Commit graph

16031 commits

Author SHA1 Message Date
JakobDev
d89003cc1b Fix API leaking Usermail if not logged in (#25097)
The API should only return the real Mail of a User, if the caller is
logged in. The check do to this don't work. This PR fixes this. This not
really a security issue, but can lead to Spam.

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit ea385f5d39)
2023-08-05 11:43:54 +00:00
Loïc Dachary
c9cd5fc65a
[GITEA] golang.org/x/net v0.13.0
Vulnerability #1: GO-2023-1988
    Improper rendering of text nodes in golang.org/x/net/html
  More info: https://pkg.go.dev/vuln/GO-2023-1988
  Module: golang.org/x/net
    Found in: golang.org/x/net@v0.12.0
    Fixed in: golang.org/x/net@v0.13.0
    Example traces found:
      #1: modules/markup/html.go:371:24: markup.postProcess calls html.Render
2023-08-04 23:27:27 +02:00
Gusted
d21b0026c7 Merge pull request '[GITEA] Show manual cron run's last time' (#1167) from Gusted/forgejo:backport-1087 into v1.20/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1167
2023-07-31 20:29:47 +00:00
Gusted
5f769ef20d [GITEA] Show manual cron run's last time
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed this
task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949
- Backport #1087
2023-07-31 18:34:14 +00:00
Gusted
eaa9b35cf6 Merge pull request '[GITEA] Use join for the deleting issue actions query' (#1165) from Gusted/forgejo:backport-1154 into v1.20/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1165
2023-07-31 18:33:47 +00:00
Gusted
9b71369be9 [GITEA] Use join for the deleting issue actions query
- The action tables can become very large as it's a dumpster for every
action that an user does on an repository.
- The following query: `DELETE FROM action WHERE comment_id IN (SELECT id FROM comment WHERE
issue_id=?)` is not using indexes for `comment_id` and is instead using
an full table scan by MariaDB.
- Rewriting the query to use an JOIN will allow MariaDB to use the
index.
- More information: https://codeberg.org/Codeberg-Infrastructure/techstack-support/issues/9
- Backport https://codeberg.org/forgejo/forgejo/pulls/1154
2023-07-31 10:14:30 +00:00
Gusted
e7d0475e15
[GOLDMARK] html <img /> code cannot be parse in markdown file
- Update goldmark to v1.5.5, which includes
254b9f8f77
- Resolves https://codeberg.org/Codeberg/Community/issues/936
- Backport https://codeberg.org/forgejo/forgejo/pulls/1155
2023-07-30 20:12:49 +02:00
Earl Warren
a1986507b7
Revert "Avoid writing config file if not installed (#26107) (#26113)"
This reverts commit 78722734fe.

It does not create `LFS_JWT_SECRET` if `INSTALL_LOCK` is true and the
value of `LFS_JWT_SECRET` found in `app.ini` is incorrect. As a result
LFS_JWT_SECRET will not be set at all and the Forgejo admin will not
be notified that the value in the `app.ini` was ignored.
2023-07-30 09:30:36 +02:00
Earl Warren
fb8de41e05
[SEMVER] 5.0.1+0-gitea-1.20.2 2023-07-30 07:48:18 +02:00
Giteabot
a81c6561e3
Fixed incorrect locale references (#26218) (#26222)
Backport #26218 by @kerwin612

Fixed two incorrect headers for setting the page navigation bar:
* User settings page, should not use the title "`org.settings`"
* Repo settings page, should not use the title "`org.settings`"

Co-authored-by: Kerwin Bryant <kerwin612@qq.com>
(cherry picked from commit 2122743093)
2023-07-30 07:46:19 +02:00
Giteabot
5afb0294f4
Fix access check for org-level project (#26182) (#26223)
Backport #26182 by @Zettat123

Fix #25934

Add `ignoreGlobal` parameter to `reqUnitAccess` and only check global
disabled units when `ignoreGlobal` is true. So the org-level projects
and user-level projects won't be affected by global disabled
`repo.projects` unit.

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit 3a29712e0a)
2023-07-30 07:46:19 +02:00
Giteabot
7ee4804b9c
Fix commit compare style (#26209) (#26226)
Backport #26209 by @puni9869

as title

Fixes : #25825
Before
<img width="1334" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/c54a41b0-39bd-4094-a956-081a8f4128f2">

After change
<img width="1340" alt="image"
src="https://github.com/go-gitea/gitea/assets/80308335/c112d235-6bbe-4bcb-9529-78da3ab0fa14">

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit 81d3dc1da5)
2023-07-30 07:46:19 +02:00
Giteabot
4c3dcdf815
Warn instead of reporting an error when a webhook cannot be found (#26039) (#26211)
Backport #26039 by @puni9869

Attemp fix: #25744
Fixing the log level when we delete any repo then we get error hook not
found by id. That should be warn level to reduce the noise in the logs.

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit c5fe09db72)
2023-07-30 07:46:19 +02:00
Giteabot
dfa114bfcb
Add changelog for 1.20.2 (#26208) (#26217)
Backport #26208 by @delvh

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: techknowlogick <matti@mdranta.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 09814117e3)
2023-07-30 07:46:19 +02:00
Giteabot
268569b462
Fix allowed user types setting problem (#26200) (#26206)
Backport #26200 by @lunny

Fix #25951

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 499c5594c3)
2023-07-30 07:46:19 +02:00
Giteabot
751028549d
Prevent primary key update on migration (#26192) (#26199)
Backport #26192 by @KN4CK3R

Fixes #25918

The migration fails on MSSQL because xorm tries to update the primary
key column. xorm prevents this if the column is marked as auto
increment:

c622cdaf89/internal/statements/update.go (L38-L40)

I think it would be better if xorm would check for primary key columns
here because updating such columns is bad practice. It looks like if
that auto increment check should do the same.

fyi @lunny

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit ecfbcced46)
2023-07-30 07:46:18 +02:00
Giteabot
5a4b19435d
Calculate MAX_WORKERS default value by CPU number (#26177) (#26183)
(cherry picked from commit 892e24aaf1)
2023-07-30 07:46:18 +02:00
Lunny Xiao
4640c53386
Fix bug when pushing to a pull request which enabled dismiss approval automatically (#25882) (#26158)
Fix #25858
Backport #25882

The option `dissmiss stale approvals` was listed on protected branch but
never implemented. This PR fixes that.

<img width="1006" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/60bfa968-4db7-4c24-b8be-2e5978f91bb9">

<img width="1021" alt="图片"

src="https://github.com/go-gitea/gitea/assets/81045/8dabc14d-2dfe-40c2-94ed-24fcbf6e0e8f">

(cherry picked from commit 666038a06d)
2023-07-30 07:46:18 +02:00
Giteabot
7bb8526736
Fix handling of plenty Nuget package versions (#26075) (#26173)
Backport #26075 by @KN4CK3R

Fixes #25953

- Do not load full version information (v3)
- Add pagination support (v2)

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 54614767a2)
2023-07-30 07:46:18 +02:00
Giteabot
31f2ce3998
Update email-setup.en-us.md (#26068) (#26166)
Backport #26068 by @felixvictor

The setting `MAILER_TYPE` is deprecated.
According to the config cheat sheet, it should be `PROTOCOL`.

Co-authored-by: Felix Victor <felix.victor.na@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 72b55c8094)
2023-07-30 07:43:05 +02:00
Giteabot
9654d71bb2
Fix bugs in LFS meta garbage collection (#26122) (#26157)
Backport #26122 by @Zettat123

This PR

- Fix #26093. Replace `time.Time` with `timeutil.TimeStamp`
- Fix #26135. Add missing `xorm:"extends"` to `CountLFSMetaObject` for
LFS meta object query
- Add a unit test for LFS meta object garbage collection

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit a12d036a68)
2023-07-30 07:43:05 +02:00
Giteabot
f3c26de1f4
Fix UI regression of asciinema player (#26159) (#26162)
Backport #26159 by @wolfogre

It was caused by updating `asciinema-player`, the upstream changed the
CSS class prefix:
`40505e479e`

<details>
<summary>Before:</summary>

<img width="1320" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/b91a2cf5-c1da-43d6-bac2-bc278728b11e">

</details>

<details>
<summary>After:</summary>

<img width="1311" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/c9872d25-e0bb-43d4-8b1e-d87c6b03c0a2">

</details>

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit 65d6bdf0be)
2023-07-30 07:43:05 +02:00
Lunny Xiao
28f4029e40
Display deprecated warning in admin panel pages as well as in the log file (#26094) (#26154)
backport #26094
Temporily resolve #25915
Related #25994

This PR includes #26007 's changes but have a UI to prompt administrator
about the deprecated settings as well as the log or console warning.
Then users will have enough time to notice the problem and don't have
surprise like before.

<img width="1293" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/c33355f0-1ea7-4fb3-ad43-cd23cd15391d">

(cherry picked from commit c598741f01)
2023-07-30 07:42:53 +02:00
Earl Warren
f4fcdaba8c
Revert "[GITEA] do not use deprecatedSettingFatal for cosmetic reasons"
This reverts commit 2de8602855.
2023-07-30 07:42:38 +02:00
Giteabot
df5200e814
Remove "misc" scope check from public API endpoints (#26134) (#26149)
Backport #26134 by @wxiaoguang

Fix #26035

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit a8445e9320)
2023-07-26 13:51:46 +02:00
Earl Warren
bbc3426c53
Revert "[GITEA] do not enforce misc scope tokens for public API endpoints"
This reverts commit 666f43fb64.
2023-07-26 13:51:06 +02:00
Lunny Xiao
7099ef15b6
Update xorm version (#26128) (#26150)
backport #26128 to fix some serious bug.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit bc73e6a85c)
2023-07-26 13:50:10 +02:00
Giteabot
f20cfc291c
Fix LFS object list style (#26133) (#26147)
Backport #26133 by @wxiaoguang

Close #26104 . Only a quick fix, the UI is not perfect.

Before:

<details>

![image](https://github.com/go-gitea/gitea/assets/2114189/7b10d42d-8317-4d99-80f9-b6c5fe05c17e)

![image](https://github.com/go-gitea/gitea/assets/2114189/b43f1242-61a0-45e3-98b7-aa74b29f3813)

</details>

After:

<details>

![image](https://github.com/go-gitea/gitea/assets/2114189/a8d27f70-781d-4702-866f-a56df6dd6c0a)

![image](https://github.com/go-gitea/gitea/assets/2114189/379274e7-c67b-4c11-9cee-28a298b4ff5a)

</details>

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 0f73be0ae3)
2023-07-26 13:49:16 +02:00
John Olheiser
b217ce3e9f
Docusaurus-ify 1.20 (#26052)
See https://github.com/go-gitea/gitea/pull/26051

---------

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: JonRB <4564448+eeyrjmr@users.noreply.github.com>
(cherry picked from commit 4033d95dbf)
2023-07-26 13:49:16 +02:00
Giteabot
b699e1d340
Fix CLI allowing creation of access tokens with existing name (#26071) (#26144)
Backport #26071 by @yardenshoham

We are now:
- Making sure there is no existing access token with the same name
- Making sure the given scopes are valid (we already did this before but
now we have a message)

The logic is mostly taken from
a12a5f3652/routers/api/v1/user/app.go (L101-L123)

Closes #26044

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit 43213b816d)
2023-07-26 13:49:16 +02:00
Giteabot
016162f2a3
Increase table cell horizontal padding (#26140) (#26142)
Backport #26140 by @silverwind

Extract from https://github.com/go-gitea/gitea/pull/26043, just the
padding increase.

Before and After (hard to notice, but it's there):
<img width="427" alt="Screenshot 2023-07-25 at 19 37 12"
src="https://github.com/go-gitea/gitea/assets/115237/9543dcda-eccb-4739-b7dd-06b076108ab4">
<img width="420" alt="Screenshot 2023-07-25 at 19 37 26"
src="https://github.com/go-gitea/gitea/assets/115237/0a9c3724-81a1-4c67-a13b-4b728a51fc3a">

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit a55924aaf4)
2023-07-26 13:49:16 +02:00
Giteabot
f4a8f10f64
Fix incorrect router logger (#26137) (#26143)
Backport #26137 by @wxiaoguang

A low-level mistake:

* `log.Info` is global `Info` function, which calls "default" logger
* `logger.Info` is the for router's logger

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 782b137682)
2023-07-26 13:49:15 +02:00
Giteabot
d9d38b6244
added ssh mirror workaround description (#26096) (#26136)
Backport #26096 by @thigg

related #1635 #18159

This will probably be obsolete at some point, but it should not break
anything and it may help some users

Co-authored-by: thigg <thigg@users.noreply.github.com>
(cherry picked from commit 5992365fc1)
2023-07-26 13:49:15 +02:00
Giteabot
5969ec33a1
Improve commit graph alignment and truncating (#26112) (#26127)
Backport #26112 by @wxiaoguang

Fix #26101

![image](https://github.com/go-gitea/gitea/assets/2114189/7507d201-822e-4534-8b20-e659d56b1268)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 3b518a3af5)
2023-07-26 13:49:15 +02:00
Giteabot
e2101ae572
Fix wrong workflow status when rerun a job in an already finished workflow (#26119) (#26124)
Backport #26119 by @yp05327

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/fb687592-b117-4cd5-b076-2ca5ca847ea4)
After:

![image](https://github.com/go-gitea/gitea/assets/18380374/c9b0683e-e81d-410b-8c35-fbe54327fab4)

After workflow finished, if you rerun a single job, the workflow status
will become to `Running` which is not correct as no jobs are running in
this workflow.

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 08cdc0da3d)
2023-07-26 13:49:15 +02:00
Giteabot
9fae415030
Fix escape problems in the branch selector (#25875) (#26103)
Backport #25875 by @yp05327

Fix #25865

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 3e07c54be3)
2023-07-26 13:49:15 +02:00
Giteabot
78722734fe
Avoid writing config file if not installed (#26107) (#26113)
Backport #26107 by @wxiaoguang

Just like others (oauth2 secret, internal token, etc), do not generate
if no install lock

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit e2596b0a99)
2023-07-26 13:49:15 +02:00
Giteabot
4be3270e87
Fix handling of Debian files with trailing slash (#26087) (#26098)
Backport #26087 by @KN4CK3R

Fixes #26022

- Fix handling of files with trailing slash
- Fix handling of duplicate package file errors
- Added test for both

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit a424f6d4f8)
2023-07-26 13:49:15 +02:00
Giteabot
1cd4d4b00e
fix Missing 404 swagger response docs for /admin/users/{username} (#26086) (#26089)
Backport #26086 by @CaiCandong

close #26079

Co-authored-by: caicandong <50507092+CaiCandong@users.noreply.github.com>
(cherry picked from commit 59713541b6)
2023-07-26 13:49:15 +02:00
Giteabot
942d02f8e9
Use stderr as fallback if the log file can't be opened (#26074) (#26083)
Backport #26074 by @wxiaoguang

If the log file can't be opened, what should it do? panic/exit? ignore
logs? fallback to stderr?

It seems that "fallback to stderr" is slightly better than others ....

(cherry picked from commit 8d9193680d)
2023-07-26 13:49:15 +02:00
Earl Warren
e14d239005
[CI] Forgejo Actions based release process: add assets sources-tarbal
Refs: https://codeberg.org/forgejo/forgejo/issues/1115

(cherry-pick 032c9b3225023c4e9f457dd42c50083a5ae41f82)
2023-07-25 17:30:23 +02:00
Earl Warren
dcab256781
[API] Forgejo API /api/forgejo/v1 (squash) 5.0.0+0-gitea-1.20.1
(cherry picked from commit 4107d99f25)
2023-07-24 09:09:56 +02:00
Giteabot
99a4aba898
Fix duplicated url prefix on issue context menu (#26066) (#26067)
Backport #26066 by @lunny

Fix #26060

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit ab4fd9aa1f)
2023-07-24 07:59:10 +02:00
Giteabot
37d327ab5d
Add changelog for 1.20.1 (#26015) (#26056)
Backport #26015 by @delvh

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 221b90d289)
2023-07-24 07:59:10 +02:00
Giteabot
2a4dcad472
Fix version in rpm repodata/primary.xml.gz (#26009) (#26048)
Co-authored-by: Peter Verraedt <peter.verraedt@gmail.com>
(cherry picked from commit 81f5a87eb4)
2023-07-24 07:59:10 +02:00
Giteabot
8e4f521381
Adding remaining enum for migration repo model type. (#26021) (#26034)
Backport #26021 by @puni9869

Fixes: https://github.com/go-gitea/gitea/issues/26010

Adding remaining enum for migration repo model type.

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
(cherry picked from commit 8b002b429d)
2023-07-24 07:59:10 +02:00
Giteabot
7cc4d211b1
RPM Registry: Show zypper commands for SUSE based distros as well (#25981) (#26020)
Backport #25981 by @asdil12

After RPM is supported with https://github.com/go-gitea/gitea/pull/23380
let's show the user
how to add the repo and install the RPM via all common package managers.

Co-authored-by: Dominik Heidler <dominik@heidler.eu>
(cherry picked from commit dfd371a363)
2023-07-24 07:59:10 +02:00
Giteabot
884f2c125c
Fix the route for pull-request's authors (#26016) (#26018)
Backport #26016 by @wxiaoguang

Close #25906

![image](https://github.com/go-gitea/gitea/assets/2114189/e689f3e1-9a90-46c0-89f4-2d61394d34d3)

Succeeded logs:

```
[I] router: completed GET /root/test/issues/posters?&q=%20&_=1689853025011 for [::1]:59271, 200 OK in 127.7ms @ repo/issue.go:3505(repo.IssuePosters)

[I] router: completed GET /root/test/pulls/posters?&q=%20&_=1689853968204 for [::1]:59269, 200 OK in 94.3ms @ repo/issue.go:3509(repo.PullPosters)
```

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 54a516e9da)
2023-07-24 07:59:10 +02:00
Giteabot
9a3778b230
Correctly refer to dev tags as nightly in the docker docs (#26004) (#26019)
Backport #26004 by @jolheiser

As title, `dev` tags are no longer used since we switched to `nightly`

Signed-off-by: jolheiser <john.olheiser@gmail.com>
(cherry picked from commit ac129d4b4c)
2023-07-24 07:59:10 +02:00
Giteabot
d4fa6a846a
Fix env config parsing for "GITEA____APP_NAME" (#26001) (#26013)
Backport #26001 by @wxiaoguang

Regression of #24832

Fix the bug and add a test for it

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 4d5e3b9372)
2023-07-24 07:59:10 +02:00