Commit graph

948 commits

Author SHA1 Message Date
Gusted
e6bbecb02d
fix: disallow basic authorization when security keys are enrolled
- This unifies the security behavior of enrolling security keys with
enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use
basic authorization (user:password) to make API request on behalf of the
user, this is now also the case when you enroll security keys.
- The usage of access tokens are the only method to make API requests on
behalf of the user when a 2FA method is enrolled for the user.
- Integration test added.
2024-11-15 10:59:36 +01:00
Gusted
9508aa7713
Improve usage of HMAC output for mailer tokens
- If the incoming mail feature is enabled, tokens are being sent with
outgoing mails. These tokens contains information about what type of
action is allow with such token (such as replying to a certain issue
ID), to verify these tokens the code uses the HMAC-SHA256 construction.
- The output of the HMAC is truncated to 80 bits, because this is
recommended by RFC2104, but RFC2104 actually doesn't recommend this. It
recommends, if truncation should need to take place, it should use
max(80, hash_len/2) of the leftmost bits. For HMAC-SHA256 this works out
to 128 bits instead of the currently used 80 bits.
- Update to token version 2 and disallow any usage of token version 1,
token version 2 are generated with 128 bits of HMAC output.
- Add test to verify the deprecation of token version 1 and a general
MAC check test.
2024-11-15 10:59:36 +01:00
Gusted
1ce33aa38d
fix: extend forgejo_auth_token table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.
2024-11-15 10:59:36 +01:00
Michael Kriese
296935b0d7 Merge pull request 'chore: improve preparing tests' (#5948) from gusted/improve-testz into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5948
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-15 07:35:22 +00:00
0ko
634519e891 feat(ui): highlight user mention in comments and commit messages 2024-11-14 14:08:12 +01:00
Gusted
75a8b83946
chore: improve slow tests
- Optimize generting random files.
- Reduce big file of 128MiB to 32MiB (git was never made for large files
anyways, but simply tests that it works).
- Reduce looped git operations from 100 iterations to 10.
- Add extra print statements to know what a slow test is doing, this
also helps to see if a particular piece of code in a slow test is the
culprit or if the test is just very extensive.
- Set `[ui.notification].EVENT_SOURCE_UPDATE_TIME` to 1s to speed up
`TestEventSourceManagerRun`.
- Sneaked in some general test improvements.
2024-11-14 12:41:11 +01:00
Gusted
d1520cf08d
chore: improve preparing tests
- Only prepare repositories once.
- Move the repositories to temporary directories (these should usually be stored in
memory) which are recreated for each test to avoid persistentance
between tests. Doing some dirty profiling suggests that the preparing
test functions from 140-100ms to 70-40ms
2024-11-14 10:07:52 +01:00
Earl Warren
983aed4268
fix(ci): synchronize updates the commit status asynchronously
When a new commit is pushed to an existing pull request, the update of
the commit status will happen asynchronously, via the git hook.

   --- FAIL: TestPullRequestCommitStatus/synchronize (2.14s)
        actions_trigger_test.go:331:
            	Error Trace:	/workspace/forgejo/forgejo/tests/integration/actions_trigger_test.go:331
            	Error:      	Should be true
            	Test:       	TestPullRequestCommitStatus/synchronize
2024-11-12 08:13:33 +01:00
Otto
3531710dc6 Merge pull request 'fix: Proper parsing of date for git commits' (#5892) from gusted/forgejo-port-32409 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5892
Reviewed-by: Otto <otto@codeberg.org>
2024-11-11 14:22:32 +00:00
Renovate Bot
7f31d892ac Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.62.0 (forgejo) (#5911)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-11-11 13:02:01 +00:00
Michael Kriese
c33cbae7cc
test: fix test linting
See forgejo/forgejo#5911
2024-11-11 12:44:36 +01:00
Otto Richter
c92b4b12c8 fix: Re-add least recently updated as sort order
Regression from https://codeberg.org/forgejo/forgejo/pulls/5819
Integration test added (my first! 🎉)
2024-11-11 01:37:20 +01:00
Gusted
b1481b8e54 Merge pull request 'chore: improve database docker instructions' (#5906) from gusted/forgejo-db-docker into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5906
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-10 22:03:55 +00:00
Gusted
74048f772e
fix: Add created_unix and updated_unix to repo1 fixture 2024-11-10 22:24:12 +01:00
Gusted
582ab21bc3
chore: improve test quality
- Merge tests together.
- Remove unecessary usage of `onGiteaRun`.
- Make proper use of `unittest`.
- Make proper use of `test.MockVariable`.
- I have not checked all of the testing files yet.
2024-11-10 20:34:14 +01:00
Gusted
f352d6db81
chore: improve database docker instructions
- Do not require minio for mariadb docker.
- Do not require elasticsearch for mysql.
- Fix postgress password parameter.
- Add the multistatement query for mysql (this is not optimal but adding
Makefile code doesn't seem to work really well either)
2024-11-10 19:41:04 +01:00
Gusted
59926daf7f Merge pull request '[PORT] Fix code owners will not be mentioned when a pull request comes from a forked repository (gitea#30476)' (#5850) from gusted/forgejo-fix-cond-codeowners into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5850
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-09 18:41:50 +00:00
Gusted
536e1923b4
chore: add extra integration test 2024-11-09 19:13:08 +01:00
Lunny Xiao
2efc1f5686
[PORT] Fix code owners will not be mentioned when a pull request comes from a forked repository (gitea#30476)
Fix #30277
Caused by #29783

---

- Resolves #5842
- Regression from #2855

(cherry picked from commit c63060b130d34e3f03f28f4dccbf04d381a95c17)
2024-11-09 00:46:48 +01:00
Earl Warren
2541a943ce
bug: require.Eventually must not test with assert
Otherwise it fails the test instead of retrying if the condition fails
at least once.
2024-11-09 00:07:18 +01:00
wxiaoguang
3c4153b195
[PORT] Refactor tests to prevent from unnecessary preparations (gitea#32398)
Some preparations are only used by a few tests, so to make the tests fast, they should only be prepared when they are used.

By the way, this PR splits PrepareTestEnv into small functions to make it simple.

---

Conflict resolution: Mostly magical and just re-pasting the code into
the right places.
Done differently: use `require.NoError` instead of `assert.NoError`.

(cherry picked from commit ec2d1593c269e06655525deb96f74b8094221b6f)
2024-11-07 23:02:10 +01:00
Earl Warren
c801838690
fix: labels are missing in the pull request payload removing a label
When ReplaceIssueLabels calls issue.LoadLabels it was a noop because
issue.isLabelsLoaded is still set to true because of the call  to
issue.LoadLabels that was done at the beginning of the function.
2024-11-06 16:43:14 +01:00
Otto
0fb48872ac Merge pull request '[FEAT] Trim spaces from repo names on form submission' (#5822) from gusted/forgejo-trim-spaces-form into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5822
Reviewed-by: Otto <otto@codeberg.org>
2024-11-06 09:16:17 +00:00
Earl Warren
36b18fb6cc Merge pull request '[gitea] week 2024-45 cherry pick (gitea/main -> forgejo)' (#5789) from algernon/wcp/2024-45 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5789
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-06 08:57:43 +00:00
Gusted
4952747699
[FEAT] Trim spaces from repository name
- This uses the `TrimSpace` preprocessing of the binding library to
remove any accidental spaces from the input.
- Integration test added.
- Resolves #4309
2024-11-05 23:13:17 +01:00
Gusted
d5a1188086 Merge pull request 'feat: add partial quoting' (#5677) from gusted/forgejo-partial-qouting into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5677
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-05 20:13:04 +00:00
Otto
ae8e8f388c Merge pull request 'i18n: Add dummy language for checking translation keys (#5785)' (#5786) from xtex/forgejo:dummy-lang into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5786
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-05 10:41:15 +00:00
xtex
42eed7dbea i18n: Add dummy language for checking translation keys (#5785) 2024-11-05 09:59:04 +00:00
Gergely Nagy
ae6292ba38
chore: Fix a few lint errors
- Adjust `PrepareArtifactsStorage` to use `require.NoError` instead of
  `assert.NoError`
- Adjust `TestActionsArtifactDownload` to have the proper order of
  `assert.Equal` arguments.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-11-05 09:39:24 +01:00
Kyle D.
748ae10e7c
Add artifacts test fixture (#30300)
Closes https://github.com/go-gitea/gitea/issues/30296

- Adds a DB fixture for actions artifacts
- Adds artifacts test files
- Clears artifacts test files between each run
- Note: I initially initialized the artifacts only for artifacts tests,
but because the files are small it only takes ~8ms, so I changed it to
always run in test setup for simplicity
- Fix some otherwise flaky tests by making them not depend on previous
tests

(cherry picked from commit 66971e591e5dddd5b6dc1572ac48f4e4ab29b8e0)

Conflicts:
	- tests/integration/api_actions_artifact_test.go
	  Conflict resolved by manually changing the tested artifact
	  name from "artifact" to "artifact-download"
	- tests/integration/api_actions_artifact_v4_test.go
	  Conflict resolved by manually updating the tested artifact
	  names, and adjusting the test case only present in our tree.
	- tests/test_utils.go
	  Resolved by manually copying the added function.
2024-11-05 09:33:15 +01:00
Earl Warren
66c85b7d8b
fix: Actions PR workflows must update the commit status
When a workflow has

on:
  pull_request:
    types:
      - labeled
      - unlabeled

The outcome of the workflow (success or failure) must be associated
with the head sha commit status. Otherwise it cannot be used as a
requirement for merging the pull request (branch protections).
2024-11-04 11:27:14 +01:00
Earl Warren
c5c1d593ad
chore(cleanup): remove unused TestCreateFile
Since CreateDeclarativeRepoWithOptions it is more convenient to create
a file by providing arguments.
2024-11-03 10:00:58 +01:00
Gusted
d5426b0626 Merge pull request 'feat: Add Search to Releases Page' (#5777) from JakobDev/forgejo:releasesearch into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5777
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Shiny Nematoda <snematoda@noreply.codeberg.org>
2024-11-02 22:33:30 +00:00
JakobDev
86546fe63e
feat: Add Search to Releases Page 2024-11-02 10:24:35 +01:00
Gusted
4c67023c7e
tests: improve actvititypub integration test code
- Make use of `test.MockVariableValue` to override variables for the
duration of the test.
- Don't needlessly call `onGiteaRun`, its only needed when a HTTP server
needs to be called by the code.
- When `onGiteaRun` is used, make use of the passed parameters, such as
the passed `*testing.T` variable and `*url.URL` (this also avoids
needing to serve the routers in the test code again).
- Use `(*url.URL).JoinPath` to craft new URLs.
- Don't override `setting.AppURL` & `setting.Database.LogSQL` when its
does not affect the test.
- Add empty fixture files for `FederatedUser` & `FederationHost` so they
are truncated and do not persist between tests.
2024-11-01 22:39:49 +01:00
Tom Neuber
fc06763371
tests/integration: add integration tests for automerge pull requests 2024-10-31 03:49:15 +01:00
Tom Neuber
68d5cf0e92
Add branch auto deletion for scheduled PRs 2024-10-31 03:49:15 +01:00
Otto
698b1c07c4 Merge pull request 'fix: regression from #4125' (#5560) from JakobDev/forgejo:linkfix into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5560
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-10-31 02:30:38 +00:00
JakobDev
75ce0bf06b
Fix test 2024-10-28 17:37:24 +01:00
Gusted
266e0b2ce9
security: add permission check to 'delete branch after merge'
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.
2024-10-28 05:48:10 +01:00
Earl Warren
0e0a153adb Merge pull request 'feat: combine review requests comments' (#5695) from gusted/forgejo-combine-request-review into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5695
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-27 04:49:23 +00:00
Gusted
2c2ac80030 feat: Add partial quoting
- If you select a portion of the comment, `Quote reply` will not only
quote that portion and not copy paste the whole text as it previously
did. This is achieved by using the `@github/quote-selection` package.
- There's preprocessing to ensure Forgejo-flavored markdown syntax is
preserved.
- e2e test added.
- Resolves #1342
2024-10-26 19:15:43 +02:00
Gusted
8fdc0a7a6c feat: combine review requests comments
- Combine review requests comments similairy how labels comments are
combined. If review requests comments were made within 60 seconds of
each other they will be grouped.
- Integration and unit test added.
- Resolves #2774
2024-10-25 22:57:32 +02:00
Gusted
f5e025917f fix: make branch protection work for new branches
- If `GetAffectedFiles` is called for a push with an empty oldCommitID,
then set the oldCommitID to the empty tree. This will effictively diff
all the changes included in the push, which is the expected behavior for
branches.
- Integration test added.
- Resolves #5683
- Port of gitea#31778 but implemented differently.
2024-10-24 18:44:58 +02:00
Gusted
3a4bc7cdd1 Merge pull request 'feat: use combo markdown editor for milestone description' (#5657) from gusted/forgejo-milestone-comboeditor into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5657
Reviewed-by: Otto <otto@codeberg.org>
2024-10-23 13:38:35 +00:00
Gusted
4c6587d6a0 feat: use combo markdown editor for milestone description
- Use the combo markdown editor for the milestone description. The
milestone description is rendered in markdown, so it makes sense to use
a 'markdown-aware' editor. This also includes the option to use
monospace font.
- Resolves #5649
2024-10-22 19:58:44 +02:00
Earl Warren
fac25238d4 Merge pull request 'fix: don't show truncated comments in RSS/Atom feeds' (#5653) from gusted/forgejo-truncated-comment-rss into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5653
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-10-22 16:48:52 +00:00
Gusted
f4a7132a89 fix: don't show truncated comments in RSS/Atom feeds
- When a truncated comment is detected in the RSS/Atom feeds, fetch the
comment from the database and use the original content.
- Added integration test.
- Resolves #5650
2024-10-22 15:15:09 +02:00
Gusted
6c0698c7de Merge pull request 'fix: make syncronize tags to database handle annoted tags' (#5641) from gusted/forgejo-sync-tags into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5641
Reviewed-by: Otto <otto@codeberg.org>
2024-10-21 18:45:21 +00:00
0ko
3e1d5cc447 feat(ui): better activity messages for cases of private profiles (#5638)
* added a message for the case where the user's profile is private but the Public activity is not hidden
The activity is still hidden anyway because the profile is private, but previously the message would say:
`Your activity is visible to everyone, except for interactions in private spaces...`
which I would consider as a flaw of the original implementation. Now it will say:
`Your activity is only visible to you and the instance administrators because your profile is private...`
* started showing the message for admins that the activity they see should remain private in the case
where the whole profile is private, not just the activity tab. Previously it would say:
This activity is visible to everyone, but as an administrator you can also see interactions in private spaces.`
which I would also consider as a flaw of the original implementation. Now it will say:
`This activity is visible to you because you're an administrator, but the user wants it to remain private.`
* added test cases
* bumped up the number of our GPL-licensed files

Preview
For both screenshots, Forgejo would previously display misinformation.

Change 1: User viewing their private profile, but activity isn't configured as hidden
https://codeberg.org/attachments/6659c80c-15dd-48be-a379-db737fd1dd5e

Change 2: Admin viewing user's private profile
https://codeberg.org/attachments/220da57f-b658-4474-9ad2-049e8438a0af

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5638
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-10-21 14:39:29 +00:00