1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-26 13:29:12 -05:00
Commit graph

4041 commits

Author SHA1 Message Date
wxiaoguang
68099f2f00
Refactor some Str2html code (#29397)
This PR touches the most interesting part of the "template refactoring".

1. Unclear variable type. Especially for "web/feed/convert.go":
sometimes it uses text, sometimes it uses HTML.
2. Assign text content to "RenderedContent" field, for example: `
project.RenderedContent = project.Description` in web/org/projects.go
3. Assign rendered content to text field, for example: `r.Note =
rendered content` in web/repo/release.go
4. (possible) Incorrectly calling `{{Str2html
.PackageDescriptor.Metadata.ReleaseNotes}}` in
package/content/nuget.tmpl, I guess the name Str2html misleads
developers to use it to "render string to html", but it only sanitizes.
if ReleaseNotes really contains HTML, then this is not a problem.

(cherry picked from commit e71eb8930a5d0f60874b038c223498b41ad65592)

Conflicts:
	modules/templates/util_string.go
	trivial context conflict
2024-03-06 12:10:44 +08:00
6543
d3d70198b0
migrate some more "OptionalBool" to "Option[bool]" (#29479)
just some refactoring bits towards replacing **util.OptionalBool** with
**optional.Option[bool]**

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit f6656181e4a07d6c415927220efa2077d509f7c6)

Conflicts:
	models/repo/repo_list_test.go
	trivial shared fixture count conflicts
2024-03-06 12:10:44 +08:00
6543
7b23949f29
Let ctx.FormOptionalBool() return optional.Option[bool] (#29461)
just some refactoring bits towards replacing **util.OptionalBool** with
**optional.Option[bool]**

(cherry picked from commit 274c0aea2e88db9bc41690c90e13e8aedf6193d4)
2024-03-06 12:10:43 +08:00
wxiaoguang
459ee98136
Only use supported sort order for "explore/users" page (#29430)
Thanks to inferenceus : some sort orders on the "explore/users" page
could list users by their lastlogintime/updatetime.

It leaks user's activity unintentionally. This PR makes that page only
use "supported" sort orders.

Removing the "sort orders" could also be a good solution, while IMO at
the moment keeping the "create time" and "name" orders is also fine, in
case some users would like to find a target user in the search result,
the "sort order" might help.

![image](https://github.com/go-gitea/gitea/assets/2114189/ce5c39c1-1e86-484a-80c3-33cac6419af8)

(cherry picked from commit eedb8f41297c343d6073a7bab46e4df6ee297a90)
2024-03-06 12:10:43 +08:00
Gusted
331fa44956
[BUG] Ensure HasIssueContentHistory takes into account comment_id
- The content history table contains the content history of issues and
comments. For issues they are saved with an comment id of zero.
- If you want to check if the issue has an content history, it should
take into account that SQL has `comment_id = 0`, as it otherwise could
return incorrect results when for example the issue already has an
comment that has an content history.
- Fix the code of `HasIssueContentHistory` to take this into account, it
relied on XORM to generate the SQL from the non-default values of the
struct, this wouldn't generate the `comment_id = 0` SQL as `0` is the
default value of an integer.
- Remove an unncessary log (it's not the responsibility of `models`
code to do logging).
- Adds unit test.
- Resolves #2513
2024-02-29 18:23:06 +01:00
Gusted
fb2795b5bb
[BUG] Correct changed files for codeowners
- The CODEOWNER feature relies on the changed files to determine which
reviewers should be added according to the `CODEOWNER` file.
- The current approach was to 'diff' between the base and head branch,
which seems logical but fail in practice when the pull request is out of
date with the base branch. Therefore it should instead diff between the
head branch and the merge base of the head and base branch, so only the
actual affected files by the pull requests are used, the same approach
is used by the diff of an unmerged pull request.
- Add integration testing (for the feature as well).
- Resolves #2458
2024-02-27 23:16:00 +01:00
Jimmy Praet
f95fb8cc44 Add attachment support for code review comments (#29220)
Fixes #27960, #24411, #12183

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-27 18:35:43 +00:00
Lunny Xiao
003a358949
Users with read permission of pull requests can be assigned too (#27263)
This PR will also keep the consistent between list assigned users and
check assigned users.

(cherry picked from commit 98ab9445d1020c515c3c789f0b27d952903a2978)
2024-02-26 22:30:27 +01:00
Zettat123
77c56e29de
Allow non-admin users to delete review requests (#29057)
Fix #14459

The following users can add/remove review requests of a PR
- the poster of the PR
- the owner or collaborators of the repository
- members with read permission on the pull requests unit

(cherry picked from commit c42083a33950be6ee9f822c6d0de3c3a79d1f51b)

Conflicts:
	models/repo/repo_list_test.go
	tests/integration/api_nodeinfo_test.go
	tests/integration/api_repo_test.go
	shared fixture counts
2024-02-26 22:30:27 +01:00
qwerty287
1608ef0ce9
Add API to get merged PR of a commit (#29243)
Adds a new API `/repos/{owner}/{repo}/commits/{sha}/pull` that allows
you to get the merged PR associated to a commit.

---------

Co-authored-by: 6543 <6543@obermui.de>
(cherry picked from commit 0a426cc575734e5eff410d6a790f40473117f753)
2024-02-26 22:30:26 +01:00
6543
8ff858b94b
Start to migrate from util.OptionalBool to optional.Option[bool] (#29329)
just create transition helper and migrate two structs

(cherry picked from commit 7fbdb60fc1152acc9a040dc04b1b0f5a3475b081)
2024-02-26 22:30:26 +01:00
6543
f796548225
Workaround to clean up old reviews on creating a new one (#28554)
close  #28542

blocks  #28544

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 217d71c48a10265e08b95cc961656b921f61f9ff)

Conflicts:
	tests/integration/api_pull_review_test.go
	context
2024-02-26 21:42:14 +01:00
qwerty287
feb189554e
Add API to get PR by base/head (#29242)
Closes https://github.com/go-gitea/gitea/issues/16289

Add a new API `/repos/{owner}/{repo}/pulls/{base}/{head}` to get a PR by
its base and head branch.
2024-02-26 03:41:42 +01:00
FuXiaoHei
c551d3f3ab
Artifact deletion in actions ui (#27172)
Add deletion link in runs view page.
Fix #26315

![image](https://github.com/go-gitea/gitea/assets/2142787/aa65a4ab-f434-4deb-b953-21e63c212033)

When click deletion button. It marks this artifact `need-delete`.

This artifact would be deleted when actions cleanup cron task.
2024-02-23 09:06:14 +01:00
Earl Warren
726ce5e3f9 Merge pull request '[BUG] Load AllUnitsEnabled when necessary' (#2420) from gusted/forgejo-add-more into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2420
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 13:25:38 +00:00
Michael Kriese
849de07064 feat(xorm): add max idle time setting for db connections (#2418)
Add a new optional `CONN_MAX_IDLETIME`[^1]

This allows to set the `SetConnMaxIdleTime` on `database/sql`.
It's useful to allow to close more idle connections to reduce database connections, especially on postgresql.
For me i would like to use it to set a higher max idle connections but they will all be closed after being idle.
So also the last idle connection will be closed when there is no load on forgejo.
I also use it with max connection lifetime, because currently `database/sql` doesn't detect a postgresql master change[^2] and i'll get `[E] can't update runner status: pq: cannot execute UPDATE in a read-only transaction`[^3] on forgejo until the connection is closed.

[^1]: https://pkg.go.dev/database/sql#DB.SetConnMaxIdleTime
[^2]: https://stackoverflow.com/questions/51858659/how-to-safely-discard-golang-database-sql-pooled-connections-for-example-when-t
[^3]: https://matrix.to/#/!zpNKWqkiEOyljSMQDK:matrix.org/$_AJft_amsGn5hXGOYw75JoBJQnW3aKJEpb-Iw53L_TU?via=schinas.net&via=matrix.org&via=nitro.chat

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2418
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
2024-02-21 12:17:16 +00:00
Gusted
6fbfe441de
[BUG] Load AllUnitsEnabled when necessary
- In order to determine if the "Add more..." tab should be shown, the
template has to know if the repository has all units enabled, this is
done in the repository header which can be shown for quite a lot of
pages (code, issues, projects, actions etc.)
- This was previously set in the `RepoRefByType` function, which would
be called by pages such as code, issues and releases, but it was not
being called for all pages such as actions, packages and wiki. Which
would in turn incorrectly show the "Add more..." button when it
shouldn't.
- Now call it from the template itself, so the value is 'always' loaded
when necessary.
2024-02-21 12:48:26 +01:00
yp05327
78f6b29248
Fix gitea-action user avatar broken on edited menu (#29190)
Fix #29178

(cherry picked from commit 8e2831611c06e84dd8fedf7a0b2cce9f98d4188f)
2024-02-17 23:24:31 +01:00
wxiaoguang
65248945c9
Refactor locale&string&template related code (#29165)
Clarify when "string" should be used (and be escaped), and when
"template.HTML" should be used (no need to escape)

And help PRs like  #29059 , to render the error messages correctly.

(cherry picked from commit f3eb835886031df7a562abc123c3f6011c81eca8)

Conflicts:
	modules/web/middleware/binding.go
	routers/web/feed/convert.go
	tests/integration/branches_test.go
	tests/integration/repo_branch_test.go
	trivial context conflicts
2024-02-16 15:20:52 +01:00
KN4CK3R
52ef33b931
Remove unused KeyID. (#29167)
`KeyID` is never set.

(cherry picked from commit 155269fa586c41a268530c3bb56349e68e6761d7)

Conflicts:
	models/user/email_address.go
	trivial context conflict
2024-02-16 15:20:52 +01:00
KN4CK3R
6eaabb1a9d
Use ghost user if user was not found (#29161)
Fixes #29159

(cherry picked from commit 37061e8266806c0b2b66ac64138e725632b295db)
2024-02-16 15:20:52 +01:00
oliverpool
0fc61c8836 [BUG] split code conversations in diff tab (#2306)
Follow-up of #2282 and #2296 (which tried to address #2278)

One of the issue with the previous PR is that when a conversation on the Files tab was marked as "resolved", it would fetch all the comments for that line (even the outdated ones, which should not be shown on this page - except when explicitly activated).

To properly fix this, I have changed `FetchCodeCommentsByLine` to `FetchCodeConversation`. Its role is to fetch all comments related to a given (review, path, line) and reverted my changes in the template (which were based on a misunderstanding).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2306
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-02-16 12:16:11 +00:00
Earl Warren
c8b177713a
[CLEANUP] make golangci-lint@v1.56.1 happy 2024-02-15 16:19:36 +01:00
6543
e9e6c6152e
Dont load Review if Comment is CommentTypeReviewRequest (#28551)
RequestReview get deleted on review.
So we don't have to try to load them on comments.

broken out #28544

(cherry picked from commit 6fad2c874438275d3f69bb1cc223708bd2d27ff6)
2024-02-14 21:44:25 +01:00
Chris Copeland
83123b493f
Add merge style fast-forward-only (#28954)
With this option, it is possible to require a linear commit history with
the following benefits over the next best option `Rebase+fast-forward`:
The original commits continue existing, with the original signatures
continuing to stay valid instead of being rewritten, there is no merge
commit, and reverting commits becomes easier.

Closes #24906
2024-02-14 17:19:19 +01:00
Earl Warren
05eaf1cf3e Merge pull request 'Repository settings refactor' (#2221) from algernon/forgejo:repo-units/ui-refactor into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2221
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-02-14 13:29:04 +00:00
Gergely Nagy
e07b0e75ff
Add a direct link from repo header to unit settings
If a repository administrator is viewing a repository, and there are
units that can be enabled, display an "Add more..." link that leads to
the repository unit settings page.

The goal here is to allow instances to configure a small set of repo
units to be enabled by default, but also highlight for repo admins that
they can add more.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-13 22:42:09 +01:00
Gusted
cbbcfdd400
[FEAT] Don't log context cancelled SQL errors
- I found this while doing some unrelated testing in Forgejo. It wasn't
my intention to log failed SQL queries if they were cancelled (which can
happen quite frequently for larger instances) as in those cases it's not
interesting to know which SQL query was run. My intentation was only to
log an SQL query if there was an error reported by the database.
- Ref #2140
2024-02-12 23:11:50 +01:00
Gwyneth Morgan
9a1d5c549c
[gitea] Drop "@" from email sender to avoid spam filters (#29109)
Commit 360b3fd17c (Include username in email headers (#28981),
2024-02-03) adds usernames to the From field of notification emails in
the form of `Display Name (@username)`, to prevent spoofing. However,
some email filtering software flags "@" in the display name part of the
From field as potential spoofing, as you could set the display name part
to another email address than the one you are sending from (e.g.
`From: "apparent@email-address" <actual@email-address>`). To avoid
being flagged, instead send emails from `Display Name (username)`.

Closes: #29107

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 5b2fd0fc19a2a77414c8e2989b4794b6617221f5)
2024-02-11 13:47:44 +01:00
Lunny Xiao
1fdd8341d6
[gitea] Remove unnecessary parameter (#29092)
The parameter extraConfigs has never been used anywhere. This PR just
removed it. It can be taken back once it's needed.

(cherry picked from commit 8c6ffdac378654f9d2171ebdbc46becf1571f7fe)
2024-02-10 10:53:43 +01:00
Earl Warren
094c84ed6d
Merge branch 'rebase-forgejo-dependency' into wip-forgejo 2024-02-05 18:58:23 +01:00
Earl Warren
d7e1854884
Merge branch 'rebase-forgejo-branding' into wip-forgejo 2024-02-05 18:58:18 +01:00
Earl Warren
030cdd6ae2
[GITEA] Allow changing the email address before activation (squash)
See https://codeberg.org/forgejo/forgejo/pulls/2300
2024-02-05 16:57:58 +01:00
Earl Warren
036f1eddc5
[GITEA] avoid superfluous synchronized pull_request run when opening a PR (#2236)
* Split TestPullRequest out of AddTestPullRequestTask
* Before scheduling the task, AddTestPullRequestTask stores the max
  index of the repository
* When the task runs, it does not take into account pull requests that
  have an index higher than the recorded max index

When AddTestPullRequestTask is called with isSync == true, it is the
direct consequence of a new commit being pushed. Forgejo knows nothing
of this new commit yet. If a PR is created later and its head
references the new commit, it will have an index that is higher and
must not be taken into account. It would be acting and triggering a
notification for a PR based on an event that happened before it
existed.

Refs: https://codeberg.org/forgejo/forgejo/issues/2009
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2236
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit b3be895a30)
2024-02-05 16:57:58 +01:00
Gergely Nagy
2ca4862f8b
[GITEA] Allow changing the repo Wiki branch to main
Previously, the repo wiki was hardcoded to use `master` as its branch,
this change makes it possible to use `main` (or something else, governed
by `[repository].DEFAULT_BRANCH`, a setting that already exists and
defaults to `main`).

The way it is done is that a new column is added to the `repository`
table: `wiki_branch`. The migration will make existing repositories
default to `master`, for compatibility's sake, even if they don't have a
Wiki (because it's easier to do that). Newly created repositories will
default to `[repository].DEFAULT_BRANCH` instead.

The Wiki service was updated to use the branch name stored in the
database, and fall back to the default if it is empty.

Old repositories with Wikis using the older `master` branch will have
the option to do a one-time transition to `main`, available via the
repository settings in the "Danger Zone". This option will only be
available for repositories that have the internal wiki enabled, it is
not empty, and the wiki branch is not `[repository].DEFAULT_BRANCH`.

When migrating a repository with a Wiki, Forgejo will use the same
branch name for the wiki as the source repository did. If that's not the
same as the default, the option to normalize it will be available after
the migration's done.

Additionally, the `/api/v1/{owner}/{repo}` endpoint was updated: it will
now include the wiki branch name in `GET` requests, and allow changing
the wiki branch via `PATCH`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit d87c526d2a)
2024-02-05 16:57:47 +01:00
Earl Warren
209610075a
[TESTS] add log.Level to test.NewLogChecker
So the caller can check log events at the desired level instead of
being limited to the default level log.INFO

(cherry picked from commit 2fbf5f9555)
(cherry picked from commit e2137a3147)
2024-02-05 16:54:44 +01:00
Gusted
6fb55e9c08
[GITEA] Add slow SQL query warning (squash) Fix setting typo
- Fix typo in the slow query threshold setting, add a deprecation warning.
- Resolves #2203

(cherry picked from commit 02f6608e5f)
(cherry picked from commit 4e8f6b2ffd)
2024-02-05 16:54:44 +01:00
Earl Warren
fe8622dae3
Revert "Fix schedule tasks bugs (#28691)"
This reverts commit 97292da960.

(cherry picked from commit 83e5eba031)
(cherry picked from commit f6ef8f3819)

Conflicts:
	services/repository/setting.go
2024-02-05 16:54:42 +01:00
Gergely Nagy
bc7e448d49
[GITEA] Rework when recently pushed branches are displayed
With this change, the "You pushed on branch xyz" banner will be
displayed when either the viewed repository or its base repo (if the
current one's a fork) has pull requests enabled. Previously it only
displayed if the viewed repo had PRs enabled.

Furthermore, if the viewed repository is an original repository that the
viewing user has a fork of, if the forked repository has recently pushed
branches, then the banner will appear for the original repository too.
In this case, the notification will include branches from the viewing
user's fork, and branches they pushed to the base repo, too.

Refs: https://codeberg.org/forgejo/forgejo/pulls/2195

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit a29f10661d)
(cherry picked from commit 70c5e2021d)
(cherry picked from commit 48b25be67a)
2024-02-05 16:09:43 +01:00
Gergely Nagy
3bdfb7a7aa
[GITEA] Fix the topic search paging
When searching for repository topics, either via the API, or via
Explore, paging did not work correctly, because it only applied when the
`page` parameter was non-zero. Paging should have applied when the page
size is greater than zero, which is what this patch does.

As a result, both the API, and the Explore endpoint will return paged
results (30 by default). As such, when managing topics on the frontend,
the offered completions will also be limited to a pageful of results,
based on what the user has already typed.

This drastically reduces the amount of traffic, and also the number of
the topics to choose from, and thus, the rendering time too.

The topics will be returned by popularity, with most used topics first.
A single page will contain `[api].DEFAULT_PAGING_NUM` (30 by default)
items that match the query. That's plenty to choose from.

Fixes #132.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 64d4ff41db)
(cherry picked from commit 06b808fa2c)
(cherry picked from commit 9205c9266a)
(cherry picked from commit 47863d4f72)
2024-02-05 16:09:43 +01:00
Gusted
d1cb590c78
[GITEA] Log SQL queries when the database return error
- When the database returns an error about the SQL query, the error is
logged but not the SQL query and arguments, which is just as valuable as
the vague deeply hidden documented error that the database returns.
It's possible to log the SQL query by logging **all** SQL queries. For
bigger instances such as Codeberg, this is not a viable option.
- Adds a new hook, enabled by default, to log SQL queries with their
arguments and the error returned by the database when the database
returns an error.
- This likely needs some fine tuning in the future to decide when to
enable this, as the error is already logged and if people have the
`[database].LOG_SQL` option enabled, the SQL would be logged twice. But
given that it's an rare occurence for SQL queries to error, it's fine to
leave that as-is.
- Ref: https://codeberg.org/forgejo/forgejo/issues/1998

(cherry picked from commit 866229bc32)
(cherry picked from commit 96dd3e87cf)
(cherry picked from commit e165510317)
(cherry picked from commit 1638e2b3f5)
2024-02-05 16:09:43 +01:00
Gergely Nagy
36f7c162e2
[FEAT] Repository flags
This implements "repository flags", a way for instance administrators to
assign custom flags to repositories. The idea is that custom templates
can look at these flags, and display banners based on them, Forgejo does
not provide anything built on top of it, just the foundation. The
feature is optional, and disabled by default. To enable it, set
`[repository].ENABLE_FLAGS = true`.

On the UI side, instance administrators will see a new "Manage flags"
tab on repositories, and a list of enabled tags (if any) on the
repository home page. The "Manage flags" page allows them to remove
existing flags, or add any new ones that are listed in
`[repository].SETTABLE_FLAGS`.

The model does not enforce that only the `SETTABLE_FLAGS` are present.
If the setting is changed, old flags may remain present in the database,
and anything that uses them, will still work. The repository flag
management page will allow an instance administrator to remove them, but
not set them, once removed.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ba735ce222)
(cherry picked from commit f09f6e029b)
(cherry picked from commit 2f8b041489)
(cherry picked from commit d3186ee5f4)
2024-02-05 16:09:42 +01:00
Earl Warren
2e172b3c9c
[GITEA] add option for banning dots in usernames (squash) set in test
(cherry picked from commit b005b586c3)
(cherry picked from commit 0077b2661e)
(cherry picked from commit c4589d1fce)
(cherry picked from commit a7f9ff982c)
2024-02-05 16:09:42 +01:00
Gergely Nagy
f90b802634
[GITEA] Add support for shields.io-based badges
Adds a new `/{username}/{repo}/badges` family of routes, which redirect
to various shields.io badges. The goal is to not reimplement badge
generation, and delegate it to shields.io (or a similar service), which
are already used by many. This way, we get all the goodies that come
with it: different styles, colors, logos, you name it.

So these routes are just thin wrappers around shields.io that make it
easier to display the information we want. The URL is configurable via
`app.ini`, and is templatable, allowing to use alternative badge
generator services with slightly different URL patterns.

Additionally, for compatibility with GitHub, there's an
`/{username}/{repo}/actions/workflows/{workflow_file}/badge.svg` route
that works much the same way as on GitHub. Change the hostname in the
URL, and done.

Fixes gitea#5633, gitea#23688, and also fixes #126.

Work sponsored by Codeberg e.V.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit fcd0f61212)
(cherry picked from commit 20d14f7844)
(cherry picked from commit 4359741431)
(cherry picked from commit 35cff45eb8)
(cherry picked from commit 2fc0d0b8a3)
2024-02-05 16:09:42 +01:00
Gusted
5c0894a588
[GITEA] Avoid WHERE IN for comment migration query
- Rewrite `UpdateCommentsMigrationsByType` to not use `WHERE IN` as
that's a performance diaster for MariaDB, it now use batching to query
the the relevant comment IDs via JOINs (which is not possible in a
UPDATE query for SQLite) and then update them in a seperate query.
- Add unit test.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1856

(cherry picked from commit 8098ca9d2e)

Conflicts:
	models/issues/comment.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit ca65deba1c)
(cherry picked from commit 0e1e09e77d)
(cherry picked from commit 19013ba5ea)
(cherry picked from commit 23c887f97e)
(cherry picked from commit b3321d1a84)
2024-02-05 16:09:42 +01:00
Gergely Nagy
5eeccecafc
[GITEA] Optionally allow anyone to edit Wikis
This is largely based on gitea#6312 by @ashimokawa, with updates and
fixes by myself, and incorporates the review feedback given in that pull
request, and more.

What this patch does is add a new "default_permissions" column to the
`repo_units` table (defaulting to read permission), adjusts the
permission checking code to take this into consideration, and then
exposes a setting that lets a repo administrator enable any user on a
Forgejo instance to edit the repo's wiki (effectively giving the wiki
unit of the repo "write" permissions by default).

By default, wikis will remain restricted to collaborators, but with the
new setting exposed, they can be turned into globally editable wikis.

Fixes Codeberg/Community#28.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 4b74439922)
(cherry picked from commit 337cf62c10)
(cherry picked from commit b6786fdb32)
(cherry picked from commit a5d2829a10)

[GITEA] Optionally allow anyone to edit Wikis (squash) AddTokenAuth

(cherry picked from commit fed50cf72e)
(cherry picked from commit 42c55e494e)
(cherry picked from commit e3463bda47)
2024-02-05 16:09:42 +01:00
Gusted
f3f888ed13
[GITEA] Fix session generation for database
- If the session doesn't exist, it shouldn't be expected that the
variable is non-nil. Define the session variable instead and insert that.
- Add unit tests to test the behavior of the database sessions code .
- Regression caused by dd30d9d5c0.
- Resolves https://codeberg.org/forgejo/forgejo/issues/2042

(cherry picked from commit 90307ad200)
(cherry picked from commit 874ef1978d)
(cherry picked from commit 27d5f035fc)
(cherry picked from commit 65dbc4303b)

[GITEA] Fix session generation for database (squash) timeutil.Mock

because of e743570f65 * Refactor timeutil package (#28623)

(cherry picked from commit acc6b51be2)
(cherry picked from commit 02b74317f2)
(cherry picked from commit 63b9b624bd)
(cherry picked from commit 7752ff8baa)
(cherry picked from commit c0af4d9438)
2024-02-05 16:09:41 +01:00
Gergely Nagy
d4fc0d2c5a
[GITEA] Allow changing the email address before activation
During registration, one may be required to give their email address, to
be verified and activated later. However, if one makes a mistake, a
typo, they may end up with an account that cannot be activated due to
having a wrong email address.

They can still log in, but not change the email address, thus, no way to
activate it without help from an administrator.

To remedy this issue, lets allow changing the email address for logged
in, but not activated users.

This fixes gitea#17785.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit aaaece28e4)
(cherry picked from commit 639dafabec)
(cherry picked from commit d699c12ceb)

[GITEA] Allow changing the email address before activation (squash) cache is always active

This needs to be revisited because the MailResendLimit is not enforced
and turns out to not be tested.

See e7cb8da2a8 * Always enable caches (#28527)

(cherry picked from commit 43ded8ee30)

Rate limit pre-activation email change separately

Changing the email address before any email address is activated should
be subject to a different rate limit than the normal activation email
resending. If there's only one rate limit for both, then if a newly
signed up quickly discovers they gave a wrong email address, they'd have
to wait three minutes to change it.

With the two separate limits, they don't - but they'll have to wait
three minutes before they can change the email address again.

The downside of this setup is that a malicious actor can alternate
between resending and changing the email address (to something like
`user+$idx@domain`, delivered to the same inbox) to effectively halving
the rate limit. I do not think there's a better solution, and this feels
like such a small attack surface that I'd deem it acceptable.

The way the code works after this change is that `ActivatePost` will now
check the `MailChangeLimit_user` key rather than `MailResendLimit_user`,
and if we're within the limit, it will set `MailChangedJustNow_user`. The
`Activate` method - which sends the activation email, whether it is a
normal resend, or one following an email change - will check
`MailChangedJustNow_user`, and if it is set, it will check the rate
limit against `MailChangedLimit_user`, otherwise against
`MailResendLimit_user`, and then will delete the
`MailChangedJustNow_user` key from the cache.

Fixes #2040.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e35d2af2e5)
(cherry picked from commit 03989418a7)
(cherry picked from commit f50e0dfe5e)
(cherry picked from commit cad9184a36)
(cherry picked from commit e2da5d7fe1)
(cherry picked from commit 3a80534d4d)
2024-02-05 16:09:41 +01:00
Earl Warren
06aae9ae72
[GITEA] GetScheduledMergeByPullID may involve a system user
Refs: https://codeberg.org/forgejo/forgejo/issues/1897
(cherry picked from commit ddc3c22558)
(cherry picked from commit a7fe969b93)
(cherry picked from commit 62bda95774)
(cherry picked from commit 8149a822c7)
(cherry picked from commit 9ed4e685eb)
(cherry picked from commit 4f072b4f80)
(cherry picked from commit ca5924037b)
(cherry picked from commit 88e2b47e29)
(cherry picked from commit 784f860cfa)
2024-02-05 16:09:41 +01:00
Gergely Nagy
fa0759962b
[GITEA] allow viewing the latest Action Run on the web
Similar to how some other parts of the web UI support a `/latest` path
to directly go to the latest of a certain thing, let the Actions web UI
do the same: `/{owner}/{repo}/actions/runs/latest` will redirect to the
latest run, if there's one available.

Fixes gitea#27991.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit f67ccef1dd)

Code cleanup in the actions.ViewLatest route handler

Based on feedback received after the feature was merged, use
`ctx.NotFound` and `ctx.ServerError`, and drop the use of the
unnecessary `ctx.Written()`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 74e42da563)
(cherry picked from commit f7535a1cef)
(cherry picked from commit 1a90cd37c3)
(cherry picked from commit d86d71340a)
(cherry picked from commit 9e5cce1afc)
(cherry picked from commit 2013fb3fab)
(cherry picked from commit 88b9d21d11)
(cherry picked from commit 72c020298e)
(cherry picked from commit 6525f730df)
2024-02-05 16:09:41 +01:00