summaryrefslogtreecommitdiffstats
path: root/tests
Commit message (Collapse)AuthorAgeFilesLines
* Simplify how git repositories are opened (#28937)Lunny Xiao2024-01-2712-23/+31
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ## Purpose This is a refactor toward building an abstraction over managing git repositories. Afterwards, it does not matter anymore if they are stored on the local disk or somewhere remote. ## What this PR changes We used `git.OpenRepository` everywhere previously. Now, we should split them into two distinct functions: Firstly, there are temporary repositories which do not change: ```go git.OpenRepository(ctx, diskPath) ``` Gitea managed repositories having a record in the database in the `repository` table are moved into the new package `gitrepo`: ```go gitrepo.OpenRepository(ctx, repo_model.Repo) ``` Why is `repo_model.Repository` the second parameter instead of file path? Because then we can easily adapt our repository storage strategy. The repositories can be stored locally, however, they could just as well be stored on a remote server. ## Further changes in other PRs - A Git Command wrapper on package `gitrepo` could be created. i.e. `NewCommand(ctx, repo_model.Repository, commands...)`. `git.RunOpts{Dir: repo.RepoPath()}`, the directory should be empty before invoking this method and it can be filled in the function only. #28940 - Remove the `RepoPath()`/`WikiPath()` functions to reduce the possibility of mistakes. --------- Co-authored-by: delvh <dev.lh@web.de>
* Preserve BOM in web editor (#28935)silverwind2024-01-271-1/+1
| | | | | | | | | | | | | | | | | | | The `ToUTF8*` functions were stripping BOM, while BOM is actually valid in UTF8, so the stripping must be optional depending on use case. This does: - Add a options struct to all `ToUTF8*` functions, that by default will strip BOM to preserve existing behaviour - Remove `ToUTF8` function, it was dead code - Rename `ToUTF8WithErr` to `ToUTF8` - Preserve BOM in Monaco Editor - Remove a unnecessary newline in the textarea value. Browsers did ignore it, it seems but it's better not to rely on this behaviour. Fixes: https://github.com/go-gitea/gitea/issues/28743 Related: https://github.com/go-gitea/gitea/issues/6716 which seems to have once introduced a mechanism that strips and re-adds the BOM, but from what I can tell, this mechanism was removed at some point after that PR.
* Prevent anonymous container access if `RequireSignInView` is enabled (#28877)KN4CK3R2024-01-211-0/+9
| | | | | Fixes #28875 If `RequireSignInView` is enabled, the ghost user has no access rights.
* Fix some RPM registry flaws (#28782)KN4CK3R2024-01-191-335/+353
| | | | | | | | | | | | | | | | | | | Related #26984 (https://github.com/go-gitea/gitea/pull/26984#issuecomment-1889588912) Fix admin cleanup message. Fix models `Get` not respecting default values. Rebuild RPM repository files after cleanup. Do not add RPM group to package version name. Force stable sorting of Alpine/Debian/RPM repository data. Fix missing deferred `Close`. Add tests for multiple RPM groups. Removed non-cached `ReplaceAllStringRegex`. If there are multiple groups available, it's stated in the package installation screen: ![grafik](https://github.com/go-gitea/gitea/assets/1666336/8f132760-882c-4ab8-9678-77e47dfc4415)
* tests: missing refs/ in bare repositories (#28844)Adam Majer2024-01-191-0/+1
| | | | | Git 2.43.0 will not detect a git repository as valid without refs/ subdirectory present. `git gc` cleans this up and puts it in packed-refs. We must keep refs/ non-empty.
* Fix uploaded artifacts should be overwritten (#28726)FuXiaoHei2024-01-171-0/+89
| | | | | | | | | | | Fix `Uploaded artifacts should be overwritten` https://github.com/go-gitea/gitea/issues/28549 When upload different content to uploaded artifact, it checks that content size is not match in db record with previous artifact size, then the new artifact is refused. Now if it finds uploading content size is not matching db record when receiving chunks, it updates db records to follow the latest size value.
* Retarget depending pulls when the parent branch is deleted (#28686)Viktor Kuzmin2024-01-173-24/+104
| | | | | | | | | | | | | | | | | | | | | | | | | | | Sometimes you need to work on a feature which depends on another (unmerged) feature. In this case, you may create a PR based on that feature instead of the main branch. Currently, such PRs will be closed without the possibility to reopen in case the parent feature is merged and its branch is deleted. Automatic target branch change make life a lot easier in such cases. Github and Bitbucket behave in such way. Example: $PR_1$: main <- feature1 $PR_2$: feature1 <- feature2 Currently, merging $PR_1$ and deleting its branch leads to $PR_2$ being closed without the possibility to reopen. This is both annoying and loses the review history when you open a new PR. With this change, $PR_2$ will change its target branch to main ($PR_2$: main <- feature2) after $PR_1$ has been merged and its branch has been deleted. This behavior is enabled by default but can be disabled. For security reasons, this target branch change will not be executed when merging PRs targeting another repo. Fixes #27062 Fixes #18408 --------- Co-authored-by: Denys Konovalov <kontakt@denyskon.de> Co-authored-by: delvh <dev.lh@web.de>
* Fix reverting a merge commit failing (#28794)Mihir Joshi2024-01-168-0/+53
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #22236 --- Error occurring currently while trying to revert commit using read-tree -m approach: > 2022/12/26 16:04:43 ...rvices/pull/patch.go:240:AttemptThreeWayMerge() [E] [63a9c61a] Unable to run read-tree -m! Error: exit status 128 - fatal: this operation must be run in a work tree > - fatal: this operation must be run in a work tree We need to clone a non-bare repository for `git read-tree -m` to work. https://github.com/go-gitea/gitea/commit/bb371aee6ecf5e570cdf7b5f7f0d6f47a607a325 adds support to create a non-bare cloned temporary upload repository. After cloning a non-bare temporary upload repository, we [set default index](https://github.com/go-gitea/gitea/blob/main/services/repository/files/cherry_pick.go#L37) (`git read-tree HEAD`). This operation ends up resetting the git index file (see investigation details below), due to which, we need to call `git update-index --refresh` afterward. Here's the diff of the index file before and after we execute SetDefaultIndex: https://www.diffchecker.com/hyOP3eJy/ Notice the **ctime**, **mtime** are set to 0 after SetDefaultIndex. You can reproduce the same behavior using these steps: ```bash $ git clone https://try.gitea.io/me-heer/test.git -s -b main $ cd test $ git read-tree HEAD $ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00 error: Entry '1' not uptodate. Cannot merge. ``` After which, we can fix like this: ``` $ git update-index --refresh $ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00 ```
* Rework markup link rendering (#26745)KN4CK3R2024-01-151-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #26548 This PR refactors the rendering of markup links. The old code uses `strings.Replace` to change some urls while the new code uses more context to decide which link should be generated. The added tests should ensure the same output for the old and new behaviour (besides the bug). We may need to refactor the rendering a bit more to make it clear how the different helper methods render the input string. There are lots of options (resolve links / images / mentions / git hashes / emojis / ...) but you don't really know what helper uses which options. For example, we currently support images in the user description which should not be allowed I think: <details> <summary>Profile</summary> https://try.gitea.io/KN4CK3R ![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5) </details> --------- Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
* Move more functions to db.Find (#28419)Lunny Xiao2024-01-152-5/+10
| | | | | | | | | Following #28220 This PR move more functions to use `db.Find`. --------- Co-authored-by: delvh <dev.lh@web.de>
* Modernize merge button (#28140)Earl Warren2024-01-151-1/+8
| | | | | | | | | | | | | | | | - Make use of the `form-fetch-action` for the merge button, which will automatically prevent the action from happening multiple times and show a nice loading indicator as user feedback while the merge request is being processed by the server. - Adjust the merge PR code to JSON response as this is required for the `form-fetch-action` functionality. - Resolves https://codeberg.org/forgejo/forgejo/issues/774 - Likely resolves the cause of https://codeberg.org/forgejo/forgejo/issues/1688#issuecomment-1313044 (cherry picked from commit 4ec64c19507caefff7ddaad722b1b5792b97cc5a) Co-authored-by: Gusted <postmaster@gusted.xyz>
* Fix schedule tasks bugs (#28691)Lunny Xiao2024-01-121-2/+2
| | | | | | | | | | | | | | | | Fix #28157 This PR fix the possible bugs about actions schedule. ## The Changes - Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to service layer - Remove schedules plan from database and cancel waiting & running schedules tasks in this repository when actions unit has been disabled or global disabled. - Remove schedules plan from database and cancel waiting & running schedules tasks in this repository when default branch changed.
* Add tests for #28765 (#28773)Jack Hay2024-01-121-1/+4
| | | Adds tests to cover changes made in #28765
* Support for grouping RPMs using paths (#26984)Exploding Dragon2024-01-121-15/+14
| | | | | | | | | | | | The current rpm repository places all packages in the same repository, and different systems (el7,f34) may hit packages that do not belong to this distribution ( #25304 ) , which now supports grouping of rpm. ![图片](https://github.com/go-gitea/gitea/assets/33776693/d1e1d99f-7799-4b2b-a19b-cb2a5c692914) Fixes #25304 . Fixes #27056 . Refactor: [#25866](https://github.com/go-gitea/gitea/pull/25866)
* Integration Test for Commit Search containing Square Brackets (#28751)Mihir Joshi2024-01-111-0/+1
| | | | | | Integration test for #28744 Change keywords commit search flag from `-F` to `--fixed-strings` for readability
* Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)wxiaoguang2024-01-102-2/+135
| | | | | | | | | | | | | | | | | | Mainly for MySQL/MSSQL. It is important for Gitea to use case-sensitive database charset collation. If the database is using a case-insensitive collation, Gitea will show startup error/warning messages, and show the errors/warnings on the admin panel's Self-Check page. Make `gitea doctor convert` work for MySQL to convert the collations of database & tables & columns. * Fix #28131 ## :warning: BREAKING :warning: It is not quite breaking, but it's highly recommended to convert the database&table&column to a consistent and case-sensitive collation.
* Fix incorrect URL for "Reference in New Issue" (#28716)wxiaoguang2024-01-071-0/+19
| | | | | | | | | Gitea prefers to use relative URLs in code (to make multiple domain work for some users) So it needs to use `toAbsoluteUrl` to generate a full URL when click "Reference in New Issues" And add some comments in the test code
* Avoid unnecessary 500 panic when a commit doesn't exist (#28719)wxiaoguang2024-01-071-0/+10
| | | | | | | | | In #26851, it assumed that `Commit` always exists when `PageIsDiff==true`. But for a 404 page, the `Commit` doesn't exist, so the following code would cause panic because nil value can't be passed as string parameter to `IsMultilineCommitMessage(string)` (or the StringUtils.Cut in later PRs)
* Upgrade xorm to new version which supported update join for all supported ↵Lunny Xiao2023-12-311-0/+9
| | | | | | | | | | | | | | | | | | | | | | | databases (#28590) Fix https://github.com/go-gitea/gitea/pull/28547#issuecomment-1867740842 Since https://gitea.com/xorm/xorm/pulls/2383 merged, xorm now supports UPDATE JOIN. To keep consistent from different databases, xorm use `engine.Join().Update`, but the actural generated SQL are different between different databases. For MySQL, it's `UPDATE talbe1 JOIN table2 ON join_conditions SET xxx Where xxx`. For MSSQL, it's `UPDATE table1 SET xxx FROM TABLE1, TABLE2 WHERE join_conditions`. For SQLITE per https://www.sqlite.org/lang_update.html, sqlite support `UPDATE table1 SET xxx FROM table2 WHERE join conditions` from 3.33.0(2020-8-14). POSTGRES is the same as SQLITE.
* Refactor timeutil package (#28623)wxiaoguang2023-12-281-2/+2
| | | | | 1. make names more readable 2. remove unused FormatLong/FormatShort 3. use `FormatDate` instead of `Format "2006-01-02"`
* Remove unnecessary syncbranchToDB with tests (#28624)Lunny Xiao2023-12-281-0/+36
| | | | | | #28361 introduced `syncBranchToDB` in `CreateNewBranchFromCommit`. This PR will revert the change because it's unnecessary. Every push will already be checked by `syncBranchToDB`. This PR also created a test to ensure it's right.
* Fix session key conflict with database keyword (#28613)Lunny Xiao2023-12-271-0/+37
| | | | | | | | | This is a regression from #28220 . `builder.Cond` will not add `` ` `` automatically but xorm method `Get/Find` adds `` ` ``. This PR also adds tests to prevent the method from being implemented incorrectly. The tests are added in `integrations` to test every database.
* Refactor deletion (#28610)delvh2023-12-251-1/+1
| | | | | | | | | | | | | | | | | | Introduce the new generic deletion methods - `func DeleteByID[T any](ctx context.Context, id int64) (int64, error)` - `func DeleteByIDs[T any](ctx context.Context, ids ...int64) error` - `func Delete[T any](ctx context.Context, opts FindOptions) (int64, error)` So, we no longer need any specific deletion method and can just use the generic ones instead. Replacement of #28450 Closes #28450 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
* Refactor CORS handler (#28587)wxiaoguang2023-12-251-7/+78
| | | | | | | | | | | The CORS code has been unmaintained for long time, and the behavior is not correct. This PR tries to improve it. The key point is written as comment in code. And add more tests. Fix #28515 Fix #27642 Fix #17098
* Disable query token param in integration tests (#28592)Kyle D2023-12-238-52/+45
| | | | | Follow up to https://github.com/go-gitea/gitea/pull/28484, this PR enables the setting for integration tests and migrates a few additional test queries.
* Convert to url auth to header auth in tests (#28484)KN4CK3R2023-12-21102-1522/+1714
| | | Related #28390
* Adjust object format interface (#28469)Lunny Xiao2023-12-171-1/+1
| | | | | | | - Remove `ObjectFormatID` - Remove function `ObjectFormatFromID`. - Use `Sha1ObjectFormat` directly but not a pointer because it's an empty struct. - Store `ObjectFormatName` in `repository` struct
* Abstract hash function usage (#28138)Adam Majer2023-12-131-1/+1
| | | | | | Refactor Hash interfaces and centralize hash function. This will allow easier introduction of different hash function later on. This forms the "no-op" part of the SHA256 enablement patch.
* Do some missing checks (#28423)Lunny Xiao2023-12-121-0/+23
|
* Also sync DB branches on push if necessary (#28361)Lunny Xiao2023-12-092-8/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | Fix #28056 This PR will check whether the repo has zero branch when pushing a branch. If that, it means this repository hasn't been synced. The reason caused that is after user upgrade from v1.20 -> v1.21, he just push branches without visit the repository user interface. Because all repositories routers will check whether a branches sync is necessary but push has not such check. For every repository, it has two states, synced or not synced. If there is zero branch for a repository, then it will be assumed as non-sync state. Otherwise, it's synced state. So if we think it's synced, we just need to update branch/insert new branch. Otherwise do a full sync. So that, for every push, there will be almost no extra load added. It's high performance than yours. For the implementation, we in fact will try to update the branch first, if updated success with affect records > 0, then all are done. Because that means the branch has been in the database. If no record is affected, that means the branch does not exist in database. So there are two possibilities. One is this is a new branch, then we just need to insert the record. Another is the branches haven't been synced, then we need to sync all the branches into database.
* Remove GetByBean method because sometimes it's danger when query condition ↵Lunny Xiao2023-12-071-1/+1
| | | | | | | | | | | | | | | | | | | | parameter is zero and also introduce new generic methods (#28220) The function `GetByBean` has an obvious defect that when the fields are empty values, it will be ignored. Then users will get a wrong result which is possibly used to make a security problem. To avoid the possibility, this PR removed function `GetByBean` and all references. And some new generic functions have been introduced to be used. The recommand usage like below. ```go // if query an object according id obj, err := db.GetByID[Object](ctx, id) // query with other conditions obj, err := db.Get[Object](ctx, builder.Eq{"a": a, "b":b}) ```
* Add `HEAD` support for rpm repo files (#28309)KN4CK3R2023-12-051-1/+7
| | | | | | | | | | | Fixes https://codeberg.org/forgejo/forgejo/issues/1810 zypper uses HEAD requests to check file existence. https://github.com/openSUSE/libzypp/blob/HEAD/zypp/RepoManager.cc#L2549 https://github.com/openSUSE/libzypp/blob/HEAD/zypp-curl/ng/network/private/downloaderstates/basicdownloader_p.cc#L116 @ExplodingDragon fyi
* Fix comment permissions (#28213)Lunny Xiao2023-11-257-4/+117
| | | | This PR will fix some missed checks for private repositories' data on web routes and API routes.
* Use db.Find instead of writing methods for every object (#28084)Lunny Xiao2023-11-242-2/+2
| | | | For those simple objects, it's unnecessary to write the find and count methods again and again.
* add skip ci functionality (#28075)Denys Konovalov2023-11-181-0/+91
| | | | | | | | | | | | Adds the possibility to skip workflow execution if the commit message contains a string like [skip ci] or similar. The default strings are the same as on GitHub, users can also set custom ones in app.ini Reference: https://docs.github.com/en/actions/managing-workflow-runs/skipping-workflow-runs Close #28020
* Enable system users search via the API (#28013)Earl Warren2023-11-131-0/+22
| | | | | Refs: https://codeberg.org/forgejo/forgejo/issues/1403 (cherry picked from commit dd4d17c159eaf8b642aa9e6105b0532e25972bb7)
* Enable system users for comment.LoadPoster (#28014)Earl Warren2023-11-131-0/+37
| | | | | | | | | | | | System users (Ghost, ActionsUser, etc) have a negative id and may be the author of a comment, either because it was created by a now deleted user or via an action using a transient token. The GetPossibleUserByID function has special cases related to system users and will not fail if given a negative id. Refs: https://codeberg.org/forgejo/forgejo/issues/1425 (cherry picked from commit 6a2d2fa24390116d31ae2507c0a93d423f690b7b)
* Unify two factor check (#27915)KN4CK3R2023-11-061-0/+55
| | | | | | | | Fixes #27819 We have support for two factor logins with the normal web login and with basic auth. For basic auth the two factor check was implemented at three different places and you need to know that this check is necessary. This PR moves the check into the basic auth itself.
* Add user secrets API integration tests (#27832)Jean-Baptiste Gomond2023-10-311-0/+98
| | | | Adds the missing user secrets API integration tests so #27829 does not happen again
* List all Debian package versions in `Packages` (#27786)KN4CK3R2023-10-291-18/+28
| | | | | | Closes #27783 This PR lists all and not only the latest package versions in the `Packages` index.
* Upgrade to golangci-lint@v1.55.0 (#27756)silverwind2023-10-241-2/+1
| | | https://github.com/golangci/golangci-lint/releases/tag/v1.55.0
* Remove unnecessary parameter (#27671)Lunny Xiao2023-10-181-1/+1
|
* Improve retrying index issues (#27554)Jason Song2023-10-151-1/+2
| | | Fix #27540
* Replace more db.DefaultContext (#27628)Lunny Xiao2023-10-151-1/+1
| | | Target #27065
* Final round of `db.DefaultContext` refactor (#27587)JakobDev2023-10-142-11/+11
| | | Last part of #27065
* Fix permissions for Token DELETE endpoint to match GET and POST (#27610)Evan Tobin2023-10-141-2/+29
| | | | | | | | Fixes #27598 In #27080, the logic for the tokens endpoints were updated to allow admins to create and view tokens in other accounts. However, the same functionality was not added to the DELETE endpoint. This PR makes the DELETE endpoint function the same as the other token endpoints and adds unit tests
* Enhanced auth token / remember me (#27606)KN4CK3R2023-10-141-0/+36
| | | | | | | | | | | | | | | | | Closes #27455 > The mechanism responsible for long-term authentication (the 'remember me' cookie) uses a weak construction technique. It will hash the user's hashed password and the rands value; it will then call the secure cookie code, which will encrypt the user's name with the computed hash. If one were able to dump the database, they could extract those two values to rebuild that cookie and impersonate a user. That vulnerability exists from the date the dump was obtained until a user changed their password. > > To fix this security issue, the cookie could be created and verified using a different technique such as the one explained at https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies. The PR removes the now obsolete setting `COOKIE_USERNAME`.
* Replace assert.Fail with assert.FailNow (#27578)Nanguan Lin2023-10-116-15/+5
| | | | | | | | | assert.Fail() will continue to execute the code while assert.FailNow() not. I thought those uses of assert.Fail() should exit immediately. PS: perhaps it's a good idea to use [require](https://pkg.go.dev/github.com/stretchr/testify/require) somewhere because the assert package's default behavior does not exit when an error occurs, which makes it difficult to find the root error reason.
* show manual cron run's last time (#27544)Earl Warren2023-10-111-0/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | - Currently in the cron tasks, the 'Previous Time' only displays the previous time of when the cron library executes the function, but not any of the manual executions of the task. - Store the last run's time in memory in the Task struct and use that, when that time is later than time that the cron library has executed this task. - This ensures that if an instance admin manually starts a task, there's feedback that this task is/has been run, because the task might be run that quick, that the status icon already has been changed to an checkmark, - Tasks that are executed at startup now reflect this as well, as the time of the execution of that task on startup is now being shown as 'Previous Time'. - Added integration tests for the API part, which is easier to test because querying the HTML table of cron tasks is non-trivial. - Resolves https://codeberg.org/forgejo/forgejo/issues/949 (cherry picked from commit fd34fdac1408ece6b7d9fe6a76501ed9a45d06fa) --------- Co-authored-by: Gusted <postmaster@gusted.xyz> Co-authored-by: KN4CK3R <admin@oldschoolhack.me> Co-authored-by: silverwind <me@silverwind.io>
* Penultimate round of `db.DefaultContext` refactor (#27414)JakobDev2023-10-112-2/+2
| | | | | | | Part of #27065 --------- Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>