Commit Graph

18219 Commits

Author SHA1 Message Date
Giteabot 6d83f5eddc
Prevent automatic OAuth grants for public clients (#30790) (#30836)
Backport #30790 by archer-321

This commit forces the resource owner (user) to always approve OAuth 2.0
authorization requests if the client is public (e.g. native
applications).

As detailed in [RFC 6749 Section
10.2](https://www.rfc-editor.org/rfc/rfc6749.html#section-10.2),

> The authorization server SHOULD NOT process repeated authorization
requests automatically (without active resource owner interaction)
without authenticating the client or relying on other measures to ensure
that the repeated request comes from the original client and not an
impersonator.

With the implementation prior to this patch, attackers with access to
the redirect URI (e.g., the loopback interface for
`git-credential-oauth`) can get access to the user account without any
user interaction if they can redirect the user to the
`/login/oauth/authorize` endpoint somehow (e.g., with `xdg-open` on
Linux).

Fixes #25061.

Co-authored-by: Archer <archer@beezig.eu>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-02 19:06:32 +00:00
Giteabot 665a06c41f
Catch and handle unallowed file type errors in issue attachment API (#30791) (#30834)
Backport #30791 by kemzeb

Before, we would just throw 500 if a user passes an attachment that is
not an allowed type. This commit catches this error and throws a 422
instead since this should be considered a validation error.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-05-03 01:45:45 +08:00
Giteabot f62f04c6bf
Fix incorrect message id for release email (#30825) (#30833)
Backport #30825 by wxiaoguang

Make generateMessageIDForRelease outputs the same format as
generateMessageIDForIssue (old `createReference`)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-03 00:00:29 +08:00
Giteabot 253c97b922
Add hover outline to heatmap squares (#30828) (#30832)
Backport #30828 by @silverwind

Makes it easier to use because you see which square is currently
hovered:

<img width="314" alt="Screenshot 2024-05-02 at 15 38 20"
src="https://github.com/go-gitea/gitea/assets/115237/3a15dad1-2259-4f28-9fae-5cf6ad3d8798">

I did try a `scoped` style for this, but that did not work for some
reason.

Co-authored-by: silverwind <me@silverwind.io>
2024-05-02 15:01:07 +00:00
Giteabot c34a03d504
Upgrade chi-binding (#30826) (#30830)
Backport #30826 by @lunny

Front port #30742

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-05-02 16:50:10 +02:00
Giteabot 3f0dc69400
Improve context popup rendering (#30824) (#30829)
Backport #30824 by @silverwind

Before, lot of empty space when no labels or body:

<img width="281" alt="Screenshot 2024-05-02 at 13 51 29"
src="https://github.com/go-gitea/gitea/assets/115237/8a980ccd-d53c-43a3-a059-dc8c614621e1">

After, empty space collapsed:

<img width="306" alt="Screenshot 2024-05-02 at 13 51 16"
src="https://github.com/go-gitea/gitea/assets/115237/8d9c154d-5de1-43d0-8536-afd9194d99b3">

All `<p>` (unsuitable) and `<small>` (discouraged in favor of css) tags
are removed.

Co-authored-by: silverwind <me@silverwind.io>
2024-05-02 13:47:32 +00:00
Giteabot 606b12caf0
Fix activity heat map padding & locale (#30823) (#30827)
Backport #30823 by wxiaoguang

Fix #30808

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-05-02 13:27:45 +00:00
Giteabot 41efddafde
Fix rounded border for segment followed by pagination (#30809) (#30818)
Backport #30809 by @silverwind

Fixes https://github.com/go-gitea/gitea/issues/30673, specifically
https://github.com/go-gitea/gitea/issues/30673#issuecomment-2085329812.

Co-authored-by: silverwind <me@silverwind.io>
2024-05-02 13:06:02 +00:00
Giteabot ee17289eeb
Fix issue card layout (#30800) (#30820)
Backport #30800 by wxiaoguang

Fix #30788

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-02 20:10:32 +08:00
Giteabot d793f256c8
Fix branch selector UI (#30803) (#30819)
Backport #30803 by wxiaoguang

Fix  #30802

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-02 11:12:43 +00:00
Giteabot e1a79ae0bf
Skip gzip for some well-known compressed file types (#30796) (#30813)
Backport #30796 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-05-02 14:50:24 +08:00
Giteabot ac91bb27ff
Fix markdown rendering when mentioning users (#30795) (#30810)
Backport #30795 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-02 09:48:24 +08:00
Giteabot 97a7c04a8f
Fix bleve fuzziness (#30799) (#30804)
Backport #30799 by wxiaoguang

Fix #30797
Fix #30317

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-01 12:59:59 +00:00
Zettat123 99e89e57bc
Fix duplicate status check contexts (#30660) (#30779)
Backport #30660.

Caused by #30076. 

There may be some duplicate status check contexts when setting status
checks for a branch protection rule. The duplicate contexts should be
removed.

Before:
<img

src="https://github.com/go-gitea/gitea/assets/15528715/97f4de2d-4868-47a3-8a99-5a180f9ac0a3"
width="600px" />

After:
<img

src="https://github.com/go-gitea/gitea/assets/15528715/ff7289c5-9793-4090-ba31-e8cb3c85f8a3"
width="600px" />
2024-05-01 02:10:37 +00:00
Giteabot ab344a36e3
Rework and fix stopwatch (#30732) (#30787)
Backport #30732 by @silverwind

Fixes https://github.com/go-gitea/gitea/issues/30721 and overhauls the
stopwatch. Time is now shown inside the "dot" icon and on both mobile
and desktop. All rendering is now done by `<relative-time>`, the
`pretty-ms` dependency is dropped.

Desktop:
<img width="557" alt="Screenshot 2024-04-29 at 22 33 27"
src="https://github.com/go-gitea/gitea/assets/115237/3a46cdbf-6af2-4bf9-b07f-021348badaac">

Mobile:
<img width="640" alt="Screenshot 2024-04-29 at 22 34 19"
src="https://github.com/go-gitea/gitea/assets/115237/8a2beea7-bd5d-473f-8fff-66f63fd50877">

Note for tippy:
Previously, tippy instances defaulted to "menu" theme, but that theme is
really only meant for `.ui.menu`, so it was not optimal for the
stopwatch popover.

This introduces a unopinionated `default` theme that has no padding and
should be suitable for all content. I reviewed all existing uses and
explicitely set the desired `theme` on all of them.

Co-authored-by: silverwind <me@silverwind.io>
2024-04-30 21:46:45 +00:00
Giteabot 2bedd16c14
Improve logout from worker (#30775) (#30789)
Backport #30775 by wxiaoguang

A quick fix for #30756

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-01 05:19:13 +08:00
6543 022eac4ac8
Get repo assignees and reviewers should ignore deactivated users (#30770) (#30782)
Backport  #30770

If an user is deactivated, it should not be in the list of users who are
suggested to be assigned or review-requested.

old assignees or reviewers are not affected.

---
*Sponsored by Kithara Software GmbH*
2024-04-30 15:36:28 +00:00
Giteabot a75b0d2813
Fix dashboard commit status null access (#30771) (#30786)
Backport #30771 by wxiaoguang

Fix #30768

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-30 20:53:20 +08:00
Giteabot e8279fcefd
Fix cross-compilation errors when CGO_CFLAGS/CGO_LDFLAGS is set (#30749) (#30774)
Backport #30749 by @sryze

When you cross-compile Gitea and you specify one of the envrionment
variables related to C flags, cgo will fail to build the generator
programs (e.g. generate-bindata) because GOOS and GOARCH are unset, but
those additional flags variables are not unset together with those.

To solve this issue, the simplest way that I've found is to disable cgo
in the `go generate` command as it's not really used there.

For example, I've had this problem with cross-compiling Gitea on FreeBSD
x86_64 to ARMv7 where it's necessary to pass `--target` to `clang` via
`CGO_CFLAGS`:
```
GOOS=freebsd \
GOARCH=arm \
GGOARM=7 \
CGO_ENABLED=1 \
SYSROOT=/usr/local/freebsd-sysroot/armv7 \
CC=clang \
CGO_CFLAGS="--target=armv7-unknown-freebsd13.2-gnueabihf" \
TAGS="bindata sqlite sqlite_unlock_notify" \
make SHELL='sh -x' build
```

```
Running go generate...
# runtime/cgo
In file included from gcc_freebsd_amd64.c:9:
In file included from /usr/include/signal.h:42:
/usr/include/sys/_ucontext.h:44:2: error: unknown type name 'mcontext_t'
modules/migration/schemas_bindata.go:8: running "go": exit status 1
# runtime/cgo
In file included from gcc_freebsd_amd64.c:9:
In file included from /usr/include/signal.h:42:
/usr/include/sys/_ucontext.h:44:2: error: unknown type name 'mcontext_t'
modules/options/options_bindata.go:8: running "go": exit status 1
# runtime/cgo
In file included from gcc_freebsd_amd64.c:9:
In file included from /usr/include/signal.h:42:
/usr/include/sys/_ucontext.h:44:2: error: unknown type name 'mcontext_t'
modules/public/public_bindata.go:8: running "go": exit status 1
# runtime/cgo
In file included from gcc_freebsd_amd64.c:9:
In file included from /usr/include/signal.h:42:
/usr/include/sys/_ucontext.h:44:2: error: unknown type name 'mcontext_t'
modules/templates/templates_bindata.go:8: running "go": exit status 1
gmake[1]: *** [Makefile:781: generate-go] Error 1
*** Error code 2

Stop.
```

But with this fix Gitea compiles successfully.

Co-authored-by: Sergey Zolotarev <4525736+sryze@users.noreply.github.com>
2024-04-30 10:51:38 +00:00
Giteabot dc9e795ce2
Fix issue label rendering in the issue popup (#30763) (#30773)
Backport #30763 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-30 09:40:47 +00:00
Giteabot 6ee3a8a039
Right align the "Settings" menu item in overflow-menu (#30764) (#30777)
Backport #30764 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-30 16:40:09 +08:00
Giteabot 6edee2eca4
Rename CodeIndexerEnabled to IsRepoIndexerEnabled (#30762) (#30767)
Backport #30762 by @wxiaoguang

Fix  #30761

Most places use `IsRepoIndexerEnabled` but not `CodeIndexerEnabled`, so
it should always use `IsRepoIndexerEnabled` for consistency.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-29 21:57:48 +00:00
Giteabot 6c86034e0f
Fix all rounded borders, change affected tab menus to pills (#30707) (#30769)
Backport #30707 by @silverwind

Fixes https://github.com/go-gitea/gitea/issues/30673, all 23 issues.
Notes:

- Tab bar menus had to change to pills because of unsolvable issue with
the border-radius as tab bar renders a overlapping border onto the box
below. And I think pills look better.
- Added padding to code editor empty preview message
- Hide monaco's built-in blue focus border, we don't need it and it
never showed before either.
- Label add menu is simplified, removing the nested segment.

<img width="1322" alt="Screenshot 2024-04-25 at 22 26 19"
src="https://github.com/go-gitea/gitea/assets/115237/7e394e0c-b7ad-417d-8e9f-12f1dea93ed1">
<img width="1326" alt="Screenshot 2024-04-25 at 22 28 00"
src="https://github.com/go-gitea/gitea/assets/115237/66c8499f-aa9f-4d95-8cca-ef13dfa82c65">
<img width="997" alt="Screenshot 2024-04-25 at 22 36 53"
src="https://github.com/go-gitea/gitea/assets/115237/07896102-c71d-4246-8173-c2bc2e1d3cae">
<img width="832" alt="Screenshot 2024-04-25 at 22 56 09"
src="https://github.com/go-gitea/gitea/assets/115237/d83afc96-08ca-4adc-baf4-3d02804be57c">
<img width="361" alt="Screenshot 2024-04-25 at 22 57 12"
src="https://github.com/go-gitea/gitea/assets/115237/c7371a68-00b5-47d8-84d0-ddc5268b2b2c">

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-29 21:19:44 +00:00
wxiaoguang d07019f539
Fix nil dereference on error (#30740) (#30746)
Backport #30740 manually

Co-authored-by: Chongyi Zheng <git@zcy.dev>
2024-04-29 00:23:35 +00:00
Giteabot bb7d36d751
Gitea with first upper case + typos (#30739) (#30747)
Backport #30739 by @mainboarder

* Corrected gitea to Gitea
* fixed some typos

Co-authored-by: mainboarder <git@mainboarder.de>
2024-04-28 23:51:42 +00:00
Giteabot 0fd8cba639
Fix documentation build problems because of MDX syntax conflicts (#30744) (#30745)
Backport #30744 by @lunny

Documentation building has encountered a problem like below. This is
because MDX syntax doesn't allow `{customPath}`, we have to use
\`{customPath}\`

```
Error: Can't render static file for pathname "/next/administration/config-cheat-sheet"
            at generateStaticFile (/workspace/gitea/gitea-docusaurus/node_modules/@docusaurus/core/lib/ssg.js:119:15)
            at runNextTicks (node:internal/process/task_queues:60:5)
            at process.processImmediate (node:internal/timers:449:9)
            at async /workspace/gitea/gitea-docusaurus/node_modules/p-map/index.js:57:22 {
          [cause]: ReferenceError: CustomPath is not defined
              at _createMdxContent (server.bundle.js:4406:106)
              at MDXContent (server.bundle.js:10745:8)
              at Uc (server.bundle.js:264171:44)
              at Xc (server.bundle.js:264173:253)
              at Z (server.bundle.js:264179:89)
              at Yc (server.bundle.js:264182:98)
              at $c (server.bundle.js:264181:140)
              at Z (server.bundle.js:264179:345)
              at Xc (server.bundle.js:264177:231)
              at Z (server.bundle.js:264179:89)
```

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-04-28 21:02:38 +08:00
wxiaoguang 8de2992ffb
Make Ctrl+Enter work for issue/comment edit (#30720)
Fix #30710
2024-04-27 14:32:00 +00:00
wxiaoguang 6d2a307ad8
Rename migration package name for 1.22-rc1 (#30730)
Ref: Propose to restart 1.22 release #30501
2024-04-27 14:02:07 +00:00
silverwind b93c87b6fe
Issue card improvements (#30687)
Fixes https://github.com/go-gitea/gitea/issues/30682 and does a few
improvements:

- Use gap instead of margin/padding
- Don't render empty image div
- Remove `right floated` class that did nothing

<img width="406" alt="Screenshot 2024-04-24 at 20 21 20"
src="https://github.com/go-gitea/gitea/assets/115237/2fa88707-c2c4-40df-aee7-a684c3097ed0">

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-04-27 13:35:26 +00:00
Yarden Shoham 51c28d9683
Don't show loading indicators when refreshing the system status (#30712)
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-04-27 13:05:06 +00:00
wxiaoguang d3cdef88ad
Add some tests to clarify the "must-change-password" behavior (#30693)
Follow  #30472:

When a user is created by command line `./gitea admin user create`:

Old behavior before #30472: the first user (admin or non-admin) doesn't
need to change password.

Revert to the old behavior before #30472
2024-04-27 12:23:37 +00:00
Kemal Zebari dd301cae1c
Prevent allow/reject reviews on merged/closed PRs (#30686)
Resolves #30675.
2024-04-27 11:55:03 +00:00
silverwind 238eb3ff9f
Update JS dependencies (#30713)
- Update all JS dependencies
- Remove
[now-unnecessary](https://github.com/microsoft/monaco-editor/issues/4325)
monaco workaround
- Update stylelint config for new rule
- Tested Monaco, Swagger UI, Mermaid
2024-04-27 11:28:28 +00:00
silverwind b2abac5e5f
Improve diff stats bar (#30669)
Minor tweaks:

- Remove unnecessary `item` class which was causing unwanted padding to
be added.
- Add some padding and prevent wrapping so it looks better on mobile.
- Increase width by 4px.

<img width="116" alt="Screenshot 2024-04-24 at 00 15 07"
src="https://github.com/go-gitea/gitea/assets/115237/1f1cf54c-8053-4297-b309-71d9c2ceb9ee">
<img width="441" alt="Screenshot 2024-04-24 at 00 14 57"
src="https://github.com/go-gitea/gitea/assets/115237/2f3a33dc-edad-4b97-b64c-6812aae513cb">
2024-04-27 11:22:55 +00:00
Chongyi Zheng 4ae6b1a553
Remove unused parameter for some functions in `services/mirror` (#30724)
Suggested by gopls `unusedparams`
2024-04-27 10:44:49 +00:00
silverwind 9b2536b78f
Update misspell to 0.5.1 and add `misspellings.csv` (#30573)
Misspell 0.5.0 supports passing a csv file to extend the list of
misspellings, so I added some common ones from the codebase. There is at
least one typo in a API response so we need to decided whether to revert
that and then likely remove the dict entry.
2024-04-27 08:03:49 +00:00
silverwind dcc3c17e5c
Suppress browserslist warning in webpack target (#30571)
1. Set
[`BROWSERSLIST_IGNORE_OLD_DATA`](c6ddf7b387/node.js (L400))
to avoid warning on outdated browserslist data which the end user can
likely not do anything about and which is currently visible in the v1.21
branch.
2. Suppress all command echoing and add a "Running webpack..." message
in place.

Warning in question was this:

```
Browserslist: caniuse-lite is outdated. Please run:
  npx update-browserslist-db@latest
  Why you should do it regularly: https://github.com/browserslist/update-db#readme
```
2024-04-27 07:21:07 +00:00
GiteaBot 27861d711b [skip ci] Updated translations via Crowdin 2024-04-27 00:24:31 +00:00
silverwind c93eefb42b
Diff color enhancements, add line number background (#30670)
1. Bring back the background on line numbers. This feature was lost a
long time ago.

<img width="457" alt="Screenshot 2024-04-24 at 01 36 09"
src="https://github.com/go-gitea/gitea/assets/115237/76a7f5a9-c22a-4c72-9f0a-ebf16a66513e">
<img width="473" alt="Screenshot 2024-04-24 at 01 22 47"
src="https://github.com/go-gitea/gitea/assets/115237/eef06cf2-f1b9-40e3-947d-dd5852ec12a3">
<img width="457" alt="Screenshot 2024-04-24 at 02 13 18"
src="https://github.com/go-gitea/gitea/assets/115237/59e317d4-76a7-468c-8a19-10d88c675cc3">
<img width="459" alt="Screenshot 2024-04-24 at 01 23 21"
src="https://github.com/go-gitea/gitea/assets/115237/f1a46f8d-8846-4d78-a9d7-8b7dc18ac6e4">

2. Expanded lines background is now full-line, including line numbers:

<img width="1303" alt="Screenshot 2024-04-24 at 01 37 12"
src="https://github.com/go-gitea/gitea/assets/115237/271eefe2-0869-424e-93fb-ccd8adc87806">

3. Sort affected colors alphabetically in the CSS

Fixes #14603
2024-04-26 19:37:21 +00:00
Bo-Yi Wu 852547d0dc
feat(api): enhance Actions Secrets Management API for repository (#30656)
- Add endpoint to list repository action secrets in API routes
- Implement `ListActionsSecrets` function to retrieve action secrets
from the database
- Update Swagger documentation to include the new
`/repos/{owner}/{repo}/actions/secrets` endpoint
- Add `actions` package import and define new routes for actions,
secrets, variables, and runners in `api.go`.
- Refactor action-related API functions into `Action` struct methods in
`org/action.go` and `repo/action.go`.
- Remove `actionAPI` struct and related functions, replacing them with
`NewAction()` calls.
- Rename `variables.go` to `action.go` in `org` directory.
- Delete `runners.go` and `secrets.go` in both `org` and `repo`
directories, consolidating their content into `action.go`.
- Update copyright year and add new imports in `org/action.go`.
- Implement `API` interface in `services/actions/interface.go` for
action-related methods.
- Remove individual action-related functions and replace them with
methods on the `Action` struct in `repo/action.go`.

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Signed-off-by: appleboy <appleboy.tw@gmail.com>
2024-04-26 21:11:49 +08:00
wxiaoguang 993736d838
Fix code search input for different views (#30678)
Now only show the "code search" on the repo home page, because it only
does global search.
So do not show it when viewing file or directory to avoid misleading
users (it doesn't search in a directory)
2024-04-26 11:21:04 +00:00
wxiaoguang cd70ab31cd
Fix incorrect object id hash function (#30708)
Great thanks to @oliverpool for figuring out the problem and proposing a
fix.

Regression of #28138

Incorrect hash causes the user's LFS files get all deleted when running
`doctor fix all`

(by the way, remove unused/non-standard comments)

Co-authored-by: Giteabot <teabot@gitea.io>
2024-04-26 09:49:48 +00:00
wxiaoguang 1e749b80d7
Add route handler info for debugging purpose (#30705)
Follow #30519
2024-04-26 09:09:49 +00:00
Yarden Shoham 68a3e6b5e6
Bump htmx version to 1.9.12 (#30711)
There are no breaking changes. I tested and everything works as before.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-04-26 09:27:34 +02:00
wxiaoguang ed8c63cea3
Deduplicate lfs common code (#30704) 2024-04-26 02:53:30 +00:00
yp05327 2a3906d755
Improve job commit description (#30579)
Fix https://github.com/go-gitea/gitea/issues/30567

When job is a schedule:

![image](https://github.com/go-gitea/gitea/assets/18380374/b07e9d43-e8b7-4ee2-87b3-a7050c3a8ca5)
When it is a normal one:

![image](https://github.com/go-gitea/gitea/assets/18380374/0d58dab9-74bb-421b-8952-0578cdf21a52)

also add a 'space' behind  `:`

![image](https://github.com/go-gitea/gitea/assets/18380374/4cebece0-bfe6-4ad9-b806-e5c49bb9be43)


![image](https://github.com/go-gitea/gitea/assets/18380374/02da7681-474b-4c0f-9dad-b6558f6cb484)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-26 02:22:45 +00:00
Lunny Xiao 2a6418abb1
Improve test for TestPullCompare (#30699) 2024-04-26 01:52:28 +00:00
wxiaoguang 6a0750177f
Allow to save empty comment (#30706)
Fix #29986
2024-04-26 01:17:43 +00:00
GiteaBot 935330b1b9 [skip ci] Updated translations via Crowdin 2024-04-26 00:26:00 +00:00
wxiaoguang fd63b96f6a
Refactor imagediff and fix regression bug (#30694)
Fix #30683
2024-04-25 21:01:38 +08:00