Commit Graph

14243 Commits

Author SHA1 Message Date
M Hickford 6a45a691c1
Ignore port for loopback redirect URIs (#21293)
Following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3

Fixes #21285
2022-09-29 00:19:55 +02:00
M Hickford 0e83ab8df7
Improve error descriptions for unauthorized_client (#21292)
Fixes #21282


As suggested by the [OAuth RFC](https://www.rfc-editor.org/rfc/rfc6749)
(quoted below), it's helpful to give more detail in the description

> error_description
OPTIONAL. Human-readable ASCII
[[USASCII](https://www.rfc-editor.org/rfc/rfc6749#ref-USASCII)] text
providing **additional information, used to assist the client developer
in understanding the error that occurred.**
Values for the "error_description" parameter MUST NOT include characters
outside the set %x20-21 / %x23-5B / %x5D-7E.
2022-09-28 15:10:27 -04:00
silverwind 677a09eb74
Consolidate more CSS rules, fix inline code on arc-green (#21260)
- Consolidate various CSS rules into base rules
- Fix inline code in Markdown not having enough contrast on arc-green

Adds one new color variable, `--color-label-active-bg` for the
background of active labels.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-28 21:19:22 +08:00
6543 5a3b9ac875
Update bluemonday (#21281)
https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.20

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-09-27 22:02:41 -04:00
Hasnain Lakhani 64c3d55de7
Add support for authentication based on reverse proxy email (#19949)
This is useful in scenarios where the reverse proxy may have knowledge
of user emails, but does not know about usernames set on gitea,
as in the feature request in #19948.

I tested this by setting up a fresh gitea install with one user `mhl`
and email `m.hasnain.lakhani@gmail.com`. I then created a private repo,
and configured gitea to allow reverse proxy authentication.

Via curl I confirmed that these two requests now work and return 200s:

curl http://localhost:3000/mhl/private -I --header "X-Webauth-User: mhl"
curl http://localhost:3000/mhl/private -I --header "X-Webauth-Email: m.hasnain.lakhani@gmail.com"

Before this commit, the second request did not work.

I also verified that if I provide an invalid email or user,
a 404 is correctly returned as before

Closes #19948

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-09-28 02:00:15 +02:00
Wim 889a41c6a8
Do not allow organisation owners add themselves as collaborator (#20043)
We're already checking for repo owners, but we also need to check for
organisation owners that try to add themselves as collaborator

Closes #17966
2022-09-28 01:25:40 +02:00
HeySora dabc06d13b
Feature: Case-insensitive "find files in repo" (#21269)
This (short) PR builds upon #15028 and makes the file search
case-insensitive.

Previously, having a file named `TestFile.cs` would not be shown if
`test` was typed in the search box.
This now changes the matching function to be case-insensitive (without
affecting the UI).

The matching function, `strSubMatch`, is only used for this feature (it
has been introduced by #15028), meaning that this PR does not affect the
behaviour of any unrelated functionality of Gitea.
2022-09-28 00:55:15 +02:00
John Olheiser 8cd3237a9e
Better repo API unit checks (#21130)
This PR would presumably
Fix #20522
Fix #18773
Fix #19069
Fix #21077

Fix #13622

-----

1. Check whether unit type is currently enabled
2. Check if it _will_ be enabled via opt
3. Allow modification as necessary


Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-09-28 00:23:58 +02:00
KN4CK3R 904b324716
Fix empty container layer history and UI (#21251)
Fixes #21248
2022-09-27 15:03:24 +02:00
sebastian-sauer 31f934c1d8
Add filetree on left of diff view (#21012)
This PR adds a filetree to the left side of the files/diff view.

Initially the filetree will not be shown and may be shown via a new
"Show file tree" button.

Showing and hiding is using the same icon as github. Folders are
collapsible. On small devices (max-width 991 PX) the file tree will be
hidden.

Close #18192

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-27 13:22:19 +08:00
Tyrone Yeh 525751243e [skip ci] Updated translations via Crowdin 2022-09-27 00:21:05 +00:00
Tyrone Yeh 2d94774c34
Add author search input (#21246)
New author filter in #20578 missing author search input
#20623 lost author, so add this

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-09-26 18:15:12 +08:00
silverwind ec0a06e52c
Upgrade chroma to v2.3.0 (#21259)
The behaviour of `PreventSurroundingPre` has changed in
https://github.com/alecthomas/chroma/pull/618 so that apparently it now
causes line wrapper tags to be no longer emitted, but we need some form
of indication to split the HTML into lines, so I did what
https://github.com/yuin/goldmark-highlighting/pull/33 did and added the
`nopWrapper`.

Maybe there are more elegant solutions but for some reason, just
splitting the HTML string on `\n` did not work.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-26 13:50:03 +08:00
Julien Palard 2649e7ffbd [skip ci] Updated translations via Crowdin 2022-09-26 00:20:43 +00:00
Julien Palard ed255fd8a1
Typo in config-cheat-sheet (#21261) 2022-09-25 18:16:46 -04:00
silverwind 3d92ad8eb9
Use native inputs in whitespace dropdown (#20980)
Use native `<input type="radio">` instead of fake icon font. The
`pointer-events: none` is necessary so the link click always takes
effect. Tested in Firefox, Safari and Chrome.

Before:
<img width="305" alt="Screen Shot 2022-08-27 at 20 42 11"
src="https://user-images.githubusercontent.com/115237/187044786-6655c766-c3fb-4672-9e3e-219b3ec4896c.png">

After:
<img width="298" alt="Screen Shot 2022-08-27 at 21 10 05"
src="https://user-images.githubusercontent.com/115237/187044790-33f87741-062e-4744-80b1-d3bd3fd725e3.png">
<img width="302" alt="image"
src="https://user-images.githubusercontent.com/115237/187044872-6c133cea-65ee-4ebd-b18a-a8b38c791565.png">
2022-09-25 22:01:05 +08:00
wxiaoguang c4742fbea3 [skip ci] Updated licenses and gitignores 2022-09-25 00:20:43 +00:00
wxiaoguang bb1e0d0aa5
Use en-US as fallback when using other default language (#21200)
Only en-US has complete translations. When use other language as
default, the en-US should still be used as fallback.

Close #21199

### Screenshot


![image](https://user-images.githubusercontent.com/2114189/190882906-b7a83958-0ea2-46c4-9084-42c4f9a239aa.png)

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-09-25 02:00:16 +03:00
KN4CK3R 0c8ce71188
Make NuGet service index publicly accessible (#21242)
Addition to #20734, Fixes #20717

The `/index.json` endpoint needs to be accessible even if the registry
is private. The NuGet client uses this endpoint without
authentification.

The old fix only works if the NuGet cli is used with `--source <name>`
but not with `--source <url>/index.json`.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-24 23:17:08 +08:00
Nulo (he/him) cca189ef97
Save files in local storage as umask (#21198)
Go creates temporary files as 600, but sometimes we want the group to be able to read them (for example,
for another user to back up the storage)

This PR applies the umask to the renamed tmp files in local storage.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-24 21:04:14 +08:00
Jack Vine 83680c97a7
NPM Package Registry search API endpoint (#20280)
Close #20098, in the NPM registry API, implemented to match what's described by https://github.com/npm/registry/blob/master/docs/REGISTRY-API.md#get-v1search

Currently have only implemented the bare minimum to work with the [Unity Package Manager](https://docs.unity3d.com/Manual/upm-ui.html).

Co-authored-by: Jack Vine <jackv@jack-lemur-suse.cat-prometheus.ts.net>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-24 19:24:33 +08:00
Tyrone Yeh da0a9ec811 [skip ci] Updated translations via Crowdin 2022-09-24 00:20:52 +00:00
Tyrone Yeh 10228387d2
Added search input field to issue filter (#20623)
Added search input field to issue filter for label and milestone and assignee

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-23 13:23:24 +08:00
silverwind 3f9e323ecd
Various CSS tweaks (#21244)
- Remove arc-green specific rules and instead fix the colors in the base
rules.
- Make file table row border visible on arc-green.
- Remove remnants of fomantic accordeon module that was removed.
2022-09-22 22:00:29 -05:00
KN4CK3R 301d84e83a [skip ci] Updated translations via Crowdin 2022-09-23 00:20:55 +00:00
KN4CK3R f52fe82add
Use absolute links in feeds (#21229)
fixes #20864

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-09-21 16:51:42 -04:00
delvh acee32ca09
Prevent invalid behavior for file reviewing when loading more files (#21230)
The problem was that many PR review components loaded by `Show more`
received the same ID as previous batches, which confuses browsers (when
clicked). All such occurrences should now be fixed.

Additionally improved the background of the `viewed` checkbox.

Lastly, the `go-licenses.json` was automatically updated.

Fixes #21228.
Fixes #20681.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-22 01:02:56 +08:00
KN4CK3R 0a9a86b943
Respect `REQUIRE_SIGNIN_VIEW` for packages (#20873)
Fix #20863

When REQUIRE_SIGNIN_VIEW = true, even with public repositories, you can only see them after you login. The packages should not be accessed without login.

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-21 21:01:18 +08:00
wxiaoguang d9bc6881ef
Make Clone in VSCode link get updated correctly (#21225)
Follow #20557, fix #21224

The `clone_script` will update `.js-clone-url` and related elements,
so it should be put after these elements.
2022-09-21 19:51:10 +08:00
silverwind 399514453e
Configure golangci-lint to show all issues (#21106)
golangci by default [limits](https://golangci-lint.run/usage/configuration/#issues-configuration)
"same issues" to 3 which can be hindering when many issues are present.
Change it to always show all issues.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-20 17:39:00 +08:00
KN4CK3R 1b630ff7cd
Fix user visible check (#21210)
Fixes #21206

If user and viewer are equal the method should return true.
Also the common organization check was wrong as `count` can never be
less then 0.

Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-09-20 15:59:20 +08:00
Lunny Xiao a196302472
Fix template bug of admin monitor (#21208)
Fix #21207

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-09-19 20:53:39 -04:00
delvh 0c51595eed
Clarify that `ENABLE_SWAGGER` only influences the API docs, not the routes (#21215)
Previously, the docs seemed to suggest that you can disable the API
completely by setting `ENABLE_SWAGGER=false`.
This is not the case.
2022-09-20 00:48:48 +02:00
silverwind d0e3c53815
Enable fluid page layout on medium size viewports (#21178)
Fomantic has abrupt breakpoints at 991px and 768px which leads to
variable amounts of wasted screen space below those breakpoints.
Instead, enable fluid width for all viewport sizes below 1200px.
2022-09-19 14:50:15 +02:00
6543 c5e88fb03d
[API] teamSearch show teams with no members if user is admin (#21204)
close #21176
2022-09-19 20:02:29 +08:00
naoki kuroda c87e6a89da
Fix typo (#21201)
<!--

Please check the following:

1. Make sure you are targeting the `main` branch, pull requests on
release branches are only allowed for bug fixes.
2. Read contributing guidelines:
https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
3. Describe what your pull request does and which issue you're targeting
(if any)

-->  
I fixed typo.
2022-09-18 16:13:34 +08:00
wxiaoguang 395f65c65a
Remove unnecessary length check for repo's Description & Website (#21194)
Follows #21119

The manual length check doesn't make sense nowadays:
1. The length check is already done by form's `binding:MaxSize` (then the manual check is unnecessary)
2. The CreateRepository doesn't have such check (then the manual check is inconsistent)

So this PR removes these manual length checks.
2022-09-18 10:35:24 +08:00
wxiaoguang 321964155a
Treat git object mode 40755 as directory (#21195)
Git uses 040000 for tree object, but some users may get 040755 for
unknown reasons

Try to fix #21190
* #21190
2022-09-18 09:31:20 +08:00
Jason Song 34f736ca04
Fix reaction of issues (#21185)
Fix #20860.

`CommentID` in `FindReactionsOptions` should be -1 to search reactions
with zero comment id.


8351172b6e/models/issues/reaction.go (L108-L121)

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-09-17 19:54:03 +08:00
KN4CK3R 43c10def68
Fix CSV diff for added/deleted files (#21189)
Fixes #21184
Regression of #19552

Instead of using `GetBlobByPath` I use the already existing instances.

We need more information from #19530 if that error is still present.
2022-09-17 10:45:32 +08:00
JakobDev 548387b2be
Show label description in comments section (#21156)
The labels in the comment section are currently missing the description that all other labels have.
2022-09-16 20:44:00 +08:00
JakobDev 8351172b6e
Limit length of repo description and repo url input fields (#21119)
Both allow only limited characters. If you input more, you will get a error
message. So it make sense to limit the characters of the input fields.

Slightly relax the MaxSize of repo's Description and Website
2022-09-16 15:19:16 +08:00
silverwind bdc4c4c379 [skip ci] Updated translations via Crowdin 2022-09-16 00:20:55 +00:00
silverwind d3050e0d01
File header tweaks (#21175)
- Remove non-matching selector
- Set font-size on parent so `.mono` can correctly reduce it

Before (font subjectively too big):
<img width="1270" alt="Screenshot 2022-09-15 at 19 03 56"
src="https://user-images.githubusercontent.com/115237/190466867-283e9c23-cbfa-457e-8dbe-94902e886cc7.png">

After:
<img width="1266" alt="image"
src="https://user-images.githubusercontent.com/115237/190467290-eb392007-5db2-4ab0-a5be-e7cfe4618dcc.png">
2022-09-15 23:57:42 +03:00
JakobDev bf325d4412
Keep path when creating a new branch (#21153)
If you are create a new new branch while viewing file or directory, you
get redirected to the root of the repo. With this PR, you keep your
current path instead of getting redirected to the repo root.
2022-09-15 21:25:16 +08:00
KN4CK3R ef40324c43
Display image digest for container packages (#21170)
fixes #21160
2022-09-14 22:45:13 +02:00
JakobDev cad8f1b1fe
Use correct branch for .editorconfig error (#21152)
In #21088 I accidentally forgot to support multiple branches. It always
checks the default branch, no matter on which branch you are working on.
With this fix, it always shows the error from the current branch. Sorry
for that.
2022-09-14 20:54:30 +02:00
wxiaoguang 0ba2f53ca1
Passing command line arguments correctly by string slice (#21168)
Using `append(args, strings.Fields(arg)...)` is dangerous, it may
generate incorrect results.

For example: `arg1 "the dangerous"` will be splitted to 3 arguments:
`arg1`, `"the`, `dangerous"`. In some cases the incorrect arguments may
lead to security problems.
2022-09-14 15:59:52 +02:00
sergemedvid e07d089be0
Sort branches and tags by date descending (#21136)
This fixes #5709 and #17316 by changing the order of listed branches
and tags to show the ones with latest commits atop.
It's achieved with changing underlying "show-ref" git command with
"for-each-ref" as suggested in https://stackoverflow.com/a/5188364
Also, it's passing format string so the output matches "show-ref"
command output.

close #5709
close #17316
2022-09-14 14:11:24 +02:00
KN4CK3R 5933f04094
Skip dirty check for team forms (#21154)
The dirty check is not usefull for these forms.
2022-09-14 13:24:39 +02:00