Commit Graph

16108 Commits

Author SHA1 Message Date
KN4CK3R fc037b4b82
Add support for incoming emails (#22056)
closes #13585
fixes #9067
fixes #2386
ref #6226
ref #6219
fixes #745

This PR adds support to process incoming emails to perform actions.
Currently I added handling of replies and unsubscribing from
issues/pulls. In contrast to #13585 the IMAP IDLE command is used
instead of polling which results (in my opinion 😉) in cleaner code.

Procedure:
- When sending an issue/pull reply email, a token is generated which is
present in the Reply-To and References header.
- IMAP IDLE waits until a new email arrives
- The token tells which action should be performed

A possible signature and/or reply gets stripped from the content.

I added a new service to the drone pipeline to test the receiving of
incoming mails. If we keep this in, we may test our outgoing emails too
in future.

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-01-14 23:57:10 +08:00
Sascha Bannier 20e3ffd208
Fix stylesheet HTML snippet for external renderers documentation (#22435)
The documentation is missing the rel attribute. Neither Firefox nor
Chrome did use the linked file as CSS if rel="stylesheet" is not set.

The problem is described in issue #22434.

Co-authored-by: silverwind <me@silverwind.io>
2023-01-13 23:25:15 +00:00
Jonathan Tran 02ae63297b
Log STDERR of external renderer when it fails (#22442)
When using an external renderer, STDOUT is expected to be HTML. But
anything written to STDERR is currently ignored. In cases where the
renderer fails, I would like to log any error messages that the external
program outputs to STDERR.
2023-01-13 20:41:23 +00:00
Lunny Xiao a3ab82e592
Fix error when calculate the repository size (#22392)
Fix #22386 

`GetDirectorySize` moved as `getDirectorySize` because it becomes a
special function which should not be put in `util`.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-01-13 18:54:02 +00:00
crystal 4fc1517da0
clarify "open issues" text for labels (#22431)
see also https://codeberg.org/Codeberg/Community/issues/877
2023-01-13 12:40:39 +01:00
zeripath c0da3638e7
Restore function to "Show more" buttons (#22399)
There was a serious regression in #21012 which broke the Show More
button on the diff page, and the show more button was also broken on the
file tree too.

This PR fixes this by resetting the pageData.diffFiles as the vue
watched value and reattachs a function to the show more button outside
of the file tree view.

Fix #22380

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-01-13 13:50:32 +08:00
zeripath 99cf0d394e
Continue GCing other repos on error in one repo (#22422)
The current code propagates all errors up to the iteration step meaning
that a single malformed repo will prevent GC of other repos.

This PR simply stops that propagation.

Fix #21605

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-13 09:48:48 +08:00
crystal f1c13b4ace
improve explore relevancy note (#22421)
makes the explore relevancy note much prettier on most themes
2023-01-12 19:10:12 -06:00
John Olheiser 1ee1147baa
fix: don't replace err variable in nested check (#22416)
We can use `:=` to make `err` local to the if-scope instead of
overwriting the `err` in outer scope.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-01-12 14:57:12 -06:00
Jason Song c86be819bb
Add more packages to denylist (#22412)
After this, we can remove
[`denylist_imports`](https://gitea.com/gitea/gitea-vet/src/branch/master/checks/denylisted-imports.go#L13)
in gitea-vet
([gitea-vet/pulls/23](https://gitea.com/gitea/gitea-vet/pulls/23)).

```go
deniedImports   = []string{"io/ioutil", "encoding/json", "gitea.com/gitea/go-crypto"}
```

However, we needn't keep `gitea.com/gitea/go-crypto` any longer, it's
gone and can't be imported again.

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-12 23:35:53 +08:00
crystal 9ffaf19d89
fix wrong theme class when logged out if default theme is changed (#22408)
If you don't use the `auto` theme as the default, the `<html>` tag has
`theme-auto` as it's class when users are logged out. This PR changes it
to use the correct theme class for the default theme when logged out.
2023-01-12 08:52:05 -06:00
techknowlogick b36854df37
Update golang deps (#22410)
Note, hashicorp's LRU has been updated to v2 which supports generics but
this was left out as it is a more involved upgrade.
2023-01-12 09:21:16 +01:00
techknowlogick 6f231a7980
Replace deprecated Webauthn library (#22400)
Fix #22052

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-01-11 21:51:00 -05:00
Lunny Xiao 2220e5d245
Allow HOST has no port (#22280)
Fix #22274

This PR will allow `HOST` without port. Then a default port will be
given in future steps.
2023-01-11 20:09:24 +00:00
Jason Song 477a1cc40e
Improve utils of slices (#22379)
- Move the file `compare.go` and `slice.go` to `slice.go`.
- Fix `ExistsInSlice`, it's buggy
  - It uses `sort.Search`, so it assumes that the input slice is sorted.
- It passes `func(i int) bool { return slice[i] == target })` to
`sort.Search`, that's incorrect, check the doc of `sort.Search`.
- Conbine `IsInt64InSlice(int64, []int64)` and `ExistsInSlice(string,
[]string)` to `SliceContains[T]([]T, T)`.
- Conbine `IsSliceInt64Eq([]int64, []int64)` and `IsEqualSlice([]string,
[]string)` to `SliceSortedEqual[T]([]T, T)`.
- Add `SliceEqual[T]([]T, T)` as a distinction from
`SliceSortedEqual[T]([]T, T)`.
- Redesign `RemoveIDFromList([]int64, int64) ([]int64, bool)` to
`SliceRemoveAll[T]([]T, T) []T`.
- Add `SliceContainsFunc[T]([]T, func(T) bool)` and
`SliceRemoveAllFunc[T]([]T, func(T) bool)` for general use.
- Add comments to explain why not `golang.org/x/exp/slices`.
- Add unit tests.
2023-01-11 13:31:16 +08:00
techknowlogick dc5f2cf590
cgo cross-compile for freebsd (#22397)
Provide pre-compiled cgo binaries for freebsd

Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2023-01-10 17:21:24 -05:00
delvh 70043da3dd
Fix typo (#22396)
DEFAUlT -> DEFAULT
2023-01-10 22:00:42 +01:00
John Olheiser e7f1d45eb5
fix: omit avatar_url in discord payload when empty (#22393)
Fixes #22391

This field is optional for Discord, however when it exists in the
payload it is now validated.
Omitting it entirely just makes Discord use the default for that
webhook, which is set on the Discord side.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-01-10 14:01:52 -05:00
Yarden Shoham 3b804ff76c
Fix "remember this device" case (#22388)
In the title case, it should be "Remember This Device"

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2023-01-10 17:43:54 +08:00
Lunny Xiao 50f67d7e38
Don't display stop watch top bar icon when disabled and hidden when click other place (#22374)
Fix #22286 

When timetracking is disabled, the stop watch top bar icon should be
hidden.
When the stop watch recording popup, it should be allowed to hide with
some operation. Now click any place on this page will hide the popup
window.
2023-01-09 21:53:11 -05:00
Jason Song a35714372d
Fix halfCommitter and WithTx (#22366)
Related to #22362.

I overlooked that there's always `committer.Close()`, like:

```go
		ctx, committer, err := db.TxContext(db.DefaultContext)
		if err != nil {
			return nil
		}
		defer committer.Close()

		// ...

		if err != nil {
			return nil
		}

		// ...

		return committer.Commit()
```

So the `Close` of `halfCommitter` should ignore `commit and close`, it's
not a rollback.

See: [Why `halfCommitter` and `WithTx` should rollback IMMEDIATELY or
commit
LATER](https://github.com/go-gitea/gitea/pull/22366#issuecomment-1374778612).

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-01-09 12:19:19 -05:00
Lunny Xiao 99a675f4a1
Don't lookup mail server when using sendmail (#22300)
Fix #22287
2023-01-09 11:09:46 -05:00
ahab 82235fb681
Update index.de-de.md (#22363)
Some minor changes related to the language.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-01-09 19:25:13 +08:00
Khaled Yakdan dbfc5aa016
Move fuzz tests into tests/fuzz (#22376)
This puts the fuzz tests in the same directory as other tests and eases
the integration in OSS-Fuzz

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-01-09 15:30:14 +08:00
Jason Song 9e94346529
Remove satori/go.uuid (#22375)
`github.com/satori/go.uuid` is no longer used, so the `replace` is not
needed now
2023-01-09 01:00:10 -05:00
Jason Song 7adc2de464
Use context parameter in models/git (#22367)
After #22362, we can feel free to use transactions without
`db.DefaultContext`.

And there are still lots of models using `db.DefaultContext`, I think we
should refactor them carefully and one by one.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-01-09 11:50:54 +08:00
delvh b878155b87
Replace `can not` with `cannot` (#22372)
Fixes #22371.
2023-01-08 18:25:28 +00:00
Lunny Xiao dfd2db5695
Fix set system setting failure once it cached (#22333)
Unfortunately, #22295 introduced a bug that when set a cached system
setting, it will not affect.
This PR make sure to remove the cache key when updating a system
setting.

Fix #22332
2023-01-08 21:22:41 +08:00
dependabot[bot] bdf8c80f41
Bump json5 from 1.0.1 to 1.0.2 (#22365)
Bumps [json5](https://github.com/json5/json5) from 1.0.1 to 1.0.2.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/releases">json5's
releases</a>.</em></p>
<blockquote>
<h2>v1.0.2</h2>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>)
This also fixes a prototype pollution vulnerability reported by Jonathan
Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>).
This has been backported to v1. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/298">#298</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/json5/json5/blob/main/CHANGELOG.md">json5's
changelog</a>.</em></p>
<blockquote>
<h3>Unreleased [<a
href="https://github.com/json5/json5/tree/main">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.3...HEAD">diff</a>]</h3>
<h3>v2.2.3 [<a
href="https://github.com/json5/json5/tree/v2.2.3">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.2...v2.2.3">diff</a>]</h3>
<ul>
<li>Fix: json5@2.2.3 is now the 'latest' release according to npm
instead of
v1.0.2. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/299">#299</a>)</li>
</ul>
<h3>v2.2.2 [<a
href="https://github.com/json5/json5/tree/v2.2.2">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.1...v2.2.2">diff</a>]</h3>
<ul>
<li>Fix: Properties with the name <code>__proto__</code> are added to
objects and arrays.
(<a
href="https://github-redirect.dependabot.com/json5/json5/issues/199">#199</a>)
This also fixes a prototype pollution vulnerability reported by
Jonathan Gregson! (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/295">#295</a>).</li>
</ul>
<h3>v2.2.1 [<a
href="https://github.com/json5/json5/tree/v2.2.1">code</a>, <a
href="https://github.com/json5/json5/compare/v2.2.0...v2.2.1">diff</a>]</h3>
<ul>
<li>Fix: Removed dependence on minimist to patch CVE-2021-44906. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/266">#266</a>)</li>
</ul>
<h3>v2.2.0 [<a
href="https://github.com/json5/json5/tree/v2.2.0">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.3...v2.2.0">diff</a>]</h3>
<ul>
<li>New: Accurate and documented TypeScript declarations are now
included. There
is no need to install <code>@types/json5</code>. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/236">#236</a>,
<a
href="https://github-redirect.dependabot.com/json5/json5/issues/244">#244</a>)</li>
</ul>
<h3>v2.1.3 [<a
href="https://github.com/json5/json5/tree/v2.1.3">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.2...v2.1.3">diff</a>]</h3>
<ul>
<li>Fix: An out of memory bug when parsing numbers has been fixed. (<a
href="https://github-redirect.dependabot.com/json5/json5/issues/228">#228</a>,
<a
href="https://github-redirect.dependabot.com/json5/json5/issues/229">#229</a>)</li>
</ul>
<h3>v2.1.2 [<a
href="https://github.com/json5/json5/tree/v2.1.2">code</a>, <a
href="https://github.com/json5/json5/compare/v2.1.1...v2.1.2">diff</a>]</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="a62db1e51e"><code>a62db1e</code></a>
1.0.2</li>
<li><a
href="e0c23fe458"><code>e0c23fe</code></a>
docs: update CHANGELOG for v1.0.2</li>
<li><a
href="62a6540840"><code>62a6540</code></a>
fix: add <strong>proto</strong> to objects and arrays</li>
<li>See full diff in <a
href="https://github.com/json5/json5/compare/v1.0.1...v1.0.2">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=json5&package-manager=npm_and_yarn&previous-version=1.0.1&new-version=1.0.2)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after
your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge
and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating
it. You can achieve the same result by closing it manually
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
- `@dependabot use these labels` will set the current labels as the
default for future PRs for this repo and language
- `@dependabot use these reviewers` will set the current reviewers as
the default for future PRs for this repo and language
- `@dependabot use these assignees` will set the current assignees as
the default for future PRs for this repo and language
- `@dependabot use this milestone` will set the current milestone as the
default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/go-gitea/gitea/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2023-01-08 19:48:00 +08:00
Jason Song 6135359a04
Always reuse transaction (#22362) 2023-01-08 09:34:58 +08:00
crystal d42b52fcfa
make /{username}.png redirect to user/org avatar (#22356)
fix #22355

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-01-06 13:44:02 +01:00
Jason Song 3dbd2d942b
Remove old HookEventType (#22358)
Supplement to #22256.
2023-01-06 19:49:14 +08:00
KN4CK3R f74293f9c2
Fix unstable emoji sort (#22346)
Without the second sort every generate run produces a different result.
2023-01-05 13:58:51 +02:00
AdamKorcz 906d8cc5dc
Rewrite fuzzers to native Go harnesses (#22313) 2023-01-05 10:33:00 +08:00
isla w f41ad344cb
Update Emoji dataset to Unicode 14 (#22342)
Gitea emoji dataset was out of date because it gets manually built and
hasn't been rebuilt since it was added. This means Gitea doesn't
recognize some newer emoji or changes to existing ones.

After changing the max unicode version to 14 I just ran: `go run
build/generate-emoji.go`

This should address the initial issue seen in #22153 where Gitea doesn't
recognize a standard alias used elsewhere when importing content.

14 is the latest supported version from the upstream source as 15 is not
widely supported (in their opinion) yet
2023-01-04 11:52:48 -06:00
Lunny Xiao fdbb0b4762
fix gravatar disable bug (#22336) 2023-01-04 16:19:56 +08:00
John Olheiser 32e863439c
fix: update settings table on install (#22326)
Related to #22325 

Signed-off-by: jolheiser <john.olheiser@gmail.com>
2023-01-03 14:33:41 -06:00
Lunny Xiao efa708501b
Use git command instead of exec.Cmd in blame (#22098)
extract from #18147

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-01-03 16:17:13 +08:00
Lunny Xiao c59e1537a8
Display error log when a modified template has an error so that it could recovery when the error fixed (#22261)
A drawback is the previous generated template has been cached, so you
cannot get error in the UI but only from log

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: delvh <dev.lh@web.de>
2023-01-03 15:17:36 +08:00
Kyle D f0159c3e8a
Add deprecated warning for DISABLE_GRAVATAR and ENABLE_FEDERATED_AVATAR (#22318) 2023-01-03 07:54:27 +08:00
Gusted 96797fed31
Unify hashing for avatar (#22289)
- Unify the hashing code for repository and user avatars into a
function.
- Use a sane hash function instead of MD5.
- Only require hashing once instead of twice(w.r.t. hashing for user
avatar).
- Improve the comment for the hashing code of why it works.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Yarden Shoham <hrsi88@gmail.com>
2023-01-02 22:46:39 +01:00
John Olheiser fcd6ceef2b
fix: code search title translation (#22285)
`code.title` isn't an existing translation.

`explore.code` is the translation used for the tab, which I think
matches closely enough for this instead of a brand new translation.

Open to feedback on whether a new translation would be preferred
instead.

Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2023-01-02 17:18:08 +08:00
James Liu e61ce934bc
Update Gmail mailer configuration (#22291)
This PR updates the `[mailer]` configuration snippet for Gmail:

- The `HELO_HOSTNAME` isn't required.
- The `USER` must not include the @gmail domain.
- `HOST` needs to be supplied, and the SMTP port number needs to be
appended to the URL.

I also added a note about the requirement to use App passwords instead
of your Google account password directly.

Co-authored-by: delvh <dev.lh@web.de>
2023-01-02 10:52:36 +08:00
Yarden Shoham b994b2ea9c
Fix due date rendering the wrong date in issue (#22302)
Previously, the last minute of the chosen date caused bad timezone
rendering.

For example, I chose January 4th, 2023.

### Before
```html
<time data-format="date" datetime="Wed, 04 Jan 2023 23:59:59 +0000">January 5, 2023</time>
```

### After
```html
<time data-format="date" datetime="2023-01-04">January 4, 2023</time>
```

---

Closes #21999

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2023-01-02 10:49:05 +08:00
Lunny Xiao a1c30740bb
Fix get system setting bug when enabled redis cache (#22295)
Fix #22281

In #21621 , `Get[V]` and `Set[V]` has been introduced, so that cache
value will be `*Setting`. For memory cache it's OK. But for redis cache,
it can only store `string` for the current implementation. This PR
revert some of changes of that and just store or return a `string` for
system setting.
2023-01-02 00:06:52 +08:00
delvh 0f4e1b9ac6
Restructure `webhook` module (#22256)
Previously, there was an `import services/webhooks` inside
`modules/notification/webhook`.
This import was removed (after fighting against many import cycles).
Additionally, `modules/notification/webhook` was moved to
`modules/webhook`,
and a few structs/constants were extracted from `models/webhooks` to
`modules/webhook`.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-01-01 23:23:15 +08:00
Jason Song f8e93ce423
Reminder for no more logs to console (#22282)
Even if the log mode is `file`, there are still few logs printed to the
console at the very beginning.

That's fine but confusing. Someone will think the console is the only
place to find logs, and get nothing helpful. See
https://github.com/go-gitea/gitea/issues/22274#issuecomment-1367917717.

There should be a reminder that there are no more logs to the console.

And to avoid log loss, we should add configured loggers first, then
remove console logger if there's no `console` in the mode.

Tests with `MODE = file`:

Before:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/210079862-d591677f-347e-46ed-a548-bb2ddbb0885c.png">

After:
<img width="1792" alt="image"
src="https://user-images.githubusercontent.com/9418365/210080002-d66cc418-6888-4909-b370-d03f5986ef41.png">

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
2023-01-01 22:00:33 +08:00
Lunny Xiao 9c8fc7f677
Fix bug of DisableGravatar default value (#22296)
#18058 made a mistake. The disableGravatar's default value depends on
`OfflineMode`. If it's `true`, then `disableGravatar` is true, otherwise
it's `false`. But not opposite.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-01-01 20:19:23 +08:00
Lunny Xiao 2bbf9e7302
Upgrade go-chi to v5.0.8 (#22304) 2023-01-01 11:23:26 +01:00
KN4CK3R b1a4eb40a1 [skip ci] Updated licenses and gitignores 2023-01-01 00:19:35 +00:00