1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-11-23 08:47:42 -05:00
Commit graph

16937 commits

Author SHA1 Message Date
Gusted
fe3b294f7b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
(cherry picked from commit 8d2dab94a6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:14:46 +00:00
wxiaoguang
ea8ca5b509
Avoid cycle-redirecting user/login page (#28636) (#28658)
Backport #28636

Fix #28231, and remove some unused code.

(cherry picked from commit 2165729d16)
2024-01-16 14:11:44 +00:00
Earl Warren
d694579bdf
Revert "[GITEA] rework long-term authentication"
This reverts commit 8d2dab94a6.
2024-01-16 14:11:28 +00:00
wxiaoguang
fd098cf75b
Improve 1.21 document for Database Preparation (#28643) (#28644)
Backport #28643

Fix #28247

(cherry picked from commit 8ec232817c)
2024-01-16 14:11:02 +00:00
Giteabot
2caf162b77
Extend description for ARTIFACT_RETENTION_DAYS (#28626) (#28630)
Backport #28626 by @hakito

Make it clear that this value is just a default value and that every
artifact can have it's own value.

Co-authored-by: Gerd Katzenbeisser <hakito@users.noreply.github.com>
(cherry picked from commit a5c7ac9980)
2024-01-16 14:11:02 +00:00
Giteabot
da1b257733
Use known issue IID to generate new PR index number when migrating from GitLab (#28616) (#28618)
Backport #28616 by wxiaoguang

Fix #13884

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit bf983735fd)
2024-01-16 14:11:02 +00:00
Gusted
120294c44e
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit 91191aaaed)
(cherry picked from commit 72be417f84)
(cherry picked from commit 98497c84da)
(cherry picked from commit fba042adb5)
(cherry picked from commit dd2414f226)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/issues/2016
2024-01-16 14:09:55 +00:00
wxiaoguang
265cd70bdb
Refactor CORS handler (#28587) (#28611)
Backport #28587, the only conflict is the test file.

The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098

(cherry picked from commit 7a2786ca6c)
2024-01-16 14:08:38 +00:00
Earl Warren
0b872a403d
Revert "[GITEA] Use maintained gziphandler"
This reverts commit dd2414f226.
2024-01-16 14:08:31 +00:00
Giteabot
fef19bcf94
Fix the scroll behavior for emoji/mention list (#28597) (#28601)
Backport #28597 by wxiaoguang

Fix #28595 by https://github.com/github/combobox-nav/pull/79 (combobox-nav v2.3.1)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 8a46a6417e)
2024-01-16 14:07:46 +00:00
Giteabot
c39e9cd9a9
Fix flex container width (#28603) (#28605)
Backport #28603 by wxiaoguang

Fix #28489

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 5b104a5533)
2024-01-16 14:07:46 +00:00
Giteabot
75ad9ac50b
Include heap pprof in diagnosis report to help debugging memory leaks (#28596) (#28599)
(cherry picked from commit f2add36a29)
2024-01-16 14:07:46 +00:00
Giteabot
29a0e7738c
Fix wrong due date rendering in issue list page (#28588) (#28591)
Backport #28588 by @yardenshoham

It included the hours, minutes, and seconds. By removing these, the date
renders correctly.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit 564068aa99)
2024-01-16 14:07:46 +00:00
Giteabot
3fe44b8762
Fix status_check_contexts matching bug (#28582) (#28589)
Backport #28582 by @Zettat123

Fix #28570
Follow #24633

---
Copied from
https://github.com/go-gitea/gitea/issues/28570#issuecomment-1867327999

The feature introduced in #24633 should be compatible with
`status_check_contexts`. However, if one or more of
`status_check_contexts` is not a legal glob expressions, `glob.Compile`
will fail and the contexts cannot match.

21229ed2c8/routers/web/repo/pull.go (L653-L663)

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 6a559ad634)
2024-01-16 14:07:46 +00:00
Giteabot
9ad7a67fc1
Fix 405 method not allowed CORS / OIDC (#28583) (#28586)
Backport #28583 by @morphelinho

Follow #28184
Follow #28515

Fix problem with 405 method not allowed for CORS wrt OIDC

Co-authored-by: morphelinho <morphelinho@users.noreply.github.com>
(cherry picked from commit 4dd39eb54a)
2024-01-16 14:07:46 +00:00
Earl Warren
b856b108e9
Revert "[GITEA] Make reference URL absolute"
This reverts commit a8ce03660f.
2024-01-16 13:42:39 +00:00
Earl Warren
74652a6c81
Revert "[GITEA] Fix wrong link in user and organization profile when using relative url"
This reverts commit 658475dd21.
2024-01-16 13:38:07 +00:00
Earl Warren
90d532e778
Revert "[GITEA] Avoid conflicts of issue and PR numbers in GitLab migration (#1790)"
This reverts commit 55b9aed470.
2024-01-16 13:37:45 +00:00
Earl Warren
b0295a3153
Revert "[GITEA] Downgrade @github/combobox-nav"
This reverts commit b0874a0912.
2024-01-16 13:37:29 +00:00
Earl Warren
2631d10df0 Merge pull request 'Backport #2139 to v1.21' (#2142) from algernon/forgejo:b/v1.21/missing-branch-makes-server-sad into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2142
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-01-15 13:08:56 +00:00
Gergely Nagy
49efd192e9
tests: More testing in TestDatabaseMissingABranch
In the `TestDatabaseMissingABranch` testcase, make sure that the
branches are in sync between the db and git before deleting a branch via
git, then compare the branch count from the web UI, making sure that it
returns an out-of-sync value first, and the correct one after another
sync.

This is currently tested by scraping the UI, and relies on the fact that
the branch counter is out of date before syncing. If that issue gets
resolved, we'll have to adjust the test to verify the sync another way.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:24 +01:00
Gergely Nagy
754f97b1e2
tests: Add a testcase for missing branches
This tests the scenario reported in Codeberg/Community#1408: a branch
that is recorded in the database, but missing on disk was causing
internal server errors. With recent changes, that is no longer the case,
the error is logged and then ignored.

This test case tests this behaviour, that the repo's branches page on
the web UI functions even if the git branch is missing.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:22 +01:00
Gergely Nagy
c2fa9c308f
services: Gracefully handle missing branches
When loading branches, if loading one fails, log an error, and ignore
the branch, rather than returning and causing an internal server error.

Ideally, we would only ignore the error if it was caused by a missing
branch, and do it silently, like the respective API endpoint does.
However, veryfing that at this place is not very practical, so for the
time being, ignore any and all branch loading errors.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:12 +01:00
Gergely Nagy
fffd9bb7d5
services: in loadOneBranch, return if CountDivergingCommits fail
If we can't count the number of diverging commits for one reason or
another (such as the branch being in the database, but missing from
disk), rather than logging an error and continuing into a crash (because
`divergence` will be nil), return an error instead.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:07 +01:00
Gusted
ca25167a03 Merge pull request '[GITEA] Fix panic in canSoftDeleteContentHistory' (#2138) from gusted/forgejo-bp-2134 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2138
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-13 21:43:48 +00:00
Gusted
ab1ccc55dc
[GITEA] Fix panic in canSoftDeleteContentHistory
- Backport of #2134
- It's possible that `canSoftDeleteContentHistory` is called without
`ctx.Doer` being set, such as an anonymous user requesting the
`/content-history/detail` endpoint.
- Add a simple condition to always set to `canSoftDelete` to false if an
anonymous user is requesting this, this avoids a panic in the code that
assumes `ctx.Doer` is set.
- Added integration testing.

(cherry picked from commit 0b5db0dcc6)
2024-01-13 22:05:35 +01:00
Gusted
bd3e5109ba Merge pull request '[GITEA] Fix wrong link in user and organization profile when using relative url' (#2118) from gusted/forgejo-bp-gt-28617 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2118
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-09 20:10:44 +00:00
katsu
658475dd21
[GITEA] Fix wrong link in user and organization profile when using relative url
- Backport of https://github.com/go-gitea/gitea/pull/28617
- Ref: https://codeberg.org/forgejo/forgejo/issues/1947

(cherry picked from commit 42149ff1a8)
2024-01-08 16:40:16 +01:00
Gusted
316b633e62 Merge pull request '[GITEA] Make reference URL absolute' (#2104) from gusted/forgejo-bp-2100 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2104
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-06 19:49:11 +00:00
Gusted
a8ce03660f
[GITEA] Make reference URL absolute
- Backport of #2100
- Make the reference URL in the "Reference in New issue" feature
absolute again as it wouldn't render as a link otherwise.
- Adds integration test.
- Regression by 769be877f2
- Resolves #2012

(cherry picked from commit c74bae2897)
2024-01-06 20:16:52 +01:00
Gusted
2489cb97e7 Merge pull request '[GITEA] Check for Commit in opengraph' (#2098) from gusted/forgejo-bp-2094 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2098
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-05 15:03:21 +00:00
Gusted
b473a44a2b
[GITEA] Check for Commit in opengraph
- Backport of #2094
- It's possible that `PageIsDiff` is set but not `Commit` resulting in a
NPE in the template. This can happen when the requested commit doesn't exist.
- Regression of c802c46a9b &
5743d7cb5b
- Added 'hacky' integration test.

(cherry picked from commit 8db2d5e4a7)
2024-01-05 14:26:20 +01:00
Gusted
0fbf761d19
[GITEA] Handle non-existant commit in Archive request
- When a user requests a archive of a non-existant commit
`git.ErrNotExist` is returned, but was not gracefully handled resulting
in a 500 error.
- Doesn't exist in v1.22 due to it being refactored away in
cbf923e87b
- Adds integration test.
2024-01-04 23:56:33 +01:00
Gusted
95dcc2dd8c Merge pull request '[GITEA] Fix NPE in ToPullReviewList' (#2058) from gusted/bp-forgejo-npe-reviews into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2058
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2023-12-30 15:53:13 +00:00
Gusted
f5349b66b7
[GITEA] Fix NPE in ToPullReviewList
- Add condition to ensure doer isn't nil when using it.
- Added unit test.
- Resolves #2055

(cherry picked from commit 32967b2b5a62f7c7adc270aa3e6b123406b7b6d0)
2023-12-30 15:16:53 +01:00
Earl Warren
ba222c299c
[CI] Forgejo Actions based release process (squash) no ownca
The private Forgejo instance trusted with the release signing keys no
longer requires the installation of the ownca certificate authority.

Refs: https://codeberg.org/forgejo/docs/pulls/338
(cherry picked from commit 72f9ae796d)
2023-12-28 17:27:34 +01:00
Aravinth Manivannan
ac889d4290 [GITEA] notifies admins on new user registration (squash) fix URL
## Changes:

1. Use absolute URL in the admin panel link sent on new registrations
2. Include absolute URL of the newly signed-up user's profile.

New email looks like this:

<details><summary>Please click to expand</summary>

```
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

User Information: @realaravinth ( http://localhost:3000/realaravinth )
----------------------------------------------------------------------

* Created: 2023-12-13 19:36:50 +05:30

Please click here ( http://localhost:3000/admin/users/9 ) to manage the use=
r from the admin panel.
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
	<title>New user realaravinth just signed up</title>

	<style>
		blockquote { padding-left: 1em; margin: 1em 0; border-left: 1px solid gre=
y; color: #777}
		.footer { font-size:small; color:#666;}
	</style>

</head>

<body>
	<ul>
		<h3>User Information: <a href=3D"http://localhost:3000/realaravinth">@rea=
laravinth</a></h3>
		<li>Created: <relative-time format=3D"datetime" weekday=3D"" year=3D"nume=
ric" month=3D"short" day=3D"numeric" hour=3D"numeric" minute=3D"numeric" se=
cond=3D"numeric" datetime=3D"2023-12-13T19:36:50+05:30">2023-12-13 19:36:50=
 +05:30</relative-time></li>
	</ul>
	<p> Please <a href=3D"http://localhost:3000/admin/users/9" rel=3D"nofollow=
">click here</a> to manage the user from the admin panel. </p>
</body>
</html>

--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770--
```

</details>

fixes: https://codeberg.org/forgejo/forgejo/issues/1927
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1940
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit b8d764e36a)
2023-12-24 14:41:12 +00:00
Earl Warren
f929d195fd
[ACTIONS] on.schedule: do not cancel jobs
The cancelation of jobs is taken care of by handleWorkflows which is
called right after handleSchedules with the same event.

(cherry picked from commit ad1af2e436)
2023-12-23 15:58:37 +01:00
Earl Warren
c6940a6c5a
[ACTIONS] on.schedule: create a new payload
do not reuse the payload of the event that triggered the creation of
the scheduled event. Create a new one instead that contains no other
information than the event name in the action field ("schedule").

(cherry picked from commit 0b40ca1ea5)
2023-12-23 15:58:37 +01:00
Earl Warren
892a8e1f4a
[ACTIONS] on.schedule: the event is always "schedule"
handleSchedules() is called every time an event is received and will
check the content of the main branch to (re)create scheduled events.
There is no reason why intput.Event will be relevant when the schedule
workflow runs.

(cherry picked from commit 9a712bb276)
2023-12-23 15:58:37 +01:00
Earl Warren
248b8bb0fa
Revert "improve possible performance bottleneck (#28547) (#28578)"
This reverts commit 7ddb1291ea.

Does not work at all.
2023-12-22 16:52:28 +01:00
Giteabot
90a650d2b0
Fix 500 error of searching commits (#28576) (#28579)
Backport #28576 by wxiaoguang

Regression of #28454 . Now the string is escaped HTML, so it doesn't
need `| Safe`.

Fix #28575

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit acc8100d47)
2023-12-22 12:10:04 +01:00
Giteabot
7ddb1291ea
improve possible performance bottleneck (#28547) (#28578)
Backport #28547 by @lunny

Replace #28500

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 1a3803effd)
2023-12-22 12:10:04 +01:00
Giteabot
1f8d01c74d
Use information from previous blame parts (#28572) (#28577)
Backport #28572 by @KN4CK3R

Fixes #28545

`git blame` output can contain blocks without commit information if it
was outputted before (the `0dafa97ea3f6d9662299579e5be1875cd28baaae 48
26 1` line):
```
fec25436488499df7231f63b857f66457c193d5c 24 25 1
author Bastien Montagne
author-mail <bastien@blender.org>
author-time 1660731031
author-tz +0200
committer Bastien Montagne
committer-mail <bastien@blender.org>
committer-time 1660731031
committer-tz +0200
summary LibOverride: Add Make/Reset/Clear entries to IDTemplate contextual menu.
previous 839ece6477203382b7a7483062961540180ff1cd source/blender/editors/interface/interface_ops.c
filename source/blender/editors/interface/interface_ops.c
        #include "BLT_translation.h"
0dafa97ea3f6d9662299579e5be1875cd28baaae 48 26 1

3d57bc4397fca53bc9702a27bbf50102827829b0 27 27 1
author Hans Goudey
author-mail <hans@blender.org>
author-time 1700131315
author-tz +0100
committer Hans Goudey
committer-mail <hooglyboogly@noreply.localhost>
committer-time 1700131315
committer-tz +0100
summary Cleanup: Move several blenkernel headers to C++
previous 451c054d9b7d3148a646caa5a72fb127a5b5c408 source/blender/editors/interface/interface_ops.cc
filename source/blender/editors/interface/interface_ops.cc
        #include "BKE_context.hh"
```
This PR reuses data from the previous blame part to fill these gaps.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 1183002b32)
2023-12-22 12:10:03 +01:00
wxiaoguang
12a8d65a5a
Update mermaid for 1.21 (#28571)
Try to fix #28170

(cherry picked from commit 1fc6bc1be2)
2023-12-22 12:10:03 +01:00
Lunny Xiao
004ec9026b
Add changelog for 1.21.3 (#28569)
(cherry picked from commit 2360c7ec6c)
2023-12-22 12:10:03 +01:00
Giteabot
bea2c52572
Fix merging artifact chunks error when minio storage basepath is set (#28555) (#28568)
Backport #28555 by @fuxiaohei

Related to  https://github.com/go-gitea/gitea/issues/28279

When merging artifact chunks, it lists chunks from storage. When storage
is minio, chunk's path contains `MINIO_BASE_PATH` that makes merging
break.

<del>So trim the `MINIO_BASE_PATH` when handle chunks.</del>

Update the chunk file's basename to retain necessary information. It
ensures that the directory in the chunk's path remains unaffected.

Co-authored-by: FuXiaoHei <fuxiaohei@vip.qq.com>
(cherry picked from commit 8ca32dc873)
2023-12-22 12:10:03 +01:00
Giteabot
1c7c48d96e
Update actions document about comparsion as Github Actions (#28560) (#28564)
Backport #28560 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 47f9b3f484)
2023-12-22 12:10:03 +01:00
Giteabot
d350add668
Fix inperformant query on retrifing review from database. (#28552) (#28562)
Backport #28552 by @6543

can we please PLEAS PLEASE only use raw SQL statements if it is relay
needed!!!

source is https://github.com/go-gitea/gitea/pull/28544 (before
refactoring)

Co-authored-by: 6543 <m.huber@kithara.com>
(cherry picked from commit 16263af971)
2023-12-22 12:10:03 +01:00
Giteabot
40fa6a526a
Fix the issue ref rendering for wiki (#28556) (#28559)
Backport #28556 by wxiaoguang

Fix #28526, regression of
* #26365

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit f096635622)
2023-12-22 12:10:03 +01:00