Commit graph

2447 commits

Author SHA1 Message Date
Gergely Nagy
f50e0dfe5e
[GITEA] Allow changing the email address before activation
During registration, one may be required to give their email address, to
be verified and activated later. However, if one makes a mistake, a
typo, they may end up with an account that cannot be activated due to
having a wrong email address.

They can still log in, but not change the email address, thus, no way to
activate it without help from an administrator.

To remedy this issue, lets allow changing the email address for logged
in, but not activated users.

This fixes gitea#17785.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit aaaece28e4)
(cherry picked from commit 639dafabec)
(cherry picked from commit d699c12ceb)

[GITEA] Allow changing the email address before activation (squash) cache is always active

This needs to be revisited because the MailResendLimit is not enforced
and turns out to not be tested.

See e7cb8da2a8 * Always enable caches (#28527)

(cherry picked from commit 43ded8ee30)

Rate limit pre-activation email change separately

Changing the email address before any email address is activated should
be subject to a different rate limit than the normal activation email
resending. If there's only one rate limit for both, then if a newly
signed up quickly discovers they gave a wrong email address, they'd have
to wait three minutes to change it.

With the two separate limits, they don't - but they'll have to wait
three minutes before they can change the email address again.

The downside of this setup is that a malicious actor can alternate
between resending and changing the email address (to something like
`user+$idx@domain`, delivered to the same inbox) to effectively halving
the rate limit. I do not think there's a better solution, and this feels
like such a small attack surface that I'd deem it acceptable.

The way the code works after this change is that `ActivatePost` will now
check the `MailChangeLimit_user` key rather than `MailResendLimit_user`,
and if we're within the limit, it will set `MailChangedJustNow_user`. The
`Activate` method - which sends the activation email, whether it is a
normal resend, or one following an email change - will check
`MailChangedJustNow_user`, and if it is set, it will check the rate
limit against `MailChangedLimit_user`, otherwise against
`MailResendLimit_user`, and then will delete the
`MailChangedJustNow_user` key from the cache.

Fixes #2040.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e35d2af2e5)
(cherry picked from commit 03989418a7)
2024-01-08 17:05:47 +01:00
Gusted
6952ea6ee3
[GITEA] Allow user to select email for file operations in Web UI
- Add a dropdown to the web interface for changing files to select which
Email should be used for the commit. It only shows (and verifies) that a
activated mail can be used, while this isn't necessary, it's better to
have this already in place.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/281

(cherry picked from commit 564e701f40)
(cherry picked from commit de8f2e03cc)
(cherry picked from commit 0182cff12e)
(cherry picked from commit 9c74254d46)
(cherry picked from commit 2f0b68f821)
(cherry picked from commit 079b995d49)
2024-01-08 17:05:47 +01:00
Gusted
18564b26f6
[GITEA] Add cancel button to wiki
- Add a cancel button to the Edit and New wiki pages.
- Resolves https://codeberg.org/forgejo/forgejo/issues/705

(cherry picked from commit 3284f690ea)
(cherry picked from commit 9f8bf83b0e)
(cherry picked from commit bfd03a9f30)
(cherry picked from commit 6b5d5e0cf7)
(cherry picked from commit 3ef3ec0d82)
(cherry picked from commit 5ae55325ef)
(cherry picked from commit f0894ae003)
2024-01-08 17:03:08 +01:00
Gusted
d3c1bce7db
[GITEA] Detect file rename and show in history
- Add a indication to the file history if the file has been renamed,
this indication contains a link to browse the history of the file
further.
- Added unit testing.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1279

(cherry picked from commit 72c297521b)
(cherry picked from commit 283f964894)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 7c30af7fde)
(cherry picked from commit f3be6eb269)
(cherry picked from commit 78e1755b94)
(cherry picked from commit 73799479e0)
(cherry picked from commit 938359b941)
(cherry picked from commit b168a9c081)

[GITEA] Detect file rename and show in history (squash) ctx.Locale

(cherry picked from commit 40447752ff)
(cherry picked from commit ea23594cdb)
(cherry picked from commit cdc473850c)
(cherry picked from commit 86e6641c29)
(cherry picked from commit 2757de586b)
(cherry picked from commit def4ae32dd)
(cherry picked from commit 6dada09329)
(cherry picked from commit 5d6d527251)

Conflicts:
	tests/integration/repo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2119
2024-01-08 16:59:10 +01:00
Aravinth Manivannan
4124fa5aa4
[GITEA] notifies admins on new user registration
Sends email with information on the new user (time of creation and time of last sign-in) and a link to manage the new user from the admin panel

closes: https://codeberg.org/forgejo/forgejo/issues/480

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1371
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit c721aa828b)
(cherry picked from commit 6487efcb9d)

Conflicts:
	modules/notification/base/notifier.go
	modules/notification/base/null.go
	modules/notification/notification.go
	https://codeberg.org/forgejo/forgejo/pulls/1422
(cherry picked from commit 7ea66ee1c5)

Conflicts:
	services/notify/notifier.go
	services/notify/notify.go
	services/notify/null.go
	https://codeberg.org/forgejo/forgejo/pulls/1469
(cherry picked from commit 7d2d997011)
(cherry picked from commit 435a54f140)
(cherry picked from commit 8ec7b3e448)

[GITEA] notifies admins on new user registration (squash) performance bottleneck

Refs: https://codeberg.org/forgejo/forgejo/issues/1479
(cherry picked from commit 97ac9147ff)
(cherry picked from commit 19f295c16b)
(cherry picked from commit 3367dcb2cf)

[GITEA] notifies admins on new user registration (squash) cosmetic changes

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 9f1670e040)
(cherry picked from commit de5bb2a224)
(cherry picked from commit 8f8e52f31a)
(cherry picked from commit e0d5130312)
(cherry picked from commit f1288d6d9b)
(cherry picked from commit 1db4736fd7)
(cherry picked from commit e8dcbb6cd6)
(cherry picked from commit 09625d6476)

[GITEA] notifies admins on new user registration (squash) ctx.Locale

(cherry picked from commit dab7212fad)
(cherry picked from commit 9b7bbae8c4)
(cherry picked from commit f750b71d3d)
(cherry picked from commit f79af36679)
(cherry picked from commit e76eee334e)

[GITEA] notifies admins on new user registration (squash) fix locale

(cherry picked from commit 54cd100d8d)
(cherry picked from commit 053dbd3d50)

[GITEA] notifies admins on new user registration (squash) fix URL

1. Use absolute URL in the admin panel link sent on new registrations
2. Include absolute URL of the newly signed-up user's profile.

New email looks like this:

<details><summary>Please click to expand</summary>

```
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

User Information: @realaravinth ( http://localhost:3000/realaravinth )
----------------------------------------------------------------------

* Created: 2023-12-13 19:36:50 +05:30

Please click here ( http://localhost:3000/admin/users/9 ) to manage the use=
r from the admin panel.
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
	<title>New user realaravinth just signed up</title>

	<style>
		blockquote { padding-left: 1em; margin: 1em 0; border-left: 1px solid gre=
y; color: #777}
		.footer { font-size:small; color:#666;}
	</style>

</head>

<body>
	<ul>
		<h3>User Information: <a href=3D"http://localhost:3000/realaravinth">@rea=
laravinth</a></h3>
		<li>Created: <relative-time format=3D"datetime" weekday=3D"" year=3D"nume=
ric" month=3D"short" day=3D"numeric" hour=3D"numeric" minute=3D"numeric" se=
cond=3D"numeric" datetime=3D"2023-12-13T19:36:50+05:30">2023-12-13 19:36:50=
 +05:30</relative-time></li>
	</ul>
	<p> Please <a href=3D"http://localhost:3000/admin/users/9" rel=3D"nofollow=
">click here</a> to manage the user from the admin panel. </p>
</body>
</html>

--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770--
```

</details>

fixes: https://codeberg.org/forgejo/forgejo/issues/1927
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1940
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit b8d764e36a)
(cherry picked from commit d48b84f623)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 02d3c125cc)
(cherry picked from commit 367374ecc3)

Conflicts:
	models/user/user_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2119
2024-01-08 16:55:44 +01:00
Panagiotis "Ivory" Vasilopoulos
071e9013f3
[GITEA] add option for banning dots in usernames
Refs: https://codeberg.org/forgejo/forgejo/pulls/676

Author:    Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Date:      Mon Jun 12 13:57:01 2023 +0200

Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit fabdda5c6e)
(cherry picked from commit d2c7f45621)
(cherry picked from commit dfdbaba3d6)
(cherry picked from commit a3cda092b8)
(cherry picked from commit f0fdb5905c)
(cherry picked from commit 9697e48c1f)
(cherry picked from commit 46e31009a8)
(cherry picked from commit 5bb2c54b6f)
(cherry picked from commit 682f9d24e1)
(cherry picked from commit 1863481005)
(cherry picked from commit 4f1b7c4ddb)
(cherry picked from commit 6afe70bbf1)
(cherry picked from commit 5cec1d9c2d)

Conflicts:
	templates/admin/config.tmpl
	https://codeberg.org/forgejo/forgejo/pulls/1512
(cherry picked from commit de2d172473)
(cherry picked from commit 37a3172dd9)
(cherry picked from commit 92dfca0c5a)
(cherry picked from commit a713d59b0c)
(cherry picked from commit e7bd71a618)
(cherry picked from commit 69f3e952c4)
(cherry picked from commit 83fbb7b566)
(cherry picked from commit 3196605fa9)
(cherry picked from commit e37eb8de9c)
(cherry picked from commit 8c99f59e48)
(cherry picked from commit 74aa1ac66f)
(cherry picked from commit 622440b3bd)
(cherry picked from commit 2c1ec90984)
(cherry picked from commit 24d57152e0)
2024-01-08 16:52:44 +01:00
GiteaBot
a43c7b81af [skip ci] Updated translations via Crowdin 2024-01-07 00:27:22 +00:00
wackbyte
9b418158b9
Fix grammar in actions.variables.id_not_exist (en-US) (#28680)
Fixes the capitalization and grammar of the key.
2024-01-03 10:43:38 +00:00
wackbyte
3ba1216b9d
Fix grammar issues on the repository Actions page (en-US) (#28679)
Fixes a few grammar issues in the en-US localization of the repository
Actions page.
2024-01-03 10:42:56 +00:00
GiteaBot
f8f394cb0e [skip ci] Updated translations via Crowdin 2024-01-01 00:27:55 +00:00
GiteaBot
4995b4a057 [skip ci] Updated translations via Crowdin 2023-12-29 00:20:25 +00:00
GiteaBot
c706b3e436 [skip ci] Updated translations via Crowdin 2023-12-28 00:24:21 +00:00
GiteaBot
a1dfffd723 [skip ci] Updated translations via Crowdin 2023-12-27 00:23:45 +00:00
GiteaBot
ff7383e83a [skip ci] Updated translations via Crowdin 2023-12-26 00:24:05 +00:00
GiteaBot
9483ccd463 [skip ci] Updated translations via Crowdin 2023-12-20 00:20:44 +00:00
yp05327
4ea522fecf
Only check online runner when detecting matching runners in workflows (#28286)
Mentioned:
[#28277](https://github.com/go-gitea/gitea/issues/28277#issuecomment-1831325276)

We should only check online runner when detecting matching runners in
workflows,
as if runner is not online, the workflow will not run.


![image](https://github.com/go-gitea/gitea/assets/18380374/11855e9d-7241-4b7a-b8d7-49dbb94ba1c5)
2023-12-18 16:06:19 +00:00
GiteaBot
69f2b698c5 [skip ci] Updated translations via Crowdin 2023-12-18 00:25:45 +00:00
The Magician
7fb6b51470
Remove duplicate option in admin screen and now-unused translation keys (#28492)
Resolves https://github.com/go-gitea/gitea/issues/28451.

This change follows the recommendation by wxiaoguang to remove the
"Disable Minimum Key Size Check" from the "Service Configuration"
section of the UI, because this option belongs to the "SSH
Configuration" section of the administration menu and already has a
functioning indicator in that section of the UI.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-17 04:33:37 +00:00
GiteaBot
72529d6e64 [skip ci] Updated translations via Crowdin 2023-12-17 00:26:56 +00:00
GiteaBot
c229e6519b [skip ci] Updated translations via Crowdin 2023-12-13 00:24:37 +00:00
GiteaBot
baea205675 [skip ci] Updated translations via Crowdin 2023-12-12 00:25:05 +00:00
GiteaBot
80baac19f2 [skip ci] Updated translations via Crowdin 2023-12-09 00:24:26 +00:00
Panagiotis "Ivory" Vasilopoulos
18ba1c6d00
Improve text in Security settings (#28393)
- en-US: Rename "Scratch Tokens" to "single-use recovery keys".
  Longer, but clearer.
- Improve titles
- TOTP: Improve description
- TOTP: Inform user about Scratch Tokens to encourage TOTP usage
- WebAuthn: Add loss of access warning
2023-12-08 00:38:55 +02:00
GiteaBot
ceedd90bf2 [skip ci] Updated translations via Crowdin 2023-12-07 00:24:32 +00:00
GiteaBot
c81255ba4e [skip ci] Updated translations via Crowdin 2023-12-06 00:25:02 +00:00
yp05327
004ab3758c
Fix wrong link in protect_branch_name_pattern_desc (#28313)
The current href will link to
`https://domain/owner/repo/settings/branches/github.com/gobwas/glob`
2023-12-01 19:45:04 +08:00
yp05327
a6a674e26a
Add guide page to actions when there's no workflows (#28145)
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/599d40c1-9b8d-4189-9286-c9c36fb780dd)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/848a73d1-aaec-478f-93a7-adcc7ee18907)
2023-11-21 08:27:33 +00:00
Lunny Xiao
0c0d17f17e
Fix empty action run title (#28113)
Fix #27901
2023-11-21 03:00:59 +00:00
Jason Song
0c72256ab4
Fix typo in packages.cleanup.success (#28133)
Follow
https://github.com/go-gitea/gitea/pull/28129#discussion_r1398971596
2023-11-20 15:41:10 +02:00
Jason Song
0e1b381ff6
Add missing packages.cleanup.success (#28129)
Used at
a3348bfc4d/routers/web/admin/packages.go (L111)

<img width="1325" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/60edc1fa-eea8-4d74-a7ec-96bd5461a53f">
2023-11-20 08:33:58 +00:00
GiteaBot
a3348bfc4d [skip ci] Updated translations via Crowdin 2023-11-20 00:25:03 +00:00
GiteaBot
f586937297 [skip ci] Updated translations via Crowdin 2023-11-14 00:23:48 +00:00
GiteaBot
80715ae5c7 [skip ci] Updated translations via Crowdin 2023-11-03 00:23:16 +00:00
yp05327
dcb648ee71
Add Hide/Show all checks button to commit status check (#26284)
Step one for a GitHub like commit status check ui:

![image](https://github.com/go-gitea/gitea/assets/18380374/22953b88-1f91-4d19-bc57-ad92d33fa11f)

![image](https://github.com/go-gitea/gitea/assets/18380374/78572a49-c9b0-472b-86a8-8293197e807b)

![image](https://github.com/go-gitea/gitea/assets/18380374/bc5c8d1c-2ab5-4b03-b8c6-20c34b86d856)

Step two:

![image](https://github.com/go-gitea/gitea/assets/18380374/938b359e-8823-4192-b82d-55fa40b986fd)

![image](https://github.com/go-gitea/gitea/assets/18380374/2de5bb8f-40f5-462a-8d6d-bac13a32bc2a)

The design now will list all commit status checks which takes too much
space.
This is a pre-improve for #26247

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-11-02 14:49:02 +00:00
GiteaBot
5a76759c9c [skip ci] Updated translations via Crowdin 2023-10-28 00:22:03 +00:00
GiteaBot
f089be91da [skip ci] Updated translations via Crowdin 2023-10-27 00:22:31 +00:00
Danila Fominykh
0c21af3728
Package repository/documentation link unification (#27804)
Some translations are duplicated for the same package fields; it should
be possible to use the same approach. Checked packages to use the same
forms in templates.

1. Removed repeated translations for the same fields
2. Linked template files to the same translation fields
3. Added repository site link for nuget packages
2023-10-27 00:16:12 +00:00
Joel Wetzell
46dd02702d
Fix typo when updating email address (#27789)
- correct text that is shown when attempting to change an email address
2023-10-25 19:21:23 +02:00
Brecht Van Lommel
7a286e4753
Improve pull request command line instructions (#27778)
* Show checkout instructions also when there is no permission to push,
for anyone who wants to locally test the changes.
* First checkout the branch exactly as is, without immediately having to
solve merge conflicts. Leave this to the merge step, since it's often
convenient to test a change without worrying about this.
* Use `git fetch -u`, so an existing local branch is updated when
re-testing the same pull request. But not the more risky `git fetch -f`
in to handle force pushes, as we don't want to accidentally overwrite
important local changes.
* Show different merge command depending on the chosen merge style,
interactively updated.
2023-10-25 15:01:31 +00:00
Gerd Katzenbeisser
31f8880bc2
Show placeholder email in privacy popup (#27770)
This PR will show the _noreply_ address in the privacy popup
_keep_email_private_popup_.

I had to look into the source code to figure out which E-Mail Adress I
had to use on gitea.com to hide it from public access.

According to the contribution guidelines I only updated the en-US
translation file.

Co-authored-by: Hakito <hakito@git.example.com>
2023-10-25 11:12:36 +00:00
tomholford
e3afe4a248
teams: new View button (#27685)
Per the discussion on #22054, the flow for adding a new team member to
an org is not intuitive for new Gitea users.

The ideal solution would be to add a new button on the Org > Members
index view (see the screenshot mockup in the issue description).
However, this would require a refactor of the UX for the flow. The
current flow has an implicit context of which team within the org the
new member is being added to ('Owners' by default). From the Members
index, there is no implicit context; the flow would have to add a picker
for which team the new member should be added to.

So, as a stopgap, this change simply adds a button to the Teams index
page that performs the same action as clicking on the title of the team
(a behavior that is currently too obscure as indicated in the comments
on the issue). This should reduce support burden and serve as a decent
temporary measure until the Add Member flow is refactored.

---------

Co-authored-by: tomholford <tomholford@users.noreply.github.com>
2023-10-22 12:34:16 +00:00
Denys Konovalov
16cfa17844
fix issues in translation file (#27699)
- use correct comment sign for INI (`;`)
- remove duplicated `repo.branch.search` key
- remove duplicated spaces & similar
2023-10-22 11:59:31 +00:00
GiteaBot
a5bdcfc863 [skip ci] Updated translations via Crowdin 2023-10-22 00:24:59 +00:00
6543
adbc995c34
Show total TrackedTime on issue/pull/milestone lists (#26672)
TODOs:
- [x] write test for `GetIssueTotalTrackedTime`
- [x] frontport kitharas template changes and make them mobile-friendly

---

![image](https://github.com/go-gitea/gitea/assets/24977596/6713da97-201f-4217-8588-4c4cec157171)

![image](https://github.com/go-gitea/gitea/assets/24977596/3a45aba8-26b5-4e6a-b97d-68bfc2bf9024)

---
*Sponsored by Kithara Software GmbH*
2023-10-19 14:08:31 +00:00
GiteaBot
63e391ed17 [skip ci] Updated translations via Crowdin 2023-10-19 00:23:11 +00:00
Denys Konovalov
0271114e64
cleanup repo details icons/labels (#27644)
Fix #27596 

Change confusing behavior when showing information about a repo via
labels and icons. Implement changes proposed by @lng2020 in
https://github.com/go-gitea/gitea/pull/27627#pullrequestreview-1678787673.
2023-10-16 23:06:15 +02:00
GiteaBot
4f6043f554 [skip ci] Updated translations via Crowdin 2023-10-15 00:25:13 +00:00
KN4CK3R
c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
GiteaBot
ee6a390675 [skip ci] Updated translations via Crowdin 2023-10-14 00:22:28 +00:00
GiteaBot
3e9a379d38 [skip ci] Updated translations via Crowdin 2023-10-13 00:23:41 +00:00