Commit Graph

4115 Commits

Author SHA1 Message Date
Lunny Xiao cf1a38b03d
Fix get reviewers' bug (#32415) (#32616)
This PR rewrites `GetReviewer` function and move it to service layer.

Reviewers should not be watchers, so that this PR removed all watchers
from reviewers. When the repository is under an organization, the pull
request unit read permission will be checked to resolve the bug of

Fix #32394
Backport #32415
2024-11-23 12:42:58 +08:00
wxiaoguang a290aab0e8
Fix debian package clean up (#32351) (#32590)
Partially backport #32351
2024-11-21 06:27:02 +00:00
Giteabot 8f6cc95734
Fix GetInactiveUsers (#32540) (#32588)
Backport #32540 by @lunny

Fix #31480

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-21 13:25:36 +08:00
Rowan Bohde 0b5da27570
allow the actions user to login via the jwt token (#32527) (#32580)
Backport #32527

We have some actions that leverage the Gitea API that began receiving
401 errors, with a message that the user was not found. These actions
use the `ACTIONS_RUNTIME_TOKEN` env var in the actions job to
authenticate with the Gitea API. The format of this env var in actions
jobs changed with go-gitea/gitea/pull/28885 to be a JWT (with a
corresponding update to `act_runner`) Since it was a JWT, the OAuth
parsing logic attempted to parse it as an OAuth token, and would return
user not found, instead of falling back to look up the running task and
assigning it to the actions user.

Make ACTIONS_RUNTIME_TOKEN in action runners could be used, attempting
to parse Oauth JWTs. The code to parse potential old
`ACTION_RUNTIME_TOKEN` was kept in case someone is running an older
version of act_runner that doesn't support the Actions JWT.
2024-11-21 03:18:00 +00:00
Lunny Xiao cf2d332443
Refactor find forks and fix possible bugs that weak permissions check (#32528) (#32547)
Backport #32528

- Move models/GetForks to services/FindForks
- Add doer as a parameter of FindForks to check permissions
- Slight performance optimization for get forks API with batch loading
of repository units
- Add tests for forking repository to organizations

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-19 04:08:32 +00:00
Lunny Xiao 673fee427e
Refactor push mirror find and add check for updating push mirror (#32539) (#32549)
backport #32539

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-18 23:55:27 +08:00
Lunny Xiao 781310df77
Trim title before insert/update to database to match the size requirements of database (#32498) (#32507) 2024-11-14 18:06:31 -08:00
Giteabot f79f8e13e3
Fix nil panic if repo doesn't exist (#32501) (#32502)
Backport #32501 by wxiaoguang

fix  #32496

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-14 04:47:04 +00:00
wxiaoguang ef339713c2
Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
Partially backport #32473. LFS related changes are not in 1.22, so skip
them.

1. Ignore non-existing repos during migrations
2. Improve ReadBatchLine's comment
3. Use `X-Gitea-Internal-Auth` header for internal API calls and make
the comparing constant time (it wasn't a serous problem because in a
real world it's nearly impossible to timing-attack the token, but indeed
security related and good to fix and backport)
4. Fix route mock nil check
2024-11-13 10:26:37 +08:00
Lunny Xiao 16e51e91a1
Only query team tables if repository is under org when getting assignees (#32414) (#32426)
backport #32414 

It's unnecessary to query the team table if the repository is not under
organization when getting assignees.
2024-11-06 11:22:11 +08:00
wxiaoguang 936847b3da
Quick fix milestone deadline 9999 for 1.22 (#32423) 2024-11-05 14:13:19 +08:00
Zettat123 99cac1f50c
Always update expiration time when creating an artifact (#32281) (#32285)
Backport #32281

Fix #32256
2024-10-18 10:36:23 +08:00
Lunny Xiao 56051d9b3b
Fix bug when a token is given public only (#32204) (#32218)
Backport #32204
2024-10-09 02:16:37 +00:00
Lunny Xiao 2e3a191097
Fix javascript error when an anonymous user visiting migration page (#32144) (#32179)
backport #32144

This PR fixes javascript errors when an anonymous user visits the
migration page.
It also makes task view checking more restrictive.

The router moved from `/user/task/{id}/status` to
`/username/reponame/-/migrate/status` because it's a migrate status.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-10-04 17:58:04 +00:00
Giteabot 9fc3915e04
Fix the logic of finding the latest pull review commit ID (#32139) (#32165)
Backport #32139 by @Zettat123

Fix #31423

Co-authored-by: Zettat123 <zettat123@gmail.com>
2024-10-01 13:10:03 +09:00
Lunny Xiao a4a6c785b4
Don't join repository when loading action table data (#32127) (#32143)
backport #32127
2024-09-30 11:04:08 +08:00
Giteabot b39aa8528b
Fix nuget/conan/container packages upload bugs (#31967) (#31982)
Backport #31967 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-09-05 07:34:41 +00:00
Giteabot b140f647fc
Remove "dsa-1024" testcases from Test_SSHParsePublicKey and Test_calcFingerprint (#31905) (#31914)
Backport #31905 by @s4uliu5

DSA is considered inherently insecure and is already disabled/removed in
OpenSSH 9.8.

Therefore "dsa-1024" tescases are failing.

```
--- FAIL: Test_calcFingerprint (0.02s)
    --- FAIL: Test_calcFingerprint/dsa-1024 (0.00s)
        --- FAIL: Test_calcFingerprint/dsa-1024/SSHKeygen (0.00s)
            ssh_key_test.go:196:
                        Error Trace:    /src/gitea/models/asymkey/ssh_key_test.go:196
                        Error:          Received unexpected error:
                                        Unable to verify key content [result: /tmp/gitea_keytest1239408114 is not a public key file.
                                        ]
                        Test:           Test_calcFingerprint/dsa-1024/SSHKeygen
            ssh_key_test.go:197:
                        Error Trace:    /src/gitea/models/asymkey/ssh_key_test.go:197
                        Error:          Not equal:
                                        expected: "SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc"
                                        actual  : ""

                                        Diff:
                                        --- Expected
                                        +++ Actual
                                        @@ -1 +1 @@
                                        -SHA256:fSIHQlpKMDsGPVAXI8BPYfRp+e2sfvSt1sMrPsFiXrc
                                        +
                        Test:           Test_calcFingerprint/dsa-1024/SSHKeygen
FAIL
```

Fix #31624

Co-authored-by: Saulius Gurklys <s4uliu5@gmail.com>
2024-08-25 20:39:00 +08:00
Giteabot a0d1630700
Fix agit automerge (#31207) (#31881)
Backport #31207 by @lunny

Fix #31134

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-08-20 16:20:58 +00:00
Giteabot 5fa90ad9bc
Fix panic of ssh public key page after deletion of auth source (#31829) (#31836)
Backport #31829 by @lunny

Fix #31730 

This PR rewrote the function `PublicKeysAreExternallyManaged` with a
simple test. The new function removed the loop to make it more readable.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-08-16 01:50:57 +08:00
Giteabot b6ede69a1b
Fixes for unreachable project issues when transfer repository from organization (#31770) (#31828)
Backport #31770 by @emrebdr

When transferring repositories that have issues linked to a project
board to another organization, the issues remain associated with the
original project board. This causes the columns in the project board to
become bugged, making it difficult to move other issues in or out of the
affected columns. As a solution, I removed the issue relations since the
other organization does not have this project table.

Fix for #31538

Co-authored-by: Edip Emre Bodur <emrebdr29@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
2024-08-14 09:57:23 +08:00
Giteabot a39fe53252
Show lock owner instead of repo owner on LFS setting page (#31788) (#31817)
Backport #31788 by @wolfogre

Fix #31784.

Before:

<img width="1648" alt="image"
src="https://github.com/user-attachments/assets/03f32545-4a85-42ed-bafc-2b193a5d8023">

After:

<img width="1653" alt="image"
src="https://github.com/user-attachments/assets/e5bcaf93-49cb-421f-aac1-5122bc488b02">

Co-authored-by: Jason Song <i@wolfogre.com>
2024-08-11 15:17:34 +00:00
Giteabot b1266ed182
Rename head branch of pull requests when renaming a branch (#31759) (#31774) 2024-08-04 14:37:02 +08:00
Giteabot 8591c918f6
Fix the display of project type for deleted projects (#31732) (#31734)
Backport #31732 by @yp05327

Fix: #31727
After:

![image](https://github.com/user-attachments/assets/1dfb4b31-3bd6-47f7-b126-650f33f453e2)

Co-authored-by: yp05327 <576951401@qq.com>
2024-07-30 14:05:14 +08:00
yp05327 d3f0867204
Add permission check when creating PR (#31033) (#31720)
Backport #31033

user should be a collaborator of the base repo to create a PR
2024-07-29 14:11:29 +08:00
Giteabot 7e9a895007
Make GetRepositoryByName more safer (#31712) (#31718)
Backport #31712 by @lunny

Fix #31708

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-07-29 11:52:34 +08:00
Jimmy Praet 2dc6993467
Return an empty string when a repo has no avatar in the repo API (#31187) (#31567)
Backport #31187

Resolves #31167.

https://github.com/go-gitea/gitea/pull/30885 changed the behavior of
`repo.AvatarLink()` where it can now take the empty string and append it
to the app data URL. This does not point to a valid avatar image URL,
and, as the issue mentions, previous Gitea versions returned the empty
string.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-07-05 14:40:45 +02:00
Giteabot eaeb4d1b96
Fix web notification icon not updated once you read all notifications (#31447) (#31466)
Backport #31447 by kiatt210

Fix #29065
Remove status filtering from GetUIDsAndNotificationCounts sql.

Co-authored-by: kiatt210 <40639725+kiatt210@users.noreply.github.com>
Co-authored-by: kiatt210 <kiatt210@github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-06-24 00:08:37 +08:00
wxiaoguang 52925e9c7c
Fix duplicate sub-path for avatars (#31365) (#31368)
Backport #31365, only backport necessary changes.
2024-06-15 03:44:44 +00:00
Giteabot 68e405cf0b
Fix the possible migration failure on 286 with postgres 16 (#31209) (#31218)
Backport #31209 by @lunny

Try to fix #31205

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-06-02 10:19:30 +03:00
Giteabot c6176ee59f
Fix branch order (#31174) (#31193)
Backport #31174 by @lunny

Fix #31172

The original order or the default order should not be ignored even if we
have an is_deleted order.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-05-31 11:34:05 +08:00
Giteabot 1171b24d52
Make gitea webhooks openproject compatible (#28435) (#31081)
Backport #28435 by Chief-Detektor

Co-authored-by: André Rosenhammer <andre.rosenhammer@gmail.com>
2024-05-26 12:53:42 +08:00
yp05327 564fef1e20
Fix wrong display of recently pushed notification (#25812) (#31043)
Backport #25812

~~ps: removed some new codes in `tests/integration/pull_merge_test.go`~~

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-23 04:14:26 +00:00
Giteabot 2648962ae0
Fix automerge will not work because of some events haven't been triggered (#30780) (#31039)
Backport #30780 by @lunny

Replace #25741
Close #24445
Close #30658
Close #20646
~Depends on #30805~

Since #25741 has been rewritten totally, to make the contribution
easier, I will continue the work in this PR. Thanks @6543

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-22 02:08:05 +00:00
Giteabot 55cb356b84
Refactor sha1 and time-limited code (#31023) (#31030)
Backport #31023 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-21 00:58:21 +08:00
Giteabot d17bfad940
Fix data-race during testing (#30999) (#31024)
Backport #30999 by wxiaoguang

Fix #30992

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-20 13:49:24 +08:00
Giteabot 042777abd7
Filter out duplicate action(activity) items for a repository (#30957) (#30976)
Backport #30957

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-14 14:14:39 +00:00
Giteabot 8393ff78fc
Protected tag is no internal server error (#30962) (#30970)
Backport #30962 by @KN4CK3R

Fixes #30959

Adds an API test for protected tags.
Fix existing tag in combination with fixtures.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-05-14 07:15:36 +00:00
Giteabot bc455883fc
Remove If Exist check on migration for mssql because that syntax required SQL server 2016 (#30894) (#30946)
Backport #30894 by @lunny

Fix #30872

We will assume the database is consistent before executing the
migration. So the indexes should exist. Removing `IF EXIST` then is safe
enough.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-05-12 03:15:01 +00:00
Giteabot 084bec89ed
Fix various problems around projects board view (#30696) (#30902)
Backport #30696 by @lunny

# The problem
The previous implementation will start multiple POST requests from the
frontend when moving a column and another bug is moving the default
column will never be remembered in fact.

# What's changed

- [x] This PR will allow the default column to move to a non-first
position
- [x] And it also uses one request instead of multiple requests when
moving the columns
- [x] Use a star instead of a pin as the icon for setting the default
column action
- [x] Inserted new column will be append to the end
- [x] Fix #30701 the newly added issue will be append to the end of the
default column
- [x] Fix when deleting a column, all issues in it will be displayed
from UI but database records exist.
- [x] Add a limitation for columns in a project to 20. So the sorting
will not be overflow because it's int8.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-05-08 15:46:21 +00:00
wxiaoguang d4c2db39bf
Refactor AppURL usage (#30885) (#30891)
Backport #30885
Fix #30883
Fix #29591

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-05-08 13:34:43 +00:00
Giteabot cfe6779d4e
Get repo list with OrderBy alpha should respect owner too (#30784) (#30875)
Backport #30784 by @6543

instead of:
- zowner/gcode
- awesome/nul
- zowner/nul
- zowner/zzz

we will get:
- awesome/nul
- zowner/gcode
- zowner/nul
- zowner/zzz

Co-authored-by: 6543 <6543@obermui.de>
2024-05-06 15:06:45 +00:00
Giteabot a82e6301f7
Fix no edit history after editing issue's title and content (#30814) (#30845)
Backport #30814 by @yp05327

Fix #30807

reuse functions in services

Co-authored-by: yp05327 <576951401@qq.com>
2024-05-03 14:43:16 +00:00
Zettat123 99e89e57bc
Fix duplicate status check contexts (#30660) (#30779)
Backport #30660.

Caused by #30076. 

There may be some duplicate status check contexts when setting status
checks for a branch protection rule. The duplicate contexts should be
removed.

Before:
<img

src="https://github.com/go-gitea/gitea/assets/15528715/97f4de2d-4868-47a3-8a99-5a180f9ac0a3"
width="600px" />

After:
<img

src="https://github.com/go-gitea/gitea/assets/15528715/ff7289c5-9793-4090-ba31-e8cb3c85f8a3"
width="600px" />
2024-05-01 02:10:37 +00:00
6543 022eac4ac8
Get repo assignees and reviewers should ignore deactivated users (#30770) (#30782)
Backport  #30770

If an user is deactivated, it should not be in the list of users who are
suggested to be assigned or review-requested.

old assignees or reviewers are not affected.

---
*Sponsored by Kithara Software GmbH*
2024-04-30 15:36:28 +00:00
wxiaoguang 6d2a307ad8
Rename migration package name for 1.22-rc1 (#30730)
Ref: Propose to restart 1.22 release #30501
2024-04-27 14:02:07 +00:00
wxiaoguang d3cdef88ad
Add some tests to clarify the "must-change-password" behavior (#30693)
Follow  #30472:

When a user is created by command line `./gitea admin user create`:

Old behavior before #30472: the first user (admin or non-admin) doesn't
need to change password.

Revert to the old behavior before #30472
2024-04-27 12:23:37 +00:00
silverwind 9b2536b78f
Update misspell to 0.5.1 and add `misspellings.csv` (#30573)
Misspell 0.5.0 supports passing a csv file to extend the list of
misspellings, so I added some common ones from the codebase. There is at
least one typo in a API response so we need to decided whether to revert
that and then likely remove the dict entry.
2024-04-27 08:03:49 +00:00
yp05327 2a3906d755
Improve job commit description (#30579)
Fix https://github.com/go-gitea/gitea/issues/30567

When job is a schedule:

![image](https://github.com/go-gitea/gitea/assets/18380374/b07e9d43-e8b7-4ee2-87b3-a7050c3a8ca5)
When it is a normal one:

![image](https://github.com/go-gitea/gitea/assets/18380374/0d58dab9-74bb-421b-8952-0578cdf21a52)

also add a 'space' behind  `:`

![image](https://github.com/go-gitea/gitea/assets/18380374/4cebece0-bfe6-4ad9-b806-e5c49bb9be43)


![image](https://github.com/go-gitea/gitea/assets/18380374/02da7681-474b-4c0f-9dad-b6558f6cb484)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-04-26 02:22:45 +00:00
wxiaoguang bffbbf5470
Improve oauth2 client "preferred username field" logic and the error handling (#30622)
Follow #30454
And fix #24957

When using "preferred_username", if no such field,
`extractUserNameFromOAuth2` (old `getUserName`) shouldn't return an
error. All other USERNAME options do not return such error.

And fine tune some logic and error messages, make code more stable and
more friendly to end users.
2024-04-25 11:22:32 +00:00