Commit Graph

4615 Commits

Author SHA1 Message Date
qwerty287 f0bdbfe5a8
Merge branch 'main' into xormigrate 2024-08-13 17:09:37 +02:00
Zettat123 8883d99184
Support issue template assignees (#31083)
Resolve #13955
2024-08-12 16:00:40 +08:00
Jason Song 0470646d46
Show lock owner instead of repo owner on LFS setting page (#31788)
Fix #31784.

Before:

<img width="1648" alt="image"
src="https://github.com/user-attachments/assets/03f32545-4a85-42ed-bafc-2b193a5d8023">

After:

<img width="1653" alt="image"
src="https://github.com/user-attachments/assets/e5bcaf93-49cb-421f-aac1-5122bc488b02">
2024-08-11 14:48:20 +00:00
Fábio Barkoski e45a4c9829
Move repository visibility to danger zone in the settings area (#31126)
Moved repository visibility to the danger zone in the settings area. To
change the visibility, it is necessary to go to the danger zone, click
on the private/public button, and accept the change in the modal.

Resolves:  #23826

---
## Screenshots

<details>
<summary>Before</summary>
Private repo:

![Private
repo](https://github.com/go-gitea/gitea/assets/65479069/4313492a-4854-48bc-9f47-974e3539d791)

Public repo:

![Public
repo](https://github.com/go-gitea/gitea/assets/65479069/1c45f6e4-ee93-4799-9331-e9d4a7e0f16a)

</details>
<details>
<summary>After</summary>
Make private:

![Screenshot from 2024-05-28
21-35-38](https://github.com/go-gitea/gitea/assets/65479069/4887e28a-0514-4990-aa69-bf3ddc7e6c7d)

Make private modal

![Screenshot from 2024-06-13
23-55-55](https://github.com/go-gitea/gitea/assets/65479069/9f5a7604-069b-41a2-973b-ee2d58e85953)

![Screenshot from 2024-06-13
23-53-09](https://github.com/go-gitea/gitea/assets/65479069/06c22726-eab2-4bce-8df7-62849dcce974)

Make public:

![Screenshot from 2024-05-28
21-34-27](https://github.com/go-gitea/gitea/assets/65479069/6d388f99-0356-48a0-9d85-320cdba55179)

Make public modal

![Screenshot from 2024-06-13
23-53-37](https://github.com/go-gitea/gitea/assets/65479069/8944972e-f2d4-4aea-ba96-b892febb5ced)

</details>

---------

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-08-11 07:50:54 +03:00
qwerty287 02c2362696
Merge remote-tracking branch 'upstream/main' into xormigrate 2024-08-10 08:14:03 +02:00
a1012112796 9633f336c8
Add warning message in merge instructions when `AutodetectManualMerge` was not enabled (#31805)
not enabled

quick-f-i-x https://github.com/go-gitea/gitea/issues/31433 ? , maybe
need more disscusion about better solutions.

example view:


![image](https://github.com/user-attachments/assets/2af7e1e8-42b9-4473-89c7-12d4a9205d3f)

adtion notes about how to enable `AutodetectManualMerge`


![image](https://github.com/user-attachments/assets/28f84317-367a-40d8-b50d-a19ef7c664d4)

Signed-off-by: a1012112796 <1012112796@qq.com>
2024-08-10 01:09:34 +00:00
FuXiaoHei df27846628
Show latest run when visit /run/latest (#31808)
Proposal from
https://github.com/go-gitea/gitea/issues/27911#issuecomment-2271982172

When visit latest run path, such as
`/{user}/{repo}/actions/runs/latest`. It renders latest run instead of
index=0 currently.
2024-08-10 08:40:41 +08:00
Lunny Xiao 791d7fc76a
Add issue comment when moving issues from one column to another of the project (#29311)
Fix #27278
Replace #27816

This PR adds a meta-comment for an issue when dragging an issue from one
column to another of a project.

<img width="600" alt="image"
src="https://github.com/go-gitea/gitea/assets/81045/5fc1d954-430e-4db0-aaee-a00006fa91f5">

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: yp05327 <576951401@qq.com>
2024-08-09 01:29:02 +00:00
qwerty287 a88372f543
Merge branch 'main' into xormigrate 2024-08-08 18:39:34 +02:00
KN4CK3R 3862b31abb
Fix RPM resource leak (#31794)
Fixes a resource leak introduced by #27069.

- add defer
- move sign code out of `repository.go`
2024-08-08 09:43:04 +00:00
qwerty287 b62a5dbb4b
Merge branch 'main' into xormigrate 2024-08-06 19:26:41 +02:00
Lunny Xiao df7f1c2ead
Fix protected branch files detection on pre_receive hook (#31778)
Fix #31738

When pushing a new branch, the old commit is zero. Most git commands
cannot recognize the zero commit id. To get the changed files in the
push, we need to get the first diverge commit of this branch. In most
situations, we could check commits one by one until one commit is
contained by another branch. Then we will think that commit is the
diverge point.

And in a pre-receive hook, this will be more difficult because all
commits haven't been merged and they actually stored in a temporary
place by git. So we need to bring some envs to let git know the commit
exist.
2024-08-06 13:32:49 +00:00
Exploding Dragon de175e3b06
Add signature support for the RPM module (#27069)
close  #27031

If the rpm package does not contain a matching gpg signature, the
installation will fail. See (#27031) , now auto-signing rpm uploads.

This option is turned off by default for compatibility.
2024-08-06 09:03:33 -04:00
qwerty287 8f3310dbd1
Merge remote-tracking branch 'origin/main' into xormigrate 2024-08-04 17:46:35 +02:00
Lunny Xiao 976f78eb77
Fix wiki revision pagination (#31760)
Fix #31755
2024-08-03 18:35:55 +00:00
Jason Song 687c118248
Clear up old Actions logs (#31735)
Part of #24256.

Clear up old action logs to free up storage space.

Users will see a message indicating that the log has been cleared if
they view old tasks.

<img width="1361" alt="image"
src="https://github.com/user-attachments/assets/9f0f3a3a-bc5a-402f-90ca-49282d196c22">

Docs: https://gitea.com/gitea/docs/pulls/40

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-08-02 00:42:08 +00:00
qwerty287 75d10e9d96
Merge branch 'main' into xormigrate 2024-07-30 09:02:05 +02:00
yp05327 75d0b61546
Fix the display of project type for deleted projects (#31732)
Fix: #31727
After:

![image](https://github.com/user-attachments/assets/1dfb4b31-3bd6-47f7-b126-650f33f453e2)
2024-07-30 04:37:43 +00:00
Jason Song 81fa471119
Set owner id to zero when GetRegistrationToken for repo (#31725)
Fix #31707.

It's split from #31724.

Although #31724 could also fix #31707, it has change a lot so it's not a
good idea to backport it.
2024-07-29 18:46:45 +00:00
Bo-Yi Wu d39bce7f00
fix(api): owner ID should be zero when created repo secret (#31715)
- Change condition to include `RepoID` equal to 0 for organization
secrets

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-29 17:15:02 +00:00
Jason Song bf5ae79c51
Fix API endpoint for registration-token (#31722)
Partially fix #31707. Related to #30656
2024-07-29 16:45:24 +00:00
yp05327 e0a408e6f3
Add permission check when creating PR (#31033)
user should be a collaborator of the base repo to create a PR
2024-07-29 02:21:22 +00:00
Zettat123 7dec8de914
Hide the "Details" link of commit status when the user cannot access actions (#30156)
Fix #26685

If a commit status comes from Gitea Actions and the user cannot access
the repo's actions unit (the user does not have the permission or the
actions unit is disabled), a 404 page will occur after clicking the
"Details" link. We should hide the "Details" link in this case.

<img
src="https://github.com/go-gitea/gitea/assets/15528715/68361714-b784-4bb5-baab-efde4221f466"
width="400px" />
2024-07-28 23:11:40 +08:00
qwerty287 50b11454d0
Merge branch 'main' into xormigrate 2024-07-27 19:53:15 +02:00
Shivaram Lingamneni e1cf760d2f
OIDC: case-insensitive comparison for auth scheme `Basic` (#31706)
@kylef pointed out on https://github.com/go-gitea/gitea/pull/31632 that
[RFC7617](https://www.rfc-editor.org/rfc/rfc7617.html#section-2)
mandates case-insensitive comparison of the scheme field `Basic`. #31632
copied a case-sensitive comparison from
https://github.com/go-gitea/gitea/pull/6293. This PR fixes both
comparisons.

The issue only affects OIDC, since the implementation for normal Gitea
endpoints is already correct:


930ca92d7c/services/auth/basic.go (L55-L58)
2024-07-26 19:51:45 +00:00
qwerty287 68d2ba9828
Merge branch 'main' into xormigrate 2024-07-25 17:10:50 +02:00
Shivaram Lingamneni ecc8f2b047
add `username` to OIDC introspection response (#31688)
This field is specified as optional here:
https://datatracker.ietf.org/doc/html/rfc7662#section-2.2

It's used by some OIDC integrations, e.g.
https://emersion.fr/blog/2022/irc-and-oauth2/

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-25 12:36:05 +00:00
Adam Majer bae87dfb09
Add return type to GetRawFileOrLFS and GetRawFile (#31680)
Document return type for the endpoints that fetch specific files from a
repository. This allows the swagger generated code to read the returned
data.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-25 14:06:19 +02:00
yp05327 cc044818c3
Support delete user email in admin panel (#31690)
![QQ_1721784609320](https://github.com/user-attachments/assets/23f08bf3-93f4-44d7-963d-10380ef8c1f1)

![QQ_1721784616403](https://github.com/user-attachments/assets/667cbd1e-5e21-4489-8d18-2a7be85190db)

![QQ_1721784626722](https://github.com/user-attachments/assets/495beb94-dfa2-481c-aa60-d5115cad1ae1)

---------

Co-authored-by: Jason Song <i@wolfogre.com>
2024-07-25 18:11:04 +08:00
Stanislas Dolcini d8f82cbc78
Use GetDisplayName() instead of DisplayName() to generate rss feeds (#31687)
Fixes #31491 The RSS feed converted ignored the setting used in the
application.
2024-07-25 17:33:02 +08:00
qwerty287 4e82ec34fe
Merge branch 'main' into xormigrate 2024-07-23 20:34:46 +02:00
Shivaram Lingamneni 2f1cb1d289
fix OIDC introspection authentication (#31632)
See discussion on #31561 for some background.

The introspect endpoint was using the OIDC token itself for
authentication. This fixes it to use basic authentication with the
client ID and secret instead:

* Applications with a valid client ID and secret should be able to
  successfully introspect an invalid token, receiving a 200 response
  with JSON data that indicates the token is invalid
* Requests with an invalid client ID and secret should not be able
  to introspect, even if the token itself is valid

Unlike #31561 (which just future-proofed the current behavior against
future changes to `DISABLE_QUERY_AUTH_TOKEN`), this is a potential
compatibility break (some introspection requests without valid client
IDs that would previously succeed will now fail). Affected deployments
must begin sending a valid HTTP basic authentication header with their
introspection requests, with the username set to a valid client ID and
the password set to the corresponding client secret.
2024-07-23 12:43:03 +00:00
qwerty287 be176edf79
Merge remote-tracking branch 'origin/main' into xormigrate 2024-07-20 12:17:41 +02:00
Denys Konovalov a8d0c879c3
add skip secondary authorization option for public oauth2 clients (#31454) 2024-07-19 14:28:30 -04:00
qwerty287 e46974d6f5
fix lints 2024-07-18 17:25:35 +02:00
Rowan Bohde 416c36f303
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

### Notes on updating permissions
Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-16 20:33:16 +02:00
wxiaoguang 72b6bc8caf
Refactor webhook (#31587)
A more complete fix for #31588

1. Make "generic" code more readable
2. Clarify HTML or Markdown for the payload content
2024-07-10 11:37:16 +00:00
Rowan Bohde 1ee59f0fa3
Allow disabling authentication related user features (#31535)
We have some instances that only allow using an external authentication
source for authentication. In this case, users changing their email,
password, or linked OpenID connections will not have any effect, and
we'd like to prevent showing that to them to prevent confusion.

Included in this are several changes to support this:
* A new setting to disable user managed authentication credentials
(email, password & OpenID connections)
* A new setting to disable user managed MFA (2FA codes & WebAuthn)
* Fix an issue where some templates had separate logic for determining
if a feature was disabled since it didn't check the globally disabled
features
* Hide more user setting pages in the navbar when their settings aren't
enabled

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-09 17:36:31 +00:00
Henry Goodman 12cb1d2998
Allow force push to protected branches (#28086)
Fixes #22722 

### Problem
Currently, it is not possible to force push to a branch with branch
protection rules in place. There are often times where this is necessary
(CI workflows/administrative tasks etc).

The current workaround is to rename/remove the branch protection,
perform the force push, and then reinstate the protections.

### Solution
Provide an additional section in the branch protection rules to allow
users to specify which users with push access can also force push to the
branch. The default value of the rule will be set to `Disabled`, and the
UI is intuitive and very similar to the `Push` section.

It is worth noting in this implementation that allowing force push does
not override regular push access, and both will need to be enabled for a
user to force push.

This applies to manual force push to a remote, and also in Gitea UI
updating a PR by rebase (which requires force push)

This modifies the `BranchProtection` API structs to add:
- `enable_force_push bool`
- `enable_force_push_whitelist bool`
- `force_push_whitelist_usernames string[]`
- `force_push_whitelist_teams string[]`
- `force_push_whitelist_deploy_keys bool`

### Updated Branch Protection UI:

<img width="943" alt="image"
src="https://github.com/go-gitea/gitea/assets/79623665/7491899c-d816-45d5-be84-8512abd156bf">

### Pull Request `Update branch by Rebase` option enabled with source
branch `test` being a protected branch:


![image](https://github.com/go-gitea/gitea/assets/79623665/e018e6e9-b7b2-4bd3-808e-4947d7da35cc)
<img width="1038" alt="image"
src="https://github.com/go-gitea/gitea/assets/79623665/57ead13e-9006-459f-b83c-7079e6f4c654">

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-07-05 18:21:56 +00:00
Anbraten 91745ae46f
Add Passkey login support (#31504)
closes #22015

After adding a passkey, you can now simply login with it directly by
clicking `Sign in with a passkey`.

![Screenshot from 2024-06-26
12-18-17](https://github.com/go-gitea/gitea/assets/6918444/079013c0-ed70-481c-8497-4427344bcdfc)

Note for testing. You need to run gitea using `https` to get the full
passkeys experience.

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-06-29 22:50:03 +00:00
wxiaoguang 43c7a2e7b1
Refactor names (#31405)
This PR only does "renaming":

* `Route` should be `Router` (and chi router is also called "router")
* `Params` should be `PathParam` (to distingush it from URL query param, and to match `FormString`)
* Use lower case for private functions to avoid exposing or abusing
2024-06-19 06:32:45 +08:00
wxiaoguang 21783a5752
Fix rendered wiki page link (#31398)
Fix #31395
2024-06-18 03:09:20 +00:00
wxiaoguang 37a4b233a0
Refactor repo unit "disabled" check (#31389)
1. There are already global "unit consts", no need to use context data, which is fragile
2. Remove the "String()" method from "unit", it would only cause rendering problems in templates

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-06-18 00:51:13 +00:00
wxiaoguang d32648b204
Refactor route path normalization (#31381)
Refactor route path normalization and decouple it from the chi router.
Fix the TODO, fix the legacy strange path behavior.
2024-06-17 23:28:47 +00:00
6543 363c123598
Add cache test for admins (#31265)
Add a test to probe the cache similar to the email test func.


![image](https://github.com/go-gitea/gitea/assets/24977596/700e2733-586d-4091-900f-f5f71e6e94bf)


![image](https://github.com/go-gitea/gitea/assets/24977596/2a953802-18fc-4e81-a37d-24ebe1297365)


![image](https://github.com/go-gitea/gitea/assets/24977596/e00d62ad-bb60-41cc-9138-09993daee156)

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
2024-06-17 21:22:39 +02:00
wxiaoguang 0f09c22663
Improve rubygems package registry (#31357)
To make it work with Bundler:
https://guides.rubygems.org/rubygems-org-compact-index-api/

It only adds 2 new API endpoints and improves some tests, existing logic
is not changed.
2024-06-17 08:42:46 +00:00
Brecht Van Lommel 597d1da96b
Fix missing images in editor preview due to wrong links (#31299)
Parse base path and tree path so that media links can be correctly
created with /media/.

Resolves #31294

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-06-17 14:16:14 +08:00
6543 78e8296e11
Rename repo_model.SearchOrderByMap to repo_model.OrderByMap (#31359)
https://github.com/go-gitea/gitea/pull/30876#discussion_r1637112394
2024-06-15 06:45:02 +00:00
Zettat123 42718d32af
Allow downloading attachments of draft releases (#31369)
Fix #31362
2024-06-15 12:20:14 +08:00
wxiaoguang 84cbb6c4d2
Fix duplicate sub-path for avatars (#31365)
Fix #31361, and add tests

And this PR introduces an undocumented & debug-purpose-only config
option: `USE_SUB_URL_PATH`. It does nothing for end users, it only helps
the development of sub-path related problems.

And also fix #31366

Co-authored-by: @ExplodingDragon
2024-06-15 11:43:57 +08:00