1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-29 09:31:11 -05:00
Commit graph

1133 commits

Author SHA1 Message Date
wxiaoguang
c1ec79aeaf
Fix loadOneBranch panic (#29938) (#29939)
Backport #29938

Try to fix #29936

Far from ideal, but still better than panic.

(cherry picked from commit b4a6c6fd7a4ed8e018d27fcdb5203fa04becdddb)
2024-04-03 12:11:19 +02:00
Gusted
fb4c42deb2
[BUG] Don't delete inactive emails explicitly
- `user_model.DeleteInactiveEmailAddresses` related code was added in
Gogs as part to delete inactive users, however since then the related
code to delete users has changed and this code now already delete email
addresses of the user, it's therefore not needed anymore to
`DeleteInactiveEmailAddresses`.
- The call to `DeleteInactiveEmailAddresses` can actually cause issues.
As the associated user might not have been deleted, because it
was not older than the specified `olderThan` argument. Therefore causing
a database inconsistency and lead to internal server errors if the user
tries to activate their account.
- Adds unit test to verify correct behavior (fails without this patch).
2024-03-29 17:50:13 +01:00
yp05327
2051763969
Fix invalid link of the commit status when ref is tag (#29752) (#29908)
Backport #29752

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit aae96cc62b6e6642fa1ef3dcacb716d32f5652b9)
2024-03-21 17:09:50 +01:00
Antonin Delpeuch
f609d00e1b [GITEA] Enable mocked HTTP responses for GitLab migration test 2024-03-15 12:58:50 +01:00
Giteabot
e811f3b185
Fix commit_status problem when testing (#29672) (#29675)
Backport #29672 by @charles7668

Close #29661

fix #29656

Co-authored-by: charles <30816317+charles7668@users.noreply.github.com>
(cherry picked from commit 1f897637441a9a5c43e01b84e374d836d9260a00)
2024-03-10 18:45:59 +07:00
Giteabot
bd0978ce72
Fixing the issue when status check per rule matches multiple actions (#29631) (#29655)
Backport #29631 by @charles7668

Close #29628
rule
```
Test / Build*
Test / Build *
Test / Build 2*
Test / Build 1*
```

![image](https://github.com/go-gitea/gitea/assets/30816317/19bef0a9-fa97-43c5-887b-dece76064aa8)
rule2
```
Test / Build*
Test / Build 1*
```

![image](https://github.com/go-gitea/gitea/assets/30816317/19bef0a9-fa97-43c5-887b-dece76064aa8)

rule3
```
Test / Build*
Test / Build 1*
NotExist*
```

![image](https://github.com/go-gitea/gitea/assets/30816317/f6a5e832-2e1b-4049-915b-45bec5ef070c)

Co-authored-by: charles <30816317+charles7668@users.noreply.github.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 76b6754c3a42e6f1d675fe9f9d66a65954cb85d1)
2024-03-10 18:45:59 +07:00
Giteabot
1a65ecb867
Fix incorrect relative/absolute URL usages (#29531) (#29547)
Backport #29531 by wxiaoguang

Add two "HTMLURL" methods for PackageDescriptor.
And rename "FullWebLink" to "VersionWebLink"

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 8723389028bcb5e96359fca61efd7d6da0d6af99)
2024-03-10 18:45:59 +07:00
Giteabot
813577aee1
The job should always run when if is always() (#29464) (#29469)
Backport #29464 by @Zettat123

Fix #27906

According to GitHub's
[documentation](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idneeds),
a job should always run when its `if` is `always()`

> If you would like a job to run even if a job it is dependent on did
not succeed, use the `always()` conditional expression in
`jobs.<job_id>.if`.

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit eabcfd3f7d9321fcf03e52977c178a96627a68da)
2024-03-10 18:08:15 +07:00
Giteabot
47409b2fa0
Ignore empty repo for CreateRepository in action notifier (#29416) (#29424)
Backport #29416 by @yp05327

Fix #29415

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit c758a8afba85fe1847f4d1f5441f6c62b37517ae)
2024-03-10 18:06:30 +07:00
Giteabot
8e2c991b35
Fix tarball/zipball download bug (#29342) (#29352)
Backport #29342 by @Zettat123

Fix #29249

~~Use the `/repos/{owner}/{repo}/archive/{archive}` API to download.~~

Apply #26430 to archive download URLs.

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 829b807a91f9895e3f4b262f688a8d0d9a44caf6)
2024-03-06 12:20:42 +08:00
Lunny Xiao
790a27f38a
Fix SSPI user creation (#28948) (#29323)
Fixes #28945
Backport #28948

Setting the avatar is wrong and creating a random password is equal to
leave it empty.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 7ea2ffaf166780b7786291f7ff022e3f5b49e8c2)
2024-03-06 12:20:42 +08:00
wxiaoguang
3a061083d6
Fix missing link on outgoing new release notifications (#29079) (#29300)
Backport #29079

Signed-off-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Co-authored-by: Wiktor Kwapisiewicz <wiktor@metacode.biz>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit c4a86b20a4ecef749caed4e9e1381c1736cb0309)
2024-02-22 11:07:31 +01:00
wxiaoguang
8a2c4e9ff2
Fix debian InRelease Acquire-By-Hash newline (#29204) (#29299)
Backport #29204

Co-authored-by: Robin Schoonover <robin@cornhooves.org>
(cherry picked from commit f634982d237b38e0634c5997612f50230898247e)
2024-02-22 11:07:28 +01:00
Jason Song
861d0b9689
Do not use lower tag names to find releases/tags (#29261) (#29262)
Backport #29261.

Fix #26090, see
https://github.com/go-gitea/gitea/issues/26090#issuecomment-1952013206

Since `TagName` stores the original tag name and `LowerTagName` stores
the lower tag name, it doesn't make sense to use lowercase tags as
`TagNames` in `FindReleasesOptions`.

5e72526da4/services/repository/push.go (L396-L397)

While the only other usage looks correct:

5e72526da4/routers/web/repo/repo.go (L416)
(cherry picked from commit f79530c50ee1c7833cae13e56531e5d1fd66f5ba)
2024-02-20 09:36:37 +01:00
oliverpool
07bc099401 [BUG] split code conversations in diff tab (#2306)
Follow-up of #2282 and #2296 (which tried to address #2278)

One of the issue with the previous PR is that when a conversation on the Files tab was marked as "resolved", it would fetch all the comments for that line (even the outdated ones, which should not be shown on this page - except when explicitly activated).

To properly fix this, I have changed `FetchCodeCommentsByLine` to `FetchCodeConversation`. Its role is to fetch all comments related to a given (review, path, line) and reverted my changes in the template (which were based on a misunderstanding).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2306
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-02-16 14:06:43 +01:00
Giteabot
3c54a1dbf6
Avoid sending update/delete release notice when it is draft (#29008) (#29025)
Backport #29008 by @yp05327

Fix #27157

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 8def405047)
2024-02-13 14:17:34 +01:00
Earl Warren
ce96379aef
[ACTIONS] skip superflous pull request synchronized event (#2314)
Skip a HookEventPullRequestSync event if it has the same CommitSHA as an existing HookEventPullRequest event in the ActionRun table. A HookEventPullRequestSync event must only create an ActionRun if the CommitSHA is different from what it was when the PR was open.

This guards against a race that can happen when the following is done in parallel:

* A commit C is pushed to a repo on branch B
* A pull request with head on branch B

it is then possible that the pull request is created first, successfully. The commit that was just pushed is not known yet but the PR only references the repository and the B branch so it is fine.

A HookEventPullRequest event is sent to the notification queue but not processed immediately.

The commit C is pushed and processed successfully. Since the PR already exists and has a head that matches the branch, the head of the PR is updated with the commit C and a HookEventPullRequestSync event is sent to the notification queue.

The HookEventPullRequest event is processed and since the head of the PR was updated to be commit C, an ActionRun with CommitSHA C is created.

The HookEventPullRequestSync event is then processed and also has a CommitSHA equal to C.

Refs: https://codeberg.org/forgejo/forgejo/issues/2009
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2314
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit 7b4dba3aa0)

Conflicts:
	services/actions/notifier_helper.go
	tests/integration/actions_trigger_test.go
	trivial context conficts
	services/actions/main_test.go is different in v1.21
2024-02-13 12:00:27 +01:00
Gusted
7afbc62057
[GITEA] Generate install if condition for Alpine
- If the APKINFO contains an install if condition, write it in the APKINDEX.
- No integration testing, as I don't have the files to regenerate the
hardcoded compressed(?) APKINFO in the test.
- Resolves #2174

(cherry picked from commit 11da776bef)
(cherry picked from commit 2824ae4cf2)
2024-02-03 19:30:48 +01:00
Giteabot
4e3b046afc
Implement MigrateRepository for the actions notifier (#28920) (#28923)
Backport #28920 by @Zettat123

Fixes #28699

This PR implements the `MigrateRepository` method for `actionsNotifier`
to detect the schedules from the workflow files in the migrated
repository.

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 55c53080d1)
2024-01-31 14:18:26 +01:00
Giteabot
9f2c7c2b7d
Only migrate the first 255 chars of a Github issue title (#28902) (#28912)
Backport #28902 by @JakobDev

Fixes #28846

Co-authored-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit cebf55f6b1)
2024-01-31 14:18:26 +01:00
Giteabot
9a1fb689a4
Fix DeleteCollaboration transaction behaviour (#28886) (#28889)
Backport #28886 by @KN4CK3R

The method can't be called with an outer transaction because if the user
is not a collaborator the outer transaction will be rolled back even if
the inner transaction uses the no-error path.

`has == 0` leads to `return nil` which cancels the transaction. A
standalone call of this method does nothing but if used with an outer
transaction, that will be canceled.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit fd1edb9d9d)
2024-01-31 14:18:26 +01:00
Mihir Joshi
54a6dc73ef
Fix reverting a merge commit failing (#28794) (#28825)
Backport https://github.com/go-gitea/gitea/pull/28794

Fixes #22236

---
Error occurring currently while trying to revert commit using read-tree
-m approach:
> 2022/12/26 16:04:43 ...rvices/pull/patch.go:240:AttemptThreeWayMerge()
[E] [63a9c61a] Unable to run read-tree -m! Error: exit status 128 -
fatal: this operation must be run in a work tree
> 	 - fatal: this operation must be run in a work tree

We need to clone a non-bare repository for `git read-tree -m` to work.

bb371aee6e
adds support to create a non-bare cloned temporary upload repository.

After cloning a non-bare temporary upload repository, we [set default
index](https://github.com/go-gitea/gitea/blob/main/services/repository/files/cherry_pick.go#L37)
(`git read-tree HEAD`).
This operation ends up resetting the git index file (see investigation
details below), due to which, we need to call `git update-index
--refresh` afterward.

Here's the diff of the index file before and after we execute
SetDefaultIndex: https://www.diffchecker.com/hyOP3eJy/

Notice the **ctime**, **mtime** are set to 0 after SetDefaultIndex.

You can reproduce the same behavior using these steps:
```bash
$ git clone https://try.gitea.io/me-heer/test.git -s -b main
$ cd test
$ git read-tree HEAD
$ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00
error: Entry '1' not uptodate. Cannot merge.
```

After which, we can fix like this:
```bash
$ git update-index --refresh
$ git read-tree -m 1f085d7ed8 1f085d7ed8 9933caed00
```

(cherry picked from commit 62f2d717b7)
2024-01-31 14:18:25 +01:00
KN4CK3R
875b398e5e
Rework markup link rendering (#26745) (#28803)
Backport #26745
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary>

https://try.gitea.io/KN4CK3R

![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>

(cherry picked from commit 022552d5b6)
2024-01-16 14:41:11 +00:00
Giteabot
5124be72aa
Forbid removing the last admin user (#28337) (#28793)
Backport #28337 by @yp05327

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 376fa0d8c4)
2024-01-16 14:41:11 +00:00
Giteabot
453d27853c
Fix convert.ToTeams on empty input (#28426) (#28767)
Backport #28426 by @KN4CK3R

Fixes #28420

Don't return `nil` if the input was empty.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 95901a99c0)
2024-01-16 14:39:23 +00:00
Giteabot
efa0feb734
Concatenate error in checkIfPRContentChanged (#28731) (#28737)
Backport #28731 by @earl-warren

- If there's a error with the Git command in `checkIfPRContentChanged`
the stderr wasn't concatendated to the error, which results in still not
knowing why an error happend.
- Adds concatenation for stderr to the returned error.
- Ref: https://codeberg.org/forgejo/forgejo/issues/2077

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit bce27d0a31)
2024-01-16 14:39:23 +00:00
Giteabot
881159f593
Fix alpine package files are not rebuilt (#28638) (#28665)
Backport #28638 by @lng2020

I noticed the `BuildAllRepositoryFiles` function under the Alpine folder
is unused and I thought it was a bug.
But I'm not sure about this. Was it on purpose?

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 3e1bd61000)
2024-01-16 14:16:55 +00:00
Gusted
fe3b294f7b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
(cherry picked from commit 8d2dab94a6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:14:46 +00:00
Earl Warren
d694579bdf
Revert "[GITEA] rework long-term authentication"
This reverts commit 8d2dab94a6.
2024-01-16 14:11:28 +00:00
Giteabot
da1b257733
Use known issue IID to generate new PR index number when migrating from GitLab (#28616) (#28618)
Backport #28616 by wxiaoguang

Fix #13884

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit bf983735fd)
2024-01-16 14:11:02 +00:00
Earl Warren
90d532e778
Revert "[GITEA] Avoid conflicts of issue and PR numbers in GitLab migration (#1790)"
This reverts commit 55b9aed470.
2024-01-16 13:37:45 +00:00
Gergely Nagy
c2fa9c308f
services: Gracefully handle missing branches
When loading branches, if loading one fails, log an error, and ignore
the branch, rather than returning and causing an internal server error.

Ideally, we would only ignore the error if it was caused by a missing
branch, and do it silently, like the respective API endpoint does.
However, veryfing that at this place is not very practical, so for the
time being, ignore any and all branch loading errors.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:12 +01:00
Gergely Nagy
fffd9bb7d5
services: in loadOneBranch, return if CountDivergingCommits fail
If we can't count the number of diverging commits for one reason or
another (such as the branch being in the database, but missing from
disk), rather than logging an error and continuing into a crash (because
`divergence` will be nil), return an error instead.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:07 +01:00
Gusted
f5349b66b7
[GITEA] Fix NPE in ToPullReviewList
- Add condition to ensure doer isn't nil when using it.
- Added unit test.
- Resolves #2055

(cherry picked from commit 32967b2b5a62f7c7adc270aa3e6b123406b7b6d0)
2023-12-30 15:16:53 +01:00
Aravinth Manivannan
ac889d4290 [GITEA] notifies admins on new user registration (squash) fix URL
## Changes:

1. Use absolute URL in the admin panel link sent on new registrations
2. Include absolute URL of the newly signed-up user's profile.

New email looks like this:

<details><summary>Please click to expand</summary>

```
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

User Information: @realaravinth ( http://localhost:3000/realaravinth )
----------------------------------------------------------------------

* Created: 2023-12-13 19:36:50 +05:30

Please click here ( http://localhost:3000/admin/users/9 ) to manage the use=
r from the admin panel.
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
	<title>New user realaravinth just signed up</title>

	<style>
		blockquote { padding-left: 1em; margin: 1em 0; border-left: 1px solid gre=
y; color: #777}
		.footer { font-size:small; color:#666;}
	</style>

</head>

<body>
	<ul>
		<h3>User Information: <a href=3D"http://localhost:3000/realaravinth">@rea=
laravinth</a></h3>
		<li>Created: <relative-time format=3D"datetime" weekday=3D"" year=3D"nume=
ric" month=3D"short" day=3D"numeric" hour=3D"numeric" minute=3D"numeric" se=
cond=3D"numeric" datetime=3D"2023-12-13T19:36:50+05:30">2023-12-13 19:36:50=
 +05:30</relative-time></li>
	</ul>
	<p> Please <a href=3D"http://localhost:3000/admin/users/9" rel=3D"nofollow=
">click here</a> to manage the user from the admin panel. </p>
</body>
</html>

--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770--
```

</details>

fixes: https://codeberg.org/forgejo/forgejo/issues/1927
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1940
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit b8d764e36a)
2023-12-24 14:41:12 +00:00
Earl Warren
f929d195fd
[ACTIONS] on.schedule: do not cancel jobs
The cancelation of jobs is taken care of by handleWorkflows which is
called right after handleSchedules with the same event.

(cherry picked from commit ad1af2e436)
2023-12-23 15:58:37 +01:00
Earl Warren
c6940a6c5a
[ACTIONS] on.schedule: create a new payload
do not reuse the payload of the event that triggered the creation of
the scheduled event. Create a new one instead that contains no other
information than the event name in the action field ("schedule").

(cherry picked from commit 0b40ca1ea5)
2023-12-23 15:58:37 +01:00
Earl Warren
892a8e1f4a
[ACTIONS] on.schedule: the event is always "schedule"
handleSchedules() is called every time an event is received and will
check the content of the main branch to (re)create scheduled events.
There is no reason why intput.Event will be relevant when the schedule
workflow runs.

(cherry picked from commit 9a712bb276)
2023-12-23 15:58:37 +01:00
wxiaoguang
cd5a0ec1c8
Add option to disable ambiguous unicode characters detection (#28454) (#28499)
Backport #28454 (the only conflict is caused by some comments)

* Close #24483
* Close #28123
* Close #23682
* Close #23149

(cherry picked from commit a3f403f438)

Conflicts:
	modules/setting/ui.go
	trivial context conflict
2023-12-22 12:07:01 +01:00
Giteabot
160ef74363
Fix possible nil pointer access (#28428) (#28440)
Backport #28428 by @KN4CK3R

There could be a nil pointer exception if the file is not found because
that specific error is suppressed but not handled.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 97a0bf151a)
2023-12-22 12:05:11 +01:00
Earl Warren
580f29d9a2
[GITEA] the ref of a scheduled action is always the default branch
Since a scheduled action is only run from the default branch, it
cannot be anything else.

Refs: https://codeberg.org/forgejo/forgejo/issues/1926
(cherry picked from commit eff0822856)
2023-12-21 12:13:49 +01:00
Gusted
cbe94214e9 [GITEA] Remove redundant syncBranchToDB
- The transaction in combination with Git push was causing deadlocks if
you had the `push_update` queue set to `immediate`. This was the root
cause of slow integration tests in CI.
- Remove the sync branch code as this is already being done in the Git
post-receive hook.
- Add tests to proof the branch models are in sync even with this code
removed.

Backport of https://codeberg.org/forgejo/forgejo/pulls/1962

(cherry picked from commit a064065cb9)
2023-12-21 11:07:41 +00:00
Earl Warren
cfaa6dc2ed
Revert "[TESTS] oauth2: make it possible to use an alternate http.Client"
This reverts commit 172fdd0d32.

This code was introduced for a test case that is no longer in use. It
should guard against the provider being null but that's not worth the
effort for deadcode. Just remove it.

Refs: https://codeberg.org/forgejo/forgejo/issues/1984
2023-12-19 16:38:35 +01:00
Earl Warren
c477780163
Revert "Deprecate query string auth tokens (#28390) (#28430)"
It shows warnings although the setting is not set, this will surely be
fixed later but there is no sense in spaming the users right now. This
revert can be discarded when another fix lands in v1.21.

su -c "forgejo admin user generate-access-token -u root --raw --scopes 'all,sudo'" git
2023/12/12 15:54:45 .../setting/security.go:166:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.

This reverts commit 0e3a5abb69.

Conflicts:
	routers/api/v1/api.go
2023-12-12 17:04:38 +01:00
Giteabot
0e3a5abb69
Deprecate query string auth tokens (#28390) (#28430)
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example:
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit f144521aea)
2023-12-12 15:21:33 +01:00
Lunny Xiao
14750f3d11
Also sync DB branches on push if necessary (#28361) (#28403)
Fix #28056
Backport #28361

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.

(cherry picked from commit 87db4a47c8)
2023-12-12 15:21:33 +01:00
Gusted
026a4bb02d
[GITEA] Actually recover from a panic in cron task
- Backport #1911
- Currently there's code to recover gracefully from panics that happen
within the execution of cron tasks. However this recover code wasn't
being run, because `RunWithShutdownContext` also contains code to
recover from any panic and then gracefully shutdown Forgejo. Because
`RunWithShutdownContext` registers that code as last, that would get run
first which in this case is not behavior that we want.
- Move the recover code to inside the function, so that is run first
before `RunWithShutdownContext`'s recover code (which is now a noop).
- Resolves #1910

(cherry picked from commit 761e1c83414407b65e331c2eeb4348c47acf0fbb)
2023-12-10 17:20:49 +01:00
Giteabot
693c2b4f15
Fix migration panic due to an empty review comment diff (#28334) (#28362)
Backport #28334 by @lng2020

Fix #28328
```
func (p *PullRequestComment) GetDiffHunk() string {
	if p == nil || p.DiffHunk == nil {
		return ""
	}
	return *p.DiffHunk
}
```
This function in the package `go-github` may return an empty diff. When
it's empty, the following code will panic because it access `ss[1]`

ec1feedbf5/services/migrations/gitea_uploader.go (L861-L867)

ec1feedbf5/modules/git/diff.go (L97-L101)

Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit 8b590de186)
2023-12-08 13:41:16 +01:00
Giteabot
b1b0d9a3fe
Fix RPM/Debian signature key creation (#28352) (#28353)
Backport #28352 by @KN4CK3R

Fixes #28324

The name parameter can't contain some characters
(https://github.com/keybase/go-crypto/blob/master/openpgp/keys.go#L680)
but is optional. Therefore just use an empty string.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit b71d4c3ec0)
2023-12-08 13:41:16 +01:00
Giteabot
599211efe4
Fix missing issue search index update when changing status (#28325) (#28330)
Backport #28325 by @brechtvl

Changing an issue status, assignee, labels or milestone without also
adding a comment would not update the index, resulting in wrong search
results.

Co-authored-by: Brecht Van Lommel <brecht@blender.org>
(cherry picked from commit 8c8c24f8eb)
2023-12-08 13:41:16 +01:00