Commit Graph

1400 Commits

Author SHA1 Message Date
wxiaoguang 2d7e6e9482
Fix various trivial problems (#32861)
1. add/improve comments to help future readers could understand the
problem more easily.
2. add an error log to LDAP with username fallback
3. use `or` instead of `Iif` for "repo/branch_dropdown" (`Iif` was a
mistake, but it doesn't really affect the UI)
4. add `tw-font-mono` style to container digest to match dockerhub
5. fix a bug in RepoBranchTagSelector: the form is not updated when
there is no click to an item

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-12-17 01:15:18 +00:00
Lunny Xiao 42090844ed
Fix bug on action list deleted branch (#32848)
Fix
https://github.com/go-gitea/gitea/issues/32761#issuecomment-2540946064

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-16 05:38:39 +08:00
TheFox0x7 33e8e82c4b
Enable tenv and testifylint rules (#32852)
Enables tenv and testifylint linters
closes: https://github.com/go-gitea/gitea/issues/32842
2024-12-15 10:41:29 +00:00
wxiaoguang a66c16dc1b
Allow to fork repository into the same owner (#32819)
This feature is experimental, not fully tested, and may be changed in
the future.

It is only designed for users who really need it: set
`[repository].ALLOW_FORK_INTO_SAME_OWNER=true` in your app.ini

Doc: https://gitea.com/gitea/docs/pulls/122


![image](https://github.com/user-attachments/assets/38d08c23-9cfc-49d8-9321-ff81edf65395)
2024-12-14 09:39:05 +08:00
Lunny Xiao 6370d2fb93
Detect whether action view branch was deleted (#32764)
Fix #32761 

![图片](https://github.com/user-attachments/assets/a5a7eef8-0fea-4242-b199-1b0b73d9bbdb)
2024-12-12 19:28:23 +00:00
wxiaoguang 22bf2ca6ba
Make API "compare" accept commit IDs (#32801) 2024-12-12 08:10:09 +00:00
yp05327 d43620e7bc
Add `is_archived` option for issue indexer (#32735)
Try to fix #32697

Reason:
`is_archived` is already defined in the query options, but it is not
implemented in the indexer.
2024-12-12 07:33:31 +08:00
Blender Defender 18061af490
Rearrange Clone Panel (#31142)
Rearrange the clone panel to use less horizontal space.
The following changes have been made to achieve this:
- Moved everything into the dropdown menu
- Moved the HTTPS/SSH Switch to a separate line
- Moved the "Clone in VS Code"-Button up and added a divider
- Named the dropdown button "Code", added appropriate icon

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-11 21:54:30 +08:00
wxiaoguang e619384098
Add label/author/assignee filters to the user/org home issue list (#32779)
Replace #26661, fix #25979

Not perfect, but usable and much better than before. Since it is quite
complex, I am not quite sure whether there would be any regression, if
any, I will fix in first time.

I have tested the related pages many times: issue list, milestone issue
list, project view, user issue list, org issue list.
2024-12-11 06:33:24 +00:00
wxiaoguang 90d20be541
Refactor issue filter (labels, poster, assignee) (#32771)
Rewrite a lot of legacy strange code, remove duplicate code, remove
jquery, and make these filters reusable.

Let's forget the old code, new code affects: 

* issue list open/close switch
* issue list filter (label, author, assignee)
* milestone list open/close switch
* milestone issue list filter (label, author, assignee)
* project view (label, assignee)
2024-12-10 11:38:22 +08:00
wxiaoguang 1b069dc94a
Make RepoActionView.vue support `##[group]` (#32770) 2024-12-10 01:57:20 +00:00
wxiaoguang 23471e1333
Refactor issue list (#32755)
1. add backend support for filtering "poster" and "assignee"
    * due to the limits, there is no frontend support at the moment
2. rewrite TS code without jquery, now there are 14 jQuery files left:
2024-12-08 20:44:17 +08:00
Lunny Xiao 9d08d3fbf5
Fix compare page bug view as anonymous (#32754)
Fix a bug introduced from
https://github.com/go-gitea/gitea/pull/32403/files#diff-dc86301f15109eee38296d469630672193e0587ad1485fdd8f503bf4c789cf7eR692
2024-12-08 14:38:21 +08:00
Lunny Xiao cd7bf77b2f
Split issue/pull view router function as multiple smaller functions (#32749)
This PR splits issue/pull view function into multiple smaller functions.
It also removed duplicated branches load.
2024-12-08 04:39:35 +00:00
metiftikci ad994780af
fix: render job title as commit message (#32748)
resolves #32724

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-08 03:23:09 +00:00
metiftikci 6bd70d4d87
fix(project): add title to project view page (#32747)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-07 12:44:33 +08:00
wxiaoguang 513da407f4
Support "merge upstream branch" (Sync fork) (#32741)
Add basic "sync fork" support (GitHub-like)

<details>

![image](https://github.com/user-attachments/assets/e71473f4-4518-48c7-b9e2-fedfcd564fc3)

</details>
2024-12-06 21:10:35 +00:00
yp05327 faf5705d29
GitHub like repo home page (#32213)
Move some components (description, license, release, language stats) to sidebar

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-06 14:29:04 +00:00
Lunny Xiao b32f0cdfa0
Make wiki pages visit fast (#32732) 2024-12-06 07:39:50 +00:00
wxiaoguang f7f68e4cc0
Refactor RepoActionView.vue, add `::group::` support (#32713)
1. make it able to "force reload", then the previous pending request
won't block the new request
2. make it support `::group::`
3. add some TS types (but there are still many variables untyped, this
PR is large enough, the remaining types could be added in the future)
2024-12-06 12:04:16 +08:00
Illya Marchenko 936665bf85
Issue time estimate, meaningful time tracking (#23113)
Redesign the time tracker side bar, and add "time estimate" support (in "1d 2m" format)

Closes #23112

---------

Co-authored-by: stuzer05 <stuzer05@gmail.com>
Co-authored-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-05 13:07:53 +00:00
KN4CK3R 0c3c041c88
Add Arch package registry (#32692)
Close #25037
Close #31037

This PR adds a Arch package registry usable with pacman.

![grafik](https://github.com/user-attachments/assets/81cdb0c2-02f9-4733-bee2-e48af6b45224)

Rewrite of #25396 and #31037. You can follow [this
tutorial](https://wiki.archlinux.org/title/Creating_packages) to build a
package for testing.

Docs PR: https://gitea.com/gitea/docs/pulls/111

Co-authored-by: [d1nch8g@ion.lc](mailto:d1nch8g@ion.lc)
Co-authored-by: @ExplodingDragon

---------

Co-authored-by: dancheg97 <dancheg97@fmnx.su>
Co-authored-by: dragon <ExplodingFKL@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-04 23:09:07 +00:00
wxiaoguang 4142397b0b
Fix mentionable users when writing issue comments (#32715)
Fix #32702
2024-12-04 22:57:50 +08:00
Lunny Xiao 17053e953f
Fix delete branch perm checking (#32654) 2024-12-04 11:59:48 +08:00
wxiaoguang c9e582c6b6
Refactor markdown editor and use it for milestone description editor (#32688)
Refactor markdown editor to clarify its "preview" behavior and remove
jQuery code.

Close #15045

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-12-04 02:11:34 +00:00
wxiaoguang 2f43536c3e
Fix issue title rendering and refactor legacy function names (#32703)
Fix #32700, regression of recent markup refactoring

And by the way, clarify many legacy problems:

1. Some "RenderXxx" functions do not really "render", they only call "post processors"
2. Merge "RenderEmoji | RenderCodeBlock", they are all for "simple issue title"
2024-12-04 01:39:33 +00:00
Lunny Xiao 829c34129c
Quick fix for license file name (#32696) 2024-12-03 07:59:07 -08:00
wxiaoguang def13ece7c
Allow to disable the password-based login (sign-in) form (#32687)
Usually enterprise/organization users would like to only allow OAuth2
login.

This PR adds a new config option to disable the password-based login
form. It is a simple and clear approach and won't block the future
login-system refactoring works.

Fix a TODO in #24821

Replace  #21851

Close #7633 , close #13606
2024-12-02 02:03:15 +08:00
Lunny Xiao 1ed5f379b9
Move GetFeeds to service layer (#32526)
Move GetFeeds from models to service layer, no code change.
2024-11-29 17:53:49 +00:00
Pedro Nishiyama 1b296ed1a4
Allow users with write permission to run actions (#32644)
---
I have a use case where I need a team to be able to run actions without
admin access.
2024-11-28 07:18:23 +00:00
Rowan Bohde 16a7d343d7
Validate OAuth Redirect URIs (#32643)
This fixes a TODO in the code to validate the RedirectURIs when adding
or editing an OAuth application in user settings.

This also includes a refactor of the user settings tests to only create
the DB once per top-level test to avoid reloading fixtures.
2024-11-28 10:50:27 +08:00
Lunny Xiao f62f68cbdd
Move team related functions to service layer (#32537)
There are still some functions under `models` after last big refactor
about `models`. This change will move all team related functions to
service layer with no code change.
2024-11-27 21:12:26 +00:00
6543 846f618716
Add priority to protected branch (#32286)
## Solves

Currently for rules to re-order them you have to alter the creation
date. so you basicly have to delete and recreate them in the right
order. This is more than just inconvinient ...

## Solution

Add a new col for prioritization

## Demo WebUI Video

https://github.com/user-attachments/assets/92182a31-9705-4ac5-b6e3-9bb74108cbd1


---
*Sponsored by Kithara Software GmbH*
2024-11-27 05:41:06 +01:00
hiifong 87bb5ed0bc
Fix: passkey login not working anymore (#32623)
Quick fix #32595, use authenticator auth flags to login

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-26 16:04:17 +00:00
wxiaoguang 0f4b0cf892
Refactor some frontend problems (#32646)
1. correct the modal usage on "admin email list" page (then
`web_src/js/features/admin/emails.ts` is removed)
2. use `addDelegatedEventListener` instead of `jQuery().on`
3. more jQuery related changes and remove jQuery from
`web_src/js/features/common-button.ts`
4. improve `confirmModal` to make it support header, and remove
incorrect double-escaping
5. fix more typescript related types
6. fine tune devtest pages and add more tests
2024-11-26 15:36:55 +00:00
Lunny Xiao 703be6bf30
Add github compatible tarball download API endpoints (#32572)
Fix #29654 
Fix #32481
2024-11-25 19:35:49 +00:00
wxiaoguang 633785a5f3
Refactor markup render system (#32612)
This PR removes (almost) all path tricks, and introduces "renderhelper"
package.

Now we can clearly see the rendering behaviors for comment/file/wiki,
more details are in "renderhelper" tests.

Fix #31411 , fix #18592, fix #25632 and maybe more problems. (ps: fix
#32608 by the way)
2024-11-24 16:18:57 +08:00
Yarden Shoham f2a9951741
Update the list of watchers and stargazers when clicking watch/unwatch or star/unstar (#32570)
We make sure the user cards are updated

- Fixes https://github.com/go-gitea/gitea/issues/32561

I also removed `ctx.Data["PageIsWatchers"] = true` and
`ctx.Data["PageIsStargazers"] = true` as they are not used anywhere.

# Before

![before](https://github.com/user-attachments/assets/e3bc3235-35eb-4eda-862d-bdf2510282ea)

# After

![after](https://github.com/user-attachments/assets/bc0488a5-8399-4cf6-95c9-17328a9702eb)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-11-22 18:51:51 +00:00
Lunny Xiao fe49cb0243
Fix get reviewers' bug (#32415)
This PR rewrites `GetReviewer` function and move it to service layer.

Reviewers should not be watchers, so that this PR removed all watchers
from reviewers. When the repository is under an organization, the pull
request unit read permission will be checked to resolve the bug of
#32394

Fix #32394
2024-11-22 10:44:48 -05:00
wxiaoguang c4e27cb27b
Refactor markup render system (#32589)
This PR mainly moves some code and introduces `RenderContext.WithXxx`
functions
2024-11-22 05:48:09 +00:00
Marcell Mars a3881ffa3d
Enhancing Gitea OAuth2 Provider with Granular Scopes for Resource Access (#32573)
Resolve #31609

This PR was initiated following my personal research to find the
lightest possible Single Sign-On solution for self-hosted setups. The
existing solutions often seemed too enterprise-oriented, involving many
moving parts and services, demanding significant resources while
promising planetary-scale capabilities. Others were adequate in
supporting basic OAuth2 flows but lacked proper user management
features, such as a change password UI.

Gitea hits the sweet spot for me, provided it supports more granular
access permissions for resources under users who accept the OAuth2
application.

This PR aims to introduce granularity in handling user resources as
nonintrusively and simply as possible. It allows third parties to inform
users about their intent to not ask for the full access and instead
request a specific, reduced scope. If the provided scopes are **only**
the typical ones for OIDC/OAuth2—`openid`, `profile`, `email`, and
`groups`—everything remains unchanged (currently full access to user's
resources). Additionally, this PR supports processing scopes already
introduced with [personal
tokens](https://docs.gitea.com/development/oauth2-provider#scopes) (e.g.
`read:user`, `write:issue`, `read:group`, `write:repository`...)

Personal tokens define scopes around specific resources: user info,
repositories, issues, packages, organizations, notifications,
miscellaneous, admin, and activitypub, with access delineated by read
and/or write permissions.

The initial case I wanted to address was to have Gitea act as an OAuth2
Identity Provider. To achieve that, with this PR, I would only add
`openid public-only` to provide access token to the third party to
authenticate the Gitea's user but no further access to the API and users
resources.

Another example: if a third party wanted to interact solely with Issues,
it would need to add `read:user` (for authorization) and
`read:issue`/`write:issue` to manage Issues.

My approach is based on my understanding of how scopes can be utilized,
supported by examples like [Sample Use Cases: Scopes and
Claims](https://auth0.com/docs/get-started/apis/scopes/sample-use-cases-scopes-and-claims)
on auth0.com.

I renamed `CheckOAuthAccessToken` to `GetOAuthAccessTokenScopeAndUserID`
so now it returns AccessTokenScope and user's ID. In the case of
additional scopes in `userIDFromToken` the default `all` would be
reduced to whatever was asked via those scopes. The main difference is
the opportunity to reduce the permissions from `all`, as is currently
the case, to what is provided by the additional scopes described above.

Screenshots:

![Screenshot_20241121_121405](https://github.com/user-attachments/assets/29deaed7-4333-4b02-8898-b822e6f2463e)

![Screenshot_20241121_120211](https://github.com/user-attachments/assets/7a4a4ef7-409c-4116-9d5f-2fe00eb37167)

![Screenshot_20241121_120119](https://github.com/user-attachments/assets/aa52c1a2-212d-4e64-bcdf-7122cee49eb6)

![Screenshot_20241121_120018](https://github.com/user-attachments/assets/9eac318c-e381-4ea9-9e2c-3a3f60319e47)
---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-22 12:06:41 +08:00
Lunny Xiao a175f9805c
Add line-through for deleted branch on pull request view page (#32500)
Base branch deleted

![图片](https://github.com/user-attachments/assets/bc45aa33-d514-47c8-885a-de9732f2f3d5)

branch deleted comment

![图片](https://github.com/user-attachments/assets/83729bbb-2ee8-4bd3-b6f1-780d2daad3d4)

Head branch deleted

![图片](https://github.com/user-attachments/assets/90120b22-34a9-4387-aae9-5c882e8d421a)
2024-11-21 17:04:18 +00:00
Marcell Mars 56bff7ae23
Support HTTP POST requests to `/userinfo`, aligning to OpenID Core specification (#32578)
This PR adds support for the HTTP POST requests to `/userinfo` endpoint.
While the OpenID Core specification says both are supported and
recommends using HTTP GET.

ref: https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
2024-11-20 14:22:48 +00:00
Baltazár Radics 5eb0ee49a1
Use user.FullName in Oauth2 id_token response (#32542)
This makes `/login/oauth/authorize` behave the same way as the
`/login/oauth/userinfo` endpoint.
2024-11-18 19:24:17 +08:00
Lunny Xiao 696fbe6036
Refactor push mirror find and add check for updating push mirror (#32539)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-18 05:59:04 +00:00
wxiaoguang 8a20fba8eb
Refactor markup render system (#32533)
Remove unmaintainable sanitizer rules. No need to add special "class"
regexp rules anymore, use RenderInternal.SafeAttr instead, more details
(and examples) are in the tests
2024-11-18 13:25:42 +08:00
Lunny Xiao 4f879a00df
Refactor find forks and fix possible bugs that weak permissions check (#32528)
- Move models/GetForks to services/FindForks
- Add doer as a parameter of FindForks to check permissions
- Slight performance optimization for get forks API with batch loading
of repository units
- Add tests for forking repository to organizations

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-18 03:06:25 +00:00
Lunny Xiao f122aaf9ff
Use better name for userinfo structure (#32544) 2024-11-18 10:41:59 +08:00
wxiaoguang 5eebe1dc5f
Fix and refactor markdown rendering (#32522) 2024-11-16 08:41:44 +00:00
Lunny Xiao 4121f952d1
Fix oauth2 error handle not return immediately (#32514) 2024-11-15 02:13:01 +00:00