Commit graph

19047 commits

Author SHA1 Message Date
forgejo-backport-action
6c570bc3bd [v7.0/forgejo] Org buttons add missing vertical padding (#4088)
**Backport:** https://codeberg.org/forgejo/forgejo/pulls/3964

This adds the missing vertical padding between the new repository and new migration button.

| Before | After (btns horizontal) | After (btns vertical) |
| -- | -- | -- |
| ![](/attachments/4f74c5c5-ccc7-4b57-936b-09e3a226c170) | <img width="293" alt="grafik" src="/attachments/560a0e85-3453-4357-bca0-75b1cbdfe658">  | <img width="284" alt="grafik" src="/attachments/2be0383b-2d44-48ef-8a35-1bd143ef044c"> |

## Manual test steps:

- Open org page
- Resize window
- Check padding

Co-authored-by: Beowulf <beowulf@beocode.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4088
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
2024-06-11 06:26:07 +00:00
Earl Warren
4574f776c6 Merge pull request '[I18N] Translations update from Weblate' (#4099) from 0ko/forgejo:i18n-backport-20240610 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4099
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-10 19:47:36 +00:00
Codeberg Translate
9e3c465b77 [I18N] Translations update from Weblate
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Dirk <Dirk@users.noreply.translate.codeberg.org>
Co-authored-by: yeziruo <yeziruo@users.noreply.translate.codeberg.org>
Co-authored-by: Xinayder <Xinayder@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: qwerty287 <qwerty287@users.noreply.translate.codeberg.org>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: Kaede Fujisaki <ledyba@users.noreply.translate.codeberg.org>
Co-authored-by: SDKAAA <SDKAAA@users.noreply.translate.codeberg.org>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: mondstern <mondstern@users.noreply.translate.codeberg.org>
Co-authored-by: Application-Maker <Application-Maker@users.noreply.translate.codeberg.org>
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3992
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>

(cherry-picked from ea5f7f0848)

Fixed key change conflicts in: cz de ru sl.
2024-06-10 23:53:19 +05:00
Earl Warren
080da5bca9 Merge pull request '[v7.0/forgejo] fix(cmd): actions artifacts cannot be migrated' (#4086) from bp-v7.0/forgejo-e759794-4afbfd3 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4086
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-09 15:36:38 +00:00
Earl Warren
43cd6e34e0 tests(cmd): add coverage for migrateActionsArtifacts
Also convert a comment into a warning in the logs when the deletion of
an artifact cannot find the file in the destination storage.

The case were an error happens while deleting the file is not covered
as it would require to mock the storage.Copy function.

(cherry picked from commit e759794408)
2024-06-09 14:55:01 +00:00
Rowan Bohde
ab66bfff91 fix: allow actions artifacts storage migration to complete succesfully (#31251)
Change the copy to use `ActionsArtifact.StoragePath` instead of the
`ArtifactPath`. Skip artifacts that are expired, and don't error if the
file to copy does not exist.

---

When trying to migrate actions artifact storage from local to MinIO, we
encountered errors that prevented the process from completing
successfully:

* The migration tries to copy the files using the per-run
`ArtifactPath`, instead of the unique `StoragePath`.
* Artifacts that have been marked expired and had their files deleted
would throw an error
* Artifacts that are pending, but don't have a file uploaded yet will
throw an error.

This PR addresses these cases, and allow the process to complete
successfully.

(cherry picked from commit 8de8972baf5d82ff7b58ed77d78e8e1869e64eb5)
(cherry picked from commit 4afbfd3946)
2024-06-09 14:55:01 +00:00
wxiaoguang
816e77485f
Fix some URLs whose sub-path is missing (#31289)
Fix #31285

(cherry picked from commit 0188d82e4908eb173f7203d577f801f3168ffcb8)

Conflicts:
	templates/user/settings/applications.tmpl
(cherry picked from commit 3723d8c32059a571b84dc8636cb3649be6e6f1b3)

Conflicts:
	templates/user/settings/applications.tmpl
	trivial context conflict <i> vs <p>

(cherry picked from commit bbe98a3254e65eb8b9ec8fddf5e0ffe416a96614)
2024-06-09 12:05:43 +02:00
Giteabot
67fd0cea1b
Optimize runner-tags layout to enhance visual experience (#31258) (#31263)
Backport #31258 by @kerwin612

![image](https://github.com/go-gitea/gitea/assets/3371163/b8199005-94f2-45be-8ca9-4fa1b3f221b2)

Co-authored-by: Kerwin Bryant <kerwin612@qq.com>
(cherry picked from commit 83cf348e07fa83070d8a50d7d96943de08104fd4)
2024-06-09 11:57:05 +02:00
Thomas Desveaux
f8774e3611
Fix NuGet Package API for $filter with Id equality (#31188) (#31242)
Backport #31188

Fixes issue when running `choco info pkgname` where `pkgname` is also a
substring of another package Id.

Relates to #31168

---

This might fix the issue linked, but I'd like to test it with more choco
commands before closing the issue in case I find other problems if
that's ok.
I'm pretty inexperienced with Go, so feel free to nitpick things.

Not sure I handled
[this](70f87e11b5/routers/api/packages/nuget/nuget.go (L135-L137))
in the best way, so looking for feedback on if I should fix the
underlying issue (`nil` might be a better default for `Value`?).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit ca414a7ccf5e26272662e360c44ac50221a0f2d4)
2024-06-09 11:49:18 +02:00
Giteabot
9f89724324
Fix overflow on push notification (#31179) (#31238)
Backport #31179 by @silverwind

Fixes: https://github.com/go-gitea/gitea/issues/30063

<img width="1301" alt="Screenshot 2024-05-30 at 14 43 24"
src="https://github.com/go-gitea/gitea/assets/115237/00443af0-088d-49a5-be9e-8c9adcc2c01d">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 331c32f9b680f0e25efe5d48ec57dfc1db194adf)
2024-06-09 11:48:07 +02:00
Giteabot
568300cf6b
Remove .segment from .project-column (#31204) (#31239)
Backport #31204 by @silverwind

Using `.segment` on the project columns is a major abuse of that class,
so remove it and instead set the border-radius directly on it.

Fixes: https://github.com/go-gitea/gitea/issues/31129

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 298d05df3b79634a0364926f34fb02b73d442c31)
2024-06-09 11:47:34 +02:00
Giteabot
5a2904166e
Fix overflow on notifications (#31178) (#31237)
Backport #31178 by @silverwind

Fixes https://github.com/go-gitea/gitea/issues/31170.

<img width="1312" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/627711ed-93ca-4be6-b958-10d673ae9517">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 85a81767083efd49bf675b3de30de5421ab2ae69)
2024-06-09 11:46:37 +02:00
Earl Warren
874dde0d4c Merge pull request '[v7.0/forgejo] RFC 6749 Section 10.2 conformance' (#4046) from bp-v7.0/forgejo-5924694 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4046
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-06 11:55:55 +00:00
Denys Konovalov
0c770d528f
use existing oauth grant for public client (#31015)
Do not try to create a new authorization grant when one exists already,
thus preventing a DB-related authorization issue.

Fix https://github.com/go-gitea/gitea/pull/30790#issuecomment-2118812426

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 9c8c9ff6d10b35de8d2d7eae0fc2646ad9bbe94a)
(cherry picked from commit 07fe5a8b13)
2024-06-06 12:05:50 +02:00
Archer
a228ab3ab2
Prevent automatic OAuth grants for public clients (#30790)
This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section 10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 5c542ca94caa3587329167cfe9e949357ca15cf1)
(cherry picked from commit 1b088fade6)
2024-06-06 12:05:37 +02:00
Earl Warren
8f88817c00 test(oauth): RFC 6749 Section 10.2 conformance
See:

1b088fade6 Prevent automatic OAuth grants for public clients
07fe5a8b13 use existing oauth grant for public client

(cherry picked from commit 592469464b)
2024-06-06 10:01:56 +00:00
Earl Warren
71c4eee50d Merge pull request '[v7.0/forgejo] chore(dependency): whitelist mholt/archiver/v3 CVE-2024-0406' (#4035) from earl-warren/forgejo:wip-v7.0-archiver into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4035
Reviewed-by: proton-ab <proton-ab@noreply.codeberg.org>
2024-06-05 22:17:19 +00:00
Earl Warren
e7977767fa
chore(dependency): whitelist mholt/archiver/v3 CVE-2024-0406
It is not possible to tell vulncheck that Forgejo is not affected by
CVE-2024-0406. Use a mirror of the repository to do that.

Refs: https://github.com/mholt/archiver/issues/404
(cherry picked from commit 3bfec270ac)

Conflicts:
	go.sum
	trivial context conflict
2024-06-05 22:19:30 +02:00
Earl Warren
e17e243624 Merge pull request '[v7.0/forgejo] test(oauth): coverage for the redirection of a denied grant' (#4029) from bp-v7.0/forgejo-32c882a into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4029
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-05 17:17:29 +00:00
Earl Warren
a930cb847a Merge pull request '[v7.0/forgejo] fix(oauth): HTML snippets in templates can be displayed' (#4031) from bp-v7.0/forgejo-caadd18 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4031
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-05 16:03:15 +00:00
Earl Warren
32673ad6a6 Merge pull request '[v7.0/forgejo] test(avatar): deleting a user avatar and file is atomic' (#4017) from bp-v7.0/forgejo-c139efb-20148e0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4017
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-05 15:27:58 +00:00
Zettat123
d841e95191
Return access_denied error when an OAuth2 request is denied (#30974)
According to [RFC
6749](https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1),
when the resource owner or authorization server denied an request, an
`access_denied` error should be returned. But currently in this case
Gitea does not return any error.

For example, if the user clicks "Cancel" here, an `access_denied` error
should be returned.

<img width="360px"
src="https://github.com/go-gitea/gitea/assets/15528715/be31c09b-4c0a-4701-b7a4-f54b8fe3a6c5"
/>

(cherry picked from commit f1d9f18d96050d89a4085c961f572f07b1e653d1)
(cherry picked from commit 886a675f62)
2024-06-05 17:19:22 +02:00
Earl Warren
f1301542b8 fix(oauth): HTML snippets in templates can be displayed
These changes were missed when cherry-picking the following

c9d0e63c202827756c637d9ca7bbde685c1984b7 Remove unnecessary "Str2html" modifier from templates (#29319)

Fixes: https://codeberg.org/forgejo/forgejo/issues/3623
(cherry picked from commit caadd1815a)
2024-06-05 15:18:43 +00:00
Earl Warren
40bf161ff0 test(oauth): coverage for the redirection of a denied grant
See 886a675f62 Return `access_denied` error when an OAuth2 request is denied

(cherry picked from commit 32c882af91)
2024-06-05 14:19:38 +00:00
Earl Warren
cf2d8b57ae
test(avatar): deleting a user avatar is idempotent
If the avatar file in storage does not exist, it is not an error and
the database can be updated.

See 1be797faba Fix bug on avatar

(cherry picked from commit d2c4d833f4)
2024-06-05 16:02:24 +02:00
Lunny Xiao
32d8ada0e7
Fix bug on avatar (#31008)
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 58a03e9fadb345de5653345c2a68ecfd0750940a)
(cherry picked from commit 1be797faba)
2024-06-05 08:04:10 +02:00
Earl Warren
3ba58114c7 test(avatar): deleting a user avatar and file is atomic
The avatar must not be unset in the database if there is a failure to
remove the avatar file from storage (file or S3). The two operations
are wrapped in a transaction for that purpose and this test verifies
it is effective.

See 1be797faba Fix bug on avatar

(cherry picked from commit c139efb1e9)
2024-06-04 22:39:38 +00:00
Earl Warren
afba61f55d test(storage): export UninitializedStorage to simulate failure
(cherry picked from commit 20148e061a)
2024-06-04 22:39:38 +00:00
Earl Warren
e17e330712 Merge pull request '[gitea] week 2024-23-v7.0 cherry pick (release/v1.22 -> v7.0/forgejo)' (#4004) from earl-warren/wcp/2024-23-v7.0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4004
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-04 07:47:02 +00:00
Giteabot
e04b490cf6
Fix overflow in issue card (#31203) (#31225)
Backport #31203 by @silverwind

Before:

<img width="373" alt="Screenshot 2024-06-01 at 01 31 26"
src="https://github.com/go-gitea/gitea/assets/115237/82a210f2-c82e-4b7e-ac43-e70e46fa1186">

After:
<img width="376" alt="Screenshot 2024-06-01 at 01 31 32"
src="https://github.com/go-gitea/gitea/assets/115237/82d1b9f7-4fad-47bd-948a-04e1e7e006e6">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 0328f31fdc9b82efe7110cd2107628c2004e5be4)
2024-06-03 17:41:13 +02:00
Giteabot
4e233dd190
Fix the possible migration failure on 286 with postgres 16 (#31209) (#31218)
Backport #31209 by @lunny

Try to fix #31205

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 68e405cf0b00e475c089d8b94cc076d269ab9bb9)
2024-06-03 09:51:27 +02:00
Giteabot
4ad7c599e7
Fix branch order (#31174) (#31193)
Backport #31174 by @lunny

Fix #31172

The original order or the default order should not be ignored even if we
have an is_deleted order.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit c6176ee59f4a25607dcfbc00757121f705101101)
2024-06-03 09:49:40 +02:00
Lunny Xiao
d462b6d495
Fix push multiple branches error with tests (#31151)
(cherry picked from commit 5c1b550e00e9460078e00c41a32d206b260ef482)

Conflicts:
	tests/integration/git_push_test.go
	trivial context conflict because of
	2ac3dcbd43 test: hook post-receive for sha256 repos
(cherry picked from commit 62448bfb93)
(cherry picked from commit e8c776c79384c1c0a4d707ce5084b27347703848)
2024-06-03 09:47:51 +02:00
Earl Warren
4d0a5ea317 Merge pull request '[v7.0/forgejo] fix(hook): repo admins are wrongly denied the right to force merge' (#3997) from earl-warren/forgejo:wip-7.0-admin-protection into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3997
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-06-03 04:51:53 +00:00
Earl Warren
2df082393e
fix(hook): repo admins are wrongly denied the right to force merge
The right to force merge is uses the wrong predicate and
applies to instance admins:

  ctx.user.IsAdmin

It must apply to repository admins and use the following predicate:

 ctx.userPerm.IsAdmin()

This regression is from the ApplyToAdmins implementation in
79b7089360.

Fixes: https://codeberg.org/forgejo/forgejo/issues/3780
(cherry picked from commit 09f3518069)
2024-06-02 22:05:16 +02:00
Earl Warren
baec3dc6b9
fix(hook): instance admins wrongly restricted by permissions checks
This exception existed for both instance admins and repo admins
before ApplyToAdmins was introduced in
79b7089360.

It should have been kept for instance admins only because they are not
subject to permission checks.

(cherry picked from commit 05f0007437)
2024-06-02 22:05:16 +02:00
Earl Warren
bad8e72bcd
tests(integration): add TestPullMergeBranchProtect
Verify variations of branch protection that are in play when merging a
pull request as:

* instance admin
* repository admin / owner
* user with write permissions on the repository

In all cases the result is expected to be the same when merging
the pull request via:

* API
* web

Although the implementations are different.

(cherry picked from commit 793421bf59)

Conflicts:
	tests/integration/pull_merge_test.go
	trivial context conflict
2024-06-02 22:05:08 +02:00
Earl Warren
6827a4a669
test(integration): add protected file to doBranchProtect
A protected file pushed to a protected branch branch is not allowed.

(cherry picked from commit e0eba21ab7)
2024-06-02 22:00:40 +02:00
Earl Warren
e0cd813927
test(integration): refactor doBranchProtectPRMerge
* group test cases to clarify their purpose
* remove pull request branch protection tests, they are redundant
  with TestPullMergeBranchProtect

(cherry picked from commit 0d8478b82e)

Conflicts:
	tests/integration/git_test.go
	trivial context conflict
2024-06-02 22:00:18 +02:00
Earl Warren
9b17f6fd24
test(integration): refactor testPullMerge
* split into testPullMergeForm which can be called directly if
  the caller wants to specify extra parameters.
* testPullMergeForm can expect something different than StatusOK

(cherry picked from commit 20591d966e)
2024-06-02 21:53:46 +02:00
Earl Warren
9cd730a063
test(integration): refactor doAPIMergePullRequest
* http.StatusMethodNotAllowed can be expected: only retry if the
  error message is "Please try again later"
* split into doAPIMergePullRequestForm which can be called directly if
  the caller wants to specify extra parameters.

(cherry picked from commit 49aea9879b)
2024-06-02 21:53:46 +02:00
Earl Warren
68d803aae4
test(integration): refactor doProtectBranch
explicitly specify the parameters instead of providing them as
arguments so the caller has a more fine grain control over them.

(cherry picked from commit 70aa294cc1)
2024-06-02 21:53:46 +02:00
Earl Warren
b4d792d2a2
test(integration): add t.Helper() to reduce stack polution
Without the a testify stack is likely to not show the relevant test.

(cherry picked from commit 4c2ed3c35d)
2024-06-02 21:53:46 +02:00
Earl Warren
2f9be3e824 Merge pull request '[v7.0/forgejo] Add multiple missed return after an error condition' (#3960) from earl-warren/forgejo:wip-v7.0-missed-return into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3960
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-02 16:25:10 +00:00
Earl Warren
3b7ad8ef9e Merge pull request '[v7.0/forgejo] add missed return in POST /repos/{owner}/{repo}/push_mirrors' (#3994) from bp-v7.0/forgejo-166bb28-5747951-ba37b9e into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3994
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-02 16:23:19 +00:00
Earl Warren
4cbfd383e9 tests(api): POST /repos/{owner}/{repo}/push_mirrors coverage
(cherry picked from commit 166bb2861f)
2024-06-02 15:45:31 +00:00
Earl Warren
d900842fd7 test(mock): DeletePushMirrors & AddPushMirrorRemote
make them into variables that can be mocked

(cherry picked from commit 5747951cc7)
2024-06-02 15:45:31 +00:00
Lunny Xiao
bcb473dd2a Add missed return after ctx.ServerError (#31130) (partial)
Only routers/api/v1/repo/mirror.go

(cherry picked from commit b6f15c7948ac3d09977350de83ec91d5789ea083)
(cherry picked from commit ba37b9e577)
2024-06-02 15:45:31 +00:00
Earl Warren
089afd4086 Merge pull request 'Revert "Fix error on renaming merged PRs (#3840)"' (#3987) from 0ko/forgejo:revert-bug-causing-bug into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3987
Reviewed-by: Mai-Lapyst <mai-lapyst@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-06-02 15:27:35 +00:00
Earl Warren
8da2acff43 Merge pull request '[v7.0/forgejo] test(util): MockProtect when mocking multiple times' (#3993) from bp-v7.0/forgejo-884b3c0 into v7.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3993
Reviewed-by: Victoria <efertone@noreply.codeberg.org>
2024-06-02 15:26:59 +00:00