1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-12-26 13:29:12 -05:00
Commit graph

4303 commits

Author SHA1 Message Date
Giteabot
52f52f60f1
Fix queue worker incorrectly stopped when there are still more items in the queue (#29532) (#29546)
Backport #29532

Without `case <-t.C`, the workers would stop incorrectly, the test won't
pass. For the worse case, there might be only one running worker
processing the queue items for long time because other workers are
stopped. The root cause is related to the logic of doDispatchBatchToWorker.
It isn't a serious problem at the moment, so keep it as-is.

(cherry picked from commit 86cd94cba6d63c84528f6f8d52b1ec22b44ac2f8)
2024-03-10 18:45:59 +07:00
Giteabot
e6441a18d2
Fix issue link does not support quotes (#29484) (#29487) (#29536)
Backport #29487 by @charles7668

Close #29484

![圖片](https://github.com/go-gitea/gitea/assets/30816317/b27e6e16-67e0-469c-8e04-30180c585890)

Co-authored-by: charles <30816317+charles7668@users.noreply.github.com>
(cherry picked from commit 3a8877c058fd8583f28711750cf26716526200c4)
2024-03-10 18:45:59 +07:00
Giteabot
5099d3c747
Set pre-step status to skipped if job is skipped (#29489) (#29523)
Backport #29489 by @sillyguodong

close #27496
1. Set pre-step (Set up job) status to `skipped` if job is skipped.
2. Apart from pre-step, the other steps should also be set to `skipped`.
The status of other steps are reported from the runner side. This will
be completed by this PR: https://gitea.com/gitea/act_runner/pulls/500

before:

![image](https://github.com/go-gitea/gitea/assets/33891828/4bac2ba9-66de-4679-b7ed-fbae459c0c54)

after:

![image](https://github.com/go-gitea/gitea/assets/33891828/ead4871a-4e0f-4bb1-9fb4-37f4fdb78dfc)

Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
(cherry picked from commit 8d085587831d1357ae80046fe0627dbcc8657a79)
2024-03-10 18:45:58 +07:00
oliverpool
3877a2332b implement fix 2024-03-07 22:43:38 +01:00
Giteabot
c4ac72e6a0
Only log error when tag sync fails (#29295) (#29327)
Backport #29295 by @lunny

Fix #28843

This PR will bypass the pushUpdateTag to database failure when
syncAllTags. An error log will be recorded.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit b78f5fc60f510a58d58535af77c5b424a8b5a660)
2024-03-06 12:20:42 +08:00
Gusted
255b60931f
[BUG] Log FindRenamedBranch error
- Fix error string to add an `%v` verb to log the error correctly.
2024-02-25 15:40:18 +01:00
wxiaoguang
a1fb6a2346
Always write proc-receive hook for all git versions (#29287) (#29291)
Backport #29287

(cherry picked from commit 9379352db638aa99ee9f4a7d2755966f3d866541)
2024-02-22 11:07:23 +01:00
Gusted
6c100083c2
[BUG] Restrict when to make link absolute in markdown
- Backport of #2403
- In markdown, links are proccessed to be made absolute against the
relevant base in that context. Such that `./src` will be transformed
into `http://example.com/owner/repo/src/branch/main/src`.
- Don't try to make the link absolute if the link has a schema that's
defined in `[markdown].CUSTOM_URL_SCHEMES`, because they can't be made
absolute and doing so could lead to problems (see test case, double
slash was transformed to single slash).
- Adds unit test.
- Resolves https://codeberg.org/Codeberg/Community/issues/1489

(cherry picked from commit 65b9a959b8)
2024-02-19 23:30:12 +01:00
Gusted
fa700333ba
[BUG] Fix relative links on orgmode
- Backport of #2385
- For regular non-image nonvideo links, they should be made relative,
this was done against `r.Ctx.Links.Base`, but since 637451a45e, that
should instead be done by `SrcLink()` if there's branch information set
in the context, because branch and treepath information are no longer
set in `r.Ctx.Links.Base`.
- This is consistent with how #2166 _fixed_ relative links.
- Media is not affected, `TestRender_Media` test doesn't fail.
- Adds unit tests.
- Ref https://codeberg.org/Codeberg/Community/issues/1485

(cherry picked from commit a2442793d2)
2024-02-19 12:15:40 +01:00
Earl Warren
45c0fa4905 Merge pull request '[BUG] Workaround borked Git version' (#2342) from gusted/forgejo-bp-2335 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2342
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-14 10:55:22 +00:00
Gusted
ff468ab5e4
[BUG] Workaround borked Git version
- Backport #2335
- In Git version v2.43.1, the behavior of `GIT_FLUSH` was accidentially
flipped. This causes Forgejo to hang on the `check-attr` command,
because no output was being flushed.
- Workaround this by detecting if Git v2.43.1 is used and set
`GIT_FLUSH=0` thus getting the correct behavior.
- Ref: https://lore.kernel.org/git/CABn0oJvg3M_kBW-u=j3QhKnO=6QOzk-YFTgonYw_UvFS1NTX4g@mail.gmail.com/
- Resolves #2333.

(cherry picked from commit f68f880974)
2024-02-13 21:07:24 +01:00
Giteabot
e6f59f6e14
fix: Elasticsearch: Request Entity Too Large #28117 (#29062) (#29075)
Backport #29062 by @inferno-umar

Fix for gitea putting everything into one request without batching and
sending it to Elasticsearch for indexing as issued in #28117

This issue occured in large repositories while Gitea tries to
index the code using ElasticSearch.

Co-authored-by: dark-angel <70754989+inferno-umar@users.noreply.github.com>
(cherry picked from commit f0d34cd3b97dd2c9f29fc401ec58ea0661b7ca7d)
2024-02-13 14:17:49 +01:00
Gusted
d56bb1bc95 Merge pull request '[GITEA] Fix orgmode link resolver for text descriptions' (#2277) from gusted/forgejo-bp-2276 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2277
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-01 21:05:22 +00:00
Gusted
781d2a68cc
[GITEA] Fix orgmode link resolver for text descriptions
- Backport of #2276
- It's possible that the description of an `Regularlink` is `Text` and not
another `Regularlink`. Therefor if it's `Text`, convert it to an
`Regularlink` trough the 'old' behavior (pass it trough `org.String` and
trim `file:` prefix).
- Adds unit tests.
- Resolves https://codeberg.org/Codeberg/Community/issues/1430

(cherry picked from commit 385fc6ee6b)
2024-02-01 17:13:22 +01:00
6543
faafccbcc7
Update go dependencies and fix go-git (#28893) (#28934)
Backport #28893

(cherry picked from commit c33886b710)

Conflicts:
	go.sum
	trivial conflict because of 120294c44e * [GITEA] Use maintained gziphandler
2024-01-31 16:46:41 +01:00
Giteabot
7578022870
Don't remove all mirror repository's releases when mirroring (#28817) (#28939)
Backport #28817 by @lunny

Fix #22066

# Purpose

This PR fix the releases will be deleted when mirror repository sync the
tags.

# The problem

In the previous implementation of #19125. All releases record in
databases of one mirror repository will be deleted before sync.
Ref:
https://github.com/go-gitea/gitea/pull/19125/files#diff-2aa04998a791c30e5a02b49a97c07fcd93d50e8b31640ce2ddb1afeebf605d02R481

# The Pros

This PR introduced a new method which will load all releases from
databases and all tags on git data into memory. And detect which tags
needs to be inserted, which tags need to be updated or deleted. Only
tags releases(IsTag=true) which are not included in git data will be
deleted, only tags which sha1 changed will be updated. So it will not
delete any real releases include drafts.

# The Cons

The drawback is the memory usage will be higher than before if there are
many tags on this repository. This PR defined a special release struct
to reduce columns loaded from database to memory.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 2048363f9e)
2024-01-31 14:18:26 +01:00
Giteabot
b272224918
Preserve BOM in web editor (#28935) (#28959)
Backport #28935 by @silverwind

The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:

- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.

Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit b8e6cffd31)
2024-01-31 14:18:26 +01:00
Giteabot
afdce6bd45
Strip / from relative links (#28932) (#28952)
Backport #28932 by @KN4CK3R

Fixes #28915

Restores the old behaviour:

https://github.com/go-gitea/gitea/pull/26745/files#diff-d78a9d361b1fddc12218e4dd42f42d39d6be1fda184041e06bb6fb30f0d94c59L96

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 1ddcaedb88)
2024-01-31 14:18:26 +01:00
Giteabot
1cb29ff6a2
Fix sort bug on repository issues list (#28897) (#28901)
Backport #28897 by @lunny

Fix #28896

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit b508813fe4)
2024-01-31 14:18:26 +01:00
Giteabot
e2620642bd
Prevent anonymous container access if RequireSignInView is enabled (#28877) (#28882)
Backport #28877 by @KN4CK3R

Fixes #28875

If `RequireSignInView` is enabled, the ghost user has no access rights.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit b7c944b9e4)
2024-01-31 14:18:25 +01:00
Giteabot
131a8f0324
Fix incorrect PostgreSQL connection string for Unix sockets (#28865) (#28870)
Backport #28865 by @sdvcrx

Fix #28864

Co-authored-by: sdvcrx <memory.silentvoyage@gmail.com>
(cherry picked from commit 8c7bda8755)
2024-01-31 14:18:25 +01:00
Giteabot
7db542a029
Fix archive creating LFS hooks and breaking pull requests (#28848) (#28851)
Backport #28848 by @brechtvl

When LFS hooks are present in gitea-repositories, operations like git
push for creating a pull request fail. These repositories are not meant
to include LFS files or git push them, that is handled separately. And
so they should not have LFS hooks.

Installing git-lfs on some systems (like Debian Linux) will
automatically set up /etc/gitconfig to create LFS hooks in repositories.
For most git commands in Gitea this is not a problem, either because
they run on a temporary clone or the git command does not create LFS
hooks.

But one case where this happens is git archive for creating repository
archives. To fix that, add a GIT_CONFIG_NOSYSTEM=1 to disable using the
system configuration for that command.

According to a comment, GIT_CONFIG_NOSYSTEM is not used for all git
commands because the system configuration can be intentionally set up
for Gitea to use.

Resolves #19810, #21148

Co-authored-by: Brecht Van Lommel <brecht@blender.org>
(cherry picked from commit 0d50f27469)
2024-01-31 14:18:25 +01:00
Giteabot
cdaf0dc752
Remove duplicated checkinit on git module (#28824) (#28831)
Backport #28824 by @lunny

`checkInit` has been invoked in `InitSimple`. So it's unnecessary to
invoke it twice in `InitFull`.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 8b5c9186a5)
2024-01-31 13:36:08 +01:00
Gusted
f8c9ff55b9
[GITEA] Fix relative links rendering
- Backport of #2166
- Relative links were not properly being rendered, because the links
were being made absolute against the repository URL instead of
repository URL + /src/branch, which leads to incorrect links.
- Restore the 'old' behaviour. When there's branch information, that
should be used as base for links.
- Adjusts the test cases.
- Regression of 637451a45e
- Resolves https://codeberg.org/Codeberg/Community/issues/1411

(cherry picked from commit 0e9d52e291)
2024-01-17 17:57:22 +01:00
Giteabot
4df056a14e
Use refname:strip-2 instead of refname:short when syncing tags (#28797) (#28811)
Backport #28797 by @lunny

Fix #28694

Generally, `refname:short` should be equal to `refname:lstrip=2` except
`core.warnAmbiguousRefs is used to select the strict abbreviation mode.`

ref:
https://git-scm.com/docs/git-for-each-ref#Documentation/git-for-each-ref.txt-refname

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 4746291b08)
2024-01-16 14:41:11 +00:00
KN4CK3R
875b398e5e
Rework markup link rendering (#26745) (#28803)
Backport #26745
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary>

https://try.gitea.io/KN4CK3R

![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>

(cherry picked from commit 022552d5b6)
2024-01-16 14:41:11 +00:00
Giteabot
215c96e646
Use correct has error check for internal responses (#28796) (#28798)
Backport #28796 by @wxiaoguang

`resp != nil` doesn't mean the request really succeeded. Add a comment
for requestJSONResp to clarify the behavior.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit cbf366643b)
2024-01-16 14:40:56 +00:00
Giteabot
367561fff2
Fix nil pointer panic when exec some gitea cli command (#28791) (#28795)
Backport #28791 by @yp05327

panic:

![image](https://github.com/go-gitea/gitea/assets/18380374/7fcde2ad-1d42-4b60-b120-3b60a8926e8e)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/49d9f0ca-e590-4a35-8ca2-1317d1b7c939)

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit df694f6a7d)
2024-01-16 14:40:56 +00:00
Giteabot
765aa1479d
Show description as tooltip instead of title for labels (#28754) (#28766)
Backport #28754 by @delvh

Follow GitHubs behavior of showing the label description as a tooltip
instead of the browser native title.

## Before

![grafik](https://github.com/go-gitea/gitea/assets/51889757/70448327-467b-4bee-b799-40a442a5ce16)

## After

![grafik](https://github.com/go-gitea/gitea/assets/51889757/abe7d700-148b-4cef-a487-6b0f8f20b212)

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 9f0c709637)
2024-01-16 14:39:23 +00:00
Giteabot
464c6e8d73
Add -F to commit search to treat keywords as strings (#28744) (#28748)
Backport #28744 by @me-heer

Fixes #28269

The [default
behavior](https://git-scm.com/docs/git-log#Documentation/git-log.txt---basic-regexp)
of --grep in git log is to interpret the keyword as a regular
expression. This causes the search to fail in the cases where the search
keyword contains a `[`, since `[` is a special character used in grep.

If we want our keywords to be interpreted as 'strings', we should use
[-F
flag](https://git-scm.com/docs/git-log#Documentation/git-log.txt---basic-regexp).

Co-authored-by: Mihir Joshi <mihir67mj@gmail.com>
(cherry picked from commit f220f4231a)
2024-01-16 14:39:23 +00:00
Giteabot
ad027c2818
Fix panic when parsing empty pgsql host (#28708) (#28709)
Backport #28708 by wxiaoguang

Regression of #27723
Fix #28705

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 7f833d8f71)
2024-01-16 14:16:56 +00:00
wxiaoguang
d537b63521
Make template DateTime show proper tooltip (#28677) (#28683)
Backport #28677

(cherry picked from commit 83457805bb)
2024-01-16 14:16:55 +00:00
Gusted
fe3b294f7b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
(cherry picked from commit 8d2dab94a6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:14:46 +00:00
wxiaoguang
ea8ca5b509
Avoid cycle-redirecting user/login page (#28636) (#28658)
Backport #28636

Fix #28231, and remove some unused code.

(cherry picked from commit 2165729d16)
2024-01-16 14:11:44 +00:00
Earl Warren
d694579bdf
Revert "[GITEA] rework long-term authentication"
This reverts commit 8d2dab94a6.
2024-01-16 14:11:28 +00:00
Gusted
120294c44e
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit 91191aaaed)
(cherry picked from commit 72be417f84)
(cherry picked from commit 98497c84da)
(cherry picked from commit fba042adb5)
(cherry picked from commit dd2414f226)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/issues/2016
2024-01-16 14:09:55 +00:00
wxiaoguang
265cd70bdb
Refactor CORS handler (#28587) (#28611)
Backport #28587, the only conflict is the test file.

The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098

(cherry picked from commit 7a2786ca6c)
2024-01-16 14:08:38 +00:00
Earl Warren
0b872a403d
Revert "[GITEA] Use maintained gziphandler"
This reverts commit dd2414f226.
2024-01-16 14:08:31 +00:00
Earl Warren
c6940a6c5a
[ACTIONS] on.schedule: create a new payload
do not reuse the payload of the event that triggered the creation of
the scheduled event. Create a new one instead that contains no other
information than the event name in the action field ("schedule").

(cherry picked from commit 0b40ca1ea5)
2023-12-23 15:58:37 +01:00
Earl Warren
892a8e1f4a
[ACTIONS] on.schedule: the event is always "schedule"
handleSchedules() is called every time an event is received and will
check the content of the main branch to (re)create scheduled events.
There is no reason why intput.Event will be relevant when the schedule
workflow runs.

(cherry picked from commit 9a712bb276)
2023-12-23 15:58:37 +01:00
Giteabot
40fa6a526a
Fix the issue ref rendering for wiki (#28556) (#28559)
Backport #28556 by wxiaoguang

Fix #28526, regression of
* #26365

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit f096635622)
2023-12-22 12:10:03 +01:00
Giteabot
5d1d66ac3a
chore(api): support ignore password if login source type is LDAP for creating user API (#28491) (#28525)
Backport #28491 by @appleboy

- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
(cherry picked from commit 411310d698)
2023-12-22 12:10:03 +01:00
wxiaoguang
cd5a0ec1c8
Add option to disable ambiguous unicode characters detection (#28454) (#28499)
Backport #28454 (the only conflict is caused by some comments)

* Close #24483
* Close #28123
* Close #23682
* Close #23149

(cherry picked from commit a3f403f438)

Conflicts:
	modules/setting/ui.go
	trivial context conflict
2023-12-22 12:07:01 +01:00
Giteabot
c5ac659d1b
Initalize stroage for orphaned repository doctor (#28487) (#28490)
Backport #28487 by @earl-warren

- When a repository is orphaned and has objects stored in any of the
storages such as repository avatar or attachments the delete function
would error, because the storage module wasn't initalized.
- Add code to initialize the storage module.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1954

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit 8ee1ed877b)
2023-12-22 12:05:11 +01:00
Earl Warren
76d58fa269
[GITEA] test markdown CleanValue to prevent regression
It will determine how anchors are created and will break existing
links otherwise.

Adapted from Revert "Make `user-content-* ` consistent with github (#26388)
2023-12-13 18:12:08 +01:00
Earl Warren
dbd896ce42
[GITEA] Revert "Make user-content-* consistent with github (#26388)"
Refs: https://codeberg.org/forgejo/forgejo/issues/1943

This reverts commit d41aee1d1e.

(cherry picked from commit d29ec91e91)
2023-12-13 18:09:56 +01:00
Earl Warren
c477780163
Revert "Deprecate query string auth tokens (#28390) (#28430)"
It shows warnings although the setting is not set, this will surely be
fixed later but there is no sense in spaming the users right now. This
revert can be discarded when another fix lands in v1.21.

su -c "forgejo admin user generate-access-token -u root --raw --scopes 'all,sudo'" git
2023/12/12 15:54:45 .../setting/security.go:166:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.

This reverts commit 0e3a5abb69.

Conflicts:
	routers/api/v1/api.go
2023-12-12 17:04:38 +01:00
Giteabot
0e3a5abb69
Deprecate query string auth tokens (#28390) (#28430)
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example:
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit f144521aea)
2023-12-12 15:21:33 +01:00
Otto Richter
5258e8f63d Correct default license selection
The default license choice was not working as expected,
because both the files in options/license were named differently, and
the setting string is not parsed properly.

The documentation will also be corrected.

See conversation on Matrix:
https://matrix.to/#/%23forgejo-chat%3Amatrix.org/%24ue13GJPr2d7D8fEaLx8yh1mFn3a4TVy_khkajrAYtx0?via=matrix.tu-berlin.de&via=turbo.ooo&via=matrix.org&via=catgirl.cloud
2023-12-08 14:38:06 +01:00
Giteabot
31c4a80979
Make gogit Repository.GetBranchNames consistent (#28348) (#28386)
Backport #28348 by @AdamMajer

nogogit GetBranchNames() lists branches sorted in reverse commit date
order. On the other hand the gogit implementation doesn't apply any
ordering resulting in unpredictable behaviour. In my case, the unit
tests requiring particular order fail

    repo_branch_test.go:24:
                Error Trace:
               ./gitea/modules/git/repo_branch_test.go:24
                Error:          elements differ

                                extra elements in list A:
                                ([]interface {}) (len=1) {
                                 (string) (len=6) "master"
                                }

                                extra elements in list B:
                                ([]interface {}) (len=1) {
                                 (string) (len=7) "branch1"
                                }

                                listA:
                                ([]string) (len=2) {
                                 (string) (len=6) "master",
                                 (string) (len=7) "branch2"
                                }

                                listB:
                                ([]string) (len=2) {
                                 (string) (len=7) "branch1",
                                 (string) (len=7) "branch2"
                                }
                Test:           TestRepository_GetBranches

To fix this, we sort branches based on their commit date in gogit
implementation.

Fixes: #28318

Co-authored-by: Adam Majer <amajer@suse.de>
(cherry picked from commit 272ae03341)
2023-12-08 13:41:16 +01:00