolerated with our .drone.yml Ref #21034 Signed-off-by: Andrew Thornton <art27@cantab.net> Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: delvh <dev.lh@web.de>
* test: use `T.TempDir` to create temporary test directory (#21043)Eng Zer Jun2022-09-0411-89/+32
| | | | | | | | | | | | | | | | | | | | | | | | A testing cleanup. This pull request replaces `os.MkdirTemp` with `t.TempDir`. We can use the `T.TempDir` function from the `testing` package to create temporary directory. The directory created by `T.TempDir` is automatically removed when the test and all its subtests complete. This saves us at least 2 lines (error check, and cleanup) on every instance, or in some cases adds cleanup that we forgot. Reference: https://pkg.go.dev/testing#T.TempDir ```go func TestFoo(t *testing.T) { // before tmpDir, err := os.MkdirTemp("", "") require.NoError(t, err) defer os.RemoveAll(tmpDir) // now tmpDir := t.TempDir() } ``` Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
* Kd/ci playwright go test (#20123)Kyle D2022-09-02628-0/+26871
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Add initial playwright config * Simplify Makefile * Simplify Makefile * Use correct config files * Update playwright settings * Fix package-lock file * Don't use test logger for e2e tests * fix frontend lint * Allow passing TEST_LOGGER variable * Init postgres database * use standard gitea env variables * Update playwright * update drone * Move empty env var to commands * Cleanup * Move integrations to subfolder * tests integrations to tests integraton * Run e2e tests with go test * Fix linting * install CI deps * Add files to ESlint * Fix drone typo * Don't log to console in CI * Use go test http server * Add build step before tests * Move shared init function to common package * fix drone * Clean up tests * Fix linting * Better mocking for page + version string * Cleanup test generation * Remove dependency on gitea binary * Fix linting * add initial support for running specific tests * Add ACCEPT_VISUAL variable * don't require git-lfs * Add initial documentation * Review feedback * Add logged in session test * Attempt fixing drone race * Cleanup and bump version * Bump deps * Review feedback * simplify installation * Fix ci * Update install docs
* Batch mirror fixUnknown2014-04-263-39/+0
|
* Prepare for 0.2.0 releaseUnknown2014-03-311-4/+6
|
* add go functestskyblue2014-03-314-18/+19
|
* add testsskyblue2014-03-313-0/+36