Backport #24362 by @jolheiser
> The scoped token PR just checked all API routes but in fact, some web
routes like `LFS`, git `HTTP`, container, and attachments supports basic
auth. This PR added scoped token check for them.
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #24339 by @yardenshoham
I made it render the script even if the repo is archived
- Fixes#24324
Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
Backport #24307Fix#24305
According to MDN, "bold" starts from 700, some fonts do not provide
"bolding" for weight 600
Manually backport, no CSS conflict.
Backport #24035 by @garymoon
This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.
- Resolves https://github.com/go-gitea/gitea/issues/23392
Signed-off-by: Gary Moon <gary@garymoon.net>
Co-authored-by: Gary Moon <garymoon@users.noreply.github.com>
Backport #24116 by @techknowlogick
Proposal found here: https://github.com/go-gitea/gitea/issues/23654
TODO: make non-breaking (can we publish docker image using dev and
nightly prefix? at same time). if anyone has advice please comment :)
If this PR is merged, then I can add redirects to the downloads site.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Backport #24148
`repoCtx.CommitsCount` is not reliably the commit count of the default
branch (Repository.GetCommitsCount depends on what is currently
displayed).
_contributed in the context of @forgejo_
---------
Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Backport #24194 by @harryzcy
- [x] Identify endpoints that should be public
- [x] Update integration tests
Fix#24159
Co-authored-by: harryzcy <harry@harryzheng.com>
Backport #24202Close#24195
Fix the bug:
1. The old code doesn't handle `removedfile` event correctly
2. The old code doesn't provide attachments for type=CommentTypeReview
---------
Co-authored-by: silverwind <me@silverwind.io>
Backport #24184 by @krzysztofjeziorny
A vertical overflow appears in Firefox 112/MacOS 12.6 when the system
setting for scrollbars is to "Always" show them.
Here, the fixed 100vw container widths are removed, which removes the
overflow. It is, however, only simulated in Developer Tools in latest
Firefox and Chromium, so please test on a Gitea installation.
Co-authored-by: Krzysztof Jeziorny <872730+krzysztofjeziorny@users.noreply.github.com>
Backport #24192 by @brechtvl
Rendering of Allow Edits from Maintainers did not check if the head repo
exists, while other parts of the page handle it gracefully.
Co-authored-by: Brecht Van Lommel <brecht@blender.org>
Backport #24161 by @wxiaoguang
## Before
* The renaming detection is wrong (eg: pasting a new name into the input
doesn't trigger the detection)
* The renaming prompt layout is not good
* Some MaxSize/maxlength rules is missing
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #24105 by @lunny
In #12269, all string fields of struct will generate a NVARCHAR column
in database, but for those Gitea instances installed before that PR,
users have to convert columns themselves.
In this PR, we update the `./gitea admin convert` commands to support
both MySQL and MSSQL database converting. Previously, it only supported
converting `utf8 -> utf8mb4` for MySQL.
Now, it will check the database types.
If it's MSSQL, it will convert `VARCHAR -> NVARCHAR` as well.
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #24133 by @jtran
For 2-dot direct compare, we should use the base commit in the title and
templates, as is used elsewhere, not the common ancestor which is used
for 3-dot compare. I believe that this change should have been included
in #22949.
Co-authored-by: Jonathan Tran <jonnytran@gmail.com>
Fix#24075Fix#23873
From the log:
```
2023/04/02 19:41:46 .../templates/mailer.go:68:1() [T] Adding mailer template for \issue\default from "C:\gitea\custom\templates\mail\issue\default.tmpl"
```
That `assetName ` on Windows is wrong. Gitea only uses slash `/`.
Backport #24050 by @sillyguodong
In the `for` loop, the value of `membershipsToAdd[org]` and
`membershipsToRemove[org]` is a slice that should be appended instead of
overwritten.
Due to the current overwrite, the LDAP group sync only matches the last
group at the moment.
## Example reproduction
- an LDAP user is both a member of
`cn=admin_staff,ou=people,dc=planetexpress,dc=com` and
`cn=ship_crew,ou=people,dc=planetexpress,dc=com`.
- configuration of `Map LDAP groups to Organization teams ` in
`Authentication Sources`:
```json
{
"cn=admin_staff,ou=people,dc=planetexpress,dc=com":{
"test_organization":[
"admin_staff",
"test_add"
]
},
"cn=ship_crew,ou=people,dc=planetexpress,dc=com":{
"test_organization":[
"ship_crew"
]
}
```
- start `Synchronize external user data` task in the `Dashboard`.
- the user was only added for the team `test_organization.ship_crew`
Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
Backport #23786
Refactor commit status for Actions jobs (#23786)
Highlights:
- Treat `StatusSkipped` as `CommitStatusSuccess` instead of
`CommitStatusFailure`, so it fixed#23599.
- Use the bot user `gitea-actions` instead of the trigger as the creator
of commit status.
- New format `<run_name> / <job_name> / (<event>)` for the context of
commit status to avoid conflicts.
- Add descriptions for commit status.
- Add the missing calls to `CreateCommitStatus`.
- Refactor `CreateCommitStatus` to make it easier to use.
Co-authored-by: Jason Song <i@wolfogre.com>
Giteabot
