Backport #28390 by @jackHay22
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example:
```
HTTP/1.1 200 OK
...
Warning: token and access_token API authentication is deprecated
...
```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`
## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed
## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)
Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
Backport #28359 by @lunny
The left menu will only display the default branch's workflows but the
right side will display the runs triggered by all branches' workflows.
So we cannot hide right side if default branch has no workflows.
Fix #28332
Replace #28333
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #28351 by @KN4CK3R
Fix #28347
As there is no info how to reproduce it, I can't test it.
Fix may be `section_split.tmpl @ 126/130`.
Other changes are "empty check" refactorings.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Backport #27927 by @invliD
When an assignee changed event comment is rendered, most of it is
guarded behind the assignee ID not being 0. However, if it is 0, that
results in quite broken rendering for that comment and the next one.
This can happen, for example, when repository data imported from outside
of Gitea is incomplete.
This PR makes sure comments with an assignee ID of 0 are not rendered at
all.
---
Screenshot before:
<img width="272" alt="Bildschirmfoto 2023-11-05 um 20 12 18"
src="https://github.com/go-gitea/gitea/assets/42910/7d629d76-fee4-4fe5-9e3a-bf524050cead">
The comments in this screenshot are:
1. A regular text comment
2. A user being unassigned
3. A user being assigned
4. The title of the PR being changed
Comments 2 and 3 are rendered without any text, which indents the next
comment and does not leave enough vertical space.
Co-authored-by: Sebastian Brückner <code@nik.dev>
Backport #27892 by @earl-warren
- Remove the set tabindex and instead let the browser figure out the
correct tab order.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1626
Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #27856
The only conflict is `ThemeName` in `500.tmpl`, it has been resolved
manually by keeping using old
`{{.SignedUser.Theme}}{{else}}{{DefaultTheme}}`
Backport #27592 by @JakobDev
If you set a checkbox as required in a issue form at the moment, the
checkbox is checked and read only, what does not make much sense. With
this PR, the Checkbox actually needs to be checked. The label supports
now also Markdown. This matches GitHub's behaviour.
And yes, I know the CSS is a ugly workaround. It looks like the given
CSS code is part Fomantic and I don't know how to change that. The
Maintainers are free to change that.
![grafik](https://github.com/go-gitea/gitea/assets/15185051/3f35be75-b0b4-42a7-9048-a4970384a035)
Co-authored-by: JakobDev <jakobdev@gmx.de>
Backport #27632 by @wxiaoguang
1. fix #27631 , and add samples to devtest page
2. fix incorrect color for "ui dropdown button" when hover
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #27585 by @JakobDev
Fixes https://codeberg.org/forgejo/forgejo/issues/1592
When login in with WebAuth, the page has a link to use TOTP instead.
This link is always displayed, no matter if the User has set up TOTP or
not, which do of cause not work for those who have not.
Co-authored-by: JakobDev <jakobdev@gmx.de>
Backport #27267 by @silverwind
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.
Co-authored-by: silverwind <me@silverwind.io>
Backport #27000 by @wxiaoguang
This PR reduces the complexity of the system setting system.
It only needs one line to introduce a new option, and the option can be
used anywhere out-of-box.
It is still high-performant (and more performant) because the config
values are cached in the config system.
![image](https://github.com/go-gitea/gitea/assets/2114189/f8cdd743-1145-41ab-9f8f-3996aa97d440)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #27115 by @puni9869
Followup https://github.com/go-gitea/gitea/pull/26820
## Archived labels UI for issue filter and issue filter actions for
issues/pull request pages.
Changed:
* Enhanced the Issue filter and Issue filter actions UI page to
seamlessly incorporate a list of archived labels.
* Pagination functionality is same as before. If archived label checkbox
is checked then we are adding a query string`archived=true` in the url
to save the state of page.
* Issue filter actions menu is separated into different template.
* Adding the archived flag in issue url labels.
* Pull Request page is also work the same.
Outsourced:
* Defer the implementation of specialized handling for archived labels
to upcoming pull requests. This step will be undertaken subsequent to
the successful merge of this pull request.
Screenshots
### Issue page
<img width="1360" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/d7efb2ef-5b2b-449d-83f0-d430a32ec432">
### Issue page with label filter on archived label checkbox when not
checked --> No archived label is there in list
<img width="1249" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/ceea68ef-91f2-4693-910f-2e25e236bfc9">
### Issue page with label filter on archived label checkbox when checked
--> Show archived label in the list.
<img width="710" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/2414d26b-2079-4c3c-bd9e-f2f5411bcabf">
### Issue page with label filter on issue action menu on archived label
checkbox when checked --> Show archived label in the list.
<img width="409" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/259cac87-3e21-4778-99a2-a6a0b8c81178">
### Applied the archived=true in Issue labels when archived checkbox is
checked.
<img width="984" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/657ce3db-c0ae-402e-b12d-3b580d3c2ed0">
---
Part of https://github.com/go-gitea/gitea/issues/25237
Signed-off-by: puni9869 <punitinani1@hotmail.com>
Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
Co-authored-by: delvh <dev.lh@web.de>