Commit Graph

13642 Commits

Author SHA1 Message Date
Xinyu Zhou 6117c8b15a
Fix vertical align of committer avatar rendered by email address (#21884) (#21919)
Backport #21884

Committer avatar rendered by `func AvatarByEmail` are not vertical align
as `func Avatar` does.

- Replace literals `ui avatar` and `ui avatar vm` with the constant
`DefaultAvatarClass`

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
2022-11-23 22:00:43 -06:00
KN4CK3R ba16df8da3
Fix setting HTTP headers after write (#21833) (#21874)
Backport #21833
2022-11-20 20:14:27 +00:00
KN4CK3R 87630a6583
Do not allow Ghost access to limited visible user/org (#21849) (#21875)
Backport of #21849

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-11-20 14:35:26 +02:00
Gusted 56716f5834
Prevent dangling user redirects (#21856) (#21859)
- Backport #21856
- It's possible that the `user_redirect` table contains a user id that
no longer exists.
  - Delete a user redirect upon deleting the user.
- Add a check for these dangling user redirects to check-db-consistency.
2022-11-18 22:24:49 +08:00
zeripath 65b5c8e532
Fix enabling partial clones on 1.17 (#21809)
When backporting #20902 in #21058 there was a slight misbackport. It was
missed that we needed to remove the global command option before setting
the settings.

Fix #21805

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-14 15:58:11 +08:00
zeripath 9dc53ba65f
Prevent panic in doctor command when running default checks (#21791) (#21808)
Backport #21791

There was a bug introduced in #21352 due to a change of behaviour caused
by #19280. This causes a panic on running the default doctor checks
because the panic introduced by #19280 assumes that the only way
opts.StdOut and opts.Stderr can be set in RunOpts is deliberately.
Unfortunately, when running a git.Command the provided RunOpts can be
set, therefore if you share a common set of RunOpts these two values can
be set by the previous commands.

This PR stops using common RunOpts for the commands in that doctor check
but secondly stops RunCommand variants from changing the provided
RunOpts.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-13 22:43:40 +00:00
Gusted d25c74f353
Upgrade golang.org/x/crypto (#21792) (#21794)
- Backport #21792
- Update the crypto dependency to include
6fad3dfc18
  - Resolves #17798

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-12 23:43:43 -05:00
Jason Song 795913e3c7
Load GitRepo in API before deleting issue (#21720) (#21795)
Backport #21720.

Fix #20921.

The `ctx.Repo.GitRepo` has been used in deleting issues when the issue
is a PR.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-11-12 22:13:31 -06:00
silverwind e609ef9585
Ignore line anchor links with leading zeroes (#21728) (#21777) 2022-11-11 11:45:40 -05:00
Xinyu Zhou f321cdced7
Add HEAD fix to gitea doctor (#21352) (#21751)
Backport #21352

Due to a bug in presumably an older version of Gitea, multiple of my
repositories still have their HEADs pointing to a `master` branch while
the default branch on the UI is listed as `main`. This adds a `gitea
doctor` command that will fix all of the HEAD references for repos when
they're not synchronized with the default branch in the DB.

This will help with cloning to ensure that git automatically checks out
the right branch, instead of a nonexistent one.

Note: I'm not sure if I actually need to do more other than add a file
here. Will try testing this out on my server soon.

Co-authored-by: Clar Fon <15850505+clarfonthey@users.noreply.github.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-11 14:38:52 +08:00
wxiaoguang f241201484
Init git module before database migration (#21764) (#21766)
Backport #21764

Some database migrations depend on the git module.
2022-11-10 14:22:45 +00:00
Jason Song 43bddc1405
Set last login when activating account (#21731) (#21754)
Backport #21731.

Fix #21698.

Set the last login time to the current time when activating the user
successfully.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-10 11:15:28 +08:00
Xinyu Zhou 9414260d67
Fix UI language switching bug (#21597) (#21748)
Backport #21597

Related:
* https://github.com/go-gitea/gitea/pull/21596#issuecomment-1291450224

There was a bug when switching language by AJAX: the irrelevant POST
requests were processed by the target page's handler.

Now, use GET instead of POST. The GET requests should be harmless.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-11-10 10:13:36 +08:00
Wayne Starr 3c07ed0911
Remove semver compatible flag and change pypi to an array of test cases (#21708) (#21729)
Backport (#21708)

This addresses #21707 and adds a second package test case for a
non-semver compatible version (this might be overkill though since you
could also edit the old package version to have an epoch in front and
see the error, this just seemed more flexible for the future).

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-11-09 23:02:21 +08:00
Wayne Starr 995ae06a6e
Allow for resolution of NPM registry paths that match upstream (#21568) (#21723)
Backport (#21568)

This PR fixes issue #21567 allowing for package tarball URLs to match
the upstream registry (and GitLab/JFrog Artifactory URLs). It uses a
regex to parse the filename (which contains the NPM version) and does a
fuzzy search to pull it out. The regex was built/expanded from
http://json.schemastore.org/package,
https://github.com/Masterminds/semver, and
https://docs.npmjs.com/cli/v6/using-npm/semver and is testable here:
https://regex101.com/r/OydBJq/5

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-09 14:00:09 +08:00
Wayne Starr 14342047ad
Allow local package identifiers for PyPI packages (#21690) (#21726)
Backport (#21690)

Fixes #21683

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-11-09 09:10:25 +08:00
zeripath d6d62c071f
Fix repository adoption on Windows (#21646) (#21651)
Backport #21646

A bug was introduced in #17865 where filepath.Join is used to join
putative unadopted repository owner and names together. This is
incorrect as these names are then used as repository names - which shoud
have the '/' separator. This means that adoption will not work on
Windows servers.

Fix #21632

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-01 19:24:37 +00:00
Jason Song 7a2daae7c3
Sync git hooks when config file path changed (#21619) (#21625)
Backport #21619 .

A patch to #17335.

Just like AppPath, Gitea writes its own CustomConf into git hook scripts
too. If Gitea's CustomConf changes, then the git push may fail.

Co-authored-by: techknowlogick <techknowlogick@gitea.io>

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-10-30 11:16:09 +08:00
KN4CK3R 5bc3fbd511
Fix package access for admins and inactive users (#21580) (#21592)
Backport of #21580

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-28 09:38:59 +08:00
KN4CK3R b0a057f1c0
Fix `Timestamp.IsZero` (#21593) (#21604)
Backport of #21593

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-27 16:47:47 +08:00
Xinyu Zhou 43a8547df6
Added check for disabled Packages (#21540) (#21614)
Backport #21540

At the moment, If admin disable Packages, still show the Packages on the
admin dashboard.

This patch added a check to hide the Packages entry.
2022-10-27 12:34:32 +08:00
Lunny Xiao 291787a5ef
Fix issues count bug (#21600)
backport #21557
2022-10-26 20:42:45 +08:00
Ashley Nelson e504410708
Update milestone counters when issue is deleted (#21459) (#21586)
Backports #21459 

When actions besides "delete" are performed on issues, the milestone
counter is updated. However, since deleting issues goes through a
different code path, the associated milestone's count wasn't being
updated, resulting in inaccurate counts until another issue in the same
milestone had a non-delete action performed on it.

I verified this change fixes the inaccurate counts using a local docker
build.

Co-authored-by: 6543 <6543@obermui.de>
2022-10-26 15:44:05 +08:00
KN4CK3R 2ccf940464
Suppress `ExternalLoginUserNotExist` error (#21504) (#21572)
Backport of #21504

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-26 00:08:05 +08:00
eleith 169c08e20a
support binary deploy in npm packages (#21589)
backport of #21372 for v1.17.4

-------------------

npm package.json supports binary packaging:
https://docs.npmjs.com/cli/v8/configuring-npm/package-json#bin

the npm registry documents that the binary references will be attached
to the abbreviated version object:

https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-object

unfortunately their api documentation leaves this out:
https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#abbreviated-version-objectdoc

which is likely to be the reason this was left out in gitea's initial
implementation

this response is critical for npm to install the binary in the .bin
folder so as to be included on the users default bin path, resulting in
immediate access to any binaries provided by the package

i have tested upload and installing through npm and can confirm the npm
registry now responds with bin in the version metadata and results in
the binary being available after install.

this fixes https://github.com/go-gitea/gitea/issues/21303

Co-authored-by: eleith <online-github@eleith.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-25 14:13:27 +08:00
Paweł Bogusławski d5856fece7
SessionUser protection against nil pointer dereference (#21581)
Backport #21358 

`SessionUser` should be protected against passing `sess` = `nil` to
avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in


https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: https://github.com/go-gitea/gitea/pull/18452
2022-10-24 20:05:35 +01:00
Hubert Wawrzyńczyk 0571ddc368
Case-insensitive NuGet symbol file GUID (#21409) (#21575)
Backport of #21409

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-24 19:57:19 +08:00
KN4CK3R 6b7ce726c2
Prevent Authorization header for presigned LFS urls (#21531) (#21569)
Backport of #21531

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 11:18:31 +08:00
Lunny Xiao 92b5f48c40
Update binding to fix bugs (#21560)
backport #21556, Fix #19698
2022-10-24 02:17:13 +01:00
silverwind 8043fbce09
Check for valid user token in integration tests (#21520) (#21529)
Backport #21520

Added checks for logged user token.

Some builds fail at unrelated tests, due to missing token.

Co-authored-by: Vladimir Yakovlev <nagos@inbox.ru>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-22 17:22:11 +08:00
Lunny Xiao 556e2d5506
Fix generating compare link (#21519) (#21530)
Fix #6318, backport #21519

Co-authored-by: zeripath <art27@cantab.net>

Co-authored-by: zeripath <art27@cantab.net>
2022-10-21 20:59:27 +08:00
delvh 675c14aba6
Ignore error when retrieving changed PR review files (#21487) (#21524)
When a PR reviewer reviewed a file on a commit that was later gc'ed,
they would always get a `500` response from then on when loading the PR.
This PR simply ignores that error and instead marks all files as
unchanged.
This approach was chosen as the only feasible option without diving into
**a lot** of error handling.

Fixes #21392
Backport of #21487

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-20 23:25:54 +08:00
silverwind 4b4adb1cc9
Enable Monaco automaticLayout (#21516)
Enable
[`automaticLayout`](https://microsoft.github.io/monaco-editor/api/interfaces/monaco.editor.IDiffEditorOptions.html#automaticLayout)
for monaco so it can reflow itself.

Fixes: https://github.com/go-gitea/gitea/issues/21508
2022-10-19 21:12:37 +01:00
wxiaoguang 19df07f021
Fix incorrect notification commit url (#21479) (#21483)
Backport #21479

For normal commits the notification url was wrong because oldCommitID is
received from the shrinked commits list.

This PR moves the commits list shrinking after the oldCommitID
assignment.
2022-10-18 15:46:13 +08:00
KN4CK3R 5a84558e7c
Display total commit count in hook message (#21400) (#21481)
Backport of #21400

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-17 10:37:44 -04:00
KN4CK3R 46053c092d
Enforce grouped NuGet search results (#21442) (#21480)
Backport of #21442
2022-10-17 13:07:19 +08:00
Gusted 3f032759ed
Return 404 when user is not found on avatar (#21476) (#21477)
- Backport #21476
- Instead of returning a 500 Internal Server when the user wasn't found,
return 404 Not found.
2022-10-17 00:56:58 +08:00
6543 f48fda8eef
Changelog v1.17.3 (#21456) 2022-10-15 15:08:17 +02:00
6543 cd48a007bb
improve code quality (#21464) (#21463)
Backport #21464 and #21465

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-15 14:24:39 +02:00
zeripath 6afbef5a8b
Do DB update after merge in hammer context (#21401) (#21416)
Backport #21401

When merge was changed to run in the background context, the db updates
were still running in request context. This means that the merge could
be successful but the db not be updated.

This PR changes both these to run in the hammer context, this is not
complete rollback protection but it's much better.

Fix #21332

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-12 15:52:21 +08:00
Gusted d745780014
Add Num{Issues,Pulls} stats checks (#21404) (#21414)
Backport #21404

Currently `repository.Num{Issues,Pulls}` weren't checked and could
become out-of-consistency. Adds these two checks to `CheckRepoStats`.

Fix incorrect SQL query for `repository.NumClosedPulls`, the check
should be for `repo_num_pulls`.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-12 14:47:48 +08:00
Gusted 652abf0ae0
Bump `golang.org/x/text` (#21412) (#21413)
- Backport #21412
- Update the `golang.org/x/text` dependency, this fixes [a security
issue](https://groups.google.com/g/golang-announce/c/-hjNw559_tE/m/KlGTfid5CAAJ).
2022-10-11 20:00:55 +01:00
zeripath 1f804d35ca
Stop logging CheckPath returns error: context canceled (#21064) (#21405)
Backport #21064

We should only log CheckPath errors if they are not simply due to
context cancellation - and we should add a little more context to the
error message.

Fix #20709

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-11 16:35:29 +08:00
KN4CK3R c83a05f114
Set SemverCompatible to false for Conan packages (#21275) (#21366)
Backport of #21275
2022-10-10 20:46:09 +08:00
KN4CK3R a3c75ac438
Make NuGet service index publicly accessible (#21242) (#21277)
Backport of #21242

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-10-08 16:23:41 +01:00
M Hickford 14bc4d79c1
Parse OAuth Authorization header when request omits client secret (#21351) (#21374)
Backport #21351

This fixes error "unauthorized_client: invalid client secret" when
client includes secret in Authorization header rather than request body.
OAuth spec permits both:
https://www.rfc-editor.org/rfc/rfc6749#section-2.3.1

Clients in possession of a client password MAY use the HTTP Basic
authentication scheme ... Alternatively, the authorization server MAY
support including the client credentials in the request-body

Sanity validation that client id and client secret in request are
consistent with Authorization header.

Improve error descriptions. Error codes remain the same.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-08 16:53:17 +08:00
M Hickford 672d54fafa
Ignore port for OAuth2 loopback redirect URIs (#21293) (#21373)
Backport #21293

Following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3

Fixes #21285
2022-10-08 09:52:35 +08:00
Jason Song 0495544b8a
Tag list should include draft releases with existing tags (#21263) (#21365)
Backport #21263.

Before, a tag for a draft release disappeared in the tag list, fix #21262.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-07 18:59:42 +08:00
John Olheiser 1fbc56d732
Fix linked account translation (#21331) (#21334) 2022-10-05 10:25:34 -04:00
wxiaoguang 1a9ba1c65d
Fix missing m.Run() in TestMain (#21341)
Backport #21340, add the missing m.Run()
2022-10-05 12:17:16 +08:00