Commit graph

1366 commits

Author SHA1 Message Date
Earl Warren e658a6a9cd
[GITEA] API commentAssignment() to verify the id belongs
Instead of repeating the tests that verify the ID of a comment
is related to the repository of the API endpoint, add the middleware
function commentAssignment() to assign ctx.Comment if the ID of the
comment is verified to be related to the repository.

There already are integration tests for cases of potential unrelated
comment IDs that cover some of the modified endpoints which covers the
commentAssignment() function logic.

* TestAPICommentReactions - GetIssueCommentReactions
* TestAPICommentReactions - PostIssueCommentReaction
* TestAPICommentReactions - DeleteIssueCommentReaction
* TestAPIEditComment - EditIssueComment
* TestAPIDeleteComment - DeleteIssueComment
* TestAPIGetCommentAttachment - GetIssueCommentAttachment

The other modified endpoints do not have tests to verify cases of
potential unrelated comment IDs. They no longer need to because they
no longer implement the logic to enforce this. They however all have
integration tests that verify the commentAssignment() they now rely on
does not introduce a regression.

* TestAPIGetComment - GetIssueComment
* TestAPIListCommentAttachments - ListIssueCommentAttachments
* TestAPICreateCommentAttachment - CreateIssueCommentAttachment
* TestAPIEditCommentAttachment - EditIssueCommentAttachment
* TestAPIDeleteCommentAttachment - DeleteIssueCommentAttachment

(cherry picked from commit d414376d749041da1be288c02fdaa24fddeafd5c)
(cherry picked from commit 09db07aeaed167edc66cb832b0aa54b31d14f0d8)
(cherry picked from commit f44830c3cba0b9416505a2b0b560cfa096ffeb7c)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 9d1bf7be15420ce4ca6e92a8bd048d483172de3b)
2024-02-05 16:09:43 +01:00
Earl Warren 603a44edf0
[GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments
Refs: https://codeberg.org/forgejo/forgejo/issues/2109
(cherry picked from commit 8b4ba3dce7fc99fa328444ef27383dccca49c237)
(cherry picked from commit 196edea0f972a9a027c4cacb9df36330cf676d2f)

[GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments (squash) do not implicitly create a review

If a comment already exists in a review, the comment is added. If it
is the first comment added to a review, it will implicitly create a
new review instead of adding to the existing one.

The pull_service.CreateCodeComment function is responsibe for this
behavior and it will defer to createCodeComment once the review is
determined, either because it was found or because it was created.

Rename createCodeComment into CreateCodeCommentKnownReviewID to expose
it and change the API endpoint to use it instead. Since the review is
provided by the user and verified to exist already, there is no need
for the logic implemented by CreateCodeComment.

The tests are modified to remove the initial comment from the fixture
because it was creating the false positive. I was verified to fail
without this fix.

(cherry picked from commit 6a555996dca6ba71c65818e14ab0eeafa1af6dc2)
(cherry picked from commit b173a0ccee6cc0dadf40ec55e5d88987314c1cc4)
(cherry picked from commit 838ab9740a6b022676103bcb3a7d168b501006e1)
2024-02-05 16:09:42 +01:00
Gergely Nagy 639b428cf4
[FEAT] API support for repository flags
Expose the repository flags feature over the API, so the flags can be
managed by a site administrator without using the web API.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit bac9f0225d47e159afa90e5bbea9562cbc860dae)
(cherry picked from commit e7f5c1ba141ac7f8c7834b5048d0ffd3ce50900b)
(cherry picked from commit 95d9fe19cf3ed5787855ac2a442d29104498aa36)
(cherry picked from commit 7fc51991e405ea8d44fd6b4b4de13ad65da63ae7)
2024-02-05 16:09:42 +01:00
Gusted 533c87da65
[GITEA] Make HTTPS schema default for Swagger
- Switch the supported schemas for the Swagger API around, such that
https is the first one listed. This ensures that when the Swagger API is
used it will default to the https schema, which is likely the schema you
want to use in the majority of the cases.
- Resolves #1895

BREAKING CHANGE NOTICE:
If you are using the Swagger API JSON directly to communicate with the
Forgejo API, the library you are using may be using the first schema
defined in the JSON file (e.g. https://code.forgejo.org/swagger.v1.json)
to construct the request url, this used to be `http` but has now changed
to `https`. This can cause failures if you want to send the swagger
request over `http` (and there is no HTTPS redirection configured).

(cherry picked from commit 81e5f438868192e9cca46824ceb3db787bdd8629)
(cherry picked from commit d847469ea278e77ed4fd6147dd54025ce222ebc9)
(cherry picked from commit 96e75e1d5ca97cd4c668fc60d444dc91c98e83a6)
(cherry picked from commit 65baa6426109403f0b8a779b061f7733d8034ba7)
(cherry picked from commit cd3e0a74e6a7bb90da6f069b7fea0796d5f3d775)
(cherry picked from commit a3127e90b21660d1d7efb6dd536f5fb5619d3307)
(cherry picked from commit 2b22272dc588ee6c2c4081b087f5b87b82ac52c8)
(cherry picked from commit 7363790592b10c4fc52266fd0c33ed79454cd276)
(cherry picked from commit 432b9a4451997742df50d3db33285f2dd5ea0bef)
2024-02-05 16:09:41 +01:00
Gusted fa37a211fb
[GITEA] Drop sha256-simd in favor of stdlib
- In Go 1.21 the crypto/sha256 [got a massive
improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the
SHA instructions for AMD64 CPUs, which sha256-simd already was doing.
The performance is now on par and I think it's preferable to use the
standard library rather than a package when possible.

```
cpu: AMD Ryzen 5 3600X 6-Core Processor
                │  simd.txt   │               go.txt                │
                │   sec/op    │    sec/op     vs base               │
Hash/8Bytes-12    63.25n ± 1%    73.38n ± 1%  +16.02% (p=0.002 n=6)
Hash/64Bytes-12   98.73n ± 1%   105.30n ± 1%   +6.65% (p=0.002 n=6)
Hash/1K-12        567.2n ± 1%    572.8n ± 1%   +0.99% (p=0.002 n=6)
Hash/8K-12        4.062µ ± 1%    4.062µ ± 1%        ~ (p=0.396 n=6)
Hash/1M-12        512.1µ ± 0%    510.6µ ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        2.556m ± 1%    2.564m ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       5.112m ± 0%    5.127m ± 0%        ~ (p=0.093 n=6)
geomean           13.82µ         14.27µ        +3.28%

                │   simd.txt   │               go.txt                │
                │     B/s      │     B/s       vs base               │
Hash/8Bytes-12    120.6Mi ± 1%   104.0Mi ± 1%  -13.81% (p=0.002 n=6)
Hash/64Bytes-12   618.2Mi ± 1%   579.8Mi ± 1%   -6.22% (p=0.002 n=6)
Hash/1K-12        1.682Gi ± 1%   1.665Gi ± 1%   -0.98% (p=0.002 n=6)
Hash/8K-12        1.878Gi ± 1%   1.878Gi ± 1%        ~ (p=0.310 n=6)
Hash/1M-12        1.907Gi ± 0%   1.913Gi ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        1.911Gi ± 1%   1.904Gi ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       1.910Gi ± 0%   1.905Gi ± 0%        ~ (p=0.093 n=6)
geomean           1.066Gi        1.032Gi        -3.18%
```

(cherry picked from commit abd94ff5b59c86e793fd9bf12187ea6cfd1f3fa1)
(cherry picked from commit 15e81637abf70576a564cf9eecaa9640228afb5b)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 325d92917f655c999b81b08832ee623d6b669f0f)

Conflicts:
	modules/context/context_cookie.go
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 358819e8959886faa171ac16541097500d0a703e)
(cherry picked from commit 362fd7aae17832fa922fa017794bc564ca43060d)
(cherry picked from commit 4f64ee294ee05c93042b6ec68f0a179ec249dab9)
(cherry picked from commit 4bde77f7b13c5f961c141c01b6da1f9eda5ec387)
(cherry picked from commit 1311e30a811675eb623692349e4e808a85aabef6)
(cherry picked from commit 57b69e334c2973118488b9b5dbdc8a2c88135756)
(cherry picked from commit 52dc892fadecf39e89c3c351edc9efb42522257b)
(cherry picked from commit 77f54f4187869c6eabcc837742fd3f908093a76c)
(cherry picked from commit 0d0392f3a510ce3683bb649dee1e65b45dd91354)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 92798364e8fe3188a2100b54f3adea943f8309e9)
(cherry picked from commit 43d218127752aa9251c4c3ef71b9c060f109dffc)
(cherry picked from commit 45c88b86a35729fc0b2dc6b72bc33caf9f69265f)
(cherry picked from commit a1cd6f4e3a7956773cbc0aef8abb80d17b62eb49)
(cherry picked from commit 01191dc2adf8c57ae448be37e73158005a8ff74d)
(cherry picked from commit 151e07f37e2854ad633f1352fb0ce3cd06f4b2ae)
2024-02-05 16:09:40 +01:00
Loïc Dachary e57504f278
[BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP
(cherry picked from commit 7b0549cd70aa7cafec853e15b25270847c59850b)
(cherry picked from commit 13e10a65d974c7b594681bfa36402a6144862116)
(cherry picked from commit 65bdd73cf27895a9fb8db2a95ef4f5b08951481d)
(cherry picked from commit 64eba8bb923176b4c286b1d0c83792f3c3005ca8)
(cherry picked from commit 4c49b1a759abe3604afc1121e83c9a942016ad6a)
(cherry picked from commit 93b4d0640683ea986657453b1fce49a00c861764)
(cherry picked from commit e2bc5f36d958f4349160ec145719c302d4023cd0)
(cherry picked from commit 2bee76f9dfa998c83ea4fe648997fad0b6224fa9)
(cherry picked from commit 3d8a1b4a9fb9dc55bbd62fd8855ea85e58dc263f)
(cherry picked from commit 99dd092cd02d7af8374acf454833ce1c05fd4fd9)
(cherry picked from commit 0fdbd02204d533f907cd22c83c73bf0156ec4a88)
(cherry picked from commit 70b277a183c0d85966fa84e9b054f164ae2d2a44)
(cherry picked from commit 3eece7fbb4e67d970d8979d0d60a58ee2a195ea5)
(cherry picked from commit 4838fc9e1145a74c56926de68854234604b5e38f)
(cherry picked from commit b76ed541cf4d73702a83d6b96f8618b6f8c44393)
(cherry picked from commit dcdfb5b65c6fbf50798a0c49d0f879dd1285ee41)
(cherry picked from commit 377dc48cdc3b1c2bcc95f86a7bf3602468ac5c39)
(cherry picked from commit acc862f411c79f7832c8ba2c182af738f25f4f8b)
(cherry picked from commit ac75ef101f89d58442760cec21a3f3f9199d4710)
(cherry picked from commit 08f2d9f7c5b0d51358b009b0b38b626b231ec32b)
(cherry picked from commit e4096f0b6441ba68719146e5a48ef44233e27a86)
(cherry picked from commit bf5876f06224ac90e931f2f47b66a5b9c38b2a87)
(cherry picked from commit 7dc60637e5e097b5dbc38e068ee7ba553385b496)
(cherry picked from commit ef3101774ba5083e259d84db9997ff0aaddab14c)
(cherry picked from commit ecb9e8867c3503387cbaf97df27d8c60a840f4a4)
(cherry picked from commit 64f0ae72fec30ea443d73f8566c140682e7b9838)
(cherry picked from commit 8dd6ec786294741361f79c08b0c051d2258bda02)
(cherry picked from commit b36723e52b975d2e57af363db1d9118f48feade1)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/1466
(cherry picked from commit 5c378e0cb823f2bad52224859ca326afb33bfd4b)
(cherry picked from commit 1d87602819be9f87bf9d06203c37160568c18e78)
(cherry picked from commit 0f72002d667224a75a4924ebb5557eca8bddbe70)
(cherry picked from commit da2556eb13a2c976d1630315dbee8c3bc5444a11)
(cherry picked from commit c01688cd900369b8cbed961f6a841ea536b07207)
(cherry picked from commit af4bba832962ce4db3327c140283ce5b8d2cf6a5)
(cherry picked from commit 33ca322c2ea7b05fcab084e06f8b3a6d65125808)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/1739
(cherry picked from commit c18e374d4481592681ae127b723f11076c37bb91)
(cherry picked from commit 27c4797c9fb3c42be252223ac0add0605f18acba)
(cherry picked from commit 46588e0fea8f505de6c1a4384ae88f1cd661eea2)
(cherry picked from commit b8a02ef220e3fb034d4204d5c70ffe4df72e7afd)
(cherry picked from commit 05e2f49b78214d7fd48f4b31d1c9b1a7917a5e10)
(cherry picked from commit e4df86d312b32f38753bf7ce1ae7953e49095d5c)
(cherry picked from commit f36e06da43110c177e5e9db21a50cc96885f3e2c)
(cherry picked from commit 64d336c287880a774d8eaa41193cad84e291e4b5)
(cherry picked from commit 2af1cbb017f372e41482240cf0cb0af51d77e2cf)
(cherry picked from commit 920741a9d667bb3b61665669932b449722883fab)
(cherry picked from commit 6cbb37c8c47eb32289d0d65ad9de3cd7fff947fe)
(cherry picked from commit 539cceca39f475c66d7d4fc64e10667664731f76)
2024-02-05 16:05:01 +01:00
Gusted 8b5941a12f
[BRANDING] Update nodeinfo branding
- Change the values for the nodeinfo API, to use branded values.
- Resolves https://codeberg.org/forgejo/forgejo/issues/257

(cherry picked from commit 4608c57688d8b12dbc265dd21bfe7cd269efb116)
(cherry picked from commit e837e8a52943f803a40cd0151e24f7fe8edb11ec)
(cherry picked from commit 6601328d3ce9b57dbaa768dd2d41295293ff94f9)
(cherry picked from commit c6be21d4870e6b748a85f0da19bd4b717875b224)
(cherry picked from commit 5adc6ffee2e6f1af72039747df809aa6ebd2198f)
(cherry picked from commit 2ff8d166ac1e56ab7a349d70f875bd2ae9763418)
(cherry picked from commit b6a90e7e5af0e998cbbf1fc1edb901ae31090999)
(cherry picked from commit d1089e706cda009a6a23462adf498fd24a609b0a)

Conflicts:
	tests/integration/api_nodeinfo_test.go
(cherry picked from commit 7a29df737d979abed4d37f084e3a92ee788d2c6e)
(cherry picked from commit 3655a30c60229167bc007e139d0461a5648741d5)
(cherry picked from commit c90d61141016ffbbaaa6b4f4657dacf5446f30c0)
(cherry picked from commit 0274bd8860bd00de628fba990e42bf7385ddf5b9)
(cherry picked from commit fdb786b71decd1c968f7c473c94463140f192fc3)
(cherry picked from commit 4f08f100a19886210b89d1cacfd09e6db0e48fb7)
(cherry picked from commit 56a27118227521fae93e052bb77265fb10c6dcf8)
(cherry picked from commit 3b2cfa452df0d2651a75c5e3fcd442c38acff109)
(cherry picked from commit 773ddcf956a897bbaa75aff3087f8a64b254239c)
(cherry picked from commit fe8321ed4e9dcf0df2dffb64b0245ec1ae8f075d)
(cherry picked from commit a94833643b6796000a69c7ff4dfbc0b5df98b0f4)
(cherry picked from commit 3fdbda7639f0690b1dc8b046a9b1979571714d41)
(cherry picked from commit 7bc63d2cd3144d00cbc9429297b994382140bd5d)
(cherry picked from commit a36400d9cf4392573d8bd13ded54a4c5689dd541)
(cherry picked from commit 2535ab42016132c2ee7882d3eb5eb42c00ed7e63)
(cherry picked from commit 692e72f4f64b4a0251ac7ac99a268b531d73c6fc)
(cherry picked from commit 265021f3e9f327da96df695f90d6e9d0a23dd824)
(cherry picked from commit bc833125d6b0a3c7b0fc117e3bb081cb9ec6f02c)
(cherry picked from commit f1f9f881559c4117a547afaa379bcd0c26afb1aa)
(cherry picked from commit 6076461ad7a77e77ecbd9963689435496d1852e6)
(cherry picked from commit cd1da0aa2bac7270b3da2c5b76da2ea197a2f32d)
(cherry picked from commit f4e9a251d80363360bbcd9280c68421e87ec1630)
(cherry picked from commit fed4a421acf90bbce18c120ed08995f8f212bcf6)
(cherry picked from commit cb3ef3211768a1725198aeb547937329a5f98b8e)
(cherry picked from commit 232eec1945c0adcc61b6a4e855fcff0d346c3ab0)
(cherry picked from commit 1390cd433a51f99c0fa5508a78f3160e5af8da69)
(cherry picked from commit e1fed5dd7ffda2bbd1898ecb112146af16b94e37)
(cherry picked from commit 5797dcbeb71406cf288354dea0efc40567743bfd)
(cherry picked from commit 7591d86b439a437976b378d946ff73961bd3bd98)
(cherry picked from commit 96eea095f672a36b88889c8825b753615ef62fd6)
(cherry picked from commit 0a29bba0fb7feb982d2f27212404c6adba04a535)
(cherry picked from commit 075da8a23764d2ad3939e20357a00cf20c3f62e2)
(cherry picked from commit d2a3085458415d39cee9fd5060427c0783e7d13e)
(cherry picked from commit dd39faa96c4367b91cec014404eca88ab370d00f)
(cherry picked from commit 9f15e5cc4926b5a1f036a592a48ec940be0a8561)
(cherry picked from commit 9a7e041380992d556e1dafd9eb3faa6f528b9f8a)
(cherry picked from commit 798aaadeac23ce2d334544b4757e37c774a74c7e)
(cherry picked from commit 8489bb91612b04c7bed8055b017c72a238b5081f)
(cherry picked from commit 0457646ca5657e0491d6202d565a7463043d1c34)
(cherry picked from commit 3ca76bc33f59f321aa5ed4cc2bf0ad2f02fbd9fd)
(cherry picked from commit c98047aa4d200dabf9a64b2bd30f35d6b33dbb89)

Conflicts:
	tests/integration/api_nodeinfo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2299
2024-02-05 16:04:50 +01:00
Earl Warren ec8f162b33
[BRANDING] add X-Forgejo-* headers
(cherry picked from commit 0a3388f93f53f53cce79ebcc194d67979cbe61cc)
(cherry picked from commit 7eba0a440a3138443d0b7461560f9f6f1c46b256)
(cherry picked from commit eb9646c7ef0b1a9e73bf22806acbc2caeaee7ff3)
(cherry picked from commit f1972578f5cb72ad9e1ef1ded9aa324b1d669864)

Conflicts:
(cherry picked from commit 7f96222fb4b4a773193a11d4ba76f449013c30ef)
(cherry picked from commit e3c7c9fe7b5809cdb75f1eb629c82b27986f7e98)
(cherry picked from commit 84fdead90242e68493efb96a7fee1e3b5fd417e9)
(cherry picked from commit 85148e11961b86269b7cda30294a4cdc817787d0)
(cherry picked from commit c0086bd70d39d9a1075fa624cdbfdf5ef26f7a2c)
(cherry picked from commit d1e31ef31817e5e811f6bea7aee5582383d53b12)
(cherry picked from commit 681d3ed5c43d45f802dc13c58c5b821da938374d)
(cherry picked from commit 76a3001f5bc5a064054514c179ba14008952e914)
(cherry picked from commit a55a9567d36f6b60557df3df3a0801c0fccec963)
(cherry picked from commit aa7adc167d4e4ee7879b88fe799f2afca2fd5531)
(cherry picked from commit d5354cb52c26ab0090388d019efe61770e7ec452)
(cherry picked from commit 472c48999699420d15aaa7c61a42db8136221616)
(cherry picked from commit dc816d065b715f2bfdc7fa68fa2d254f3d481b35)
(cherry picked from commit 4795f9ea85eac21c70db1159914a7b7b035b7374)
(cherry picked from commit ddd4ae53433d4adab823aa974c0f1c39d0394414)
(cherry picked from commit 0e95f2a36b1c0f480f94fef85d341792c7a7b759)
(cherry picked from commit 47a41a4e7b3c5d3cf247dafef17a64415069f171)
(cherry picked from commit d4416fcd3ee0f1d74c2b03fbe40c15b83f80b56d)
(cherry picked from commit f279d153b61677e2a766859c7a7688b0327e7c9a)
(cherry picked from commit 959f908ffdc9dd2fb07aefdf7cb85ba34f9071a3)
(cherry picked from commit 82df95310176a083abb9eaa51de9e9754d4f72c6)
(cherry picked from commit 8f8c9fd9e3deca0af0f087fc44fcd271e8440a7b)
(cherry picked from commit d4a0db7706f30a394192c6023072ad5185a7d600)
(cherry picked from commit 44594d623942128072bd86a20b5b90603517005e)
(cherry picked from commit 62b1de579ebfe326340b218cc9a980b705b8e6a2)
(cherry picked from commit 507abee353f120247276fe9165f09976421f926d)
(cherry picked from commit 8c36ac42c7091661b2f3fec70fc88a74043628fc)
(cherry picked from commit 72f74067f4c781e1c4936f0da2653a35a6f1c82b)
(cherry picked from commit 8e5a9e187b50a6eb8523c6dda4ce1a23c08a0b5a)
(cherry picked from commit cff8f43c7e4ab86a468ea49f7b945412d9911151)
(cherry picked from commit 493cc93e6d4b738a5b81d1a0db831bf9f430e9de)
(cherry picked from commit c94352b4d460e631c223b45516e42765357bf67d)
(cherry picked from commit 3f622c51a70200bf67d209d0cec78db2f25b65db)
(cherry picked from commit 84c62ad447a94ebd5d1906e41c29efd3a0816c70)
(cherry picked from commit ba186c8ee40e95cd4f40b6205d673dfe20528825)
(cherry picked from commit 4238ef291dffb68b350aa2f410e934d52cb0a1eb)
(cherry picked from commit 3ef1bd61b9a45271e69c1529875e84b379073318)
(cherry picked from commit f304086bb693d3a0a58871ba8cb1354ba290695c)
(cherry picked from commit 64a2edabcb7bc9e3961ea45f83cf6488e4cd99f2)
(cherry picked from commit 6accea6ba7f2b0f98b6bef5b1483ee39ad68edba)
(cherry picked from commit 2296e93a42939af90dee718bc8ff691009238c47)
(cherry picked from commit 2bf0be3b1bff62923dd04e1a02956ced1eda97af)
(cherry picked from commit fb4652b197ec64280689e6d065492f916f7e26f3)
(cherry picked from commit 7d462cf353ef87007025bbd76aebef429be10562)
(cherry picked from commit f5319660ddecea208163b5bcd37444322e571b51)
2024-02-05 16:02:14 +01:00
Gusted 2da33aae2d
[MODERATION] User blocking
- Add the ability to block a user via their profile page.
- This will unstar their repositories and visa versa.
- Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations).
- Blocked users cannot comment on the doer's opened issues or pull requests.
- Blocked users cannot add reactions to doer's comments.
- Blocked users cannot cause a notification trough mentioning the doer.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540
(cherry picked from commit 687d852480388897db4d7b0cb397cf7135ab97b1)
(cherry picked from commit 0c32a4fde531018f74e01d9db6520895fcfa10cc)
(cherry picked from commit 1791130e3cb8470b9b39742e0004d5e4c7d1e64d)
(cherry picked from commit 37858b7e8fb6ba6c6ea0ac2562285b3b144efa19)
(cherry picked from commit a3e2bfd7e9eab82cc2c17061f6bb4e386a108c46)
(cherry picked from commit 7009b9fe87696b6182fab65ae82bf5a25cd39971)

Conflicts: https://codeberg.org/forgejo/forgejo/pulls/1014
        routers/web/user/profile.go
        templates/user/profile.tmpl
(cherry picked from commit b2aec3479177e725cfc7cbbb9d94753226928d1c)
(cherry picked from commit e2f1b73752f6bd3f830297d8f4ac438837471226)

[MODERATION] organization blocking a user (#802)

- Resolves #476
- Follow up for: #540
- Ensure that the doer and blocked person cannot follow each other.
- Ensure that the block person cannot watch doer's repositories.
- Add unblock button to the blocked user list.
- Add blocked since information to the blocked user list.
- Add extra testing to moderation code.
- Blocked user will unwatch doer's owned repository upon blocking.
- Add flash messages to let the user know the block/unblock action was successful.
- Add "You haven't blocked any users" message.
- Add organization blocking a user.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/802
(cherry picked from commit 0505a1042197bd9136b58bc70ec7400a23471585)
(cherry picked from commit 37b4e6ef9b85e97d651cf350c9f3ea272ee8d76a)
(cherry picked from commit c17c121f2cf1f00e2a8d6fd6847705df47d0771e)

[MODERATION] organization blocking a user (#802) (squash)

Changes to adapt to:

  6bbccdd177 Improve AJAX link and modal confirm dialog (#25210)

Refs: https://codeberg.org/forgejo/forgejo/pulls/882/files#issuecomment-945962
Refs: https://codeberg.org/forgejo/forgejo/pulls/882#issue-330561
(cherry picked from commit 523635f83cb2a1a4386769b79326088c5c4bbec7)
(cherry picked from commit 4743eaa6a0be0ef47de5b17c211dfe8bad1b7af9)
(cherry picked from commit eff5b43d2e843d5d537756d4fa58a8a010b6b527)

Conflicts: https://codeberg.org/forgejo/forgejo/pulls/1014
        routers/web/user/profile.go
(cherry picked from commit 9d359be5ed11237088ccf6328571939af814984e)
(cherry picked from commit b1f3069a22a03734cffbfcd503ce004ba47561b7)

[MODERATION] add user blocking API

- Follow up for: #540, #802
- Add API routes for user blocking from user and organization
perspective.
- The new routes have integration testing.
- The new model functions have unit tests.
- Actually quite boring to write and to read this pull request.

(cherry picked from commit f3afaf15c7e34038363c9ce8e1ef957ec1e22b06)
(cherry picked from commit 6d754db3e5faff93a58fab2867737f81f40f6599)
(cherry picked from commit 2a89ddc0acffa9aea0f02b721934ef9e2b496a88)
(cherry picked from commit 4a147bff7e963ab9dffcfaefa5c2c01c59b4c732)

Conflicts:
        routers/api/v1/api.go
        templates/swagger/v1_json.tmpl
(cherry picked from commit bb8c33918569f65f25b014f0d7fe6ac20f9036fc)
(cherry picked from commit 5a11569a011b7d0a14391e2b5c07d0af825d7b0e)
(cherry picked from commit 2373c801ee6b84c368b498b16e6ad18650b38f42)

[MODERATION] restore redirect on unblock

 ctx.RedirectToFirst(ctx.FormString("redirect_to"), ctx.ContextUser.HomeLink())

was replaced by

 ctx.JSONOK()

in 128d77a3a Following up fixes for "Fix inconsistent user profile layout across tabs" (#25739)

thus changing the behavior (nicely spotted by the tests). This
restores it.

(cherry picked from commit 597c243707c3c86e7256faf1e6ba727224554de3)
(cherry picked from commit cfa539e590127b4b953b010fba3dea21c82a1714)

[MODERATION] Add test case (squash)

- Add an test case, to test an property of the function.

(cherry picked from commit 70dadb1916bfef8ba8cbc4e9b042cc8740f45e28)

[MODERATION] Block adding collaborators

- Ensure that the doer and blocked user cannot add each other as
collaborators to repositories.
- The Web UI gets an detailed message of the specific situation, the API
gets an generic Forbidden code.
- Unit tests has been added.
- Integration testing for Web and API has been added.
- This commit doesn't introduce removing each other as collaborators on
the block action, due to the complexity of database calls that needs to
be figured out. That deserves its own commit and test code.

(cherry picked from commit 747be949a1b3cd06f6586512f1af4630e55d7ad4)

[MODERATION] move locale_en-US.ini strings to avoid conflicts

Conflicts:
        web_src/css/org.css
        web_src/css/user.css
        https://codeberg.org/forgejo/forgejo/pulls/1180

(cherry picked from commit e53f955c888ebaafc863a6e463da87f70f5605da)

Conflicts:
        services/issue/comments.go
        https://codeberg.org/forgejo/forgejo/pulls/1212
(cherry picked from commit b4a454b576eee0c7738b2f7df1acaf5bf7810d12)

Conflicts:
        models/forgejo_migrations/migrate.go
        options/locale/locale_en-US.ini
        services/pull/pull.go
        https://codeberg.org/forgejo/forgejo/pulls/1264

[MODERATION] Remove blocked user collaborations with doer

- When the doer blocks an user, who is also an collaborator on an
repository that the doer owns, remove that collaboration.
- Added unit tests.
- Refactor the unit test to be more organized.

(cherry picked from commit ec8701617830152680d69d50d64cb43cc2054a89)
(cherry picked from commit 313e6174d832501c57724ae7a6285194b7b81aab)

[MODERATION] QoL improvements (squash)

- Ensure that organisations cannot be blocked. It currently has no
effect, as all blocked operations cannot be executed from an
organisation standpoint.
- Refactored the API route to make use of the `UserAssignmentAPI`
middleware.
- Make more use of `t.Run` so that the test code is more clear about
which block of code belongs to which test case.
- Added more integration testing (to ensure the organisations cannot be
blocked and some authorization/permission checks).

(cherry picked from commit e9d638d0756ee20b6bf1eb999c988533a5066a68)

[MODERATION] s/{{avatar/{{ctx.AvatarUtils.Avatar/

(cherry picked from commit ce8b30be1327ab98df2ba061dd7e2a278b278c5b)
(cherry picked from commit f911dc402508b04cd5d5fb2f3332c2d640e4556e)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/1354
(cherry picked from commit c1b37b7fdaf06ee60da341dff76d703990c08082)
(cherry picked from commit 856a2e09036adf56d987c6eee364c431bc37fb2e)

[MODERATION] Show graceful error on comment creation

- When someone is blocked by the repository owner or issue poster and
try to comment on that issue, they get shown a graceful error.
- Adds integration test.

(cherry picked from commit 490646302e1e3dc3c59c9d75938b4647b6873ce7)
(cherry picked from commit d3d88667cbb928a6ff80658eba8ef0c6c508c9e0)
(cherry picked from commit 6818de13a921753e082b7c3d64c23917cc884e4b)

[MODERATION] Show graceful error on comment creation (squash) typo

(cherry picked from commit 1588d4834a37a744f092f2aeea6c9ef4795d7356)
(cherry picked from commit d510ea52d091503e841d66f2f604348add8b4535)
(cherry picked from commit 8249e93a14f628bb0e89fe3be678e4966539944e)

[MODERATION] Refactor integration testing (squash)

- Motivation for this PR is that I'd noticed that a lot of repeated
calls are happening between the test functions and that certain tests
weren't using helper functions like `GetCSRF`, therefor this refactor of
the integration tests to keep it: clean, small and hopefully more
maintainable and understandable.
- There are now three integration tests: `TestBlockUser`,
`TestBlockUserFromOrganization` and `TestBlockActions` (and has been
moved in that order in the source code).
- `TestBlockUser` is for doing blocking related actions as an user and
`TestBlockUserFromOrganization` as an organisation, even though they
execute the same kind of tests they do not share any database calls or
logic and therefor it currently doesn't make sense to merge them
together (hopefully such oppurtinutiy might be presented in the future).
- `TestBlockActions` now contain all tests for actions that should be
blocked after blocking has happened, most tests now share the same doer
and blocked users and a extra fixture has been added to make this
possible for the comment test.
- Less code, more comments and more re-use between tests.

(cherry picked from commit ffb393213d2f1269aad3c019d039cf60d0fe4b10)
(cherry picked from commit 85505e0f815fede589c272d301c95204f9596985)
(cherry picked from commit 0f3cf17761f6caedb17550f69de96990c2090af1)

[MODERATION] Fix network error (squash)

- Fix network error toast messages on user actions such as follow and
unfollow. This happened because the javascript code now expects an JSON
to be returned, but this wasn't the case due to
cfa539e590127b4953b010fba3dea21c82a1714.
- The integration testing has been adjusted to instead test for the
returned flash cookie.

(cherry picked from commit 112bc25e548d317a4ee00f9efa9068794a733e3b)
(cherry picked from commit 1194fe4899eb39dcb9a2410032ad0cc67a62b92b)
(cherry picked from commit 9abb95a8441e227874fe156095349a3173cc5a81)

[MODERATION] Modernize frontend (squash)

- Unify blocked users list.
- Use the new flex list classes for blocked users list to avoid using
the CSS helper classes and thereby be consistent in the design.
- Fix the modal by using the new modal class.
- Remove the icon in the modal as looks too big in the new design.
- Fix avatar not displaying as it was passing the context where the user
should've been passed.
- Don't use italics for 'Blocked since' text.
- Use namelink template to display the user's name and homelink.

(cherry picked from commit ec935a16a319b14e819ead828d1d9875280d9259)
(cherry picked from commit 67f37c83461aa393c53a799918e9708cb9b89b30)

Conflicts:
	models/user/follow.go
	models/user/user_test.go
	routers/api/v1/user/follower.go
	routers/web/shared/user/header.go
	routers/web/user/profile.go
	templates/swagger/v1_json.tmpl
	https://codeberg.org/forgejo/forgejo/pulls/1468
(cherry picked from commit 6a9626839c6342cd2767ea12757ee2f78eaf443b)

Conflicts:
	tests/integration/api_nodeinfo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1508#issuecomment-1242385
(cherry picked from commit 7378b251b481ed1e60e816caf8f649e8397ee5fc)

Conflicts:
	models/fixtures/watch.yml
	models/issues/reaction.go
	models/issues/reaction_test.go
	routers/api/v1/repo/issue_reaction.go
	routers/web/repo/issue.go
	services/issue/issue.go
	https://codeberg.org/forgejo/forgejo/pulls/1547
(cherry picked from commit c2028930c101223820de0bbafc318e9394c347b8)
(cherry picked from commit d3f9134aeeef784586e8412e8dbba0a8fceb0cd4)
(cherry picked from commit 7afe154c5c40bcc65accdf51c9224b2f7627a684)
(cherry picked from commit 99ac7353eb1e834a77fe42aa89208791cc2364ff)
(cherry picked from commit a9cde00c5c25ea8c427967cb7ab57abb618e44cb)

Conflicts:
	services/user/delete.go
	https://codeberg.org/forgejo/forgejo/pulls/1736
(cherry picked from commit 008c0cc63d1a3b8eb694bffbf77a7b25c56afd57)

[DEADCODE] add exceptions

(cherry picked from commit 12ddd2b10e3309f6430b0af42855c6af832832ee)

[MODERATION] Remove deadcode (squash)

- Remove deadcode that's no longer used by Forgejo.

(cherry picked from commit 0faeab4fa9b0aa59f86760b24ecbc07815026c82)

[MODERATION] Add repo transfers to blocked functionality (squash)

- When someone gets blocked, remove all pending repository transfers
from the blocked user to the doer.
- Do not allow to start transferring repositories to the doer as blocked user.
- Added unit testing.
- Added integration testing.

(cherry picked from commit 8a3caac33013482ddbee2fa51510c6918ba54466)
(cherry picked from commit a92b4cfeb63b90eb2d90d0feb51cec62e0502d84)
(cherry picked from commit acaaaf07d999974dbe5f9c5e792621c597bfb542)
(cherry picked from commit 735818863c1793aa6f6983afedc4bd3b36026ca5)
(cherry picked from commit f50fa43b32160d0d88eca1dbdca09b5f575fb62b)
(cherry picked from commit e16683643388fb3c60ea478f1419a6af4f4aa283)
(cherry picked from commit 82a0e4a3814a66ce44be6a031bdf08484586c61b)
(cherry picked from commit ff233c19c4a5edcc2b99a6f41a2d19dbe8c08b3b)
(cherry picked from commit 8ad87d215f2b6adb978de77e53ba2bf7ea571430)

[MODERATION] Fix unblock action (squash)

- Pass the whole context instead of only giving pieces.
- This fixes CSRF not correctly being inserted into the unblock buttons.

(cherry picked from commit 2aa51922ba6a0ea2f8644277baa74fc8f34ab95a)
(cherry picked from commit 7ee8db0f018340bc97f125415503e3e5db5f5082)
(cherry picked from commit e4f8b999bcd3b68b3ef7f54f5b17c3ada0308121)
(cherry picked from commit 05aea60b1302bbd3ea574a9c6c34e1005a5d73bf)
(cherry picked from commit dc0d61b012cfaf2385f71e97cda5f220b58b9fa4)
(cherry picked from commit f53fa583de671ff60a0a1d0f3ab8c260e1ba4e1f)
(cherry picked from commit c65b89a58d11b32009c710c2f5e75f0cd3539395)
(cherry picked from commit 69e50b9969db3ab71cefaed520757876a9629a5c)
(cherry picked from commit ec127440b86cb5fcf51799d8bd76a9fd6b9cebcc)

[MODERATION] cope with shared fixtures

* There is one more issue in the fixtures and this breaks some tests
* The users in the shared fixtures were renamed for clarity and that
  breaks some tests

(cherry picked from commit 707a4edbdf67d0eb168d7bb430cf85dd8cd63c52)

Conflicts:
	modules/indexer/issues/indexer_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1508
(cherry picked from commit 82cc044366c749df80ffad44eed2988b8e64211e)
(cherry picked from commit 2776aec7e85850f1d7f01a090a72491550fb9d29)
(cherry picked from commit 1fbde36dc784b5b2cc6193f02ff0d436b0f2a629)
(cherry picked from commit 1293db3c4e5df218501f5add9f9d41101ffcb8aa)
(cherry picked from commit 6476802175bac3ef78dd8f24ff6bebc16f398a78)
(cherry picked from commit 5740f2fc830356acb7929a02fe304008b94a0ca5)
(cherry picked from commit afc12d7b6e9b773fa89718aa79cd95c0e0ce4406)

[MODERATION] Fix transfer confirmation (squash)

- Fix problem caused by the clearer confirmation for dangerous actions commit.

(cherry picked from commit 3488f4a9cb1f7f73103ae0017d644f13ca3ab798)
(cherry picked from commit ed7de91f6ace23a1459bc6552edf719d62c7c941)
(cherry picked from commit 2d97929b9b7b8d979eb12bf0994d3f169d41f7fd)
(cherry picked from commit 50d035a7b058b9c4486c38cd4be0b02a4e1bf4d9)
(cherry picked from commit 0a0c07d78a1dee3489b97ab359bb957e3f7fb94b)
(cherry picked from commit 85e55c4dbc2f513f3d5254dac20915e8c3c22886)
(cherry picked from commit d8282122ad6e8b497de35d1ed89e3093a2cd5ee2)
(cherry picked from commit 3f0b3b6cc582c3d672d371dd9fe1203a56cb88c0)

[MODERATION] Purge issues on user deletion (squash)

(cherry picked from commit 4f529d9596ffbfc4e754c28830ba028f6344dc5b)
(cherry picked from commit f0e3acadd321fcb99e8ea3e3ce1c69df25c4ca4d)
(cherry picked from commit 682c4effe69dc0d4ed304fa7ce6259d9ce573629)
(cherry picked from commit e43c2d84fd4b6fd31e2370cec1034262d12e5c34)
(cherry picked from commit 9c8e53ccc78053026e4f667889959c23c8d95934)
(cherry picked from commit a9eb7ac783b2c16ee3702a88203bf857cb4147fc)

[MODERATION] Purge issues on user deletion (squash) revert shared fixtures workarounds

(cherry picked from commit 7224653a40e32186892e89bfedd49edecf5b8f81)
(cherry picked from commit aa6e8672f9473a9100e7575051dec9eda37709a0)
(cherry picked from commit 58c7947e95648f50237ddcd46b6bd025b224a70f)
(cherry picked from commit f1aacb1851b232082febcd7870a40a56de3855a6)
(cherry picked from commit 0bf174af87f7de9a8d869304f709e2bf41f3dde9)
(cherry picked from commit f9706f4335df3b7688ed60853d917efa72fb464a)

[MODERATION] Prepare moderation for context locale changes (squash)

- Resolves https://codeberg.org/forgejo/forgejo/issues/1711

(cherry picked from commit 2e289baea943dcece88f02d110b03d344308a261)
(cherry picked from commit 97b16bc19ae680db62608d6020b00fe5ac451c60)

[MODERATION] User blocking (squash) do not use shared fixture

It conflicts with a fixtured added in the commit
Fix comment permissions (#28213) (#28216)

(cherry picked from commit ab40799dcab24e9f495d765268b791931da81684)
(cherry picked from commit 996c92cafdb5b33a6d2d05d94038e950d97eb7de)
(cherry picked from commit 259912e3a69071c5ad57871464d0b79f69a8e72c)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/1921
(cherry picked from commit 1e82abc032c18015b92c93a7617a5dd06d50bd2d)
(cherry picked from commit a176fee1607d571b25b345184f1c50d403029610)
(cherry picked from commit 0480b76dfeda968849e900da9454a3efd82590fa)
(cherry picked from commit 4bc06b7b3841c74e3d790b1ef635c2b382ca7123)
(cherry picked from commit 073094cf722a927a623408d66537c758d7d64e4c)
(cherry picked from commit ac6201c647a4d3a2cfb2b0303b851a8fe7a29444)
(cherry picked from commit 7e0812674da3fbd1e96bdda820962edad6826fbd)
(cherry picked from commit 068c741e5696957710b3d1c2e18c00be2ffaa278)

Conflicts:
	models/repo_transfer.go
	models/repo_transfer_test.go
	routers/web/user/profile.go
	https://codeberg.org/forgejo/forgejo/pulls/2298
2024-02-05 15:56:45 +01:00
Michael Kriese 97cc955101
[GITEA] feat(nuget): basic manifest download
Refs: https://codeberg.org/forgejo/forgejo/pulls/2222

(cherry picked from commit 5f837efc15f3d1e0d7fbed7fc569251143266584)

fix: write xml header

(cherry picked from commit a715984a42be9da81c48106d5eae244098ac1108)

fix: optional elements and xml schema

(cherry picked from commit 6ea6895a3616246e7282aa20d8f010fa931b60ea)

fix: pass all other requests to file search

(cherry picked from commit 9bfc74833a3b657453b4519573598432a87e3e3c)

test: add integration test

(cherry picked from commit b798f4ce86daa78e694c5c142e6f5f44938e6cb6)

fix: use xmlResponse

(cherry picked from commit 7f76df0b246c64fac0eeb115642c8cb6eb676f36)
(cherry picked from commit e18d574ca40905aec52fbbe8247ba83fd01874dd)
2024-02-05 15:08:04 +01:00
Gusted 6f960f23e5
[CLEANUP] Reuse ForgejoVersion variable
- Resolves https://codeberg.org/forgejo/forgejo/issues/1226

(cherry picked from commit e383b70109325833034dd0593727e5eec3acf92d)
(cherry picked from commit 029cfa34de06e7706c3f85134468f2faadf30a21)
(cherry picked from commit 81392b8c55b2f5893a3222c521f697d1d53adbb2)
(cherry picked from commit 0ebecca1e6edd31ec95c5d8be3d02814fb39179f)
(cherry picked from commit aff135418d96b1f7418e55882ee0bbdbf2b04c5e)
(cherry picked from commit b5982f5008a0a60d0cf874edbe281c3f73b69e97)
(cherry picked from commit 00f86df8f4f4072eb083426e807a9164be0dbc38)
(cherry picked from commit 178908c047b9a13a7b61e90490d525ddbeae45e8)
(cherry picked from commit 9cc57d1b3f48a9f530fb761bd70d224d069ea1eb)
(cherry picked from commit dc80ba9a97d3e8f78a9ecd3875105375611ebc45)
(cherry picked from commit 5b2f1d7149b3098b6b82ae8d588068ba476eb534)
(cherry picked from commit f0ab85cd06a37eb81343c830180b6283e924015c)
2024-02-05 14:45:11 +01:00
Earl Warren c7a389f2b2
[FEAT] allow setting the update date on issues and comments
This field adds the possibility to set the update date when modifying
an issue through the API.

A 'NoAutoDate' in-memory field is added in the Issue struct.
If the update_at field is set, NoAutoDate is set to true and the
Issue's UpdatedUnix field is filled.

That information is passed down to the functions that actually updates
the database, which have been modified to not auto update dates if
requested.

A guard is added to the 'EditIssue' API call, to checks that the
udpate_at date is between the issue's creation date and the current
date (to avoid 'malicious' changes). It also limits the new feature
to project's owners and admins.

(cherry picked from commit c524d33402c76bc4cccea2806f289e08a009baae)

Add a SetIssueUpdateDate() function in services/issue.go

That function is used by some API calls to set the NoAutoDate and
UpdatedUnix fields of an Issue if an updated_at date is provided.

(cherry picked from commit f061caa6555e0c9e922ee1e73dd2e4337360e9fe)

Add an updated_at field to the API calls related to Issue's Labels.

The update date is applied to the issue's comment created to inform
about the modification of the issue's labels.

(cherry picked from commit ea36cf80f58f0ab20c565a8f5d063b90fd741f97)

Add an updated_at field to the API call for issue's attachment creation

The update date is applied to the issue's comment created to inform
about the modification of the issue's content, and is set as the
asset creation date.

(cherry picked from commit 96150971ca31b97e97e84d5f5eb95a177cc44e2e)

Checking Issue changes, with and without providing an updated_at date

Those unit tests are added:

- TestAPIEditIssueWithAutoDate
- TestAPIEditIssueWithNoAutoDate

- TestAPIAddIssueLabelsWithAutoDate
- TestAPIAddIssueLabelsWithNoAutoDate

- TestAPICreateIssueAttachmentWithAutoDate
- TestAPICreateIssueAttachmentWithNoAutoDate

(cherry picked from commit 4926a5d7a28581003545256632213bf4136b193d)

Add an updated_at field to the API call for issue's comment creation

The update date is used as the comment creation date, and is applied to
the issue as the update creation date.

(cherry picked from commit 76c8faecdc6cba48ca4fe07d1a916d1f1a4b37b4)

Add an updated_at field to the API call for issue's comment edition

The update date is used as the comment update date, and is applied to
the issue as an update date.

(cherry picked from commit cf787ad7fdb8e6273fdc35d7b5cc164b400207e9)

Add an updated_at field to the API call for comment's attachment creation

The update date is applied to the comment, and is set as the asset
creation date.

(cherry picked from commit 1e4ff424d39db7a4256cd9abf9c58b8d3e1b5c14)

Checking Comment changes, with and without providing an updated_at date

Those unit tests are added:

- TestAPICreateCommentWithAutoDate
- TestAPICreateCommentWithNoAutoDate

- TestAPIEditCommentWithAutoDate
- TestAPIEditCommentWithNoAutoDate

- TestAPICreateCommentAttachmentWithAutoDate
- TestAPICreateCommentAttachmentWithNoAutoDate

(cherry picked from commit da932152f1deb3039a399516a51c8b6757059c91)

Pettier code to set the update time of comments

Now uses sess.AllCols().NoAutoToime().SetExpr("updated_unix", ...)

XORM is smart enough to compose one single SQL UPDATE which all
columns + updated_unix.

(cherry picked from commit 1f6a42808dd739c0c2e49e6b7ae2967f120f43c2)

Issue edition: Keep the max of the milestone and issue update dates.

When editing an issue via the API, an updated_at date can be provided.
If the EditIssue call changes the issue's milestone, the milestone's
update date is to be changed accordingly, but only with a greater
value.

This ensures that a milestone's update date is the max of all issue's
update dates.

(cherry picked from commit 8f22ea182e6b49e933dc6534040160dd739ff18a)

Rewrite the 'AutoDate' tests using subtests

Also add a test to check the permissions to set a date, and a test
to check update dates on milestones.

The tests related to 'AutoDate' are:
- TestAPIEditIssueAutoDate
- TestAPIAddIssueLabelsAutoDate
- TestAPIEditIssueMilestoneAutoDate
- TestAPICreateIssueAttachmentAutoDate
- TestAPICreateCommentAutoDate
- TestAPIEditCommentWithDate
- TestAPICreateCommentAttachmentAutoDate

(cherry picked from commit 961fd13c551b3e50040acb7c914a00ead92de63f)
(cherry picked from commit d52f4eea44692ee773010cb66a69a603663947d5)
(cherry picked from commit 3540ea2a43155ca8cf5ab1a4a246babfb829db16)

Conflicts:
	services/issue/issue.go
	https://codeberg.org/forgejo/forgejo/pulls/1415
(cherry picked from commit 56720ade008c09122d825959171aa5346d645987)

Conflicts:
	routers/api/v1/repo/issue_label.go
	https://codeberg.org/forgejo/forgejo/pulls/1462
(cherry picked from commit 47c78927d6c7e7a50298fa67efad1e73723a0981)
(cherry picked from commit 2030f3b965cde401976821083c3250b404954ecc)
(cherry picked from commit f02aeb76981cd688ceaf6613f142a8a725be1437)

Conflicts:
	routers/api/v1/repo/issue_attachment.go
	routers/api/v1/repo/issue_comment_attachment.go
	https://codeberg.org/forgejo/forgejo/pulls/1575
(cherry picked from commit d072525b35e44faf7ff87143c0e52b8ba8a625c8)
(cherry picked from commit 8424d0ab3df75ac3ffa30f42d398e22995ada5e7)
(cherry picked from commit 5cc62caec788b54afd9da5b9193ce06ee8ec562b)
(cherry picked from commit d6300d5dcd01c7ddc65d8b0f326f9c19cb53b58e)

[FEAT] allow setting the update date on issues and comments (squash) apply the 'update_at' value to the cross-ref comments (#1676)

[this is a follow-up to PR #764]

When a comment of issue A referencing issue B is added with a forced 'updated_at' date, that date has to be applied to the comment created in issue B.

-----

Comment:

While trying my 'RoundUp migration script', I found that this case was forgotten in PR #764 - my apologies...

I'll try to write a functional test, base on models/issues/issue_xref_test.go

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1676
Co-authored-by: fluzz <fluzz@freedroid.org>
Co-committed-by: fluzz <fluzz@freedroid.org>
(cherry picked from commit ac4f727f63a2dd746dd84a31ebf7f70d5b5d7c52)
(cherry picked from commit 5110476ee9010ba8cdca0e0f37f765f8800e9fe1)
(cherry picked from commit 77ba6be1dab4f6f3678d79a394da56e6447ebbe1)
(cherry picked from commit 9c8337b5c442cfd72d97597c2089e776f42828b7)
(cherry picked from commit 1d689eb686f0f7df09c7861b3faf9d8683cb933b)
(cherry picked from commit 511c519c875a4c4e65c02ef0c4e3b941f4da4371)
(cherry picked from commit 2f0b4a8f610837d34844bb79cda1360ab23b6b1c)
(cherry picked from commit fdd4da111c449322901a0acf6d0857eac4716581)

[FEAT] allow setting the update date on issues and comments (squash) do not use token= query param

See https://codeberg.org/forgejo/forgejo/commit/33439b733a

(cherry picked from commit c5139a75b9e4af612a628171bd4f63a24860c272)
(cherry picked from commit c7b572c35d3e9e22017fd74045bcdc1109bd06df)
(cherry picked from commit aec7503ff6dd177980f3d9f367122ffc2fec8986)
(cherry picked from commit 87c65f2a490faeccb85088fa0981dd50f7199eb8)
(cherry picked from commit bd47ee33c20e53ae616a7e53d63c3b51809585fb)
(cherry picked from commit f3dbd90a747c14fb1b5b4271db6c10abbf86d586)
2024-02-05 14:44:33 +01:00
Earl Warren c3985f05e8
[API] Forgejo API /api/forgejo/v1
(cherry picked from commit 20b56692693e054bb3c04b4ef12b29b0715b4530)
(cherry picked from commit 1574643a6a9634e5b92c033a4bfb69062a86bd05)

Update semantic version according to specification

(cherry picked from commit 22510f41306f9c133a7e99b61f9c38dabfd4b810)

Mise à jour de 'Makefile'

(cherry picked from commit c3d85d8409f1bb18a45659a167cf1ffee057f3b6)
(cherry picked from commit 5ea23098513c068444226af41faf9be9c4c998e6)
(cherry picked from commit ec5217b9d1b94bb04e34ce8c27eecbdc6f3a247a)
(cherry picked from commit 14f08e364b2ad7e3176b45d3ec8da5f5605b4315)
(cherry picked from commit b4465c67b8737aed9fd79a43046aa3795a298e68)

[API] [SEMVER] replace number with version

(cherry picked from commit fba48e64977a75e77c9c6cf8e3f8a679a5e7b733)
(cherry picked from commit 532ec5d8782703b62d7d02312764e50637cd016e)

[API] [SEMVER] [v1.20] less is replaced by css

(cherry picked from commit 01ca3a4f4291cf4c62df42cbd12a00638f3cdc70)
(cherry picked from commit 1d928c3ab2e1fda6082e1400d89ea96d6605ebaa)
(cherry picked from commit a39dc804cd1da86444ed709455857f069475e7db)

Conflicts:
	webpack.config.js
(cherry picked from commit adc68578b3eb41215338125edfca91804706f8a1)
(cherry picked from commit 9b8d98475fd7efcc15bf0d91b0af6ef3aff64508)
(cherry picked from commit 25161039745a63282257eded9616390241af8013)
(cherry picked from commit 18e6287963a0e1863cd08fd514a4e732a1904a68)
(cherry picked from commit e9694e67ab93ad74f7eae3152d88d95e8493e739)
(cherry picked from commit a9763edaf002c8009a2cca4115cb8b926f8cdc85)
(cherry picked from commit e2b550f4fba144f9637a212b56bfe30cac1adb3b)
(cherry picked from commit 2edac36701e8fa1ff67f87dccfa34cfc00ab66de)

[API] Forgejo API /api/forgejo/v1 (squash)

Update semver as v1.20 is entering release candidate mode

(cherry picked from commit 4995098ec3c6eee19a7ad7bc956b71c6e937c04c)
(cherry picked from commit 578ccfdd27d7a280050bdf61d497d07decf98f2f)
(cherry picked from commit 1bf6ac09520490f0a56b9b55d7836c2d8ea5d22c)
(cherry picked from commit 2fe16b2bfed62c0386d0bfe104f7dcc621d1c3be)
(cherry picked from commit 7cd9d027eec5a2b328d06a47f34545943560fe1b)
(cherry picked from commit eaed4be2ae88055a15dcc96564440c301a13ba8e)
(cherry picked from commit cc94f3115f844a0f16064e49e5eb719d33bc4441)
(cherry picked from commit d7a77e35ccfd2d0fc2ba98932296ab7354edd2db)
(cherry picked from commit cd8eb68ab7b3e2eaacf78d370c762f43cc19fd6a)
(cherry picked from commit 68487ac95f742837e7ff38df902834b6173cd9ab)
(cherry picked from commit 616dceb565456d6fac6f58b1c4de43e9d3254090)
(cherry picked from commit 545fe5975b47d2eab348a57b87c6fd4590f33442)
(cherry picked from commit c042cf8eda2dea805138bd64daa7fbe07865ed5a)
(cherry picked from commit ae5e5a7468aa66312055a26841f658574a9b0dd7)
(cherry picked from commit 8034ef5fa2648a127f8c84c572bec02a1ff6bb9f)
(cherry picked from commit aaf0293034468505449d33ab1483ae65b4175754)
(cherry picked from commit daafa8ce58e5e6077da585b13e5190856228a4a3)
(cherry picked from commit 7ca3681d3e2ed5ec1ae44364cba476d642e2b557)
(cherry picked from commit 39f72cba71ff3f9d2cbb05c88031b34933573a8c)
(cherry picked from commit 60a591713097384935ba0ac51a5cd4793f7544a8)
(cherry picked from commit 4853bd9e16bc8986ba8159349e93bc3093dc8ab9)

[API] Move forgejo api file (squash)

- Move the file to accommodate faa28b5a44

(cherry picked from commit bce89351d251bfa18c677b30bc7da80856d919fb)
(cherry picked from commit 11ae7f6e85395b287c6f4108c531aa1a81fd964c)
(cherry picked from commit 25e96cfcb28859406329090eb0c7990bea4e73eb)
(cherry picked from commit 6d8d19b39156a7f8b4db5022915590593df94f1f)
(cherry picked from commit 5afc5c454b7d70f95b83e6c3b4c9e2cb6e2d0ef5)
(cherry picked from commit 86d07b4c249211bdb77c0520f99f2c8e5d89b516)
(cherry picked from commit e54d869fdae44811faaa80f3757efbc93bf0bce4)
(cherry picked from commit ab31ef1bba3bc5188e0f3ce5e5fa33335877cf47)
(cherry picked from commit 511cbca2f3799646edf8eae00464b87f43ca280f)
(cherry picked from commit 333916fea874509063f9449f07d79e4cafbcf06f)
(cherry picked from commit 3802bcd7c9865b77151ef454c0bdc2ce32157a41)
(cherry picked from commit 5d0fa034f77388ed21735a22cf1a2a23562245c3)
(cherry picked from commit d15627aa0dfb4ffc2eb7ab0ce99b7c5b2bf06dcf)
(cherry picked from commit ba0b21b9305b6fecf23aeec213f1a95d96ce72fb)
(cherry picked from commit 39ade66aac7f8cccd980d1f435b92465a50be032)
2024-02-05 14:44:32 +01:00
Lunny Xiao 9bb1adf8ea
Move some repository transfer functions to service layer (#28855) 2024-02-05 06:17:23 +00:00
KN4CK3R f8b471ace1
Unify user update methods (#28733)
Fixes #28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api

This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.

After that PR is merged, the user creation should be next.
2024-02-04 13:29:09 +00:00
silverwind a6cea59514
Update tool dependencies (#29030) 2024-02-02 19:11:39 -05:00
ChristopherHX a9bc590d5d
Add artifacts v4 jwt to job message and accept it (#28885)
This change allows act_runner / actions_runner to use jwt tokens for
`ACTIONS_RUNTIME_TOKEN` that are compatible with
actions/upload-artifact@v4.

The official Artifact actions are now validating and extracting the jwt
claim scp to get the runid and jobid, the old artifact backend also
needs to accept the same token jwt.

---
Related to #28853

I'm not familar with the auth system, maybe you know how to improve this

I have tested
- the jwt token is a valid token for artifact uploading
- the jwt token can be parsed by actions/upload-artifact@v4 and passes
their scp claim validation

Next steps would be a new artifacts@v4 backend.

~~I'm linking the act_runner change soonish.~~
act_runner change to make the change effective and use jwt tokens
<https://gitea.com/gitea/act_runner/pulls/471>
2024-02-02 14:25:59 +00:00
Zettat123 adc3598a75
Fix an actions schedule bug (#28942)
In #28691, schedule plans will be deleted when a repo's actions unit is
disabled. But when the unit is enabled, the schedule plans won't be
created again.

This PR fixes the bug. The schedule plans will be created again when the
actions unit is re-enabled
2024-01-31 14:55:12 +00:00
Lunny Xiao 5f82ead13c
Simplify how git repositories are opened (#28937)
## Purpose
This is a refactor toward building an abstraction over managing git
repositories.
Afterwards, it does not matter anymore if they are stored on the local
disk or somewhere remote.

## What this PR changes
We used `git.OpenRepository` everywhere previously.
Now, we should split them into two distinct functions:

Firstly, there are temporary repositories which do not change:

```go
git.OpenRepository(ctx, diskPath)
```

Gitea managed repositories having a record in the database in the
`repository` table are moved into the new package `gitrepo`:

```go
gitrepo.OpenRepository(ctx, repo_model.Repo)
```

Why is `repo_model.Repository` the second parameter instead of file
path?
Because then we can easily adapt our repository storage strategy.
The repositories can be stored locally, however, they could just as well
be stored on a remote server.

## Further changes in other PRs
- A Git Command wrapper on package `gitrepo` could be created. i.e.
`NewCommand(ctx, repo_model.Repository, commands...)`. `git.RunOpts{Dir:
repo.RepoPath()}`, the directory should be empty before invoking this
method and it can be filled in the function only. #28940
- Remove the `RepoPath()`/`WikiPath()` functions to reduce the
possibility of mistakes.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-27 21:09:51 +01:00
Anthony Quéré 3084c990b0
fix: update enable_prune even if mirror_interval is not provided (#28905)
Currently, the `updateMirror` function which update the mirror interval
and enable prune properties is only executed by the `Edit` function. But
it is only triggered if `opts.MirrorInterval` is not null, even if
`opts.EnablePrune` is not null.

With this patch, it is now possible to update the enable_prune property
with a patch request without modifying the mirror_interval.

## Example request with httpie

### Currently:
**Does nothing**
```bash
http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" -A bearer -a $gitea_token
```

**Updates both properties**
```bash
http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" "mirror_interval=10m" -A bearer -a $gitea_token
```

### With the patch
**Updates enable_prune only**
```bash
http PATCH https://gitea.your-server/api/v1/repos/myOrg/myRepo "enable_prune:=false" -A bearer -a $gitea_token
```
2024-01-25 20:51:32 +08:00
JakobDev f3ba3e922d
Don't run push mirrors for archived repos (#27140)
Fixes https://codeberg.org/forgejo/forgejo/issues/612

At the moment push mirrors are still run if a repo is archived. This PR
fixes this.
2024-01-24 02:32:57 +00:00
KN4CK3R caad931385
Prevent anonymous container access if RequireSignInView is enabled (#28877)
Fixes #28875

If `RequireSignInView` is enabled, the ghost user has no access rights.
2024-01-21 16:31:29 +00:00
Adam Majer d68a613ba8
Add support for sha256 repositories (#23894)
Currently only SHA1 repositories are supported by Gitea. This adds
support for alternate SHA256 with the additional aim of easier support
for additional hash types in the future.

Fixes: #13794
Limited by: https://github.com/go-git/go-git/issues/899
Depend on: #28138

<img width="776" alt="图片" src="https://github.com/go-gitea/gitea/assets/81045/5448c9a7-608e-4341-a149-5dd0069c9447">

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2024-01-19 17:05:02 +01:00
KN4CK3R 461d8b53c2
Fix some RPM registry flaws (#28782)
Related #26984
(https://github.com/go-gitea/gitea/pull/26984#issuecomment-1889588912)

Fix admin cleanup message.
Fix models `Get` not respecting default values.
Rebuild RPM repository files after cleanup.
Do not add RPM group to package version name.
Force stable sorting of Alpine/Debian/RPM repository data.
Fix missing deferred `Close`.
Add tests for multiple RPM groups.
Removed non-cached `ReplaceAllStringRegex`.

If there are multiple groups available, it's stated in the package
installation screen:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/8f132760-882c-4ab8-9678-77e47dfc4415)
2024-01-19 11:37:10 +00:00
FuXiaoHei ad98ea63ee
Fix uploaded artifacts should be overwritten (#28726)
Fix `Uploaded artifacts should be overwritten`
https://github.com/go-gitea/gitea/issues/28549

When upload different content to uploaded artifact, it checks that
content size is not match in db record with previous artifact size, then
the new artifact is refused.

Now if it finds uploading content size is not matching db record when
receiving chunks, it updates db records to follow the latest size value.
2024-01-17 11:21:16 +08:00
Viktor Kuzmin 49eb168677
Retarget depending pulls when the parent branch is deleted (#28686)
Sometimes you need to work on a feature which depends on another (unmerged) feature.
In this case, you may create a PR based on that feature instead of the main branch.
Currently, such PRs will be closed without the possibility to reopen in case the parent feature is merged and its branch is deleted.
Automatic target branch change make life a lot easier in such cases.
Github and Bitbucket behave in such way.

Example:
$PR_1$: main <- feature1
$PR_2$: feature1 <- feature2

Currently, merging $PR_1$ and deleting its branch leads to $PR_2$ being closed without the possibility to reopen.
This is both annoying and loses the review history when you open a new PR.

With this change, $PR_2$ will change its target branch to main ($PR_2$: main <- feature2) after $PR_1$ has been merged and its branch has been deleted.

This behavior is enabled by default but can be disabled.
For security reasons, this target branch change will not be executed when merging PRs targeting another repo. 

Fixes #27062
Fixes #18408

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: delvh <dev.lh@web.de>
2024-01-17 01:44:56 +01:00
KN4CK3R 3793ec4d14
Fix GetCommitStatuses (#28787)
Fixes #28764.
2024-01-15 14:07:32 +00:00
Jimmy Praet 5d3fdd1212
Add branch protection setting for ignoring stale approvals (#28498)
Fixes #27114.

* In Gitea 1.12 (#9532), a "dismiss stale approvals" branch protection
setting was introduced, for ignoring stale reviews when verifying the
approval count of a pull request.
* In Gitea 1.14 (#12674), the "dismiss review" feature was added.
* This caused confusion with users (#25858), as "dismiss" now means 2
different things.
* In Gitea 1.20 (#25882), the behavior of the "dismiss stale approvals"
branch protection was modified to actually dismiss the stale review.

For some users this new behavior of dismissing the stale reviews is not
desirable.

So this PR reintroduces the old behavior as a new "ignore stale
approvals" branch protection setting.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-15 07:20:01 +00:00
yp05327 ce0225c1b8
Forbid removing the last admin user (#28337)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-15 06:51:43 +00:00
Lunny Xiao 70c4aad8e1
Move more functions to db.Find (#28419)
Following #28220

This PR move more functions to use `db.Find`.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-15 02:19:25 +00:00
Lunny Xiao 97292da960
Fix schedule tasks bugs (#28691)
Fix #28157 

This PR fix the possible bugs about actions schedule.

## The Changes

- Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to
service layer
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when actions unit has been disabled
or global disabled.
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when default branch changed.
2024-01-12 21:50:38 +00:00
Nanguan Lin 9b59af37e7
Fix issue dependencies (#27736)
Fix #27722 
Fix #27357
Fix #25837 
1. Fix the typo `BlockingByDependenciesNotPermitted`, which causes the
`not permitted message` not to show. The correct one is `Blocking` or
`BlockedBy`
2. Rewrite the perm check. The perm check uses a very tricky way to
avoid duplicate checks for a slice of issues, which is confusing. In
fact, it's also the reason causing the bug. It uses `lastRepoID` and
`lastPerm` to avoid duplicate checks, but forgets to assign the
`lastPerm` at the end of the code block. So I rewrote this to avoid this
trick.
![I U1AT{GNFY3
1HZ`6L{(2L](https://github.com/go-gitea/gitea/assets/70063547/79acd02a-a567-4316-ae0d-11c6461becf1)
3. It also reuses the `blocks` slice, which is even more confusing. So I
rewrote this too.

![UARFPXRGGZQFB7J$2`R}5_R](https://github.com/go-gitea/gitea/assets/70063547/f21cff0f-d9ac-4ce4-ae4d-adffc98ecd99)
2024-01-12 16:49:02 +00:00
Exploding Dragon ba4d0b8ffb
Support for grouping RPMs using paths (#26984)
The current rpm repository places all packages in the same repository,
and different systems (el7,f34) may hit packages that do not belong to
this distribution ( #25304 ) , which now supports grouping of rpm.

![图片](https://github.com/go-gitea/gitea/assets/33776693/d1e1d99f-7799-4b2b-a19b-cb2a5c692914)

Fixes #25304 .
Fixes #27056 .

Refactor: [#25866](https://github.com/go-gitea/gitea/pull/25866)
2024-01-12 03:16:05 +00:00
Jack Hay 7c2f093e85
Require token for GET subscription endpoint (#28765)
Fixes  #28756

## Changes
- Require and check API token for `GET
/repos/{owner}/{repo}/subscription` in order to populate `ctx.Doer`.
2024-01-12 01:57:58 +00:00
vincent f8a1bad883
Fix: system webhooks API bug (#28531)
- Fix the bug about admin/hooks API that `GET /admin/hooks` can only
fetch system_hooks, `POST /admin/hooks` can only create default_hooks.
2023-12-31 04:31:50 +00:00
Lunny Xiao baf0d402d9
Add get actions runner registration token for API routes, repo, org, user and global level (#27144)
Replace #23761

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-12-27 07:57:54 +00:00
delvh 778ad795fd
Refactor deletion (#28610)
Introduce the new generic deletion methods
- `func DeleteByID[T any](ctx context.Context, id int64) (int64, error)`
- `func DeleteByIDs[T any](ctx context.Context, ids ...int64) error`
- `func Delete[T any](ctx context.Context, opts FindOptions) (int64,
error)`

So, we no longer need any specific deletion method and can just use
the generic ones instead.

Replacement of #28450

Closes #28450

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-12-25 21:25:29 +01:00
wxiaoguang b41925cee3
Refactor CORS handler (#28587)
The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098
2023-12-25 20:13:18 +08:00
Jean-Baptiste Gomond d0f24ff4ca
Added instance-level variables (#28115)
This PR adds instance-level variables, and so closes #27726



![gitea_instance_variables_1](https://github.com/go-gitea/gitea/assets/8344487/ad409cd4-ce36-4c84-a764-34451b0fb63a)

![gitea_instance_variables_2](https://github.com/go-gitea/gitea/assets/8344487/426f0965-dec6-4560-948c-067cdeddd720)

![gitea_instance_variables_3](https://github.com/go-gitea/gitea/assets/8344487/cf1d7776-4938-4825-922e-cbbbf28a5f33)
2023-12-25 07:28:59 +00:00
FuXiaoHei fe5a616392
Fix merging artifact chunks error when minio storage basepath is set (#28555)
Related to  https://github.com/go-gitea/gitea/issues/28279

When merging artifact chunks, it lists chunks from storage. When storage
is minio, chunk's path contains `MINIO_BASE_PATH` that makes merging
break.

<del>So trim the `MINIO_BASE_PATH` when handle chunks.</del>

Update the chunk file's basename to retain necessary information. It
ensures that the directory in the chunk's path remains unaffected.
2023-12-21 07:04:50 +00:00
Lunny Xiao e7cb8da2a8
Always enable caches (#28527)
Nowadays, cache will be used on almost everywhere of Gitea and it cannot
be disabled, otherwise some features will become unaviable.

Then I think we can just remove the option for cache enable. That means
cache cannot be disabled.
But of course, we can still use cache configuration to set how should
Gitea use the cache.
2023-12-19 09:29:05 +00:00
Lunny Xiao 4eb2a29910
Improve ObjectFormat interface (#28496)
The 4 functions are duplicated, especially as interface methods. I think
we just need to keep `MustID` the only one and remove other 3.

```
MustID(b []byte) ObjectID
MustIDFromString(s string) ObjectID
NewID(b []byte) (ObjectID, error)
NewIDFromString(s string) (ObjectID, error)
```

Introduced the new interfrace method `ComputeHash` which will replace
the interface `HasherInterface`. Now we don't need to keep two
interfaces.

Reintroduced `git.NewIDFromString` and `git.MustIDFromString`. The new
function will detect the hash length to decide which objectformat of it.
If it's 40, then it's SHA1. If it's 64, then it's SHA256. This will be
right if the commitID is a full one. So the parameter should be always a
full commit id.

@AdamMajer Please review.
2023-12-19 07:20:47 +00:00
Bo-Yi Wu 14ffdf6173
chore(api): support ignore password if login source type is LDAP for creating user API (#28491)
- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-19 02:32:45 +00:00
Lunny Xiao 408a484224
Adjust object format interface (#28469)
- Remove `ObjectFormatID`
- Remove function `ObjectFormatFromID`.
- Use `Sha1ObjectFormat` directly but not a pointer because it's an
empty struct.
- Store `ObjectFormatName` in `repository` struct
2023-12-17 11:56:08 +00:00
Adam Majer cbf923e87b
Abstract hash function usage (#28138)
Refactor Hash interfaces and centralize hash function. This will allow
easier introduction of different hash function later on.

This forms the "no-op" part of the SHA256 enablement patch.
2023-12-13 21:02:00 +00:00
KN4CK3R 064f05204c
Add endpoint for not implemented Docker auth (#28457)
Recently Docker started to use the optional `POST /v2/token` endpoint
which should respond with a `404 Not Found` status code instead of the
current `405 Method Not Allowed`.

> Note: Not all token servers implement oauth2. If the request to the
endpoint returns 404 using the HTTP POST method, refer to Token
Documentation for using the HTTP GET method supported by all token
servers.
2023-12-13 15:23:53 -05:00
Lunny Xiao 717d0f5934
Do some missing checks (#28423) 2023-12-12 05:01:17 +00:00
Jack Hay 4e879fed90
Deprecate query string auth tokens (#28390)
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 03:48:53 +00:00
Lunny Xiao 537fa69962
Second part of refactor db.Find (#28194)
Continue of #27798 and move more functions to `db.Find` and `db.Count`.
2023-12-11 16:56:48 +08:00
Lunny Xiao aeb383025f
Also sync DB branches on push if necessary (#28361)
Fix #28056 

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.
2023-12-09 13:30:56 +00:00
KN4CK3R a95d5b7702
Add HEAD support for rpm repo files (#28309)
Fixes https://codeberg.org/forgejo/forgejo/issues/1810

zypper uses HEAD requests to check file existence.

https://github.com/openSUSE/libzypp/blob/HEAD/zypp/RepoManager.cc#L2549

https://github.com/openSUSE/libzypp/blob/HEAD/zypp-curl/ng/network/private/downloaderstates/basicdownloader_p.cc#L116

@ExplodingDragon fyi
2023-12-05 08:01:02 +00:00
Nanguan Lin 0aab2d38a7
Remove deprecated query condition in ListReleases (#28339)
close #24057 
call stack: 

25faee3c5f/routers/api/v1/repo/release.go (L154)

ec1feedbf5/routers/api/v1/utils/page.go (L13-L18)

ec1feedbf5/services/convert/utils.go (L15-L22)

## ⚠️ Breaking   ⚠️ (though it's not caused by this PR)
Do not use `per_page` to specify pagination; use `limit` instead
2023-12-05 07:30:43 +00:00
Lunny Xiao 882e502327
Fix comment permissions (#28213)
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
2023-11-25 17:21:21 +00:00
Lunny Xiao df1e7d0067
Use db.Find instead of writing methods for every object (#28084)
For those simple objects, it's unnecessary to write the find and count
methods again and again.
2023-11-24 03:49:41 +00:00
yp05327 4d0eba8e0a
Fix swagger title (#28164)
![image](https://github.com/go-gitea/gitea/assets/18380374/380859b2-a643-42fd-b53e-78c93c05c826)
Don't know why there's a `.` behind. 🤔
2023-11-22 08:09:19 +00:00
Earl Warren 340055ab6c
Enable system users search via the API (#28013)
Refs: https://codeberg.org/forgejo/forgejo/issues/1403

(cherry picked from commit dd4d17c159eaf8b642aa9e6105b0532e25972bb7)
2023-11-13 15:31:38 +01:00
KN4CK3R 4f4fea734c
Unify two factor check (#27915)
Fixes #27819

We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.
2023-11-06 08:22:39 +00:00
FuXiaoHei ec0c6829d4
Fix/upload artifact error windows (#27802)
From issue https://github.com/go-gitea/gitea/issues/27314

When act_runner in `host` mode on Windows. `upload_artifact@v3` actions
use `path.join` to generate `itemPath` params when uploading artifact
chunk. `itemPath` is encoded as `${artifact_name}\${artifact_path}`.

<del>It's twice query escaped from ${artifact_name}/${artifact_path}
that joined by Windows slash \.</del>

**So we need convert Windows slash to linux**.

In https://github.com/go-gitea/gitea/issues/27314, runner shows logs
from `upload_artifact@v3` like with `%255C`:

```
[artifact-cases/test-artifact-cases]   | ::error::Unexpected response. Unable to upload chunk to http://192.168.31.230:3000/api/actions_pipeline/_apis/pipelines/workflows/6/artifacts/34d628a422db9367c869d3fb36be81f5/upload?itemPath=more-files%255Css.json
```

But in gitea server at the same time, But shows `%5C`

```
2023/10/27 19:29:51 ...eb/routing/logger.go:102:func1() [I] router: completed PUT /api/actions_pipeline/_apis/pipelines/workflows/6/artifacts/34d628a422db9367c869d3fb36be81f5/upload?itemPath=more-files%5Css.json for 192.168.31.230:55340, 400 Bad Request in 17.6ms @ <autogenerated>:1(actions.artifactRoutes.uploadArtifact-fm)
```

I found `%255C` is escaped by
`https://github.com/actions/upload-artifact/blob/main/dist/index.js#L2329`.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-30 10:40:05 +00:00
Jean-Baptiste Gomond 641e8165c7
Fix bad method call when deleting user secrets via API (#27829)
Fixed a little mistake when you deleting user secrets via the API. Found
it when working on #27725.
It should be backported to 1.21 I think.
2023-10-29 13:19:57 +01:00
merlleu 796ff26e0e
Do not force creation of _cargo-index repo on publish (#27266)
Hello there,
Cargo Index over HTTP is now prefered over git for package updates: we
should not force users who do not need the GIT repo to have the repo
created/updated on each publish (it can still be created in the packages
settings).

The current behavior when publishing is to check if the repo exist and
create it on the fly if not, then update it's content.
Cargo HTTP Index does not rely on the repo itself so this will be
useless for everyone not using the git protocol for cargo registry.

This PR only disable the creation on the fly of the repo when publishing
a crate.

This is linked to #26844 (error 500 when trying to publish a crate if
user is missing write access to the repo) because it's now optional.

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-24 03:26:38 +00:00
silverwind ce83609ff6
Upgrade to golangci-lint@v1.55.0 (#27756)
https://github.com/golangci/golangci-lint/releases/tag/v1.55.0
2023-10-24 02:54:59 +00:00
Nanguan Lin 1859bbbf91
Fix org team endpoint (#27721)
Fix #27711
2023-10-22 01:40:59 +02:00
JakobDev 3dc0c962bf
Delete repos of org when purge delete user (#27273)
Fixes https://codeberg.org/forgejo/forgejo/issues/1514

I had to remove `RenameOrganization` to avoid circular import.

We should really add some foreign keys to the database.
2023-10-19 13:16:11 +00:00
Lunny Xiao 9852c92e9a
Remove unnecessary parameter (#27671) 2023-10-18 15:03:10 +00:00
Lunny Xiao cddf245c12
Replace more db.DefaultContext (#27628)
Target #27065
2023-10-15 17:46:06 +02:00
JakobDev 76a85a4ce9
Final round of db.DefaultContext refactor (#27587)
Last part of #27065
2023-10-14 08:37:24 +00:00
Evan Tobin ae419fa494
Fix permissions for Token DELETE endpoint to match GET and POST (#27610)
Fixes #27598

In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds unit tests
2023-10-14 08:04:44 +00:00
JakobDev ebe803e514
Penultimate round of db.DefaultContext refactor (#27414)
Part of #27065

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-11 04:24:07 +00:00
Nanguan Lin 5b6258a0b9
Fix the wrong HTTP response status code for duplicate packages (#27480)
fix #27470 
(hope there is nothing missing 😢 )

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-10 15:39:58 +02:00
Michael Santos 5283ce9650
api: GetPullRequestCommits: return file list (#27483)
Fixes https://github.com/go-gitea/gitea/issues/27481

----

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-09 11:22:12 +00:00
JakobDev f2b2608a86
Don't let API add 2 exclusive labels from same scope (#27433)
Fixes #27380
2023-10-05 03:37:36 +00:00
JakobDev cc5df26680
Even more db.DefaultContext refactor (#27352)
Part of #27065

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
2023-10-03 10:30:41 +00:00
JakobDev cf0df023be
More db.DefaultContext refactor (#27265)
Part of #27065

This PR touches functions used in templates. As templates are not static
typed, errors are harder to find, but I hope I catch it all. I think
some tests from other persons do not hurt.
2023-09-29 12:12:54 +00:00
Lunny Xiao 673cf6af76
make writing main test easier (#27270)
This PR removed `unittest.MainTest` the second parameter
`TestOptions.GiteaRoot`. Now it detects the root directory by current
working directory.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-28 01:38:53 +00:00
Lunny Xiao 3b2da7e4ae
Redefine the meaning of column is_active to make Actions Registration Token generation easier (#27143)
Partially Fix #25041

This PR redefined the meaning of column `is_active` in table
`action_runner_token`.
Before this PR, `is_active` means whether it has been used by any
runner. If it's true, other runner cannot use it to register again.

In this PR, `is_active` means whether it's validated to be used to
register runner. And if it's true, then it can be used to register
runners until it become false. When creating a new `is_active` register
token, any previous tokens will be set `is_active` to false.
2023-09-27 05:37:48 +00:00
JakobDev 7047df36d4
Another round of db.DefaultContext refactor (#27103)
Part of #27065

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-09-25 13:17:37 +00:00
JakobDev 28f9b313ba
Updates to the API for archived repos (#27149) 2023-09-21 23:43:29 +00:00
Dionysios Kakouris e46274b5b4
Fix organization field being null in POST /orgs/{orgid}/teams (#27150)
Similarly to the fix in https://github.com/go-gitea/gitea/pull/24694,
this addresses the team creation not returning the organization
information in the response.

This fix is connected to the
[issue](https://gitea.com/gitea/terraform-provider-gitea/issues/27)
discovered in the terraform provider.
Moreover, the
[documentation](https://docs.gitea.com/api/1.20/#tag/organization/operation/orgCreateTeam)
suggests that the response body should include the `organization` field
(currently being `null`).
2023-09-21 08:09:59 +00:00
CaiCandong f93ee5937b
Fix token endpoints ignore specified account (#27080)
Fix #26234
close #26323
close #27040

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-09-18 00:21:15 +00:00
wxiaoguang 8531ca0837
Make SSPI auth mockable (#27036)
Before, the SSPI auth is only complied for Windows, it's difficult to
test and it breaks a lot.

Now, make the SSPI auth mockable and testable.
2023-09-17 23:32:56 +00:00
KN4CK3R c766140dad
Add RemoteAddress to mirrors (#26952)
This PR adds a new field `RemoteAddress` to both mirror types which
contains the sanitized remote address for easier (database) access to
that information. Will be used in the audit PR if merged.
2023-09-16 16:03:02 +00:00
JakobDev f91dbbba98
Next round of db.DefaultContext refactor (#27089)
Part of #27065
2023-09-16 14:39:12 +00:00
KN4CK3R d513628db9
Allow empty Conan files (#27092)
Fixes #27090

Looks like the Conan upload process has changed since last year. The
empty uploads don't occur anymore.
2023-09-15 23:14:36 +00:00
JakobDev c548dde205
More refactoring of db.DefaultContext (#27083)
Next step of #27065
2023-09-15 06:13:19 +00:00
JakobDev 76659b1114
Reduce usage of db.DefaultContext (#27073)
Part of #27065

This reduces the usage of `db.DefaultContext`. I think I've got enough
files for the first PR. When this is merged, I will continue working on
this.

Considering how many files this PR affect, I hope it won't take to long
to merge, so I don't end up in the merge conflict hell.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-14 17:09:32 +00:00
JakobDev aaeec2a392
Add missing 404 response to Swagger (#27038)
Most middleware throw a 404 in case something is not found e.g. a Repo
that is not existing. But most API endpoints don't include the 404
response in their documentation. This PR changes this.
2023-09-13 10:37:54 +08:00
KN4CK3R 591f586bf1
Extract auth middleware from service (#27028)
Related #27027

Extract the router logic from `services/auth/middleware.go` into
`routers/web` <-> `routers/common` <-> `routers/api`.
2023-09-12 08:15:16 +02:00
Lunny Xiao e3ed67859a
Move some functions to service layer (#26969) 2023-09-08 21:09:23 +00:00
Lunny Xiao 9c0a3532a4
Add a new column schedule_id for action_run to track (#26975)
Fix #26971 

And the UI now will display it's scheduled but not triggered by a push.

<img width="954" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/d211845c-457e-4c3e-af1f-a0d654d3f365">
2023-09-08 23:01:19 +08:00
Lunny Xiao 4f32abaf94
move repository deletion to service layer (#26948)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-08 04:51:15 +00:00
CaiCandong a78c2eae24
Replace util.SliceXxx with slices.Xxx (#26958) 2023-09-07 09:37:47 +00:00
Lunny Xiao e97e883ad5
Add reverseproxy auth for API back with default disabled (#26703)
This feature was removed by #22219 to avoid possible CSRF attack.

This PR takes reverseproxy auth for API back but with default disabled.

To prevent possbile CSRF attack, the responsibility will be the
reverseproxy but not Gitea itself.

For those want to enable this `ENABLE_REVERSE_PROXY_AUTHENTICATION_API`,
they should know what they are doing.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-09-07 08:31:46 +00:00
Lunny Xiao b9df9fa2e2
Move createrepository from module to service layer (#26927)
Repository creation depends on many models, so moving it to service
layer is better.
2023-09-06 12:08:51 +00:00
FuXiaoHei 460a2b0edf
Artifacts retention and auto clean up (#26131)
Currently, Artifact does not have an expiration and automatic cleanup
mechanism, and this feature needs to be added. It contains the following
key points:

- [x] add global artifact retention days option in config file. Default
value is 90 days.
- [x] add cron task to clean up expired artifacts. It should run once a
day.
- [x] support custom retention period from `retention-days: 5` in
`upload-artifact@v3`.
- [x] artifacts link in actions view should be non-clickable text when
expired.
2023-09-06 07:41:06 +00:00
Lunny Xiao 540bf9fa6d
Move notification interface to services layer (#26915)
Extract from #22266
2023-09-05 18:37:47 +00:00
KN4CK3R 0eebeeec90
Remove Named interface (#26913)
`Named` is implemented by every `Method` and future implementations
should implement the method too.
2023-09-05 15:58:30 +00:00
KN4CK3R a99b96cbcd
Refactor secrets modification logic (#26873)
- Share code between web and api
- Add some tests
2023-09-05 15:21:02 +00:00
JakobDev e9f5067653
Add missing reqToken() to notifications endpoints (#26914)
They currently throw a Internal Server Error when you use them without a
token. Now they correctly return a `token is required` error.

This is no security issue. If you use this endpoints with a token that
don't have the correct permission, you get the correct error. This is
not affected by this PR.
2023-09-05 14:43:34 +00:00
Bo-Yi Wu f79f6a26ae
feat(API): add routes and functions for managing user's secrets (#26909)
- Add routes for creating or updating a user's actions secrets in
`routers/api/v1/api.go`
- Add a new file `routers/api/v1/user/action.go` with functions for
creating or updating a user's secrets and deleting a user's secret
- Modify the `templates/swagger/v1_json.tmpl` file to include the routes
for creating or updating a user's secrets and deleting a user's secret

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-09-05 14:02:50 +00:00
Zettat123 04771b5ff7
Allow users with write permissions for issues to add attachments with API (#26837)
Fixes #24944

Since a user with write permissions for issues can add attachments to an
issue via the the web interface, the user should also be able to add
attachments via the API
2023-09-01 15:35:38 +00:00