Commit Graph

18546 Commits

Author SHA1 Message Date
Zettat123 7dec8de914
Hide the "Details" link of commit status when the user cannot access actions (#30156)
Fix #26685

If a commit status comes from Gitea Actions and the user cannot access
the repo's actions unit (the user does not have the permission or the
actions unit is disabled), a 404 page will occur after clicking the
"Details" link. We should hide the "Details" link in this case.

<img
src="https://github.com/go-gitea/gitea/assets/15528715/68361714-b784-4bb5-baab-efde4221f466"
width="400px" />
2024-07-28 23:11:40 +08:00
silverwind aa36989bd0
Enable `no-jquery/no-parse-html-literal` and fix violation (#31684)
Tested it, path segment creation works just like before.
2024-07-27 14:44:41 +00:00
GiteaBot a40192dc12 [skip ci] Updated translations via Crowdin 2024-07-27 00:27:00 +00:00
Shivaram Lingamneni e1cf760d2f
OIDC: case-insensitive comparison for auth scheme `Basic` (#31706)
@kylef pointed out on https://github.com/go-gitea/gitea/pull/31632 that
[RFC7617](https://www.rfc-editor.org/rfc/rfc7617.html#section-2)
mandates case-insensitive comparison of the scheme field `Basic`. #31632
copied a case-sensitive comparison from
https://github.com/go-gitea/gitea/pull/6293. This PR fixes both
comparisons.

The issue only affects OIDC, since the implementation for normal Gitea
endpoints is already correct:


930ca92d7c/services/auth/basic.go (L55-L58)
2024-07-26 19:51:45 +00:00
Zettat123 4b376a0ed9
Support `pull_request_target` event for commit status (#31703)
Fix [act_runner #573](https://gitea.com/gitea/act_runner/issues/573)

Before:

![image](https://github.com/user-attachments/assets/3944bf7f-7a60-4801-bcb3-5e158a180fda)

After:

![image](https://github.com/user-attachments/assets/cadac944-40bd-4537-a9d9-e702b8bc1ece)
2024-07-26 18:00:07 +08:00
silverwind 930ca92d7c
Add types to fetch,toast,bootstrap,svg (#31627)
Reduce `tsc` error count by 53. None of the changes has any runtime
effect.
2024-07-25 23:31:24 +00:00
Jason Song cabcca3d81
Run `detectWebAuthnSupport` only if necessary (#31691)
Follow #31676, which is not correct, see
https://github.com/go-gitea/gitea/pull/31676#issuecomment-2246658217

Fix #31675, regression of #31504.
2024-07-25 23:26:41 +00:00
Shivaram Lingamneni ecc8f2b047
add `username` to OIDC introspection response (#31688)
This field is specified as optional here:
https://datatracker.ietf.org/doc/html/rfc7662#section-2.2

It's used by some OIDC integrations, e.g.
https://emersion.fr/blog/2022/irc-and-oauth2/

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-25 12:36:05 +00:00
Adam Majer bae87dfb09
Add return type to GetRawFileOrLFS and GetRawFile (#31680)
Document return type for the endpoints that fetch specific files from a
repository. This allows the swagger generated code to read the returned
data.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-25 14:06:19 +02:00
yp05327 cc044818c3
Support delete user email in admin panel (#31690)
![QQ_1721784609320](https://github.com/user-attachments/assets/23f08bf3-93f4-44d7-963d-10380ef8c1f1)

![QQ_1721784616403](https://github.com/user-attachments/assets/667cbd1e-5e21-4489-8d18-2a7be85190db)

![QQ_1721784626722](https://github.com/user-attachments/assets/495beb94-dfa2-481c-aa60-d5115cad1ae1)

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2024-07-25 18:11:04 +08:00
Stanislas Dolcini d8f82cbc78
Use GetDisplayName() instead of DisplayName() to generate rss feeds (#31687)
Fixes #31491 The RSS feed converted ignored the setting used in the
application.
2024-07-25 17:33:02 +08:00
wxiaoguang 169031b7cf
Fix "Filter by commit" Dropdown (#31695)
Regression of #31281
Fix #31673
2024-07-25 01:48:51 +00:00
GiteaBot 7bd127522f [skip ci] Updated translations via Crowdin 2024-07-25 00:27:15 +00:00
techknowlogick b4ccef3dee
use nolyfill to remove some polyfills (#31468)
We don't need to have polyfills down to Node v4. Some of our deps have
polyfills, and don't utilize the built-in implementation if available.
While this does decrease our package graph, I haven't been able to
notice any decrease/increase in page load times, although that could
likely be just because it's already pretty fast.

Nolyfill is https://github.com/SukkaW/nolyfill

updates to files generated with:

```shell
npx nolyfill install
npm update
```

Before this is/isn't merged, I'd be appreciative/thankful for other's
insights.

Edit: This isn't due to a specific individual. I am generally supportive
of them and their dedication to backward compatibility. This PR is due
to not needing those imports for our minimum requirements. Please don't
take this PR as commentary on anyone's character.

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-07-24 00:42:21 +00:00
Kemal Zebari c0b5a843ba
Properly filter issue list given no assignees filter (#31522)
Quick fix #31520. This issue is related to #31337.
2024-07-23 18:36:32 +00:00
Jason Song bbd14769cd
Run `detectWebAuthnSupport` only on sign-in page (#31676)
Fix #31675, regression of #31504.
2024-07-23 17:52:40 +00:00
Shivaram Lingamneni 2f1cb1d289
fix OIDC introspection authentication (#31632)
See discussion on #31561 for some background.

The introspect endpoint was using the OIDC token itself for
authentication. This fixes it to use basic authentication with the
client ID and secret instead:

* Applications with a valid client ID and secret should be able to
  successfully introspect an invalid token, receiving a 200 response
  with JSON data that indicates the token is invalid
* Requests with an invalid client ID and secret should not be able
  to introspect, even if the token itself is valid

Unlike #31561 (which just future-proofed the current behavior against
future changes to `DISABLE_QUERY_AUTH_TOKEN`), this is a potential
compatibility break (some introspection requests without valid client
IDs that would previously succeed will now fail). Affected deployments
must begin sending a valid HTTP basic authentication header with their
introspection requests, with the username set to a valid client ID and
the password set to the corresponding client secret.
2024-07-23 12:43:03 +00:00
techknowlogick 24f9390f34
Enable direnv (#31672)
This lets developers who have direnv enabled to load our nix flake
automatically when entering it
2024-07-23 12:07:41 +00:00
GiteaBot ad91a59c18 [skip ci] Updated translations via Crowdin 2024-07-23 00:27:23 +00:00
GiteaBot d919df4f09 [skip ci] Updated translations via Crowdin 2024-07-21 00:30:14 +00:00
techknowlogick ba9589a92d
fix redis dep (#31662)
fix https://github.com/go-gitea/gitea/issues/31658
2024-07-19 20:10:31 +00:00
Denys Konovalov a8d0c879c3
add skip secondary authorization option for public oauth2 clients (#31454) 2024-07-19 14:28:30 -04:00
Zettat123 e9aa39bda4
Fix a branch divergence cache bug (#31659)
Fix #31599

A branch divergence is counted based on the default branch. If the
default branch is updated, all divergence caches of the repo need to be
deleted.
2024-07-19 17:52:49 +02:00
GiteaBot 03c8c2683c [skip ci] Updated translations via Crowdin 2024-07-18 00:27:07 +00:00
silverwind 0c1127a2fb
Remove unneccessary uses of `word-break: break-all` (#31637)
Fixes: https://github.com/go-gitea/gitea/issues/31636

1. Issue sidebar topic is disussed in
https://github.com/go-gitea/gitea/issues/31636
2. Org description already has `overflow-wrap: anywhere` to ensure no
overflow.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-17 12:04:28 +02:00
GiteaBot de1a5506d1 [skip ci] Updated translations via Crowdin 2024-07-17 00:27:54 +00:00
Carsten Klein 3571b7e3dd
Allow searching issues by ID (#31479)
When you are entering a number in the issue search, you likely want the
issue with the given ID (code internal concept: issue index).
As such, when a number is detected, the issue with the corresponding ID
will now be added to the results.

Fixes #4479

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-07-17 00:49:05 +02:00
Rowan Bohde 416c36f303
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

### Notes on updating permissions
Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-16 20:33:16 +02:00
silverwind 3a7454df7a
Enable `no-jquery/no-class-state` (#31639)
Just 4 validations and I specifically tested this by
selecting/unselecting issue labels.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-16 12:14:27 +02:00
Bartlomiej Komendarczuk e8d4b7a8b1
Added default sorting milestones by name (#27084)
#26996 
Added default sorting for milestones by name.
Additional, name for sorting closestduedate and furthestduedate was
broken, so I fixed it.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-07-16 10:08:54 +02:00
silverwind 0bb4c1cde2
Code editor theme enhancements (#31629)
1. Fixed border-radius
2. Monaco ignores the alpha channel on the shadow color, introduce
`color-shadow-opaque`
3. Remove scrollbar color which follows
https://github.com/go-gitea/gitea/pull/29800

Before:

<img width="34" alt="Screenshot 2024-07-13 at 15 38 18"
src="https://github.com/user-attachments/assets/042d9bde-6db9-4467-a2a4-8f61ecc773eb">
<img width="35" alt="Screenshot 2024-07-13 at 15 38 31"
src="https://github.com/user-attachments/assets/04146ee0-551c-4ff2-9636-bd119b33595a">


After:

<img width="45" alt="Screenshot 2024-07-13 at 15 38 06"
src="https://github.com/user-attachments/assets/1f58fa5a-1289-4e45-83c9-18ca82a5e266">
<img width="39" alt="Screenshot 2024-07-13 at 21 16 56"
src="https://github.com/user-attachments/assets/e12ebe22-b29b-4798-9f0d-4c100f311562">
2024-07-14 23:22:48 +00:00
6543 0f53324182
Add option to change mail from user display name (#31528)
Make it posible to let mails show e.g.:

`Max Musternam (via gitea.kithara.com) <gitea@kithara.com>`

Docs: https://gitea.com/gitea/docs/pulls/23

---
*Sponsored by Kithara Software GmbH*
2024-07-14 23:27:00 +02:00
Lunny Xiao 0d08bb6112
Upgrade xorm to v1.3.9 and improve some migrations Sync (#29899)
Co-authored-by: 6543 <6543@obermui.de>
2024-07-14 17:15:59 -04:00
6543 1064e817c4
Issue Templates: add option to have dropdown printed list (#31577)
Issue template dropdown can have many entries, and it could be better to
have them rendered as list later on if multi-select is enabled.

so this adds an option to the issue template engine to do so.

DOCS: https://gitea.com/gitea/docs/pulls/19

---

## demo:

```yaml
name: Name
title: Title
about: About
labels: ["label1", "label2"]
ref: Ref
body:
  - type: dropdown
    id: id6
    attributes:
      label: Label of dropdown (list)
      description: Description of dropdown
      multiple: true
      list: true
      options:
        - Option 1 of dropdown
        - Option 2 of dropdown
        - Option 3 of dropdown
        - Option 4 of dropdown
        - Option 5 of dropdown
        - Option 6 of dropdown
        - Option 7 of dropdown
        - Option 8 of dropdown
        - Option 9 of dropdown
```


![image](https://github.com/user-attachments/assets/102ed0f4-89da-420b-ab2a-1788b59676f9)

![image](https://github.com/user-attachments/assets/a2bdb14e-43ff-4cc6-9bbe-20244830453c)


---
*Sponsored by Kithara Software GmbH*
2024-07-14 16:38:45 +02:00
6543 957c75bfd2
Fix update flake (#31626) 2024-07-12 16:25:54 +00:00
GiteaBot d73623d526 [skip ci] Updated translations via Crowdin 2024-07-12 00:27:07 +00:00
Sunny Wan 4913edaa70
Display app name in the registration email title (#31562)
I changed the title of the registation email from "Welcome to Gitea" to
"Welcome to (appname)". I did this by substituting 'Gitea' in
register_notify to %s and formating the registration title in mail.go. I
changed this for all the languages I could, but I struggled to changed
the translation file for Farsi. I have attached the screenshots of
before and after and the related issue below.

Related issue:
https://github.com/go-gitea/gitea/issues/31108

Before change:
![Screenshot from 2024-07-04
22-32-17](https://github.com/go-gitea/gitea/assets/94445569/4178b51c-1acc-45f4-9750-dff41564a709)

After:
![Screenshot from 2024-07-04
22-32-01](https://github.com/go-gitea/gitea/assets/94445569/9cd7a58d-c0f5-4a3c-a66c-805c55411eaa)

---------

Signed-off-by: Sunny Wan <Sunnywan2020@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2024-07-11 23:23:31 +00:00
techknowlogick fa160b915d
typo on date in security document (#31617) 2024-07-11 21:51:08 +00:00
silverwind a06bbcf0b6
Update JS dependencies (#31616)
Result of `make update-js`. Tested all dependencies. Lockfile diff is
because of https://github.com/npm/cli/pull/7475.
2024-07-11 14:36:02 -04:00
silverwind 228c354b16
Add types for js globals (#31586)
Adds types for `window.config` and jQuery/htmx globals, eliminating 48
`tsc` errors.
2024-07-11 10:20:51 +00:00
Lunny Xiao 1b0ccf4bea
Upgrade security public key (#31594)
Fix #31591
2024-07-10 16:28:22 +00:00
Lunny Xiao 436af472a9
Fix wrong merge on removing docs (#31605) 2024-07-10 15:47:32 +00:00
wxiaoguang 72b6bc8caf
Refactor webhook (#31587)
A more complete fix for #31588

1. Make "generic" code more readable
2. Clarify HTML or Markdown for the payload content
2024-07-10 11:37:16 +00:00
Tobias Balle-Petersen 4ea2a6de81
Fix: Allow org team names of length 255 in create team form (#31564)
Gitea 1.22.1 was supposed to allow for team names of length 255 (up from
30) after the following PR was merged in:
https://github.com/go-gitea/gitea/pull/31410. However, the length of
team names was still limited to 30 as described in this issue:
https://github.com/go-gitea/gitea/issues/31554.

One more change to _gitea_ needs to be made to allow for the longer team
names, as there is a 30 character limit here:
2c92c7c522/services/forms/org.go (L65)

This PR changes that value to 255.
2024-07-10 02:15:17 +00:00
Lunny Xiao af1f0dfcc6
Remove docs sub folder since docs has been moved to https://gitea.com/gitea/docs (#31536) 2024-07-10 01:46:08 +00:00
Kyle D d6f8a60b65
Add bohde as maintainer (#31601)
[4 merged
PRs](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+author%3Abohde+is%3Aclosed)
2024-07-10 08:18:35 +08:00
delvh 7bb3835811
Add `YEAR`, `MONTH`, `MONTH_ENGLISH`, `DAY` variables for template repos (#31584)
Fixes #31583
2024-07-09 18:05:12 +00:00
Rowan Bohde 1ee59f0fa3
Allow disabling authentication related user features (#31535)
We have some instances that only allow using an external authentication
source for authentication. In this case, users changing their email,
password, or linked OpenID connections will not have any effect, and
we'd like to prevent showing that to them to prevent confusion.

Included in this are several changes to support this:
* A new setting to disable user managed authentication credentials
(email, password & OpenID connections)
* A new setting to disable user managed MFA (2FA codes & WebAuthn)
* Fix an issue where some templates had separate logic for determining
if a feature was disabled since it didn't check the globally disabled
features
* Hide more user setting pages in the navbar when their settings aren't
enabled

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-09 17:36:31 +00:00
silverwind 13015bba5a
Add back esbuild-loader for .js files (#31585)
The build currently seems to work fine without this, but in theory it
should fail because Fomantic is JavaScript. I feel more comfortable
having this loader declared.

Note: I did try using the [combined loader
config](https://github.com/privatenumber/esbuild-loader#-quick-setup)
but when I did that, vue files could not load, so I think this is the
best option.
2024-07-09 09:28:43 +00:00
6543 4696bcb3f7
Use FullName in Emails to address the recipient if possible (#31527)
Before we had just the plain mail address as recipient. But now we
provide additional Information for the Mail clients.

---
*Sponsored by Kithara Software GmbH*
2024-07-08 08:38:45 +00:00