Commit graph

17407 commits

Author SHA1 Message Date
Gergely Nagy 2924fcf814
[GITEA] services: Gracefully handle missing branches
services: in loadOneBranch, return if CountDivergingCommits fail

If we can't count the number of diverging commits for one reason or
another (such as the branch being in the database, but missing from
disk), rather than logging an error and continuing into a crash (because
`divergence` will be nil), return an error instead.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 8266105f24eb76b1dfb4c79d9bfde2ef9a98417a)

services: Gracefully handle missing branches

When loading branches, if loading one fails, log an error, and ignore
the branch, rather than returning and causing an internal server error.

Ideally, we would only ignore the error if it was caused by a missing
branch, and do it silently, like the respective API endpoint does.
However, veryfing that at this place is not very practical, so for the
time being, ignore any and all branch loading errors.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e552a8fd629b11503569f605c824c1c0b01eeab2)

tests: Add a testcase for missing branches

This tests the scenario reported in Codeberg/Community#1408: a branch
that is recorded in the database, but missing on disk was causing
internal server errors. With recent changes, that is no longer the case,
the error is logged and then ignored.

This test case tests this behaviour, that the repo's branches page on
the web UI functions even if the git branch is missing.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e20eb7b3853e25ab29d4ca63b015517b44e4954f)

tests: More testing in TestDatabaseMissingABranch

In the `TestDatabaseMissingABranch` testcase, make sure that the
branches are in sync between the db and git before deleting a branch via
git, then compare the branch count from the web UI, making sure that it
returns an out-of-sync value first, and the correct one after another
sync.

This is currently tested by scraping the UI, and relies on the fact that
the branch counter is out of date before syncing. If that issue gets
resolved, we'll have to adjust the test to verify the sync another way.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 8c2ccfcecec6182dd80d463f58223acbf16b039b)
(cherry picked from commit 439fadf5635c47c2a1be9cc83614b60f76ac05d0)
(cherry picked from commit 44dd80552ca63c6d22f4a139a0297486f1a2e655)
(cherry picked from commit 37b91fe6f2f05feee0f8db8f44c3eaf1ff060af9)
2024-02-05 16:09:42 +01:00
Gusted 2cfcd266b4
[GITEA] Fix panic in canSoftDeleteContentHistory
- It's possible that `canSoftDeleteContentHistory` is called without
`ctx.Doer` being set, such as an anonymous user requesting the
`/content-history/detail` endpoint.
- Add a simple condition to always set to `canSoftDelete` to false if an
anonymous user is requesting this, this avoids a panic in the code that
assumes `ctx.Doer` is set.
- Added integration testing.

(cherry picked from commit 0b5db0dcc608e9a9e79ead094a20a7775c4f9559)
(cherry picked from commit 30d168bcc867387f3c94582a4668cce62f77c171)
(cherry picked from commit 19be82b7ef11fe6e0656434dcc69c9ff2f24c702)
(cherry picked from commit 334b703b17a3fbb02e5ad20aea7241a909eb1f13)
2024-02-05 16:09:42 +01:00
Earl Warren 603a44edf0
[GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments
Refs: https://codeberg.org/forgejo/forgejo/issues/2109
(cherry picked from commit 8b4ba3dce7fc99fa328444ef27383dccca49c237)
(cherry picked from commit 196edea0f972a9a027c4cacb9df36330cf676d2f)

[GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments (squash) do not implicitly create a review

If a comment already exists in a review, the comment is added. If it
is the first comment added to a review, it will implicitly create a
new review instead of adding to the existing one.

The pull_service.CreateCodeComment function is responsibe for this
behavior and it will defer to createCodeComment once the review is
determined, either because it was found or because it was created.

Rename createCodeComment into CreateCodeCommentKnownReviewID to expose
it and change the API endpoint to use it instead. Since the review is
provided by the user and verified to exist already, there is no need
for the logic implemented by CreateCodeComment.

The tests are modified to remove the initial comment from the fixture
because it was creating the false positive. I was verified to fail
without this fix.

(cherry picked from commit 6a555996dca6ba71c65818e14ab0eeafa1af6dc2)
(cherry picked from commit b173a0ccee6cc0dadf40ec55e5d88987314c1cc4)
(cherry picked from commit 838ab9740a6b022676103bcb3a7d168b501006e1)
2024-02-05 16:09:42 +01:00
Gusted 91b5aa0e5f
[GITEA] Improve 404 screen on mobile
- Remove `container` to remove unnecessary margins being added to the
whole page.
- Specify max width for the 404 image to avoid overflow of the image.

(cherry picked from commit b1ced72ce50af987a6c77149705402eedee02eae)
(cherry picked from commit ef5e1b01b82155b4f38e6ead718ae2889b78c701)
(cherry picked from commit c321af3d5f210474548fadbe907c8144284132bb)
(cherry picked from commit d6e99436b580af251f15627ddde8e0d3b972db3d)
2024-02-05 16:09:42 +01:00
Gergely Nagy 639b428cf4
[FEAT] API support for repository flags
Expose the repository flags feature over the API, so the flags can be
managed by a site administrator without using the web API.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit bac9f0225d47e159afa90e5bbea9562cbc860dae)
(cherry picked from commit e7f5c1ba141ac7f8c7834b5048d0ffd3ce50900b)
(cherry picked from commit 95d9fe19cf3ed5787855ac2a442d29104498aa36)
(cherry picked from commit 7fc51991e405ea8d44fd6b4b4de13ad65da63ae7)
2024-02-05 16:09:42 +01:00
Gergely Nagy 36f7c162e2
[FEAT] Repository flags
This implements "repository flags", a way for instance administrators to
assign custom flags to repositories. The idea is that custom templates
can look at these flags, and display banners based on them, Forgejo does
not provide anything built on top of it, just the foundation. The
feature is optional, and disabled by default. To enable it, set
`[repository].ENABLE_FLAGS = true`.

On the UI side, instance administrators will see a new "Manage flags"
tab on repositories, and a list of enabled tags (if any) on the
repository home page. The "Manage flags" page allows them to remove
existing flags, or add any new ones that are listed in
`[repository].SETTABLE_FLAGS`.

The model does not enforce that only the `SETTABLE_FLAGS` are present.
If the setting is changed, old flags may remain present in the database,
and anything that uses them, will still work. The repository flag
management page will allow an instance administrator to remove them, but
not set them, once removed.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ba735ce2228f8dd7ca105e94b9baa1be058ebe37)
(cherry picked from commit f09f6e029b4fb2714b86cd32dc19255078ecc0ee)
(cherry picked from commit 2f8b0414892f6099f519bda63a9e0fbc8ba6cfc7)
(cherry picked from commit d3186ee5f41fac896c7d2341402fcd39dd250bf1)
2024-02-05 16:09:42 +01:00
Gergely Nagy 9809f96a4a
[GITEA] Disable the RSS feed in file view for non-branches
Files can have an RSS feed, but those only make sense when taken in the
context of a branch. There is no history to make a feed of on a tag or a
commit: they're static. Forgejo does not provide a feed for them for
this reason.

However, the file view on the web UI was offering a link to these
non-existent feeds. With this patch, it does that no longer, and only
provides a link when viewing the file in the context of a branch.

Fixes #2102.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 4b48d21ea7459539dfb1ca5cadd6f9cb99e65fc7)
(cherry picked from commit 70cb2667603bcdb9a8c9bb20c482877ab3f6de39)
(cherry picked from commit 69b45c3feaf92454853ef9b02c9d75092780dabf)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 639a2c07411e6c606dfb81f695fddbad73dca3da)
2024-02-05 16:09:42 +01:00
Earl Warren 2e172b3c9c
[GITEA] add option for banning dots in usernames (squash) set in test
(cherry picked from commit b005b586c354119d2b6aaf6e4c18eb3f1ddfb615)
(cherry picked from commit 0077b2661e7e5be7b2e3772113abeb401f4085d5)
(cherry picked from commit c4589d1fce5eac383dd8530427140183a7aeff46)
(cherry picked from commit a7f9ff982c0c14e9484561e194d4fa7c5d80a76b)
2024-02-05 16:09:42 +01:00
Gergely Nagy e019eb33a2
[GITEA] Find README.md for user profiles case insensitively
When trying to find a `README.md` in a `.profile` repo, do so case
insensitively. This change does not make it possible to render readmes
in formats other than Markdown, it just removes the hard-coded
"README.md".

Also adds a few tests to make sure the change works.

Fixes #1494.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit edd219d8e9d69becb9814ab0a8359555e80fcd4f)
(cherry picked from commit 2c0105ef17b9673e6892a66aa689af7c5c87b8a1)
(cherry picked from commit 3975a9f3aaf8ed3ceb5788abc325dbe8e89225d3)
(cherry picked from commit dee4a18423151ac7f22221e6fce12d863921c200)
(cherry picked from commit 60aee6370fb15b12fffc6f29582dd4a235f87d94)
2024-02-05 16:09:42 +01:00
Gusted 159dc74ceb
[GITEA] Check for Commit in opengraph
- It's possible that `PageIsDiff` is set but not `Commit` resulting in a
NPE in the template. This can happen when the requested commit doesn't exist.
- Regression of c802c46a9b &
5743d7cb5b
- Added 'hacky' integration test.

(cherry picked from commit 8db2d5e4a76f05b34e4f889e7a00ecd6578d3639)
(cherry picked from commit 8c737a802bcae54195f1bb15bb0b8aca824ef395)
(cherry picked from commit 6b7c7d18dcdcfa135ff2657fbac8ce157eaf0dfa)
(cherry picked from commit a2be4fab27b98b2932486f2b03635b044742f964)
(cherry picked from commit a1125268aca2796d08e02b7a36bfb36172917b38)
2024-02-05 16:09:42 +01:00
Gergely Nagy f90b802634
[GITEA] Add support for shields.io-based badges
Adds a new `/{username}/{repo}/badges` family of routes, which redirect
to various shields.io badges. The goal is to not reimplement badge
generation, and delegate it to shields.io (or a similar service), which
are already used by many. This way, we get all the goodies that come
with it: different styles, colors, logos, you name it.

So these routes are just thin wrappers around shields.io that make it
easier to display the information we want. The URL is configurable via
`app.ini`, and is templatable, allowing to use alternative badge
generator services with slightly different URL patterns.

Additionally, for compatibility with GitHub, there's an
`/{username}/{repo}/actions/workflows/{workflow_file}/badge.svg` route
that works much the same way as on GitHub. Change the hostname in the
URL, and done.

Fixes gitea#5633, gitea#23688, and also fixes #126.

Work sponsored by Codeberg e.V.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit fcd0f61212d8febd4bdfc27e61a4e13cbdd16d49)
(cherry picked from commit 20d14f784490a880c51ca0f0a6a5988a01887635)
(cherry picked from commit 4359741431bb39de4cf24de8b0cfb513f5233f55)
(cherry picked from commit 35cff45eb86177e750cd22e82a201880a5efe045)
(cherry picked from commit 2fc0d0b8a302d24177a00ab48b42ce083b52e506)
2024-02-05 16:09:42 +01:00
Gergely Nagy 92f41d11dd
[GITEA] repo: Don't redirect the repo to external units
When displaying the repo home view, do not redirect to unit types that
can't be defaults (which, at the moment, are the external wiki and issue
tracker unit types).

If we'd redirect to those, that would mean that a repository with the
Code unit disabled, and an external issue tracker would immediately
redirect to the external issue tracker, making it harder to reach other,
non-external units of the repo.

Fixes #1965.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 44078e546022e25f5c805ef047fbc3b7c6075ec0)
(cherry picked from commit 1868dec2e4c2ba8e6807336e6dabd83e6138bcac)
(cherry picked from commit c3a8e9887092c8c089462a1cdb22a404aa11beb6)
(cherry picked from commit 9266b1916f1577075b0bf2ff14c7412cbd7cae43)
(cherry picked from commit 8fa5ff65af91c33df692a52457fe65e71c4bc3c1)
2024-02-05 16:09:42 +01:00
Gusted abfc169fc8
[GITEA] Remove redundant syncBranchToDB
- The transaction in combination with Git push was causing deadlocks if
you had the `push_update` queue set to `immediate`. This was the root
cause of slow integration tests in CI.
- Remove the sync branch code as this is already being done in the Git
post-receive hook.
- Add tests to proof the branch models are in sync even with this code
removed.

(cherry picked from commit 90110e1f44a40837a6ef5b3979a6ed96bfd614be)
(cherry picked from commit a064065cb9a6e39597e38c37a405d066cfabf7f7)
(cherry picked from commit 7713e558eb6419a3a7d3f2d1beaa8062899490c8)

Conflicts:
	services/repository/branch.go
	https://codeberg.org/forgejo/forgejo/pulls/2068
(cherry picked from commit 3bb73e0813b46fd8b518a46d7499ee1c525bc434)
(cherry picked from commit c557540926826e82a118a085c3b510e072157cfe)
(cherry picked from commit 986be6171a3a34ebab60e757dafeee2e254765a1)
(cherry picked from commit 7a343877f1051773e21e9af7bfff26ad03d43f08)
(cherry picked from commit 51425500f2c44d5ef4deb7a4fe7909645e0fb569)
2024-02-05 16:09:42 +01:00
Gergely Nagy 1d8bca07f3
[GITEA] Configurable clone methods
Adds `[repository].DOWNLOAD_OR_CLONE_METHODS` (defaulting to
"download-zip,download-targz,download-bundle,vscode-clone"), which lets
an instance administrator override the additional clone methods
displayed on the repository home view.

This is purely display-only, the clone methods not listed here are still
available, unless disabled elsewhere. They're just not displayed.

Fixes #710.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 2aadcf4946e48ee43800568fe705d00a062c42bf)
(cherry picked from commit 42ac34fbf9105eed27ee687b305a85515270f0cc)
(cherry picked from commit bd231b02450212aca6be775663c3d24ddf19f990)
(cherry picked from commit 3d3366dbbee37621fc665e557a4a87bf08104375)
(cherry picked from commit 0157fb9b88fd50832c07b06c11c8dba6e059a465)
(cherry picked from commit bee88f6a8309c6f9aeba1522383d77f08e5a4d2d)
2024-02-05 16:09:42 +01:00
Gusted 1bae2430c0
[GITEA] Fix NPE in ToPullReviewList
- Add condition to ensure doer isn't nil when using it.
- Added unit test.
- Resolves #2055

(cherry picked from commit 8f1a74fb2944c2a1cf3824c2c6f233d6df2df593)
(cherry picked from commit 60ac881776c750bc25e1d142e201e78e48e3ac23)
(cherry picked from commit 5fdc461ac53ec486e609ad6ac40cde8e701c0fb8)
(cherry picked from commit 70623e8da1eb6c7e13a3cef04f1db9d479ffd7a4)
(cherry picked from commit 1d5153aaf69bdd114800ebc2a1268896f8dc3ff4)
(cherry picked from commit 3927f0c8b2c67733303005ebad08fb6835b22e36)
2024-02-05 16:09:42 +01:00
Antonin Delpeuch f3b298133e
[GITEA] pulls: "Edit File" button in "Files Changed" tab
Closes #1894.
Gitea issue: https://github.com/go-gitea/gitea/issues/23848

(cherry picked from commit 79c75164ca70937261b1d9a68420ebfdbdcfa4d4)
(cherry picked from commit 58c76aad8f624d7701e3fa6c12264328962cdf58)
(cherry picked from commit 5bdb3c6c53527da23ba76a8289ca6a81c6fcecdf)
(cherry picked from commit 94e954ce2248f14082f0c3071cc076c118c4a791)
(cherry picked from commit 1388e7c7bef7a34018b993c24b34e053849eb93a)
(cherry picked from commit 6a234abff532bfc8806e0cccf8c2d1d8c3e90c24)
2024-02-05 16:09:42 +01:00
Gusted 5c0894a588
[GITEA] Avoid WHERE IN for comment migration query
- Rewrite `UpdateCommentsMigrationsByType` to not use `WHERE IN` as
that's a performance diaster for MariaDB, it now use batching to query
the the relevant comment IDs via JOINs (which is not possible in a
UPDATE query for SQLite) and then update them in a seperate query.
- Add unit test.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1856

(cherry picked from commit 8098ca9d2e391b17e5e3da5cfa5af042221bfe36)

Conflicts:
	models/issues/comment.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit ca65deba1cc183ce1643ee6a1f698c5ecb2ac571)
(cherry picked from commit 0e1e09e77dd1bc82b1eae02147fddca1d9954469)
(cherry picked from commit 19013ba5eac756044e6307abee6fb5d6709c855d)
(cherry picked from commit 23c887f97eeb08ee2a318b28878edb488428f98d)
(cherry picked from commit b3321d1a847373acba5b1f620191edc38a69ccbe)
2024-02-05 16:09:42 +01:00
Gusted be6416e990
[GITEA] Fix /issues/search endpoint
- The endpoint was moved from being an API endpoint to an web endpoint
with JSON result. However the API context isn't the same as the web
context, for example the `ctx.Error` only takes in the first two
arguments into consideration and doesn't do logging, which is not the
same behavior as the API context where there's three arguments and does
do logging and only reveal the function + error if the user is admin.
- Remove any details in the error message and do the logging seperatly,
this is somewhat consistent with how other API endpoints behave.
- Ref: https://codeberg.org/forgejo/forgejo/issues/1998

(cherry picked from commit fe71e32ace98461398cffe55f99ad31dc1be0b4e)
(cherry picked from commit c89e0735fab6b3994ff1769afafb012d1147972f)
(cherry picked from commit 4c04dcfc59c1a23b990f9a81c73de7cbfd95d1e3)
(cherry picked from commit 66eae1041c3b6bd4f15bbbaf552678313bcae835)
(cherry picked from commit 7b70fa9392cc03121c798407363712d6e5dde536)
(cherry picked from commit abf64ca0e3fd3159890c6e418ec4eab5284f26b5)
2024-02-05 16:09:42 +01:00
Gergely Nagy 5eeccecafc
[GITEA] Optionally allow anyone to edit Wikis
This is largely based on gitea#6312 by @ashimokawa, with updates and
fixes by myself, and incorporates the review feedback given in that pull
request, and more.

What this patch does is add a new "default_permissions" column to the
`repo_units` table (defaulting to read permission), adjusts the
permission checking code to take this into consideration, and then
exposes a setting that lets a repo administrator enable any user on a
Forgejo instance to edit the repo's wiki (effectively giving the wiki
unit of the repo "write" permissions by default).

By default, wikis will remain restricted to collaborators, but with the
new setting exposed, they can be turned into globally editable wikis.

Fixes Codeberg/Community#28.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 4b744399229f255eb124c22e3969715046043209)
(cherry picked from commit 337cf62c1094273ab61fbaab8e7fb41eb6e2e979)
(cherry picked from commit b6786fdb3246a3a455b59149943807c1f13a028a)
(cherry picked from commit a5d2829a1027afd593fd855a8e2d7d7cd38234b8)

[GITEA] Optionally allow anyone to edit Wikis (squash) AddTokenAuth

(cherry picked from commit fed50cf72eaaa00ef1f4730f9b12a64a10b66113)
(cherry picked from commit 42c55e494e1018a210e54d405c15eec24a0b37c7)
(cherry picked from commit e3463bda47ffee4ab57efadfe5094f9401541cfd)
2024-02-05 16:09:42 +01:00
Gusted f3f888ed13
[GITEA] Fix session generation for database
- If the session doesn't exist, it shouldn't be expected that the
variable is non-nil. Define the session variable instead and insert that.
- Add unit tests to test the behavior of the database sessions code .
- Regression caused by dd30d9d5c0.
- Resolves https://codeberg.org/forgejo/forgejo/issues/2042

(cherry picked from commit 90307ad2004a9a9ddda30af4038224fedf0e6ca3)
(cherry picked from commit 874ef1978d7db5e8ba1482d4c8190b914fa110b3)
(cherry picked from commit 27d5f035fc744d932d1e4c95c55d98479fccf368)
(cherry picked from commit 65dbc4303ba8afdef70c573aaf782b76aaf0bbad)

[GITEA] Fix session generation for database (squash) timeutil.Mock

because of e743570f65 * Refactor timeutil package (#28623)

(cherry picked from commit acc6b51be2b6d676129f653a8949b2c06aa2ad94)
(cherry picked from commit 02b74317f2d8120a705599d6ae908634a1fa2b44)
(cherry picked from commit 63b9b624bd203b7b5eff7439dbc09eeb9bc52ade)
(cherry picked from commit 7752ff8baa525918e00193606048e3c2dd5a4999)
(cherry picked from commit c0af4d943854ce3a77eaa75c06b04394301f45c4)
2024-02-05 16:09:41 +01:00
Earl Warren 41871ba3af
[ACTIONS] on.schedule: create a new payload
do not reuse the payload of the event that triggered the creation of
the scheduled event. Create a new one instead that contains no other
information than the event name in the action field ("schedule").

(cherry picked from commit 0b40ca1ea5e6b704bcb6c0d370a21f633facc7d6)
(cherry picked from commit f86487432b3b5f2fd4e2bb0a2d737674d9a105a6)
(cherry picked from commit 4bd5d2e9d0c7987a9d7cce495509c8790dcdcd3a)
(cherry picked from commit d10830e238f35bcd0100a4de68d68b15402ec05a)
(cherry picked from commit 53f5a3aa911fb63689ef018fe583eeb03f248517)
(cherry picked from commit 9ed1487b73babe44d0b2855cc708184c55671ab0)
(cherry picked from commit 6a399788516523bc52778f9d9df7f283d5b2c6d6)
2024-02-05 16:09:41 +01:00
Gusted 33b1dec846
[GITEA] Fix NPE in UsernameSubRoute
- When the user is not found in `reloadparam`, early return when the
user is not found to avoid calling `IsUserVisibleToViewer` which in turn
avoids causing a NPE.
- This fixes the case that a 500 error and 404 error is shown on the
same page.
- Add integration test for non-existant user RSS.
- Regression by c6366089df

(cherry picked from commit f0e06962786ef8c417b0c6f07940c1909d3b91ba)
(cherry picked from commit 75d806690875a4fc38eb1e3c904096be34657011)
(cherry picked from commit 4d0a1e0637450865c7bbac69e42d92d63b95149c)
(cherry picked from commit 5f40a485da1b2c5f129f32e2ddc2065e3ba9ccd0)
(cherry picked from commit c4cb7812e39add6f7ff3d6f3f2d4e02c66435f0e)
(cherry picked from commit d31ce2f03d69cc784e53e921968c714986a7a4ef)
(cherry picked from commit cfebef4f82643d4be4dd89d277d9ebc9ca98a26e)
2024-02-05 16:09:41 +01:00
Earl Warren 447aa3e499
[GITEA] the ref of a scheduled action is always the default branch
Since a scheduled action is only run from the default branch, it
cannot be anything else.

Refs: https://codeberg.org/forgejo/forgejo/issues/1926
(cherry picked from commit eff0822856fd727915f6e6493a80844cffd7b02a)
(cherry picked from commit 2b1aa50bd14510d5eaf8db2c98ff4c604abe69e7)

Conflicts:
	services/actions/notifier_helper.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit 4ff3474fc05529367d8d9e7de988166bcf924bd7)
(cherry picked from commit 07b888703102762b5608a4232331febbd4fc6849)
(cherry picked from commit cbecdd618d1bc03491bcaf4f07357a6ee04be449)
(cherry picked from commit 5d1856717b16e22ec68a277e59094e6771a5db7d)
(cherry picked from commit ff33556798cad69328742aafe9d4c78b24631bc4)
2024-02-05 16:09:41 +01:00
Gusted 701882cc08
[GITEA] Add footnote testing
- This adds coverage to the most common and the edge cases of what the
footnote implementation should be capable of. This was partly done to
ensure no hidden surprises when changing the implementation, as markdown
rendering is one of the more important features of Forgejo.

(cherry picked from commit 16ecdb41705332843921af8d58c1c9a242add95b)
(cherry picked from commit 19dc5ef5e5808abe8a5f85d3eaca3317865595ad)
(cherry picked from commit d5955efc0a463164c0b3a75b6621974af22ea47f)
(cherry picked from commit 2cdaf1083617acbeec558deeb657a1375cbb3904)
(cherry picked from commit 251b567794d3437aac614370e4fe2fdf7ad8b917)

Conflicts:
	modules/markup/markdown/markdown_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2153
(cherry picked from commit f863f4b0054c3310fc487091c353670c65c96f35)
(cherry picked from commit f39f108934ae964c0efe79a1ccb5080d02e6dc72)
(cherry picked from commit 6d46f9ee4083128c2d43d2d73829d335f007cd34)
2024-02-05 16:09:41 +01:00
Gergely Nagy d4fc0d2c5a
[GITEA] Allow changing the email address before activation
During registration, one may be required to give their email address, to
be verified and activated later. However, if one makes a mistake, a
typo, they may end up with an account that cannot be activated due to
having a wrong email address.

They can still log in, but not change the email address, thus, no way to
activate it without help from an administrator.

To remedy this issue, lets allow changing the email address for logged
in, but not activated users.

This fixes gitea#17785.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit aaaece28e4c6a8980cef932e224e84933d7c9262)
(cherry picked from commit 639dafabec0a5c1f943b44ca02f72c5ba2fc5e10)
(cherry picked from commit d699c12cebea7dbbda950ae257a46d53c39f22ea)

[GITEA] Allow changing the email address before activation (squash) cache is always active

This needs to be revisited because the MailResendLimit is not enforced
and turns out to not be tested.

See e7cb8da2a8 * Always enable caches (#28527)

(cherry picked from commit 43ded8ee30ab5c7a40a456600cdaa8a0fbdccec2)

Rate limit pre-activation email change separately

Changing the email address before any email address is activated should
be subject to a different rate limit than the normal activation email
resending. If there's only one rate limit for both, then if a newly
signed up quickly discovers they gave a wrong email address, they'd have
to wait three minutes to change it.

With the two separate limits, they don't - but they'll have to wait
three minutes before they can change the email address again.

The downside of this setup is that a malicious actor can alternate
between resending and changing the email address (to something like
`user+$idx@domain`, delivered to the same inbox) to effectively halving
the rate limit. I do not think there's a better solution, and this feels
like such a small attack surface that I'd deem it acceptable.

The way the code works after this change is that `ActivatePost` will now
check the `MailChangeLimit_user` key rather than `MailResendLimit_user`,
and if we're within the limit, it will set `MailChangedJustNow_user`. The
`Activate` method - which sends the activation email, whether it is a
normal resend, or one following an email change - will check
`MailChangedJustNow_user`, and if it is set, it will check the rate
limit against `MailChangedLimit_user`, otherwise against
`MailResendLimit_user`, and then will delete the
`MailChangedJustNow_user` key from the cache.

Fixes #2040.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e35d2af2e56f4ecb3a4f6d1109d02c8aa1a6d182)
(cherry picked from commit 03989418a70d3445e0edada7fbe5a4151d7836b1)
(cherry picked from commit f50e0dfe5e90d6a31c5b59e687580e8b2725c22b)
(cherry picked from commit cad9184a3653e6c80de2e006a0d699b816980987)
(cherry picked from commit e2da5d7fe13a685606913a131687a94f9f5fcfeb)
(cherry picked from commit 3a80534d4db523efe56b368489f81dc1cb2c99f7)
2024-02-05 16:09:41 +01:00
Earl Warren 6b5bfffe5d
[GITEA] test markdown CleanValue to prevent regression
It will determine how anchors are created and will break existing
links otherwise.

Adapted from Revert "Make `user-content-* ` consistent with github (#26388)

(cherry picked from commit 1666fba8f577e11ea234c8a671aeaab1290cfbaf)
(cherry picked from commit 48f38280e8b9f34d7c45399f05a670ef3460dac1)
(cherry picked from commit 03adb3a2b46081e183738a86ca3d54bf730de0bd)
(cherry picked from commit a0ad36f0ad5d99896d5319e9aca11d0cf0ce23ee)
(cherry picked from commit 3aac9900640da2eeaac7950d14132361923d1a69)
(cherry picked from commit 137daabc9b437c9bd37b45a80e44880d0ac44656)
(cherry picked from commit b438aed4c1ff57985fcbe3687fc54c54ba680464)
(cherry picked from commit 90b36f2e67acec00870005647b906ea69ae11d27)
2024-02-05 16:09:41 +01:00
Earl Warren 7b79294684
[GITEA] Revert "Make user-content-* consistent with github (#26388)"
Refs: https://codeberg.org/forgejo/forgejo/issues/1943

This reverts commit d41aee1d1e.

(cherry picked from commit d29ec91e91362b0657edee631f12cf1d55ba7a2c)
(cherry picked from commit a0f5a9750e81c5e3992365f61b8cb9ab99413139)
(cherry picked from commit 26bfc3bc14b7f07d11819b11251c716a8cf7eaf1)
(cherry picked from commit 59f57a1bc9d97d76319a6e2d8b7a336a9a480bb4)
(cherry picked from commit ce3b73a033d6f8b617b01f4f9fb33d70abf714aa)
(cherry picked from commit 2c426c28af18b69305bc8d71c389f21432fd8c3d)
(cherry picked from commit 155a08bca71cb90e753b73cbcd522e4f5064d980)
(cherry picked from commit 8934fd895c875135b4eb41dc2a1e2e456faf10da)
2024-02-05 16:09:41 +01:00
Earl Warren 06aae9ae72
[GITEA] GetScheduledMergeByPullID may involve a system user
Refs: https://codeberg.org/forgejo/forgejo/issues/1897
(cherry picked from commit ddc3c2255840d347afd13c272d2695c68196d6ef)
(cherry picked from commit a7fe969b93ffe00aa66942d04e66ddb4221cb5ad)
(cherry picked from commit 62bda95774ae0840652daf29f557b61650745ac1)
(cherry picked from commit 8149a822c797eb6c9ea648757261c0aba8f8d548)
(cherry picked from commit 9ed4e685ebd1a0c32d5550fd96f4f912fbd02c18)
(cherry picked from commit 4f072b4f80d86e41004a107b56d74476e39d0536)
(cherry picked from commit ca5924037b7d161e332709d01534d03e1c2bcf45)
(cherry picked from commit 88e2b47e29285a761dc08a31288af3dd146ac63b)
(cherry picked from commit 784f860cfa2d763e39551a84067a161db9ca3ddb)
2024-02-05 16:09:41 +01:00
Gergely Nagy fa0759962b
[GITEA] allow viewing the latest Action Run on the web
Similar to how some other parts of the web UI support a `/latest` path
to directly go to the latest of a certain thing, let the Actions web UI
do the same: `/{owner}/{repo}/actions/runs/latest` will redirect to the
latest run, if there's one available.

Fixes gitea#27991.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit f67ccef1dd3146b0b942a94e2482b37595180e91)

Code cleanup in the actions.ViewLatest route handler

Based on feedback received after the feature was merged, use
`ctx.NotFound` and `ctx.ServerError`, and drop the use of the
unnecessary `ctx.Written()`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 74e42da5630f9148faaf6b03bf1ac5724fa86b25)
(cherry picked from commit f7535a1cef96ce0589f37907f88b024cd095d0ac)
(cherry picked from commit 1a90cd37c31a1b9c770d6d79a4663ed8d67845c0)
(cherry picked from commit d86d71340afd372e5b5083d5563c2f5b48d975e6)
(cherry picked from commit 9e5cce1afccebcd6146e5e0d364bfdbb840b5276)
(cherry picked from commit 2013fb3fab5e23d0088434d835411f26a3fd9905)
(cherry picked from commit 88b9d21d1194abd133c3b4cbaa19792da433cb43)
(cherry picked from commit 72c020298eebcb0c90e23e7ff35e37be867afc44)
(cherry picked from commit 6525f730dfdd7cb412762d9e30348801335d17ee)
2024-02-05 16:09:41 +01:00
Gusted 533c87da65
[GITEA] Make HTTPS schema default for Swagger
- Switch the supported schemas for the Swagger API around, such that
https is the first one listed. This ensures that when the Swagger API is
used it will default to the https schema, which is likely the schema you
want to use in the majority of the cases.
- Resolves #1895

BREAKING CHANGE NOTICE:
If you are using the Swagger API JSON directly to communicate with the
Forgejo API, the library you are using may be using the first schema
defined in the JSON file (e.g. https://code.forgejo.org/swagger.v1.json)
to construct the request url, this used to be `http` but has now changed
to `https`. This can cause failures if you want to send the swagger
request over `http` (and there is no HTTPS redirection configured).

(cherry picked from commit 81e5f438868192e9cca46824ceb3db787bdd8629)
(cherry picked from commit d847469ea278e77ed4fd6147dd54025ce222ebc9)
(cherry picked from commit 96e75e1d5ca97cd4c668fc60d444dc91c98e83a6)
(cherry picked from commit 65baa6426109403f0b8a779b061f7733d8034ba7)
(cherry picked from commit cd3e0a74e6a7bb90da6f069b7fea0796d5f3d775)
(cherry picked from commit a3127e90b21660d1d7efb6dd536f5fb5619d3307)
(cherry picked from commit 2b22272dc588ee6c2c4081b087f5b87b82ac52c8)
(cherry picked from commit 7363790592b10c4fc52266fd0c33ed79454cd276)
(cherry picked from commit 432b9a4451997742df50d3db33285f2dd5ea0bef)
2024-02-05 16:09:41 +01:00
Otto Richter 274aee0bb0
[GITEA] correct default license selection
The default license choice was not working as expected,
because both the files in options/license were named differently, and
the setting string is not parsed properly.

The documentation will also be corrected.

See conversation on Matrix:
https://matrix.to/#/%23forgejo-chat%3Amatrix.org/%24ue13GJPr2d7D8fEaLx8yh1mFn3a4TVy_khkajrAYtx0?via=matrix.tu-berlin.de&via=turbo.ooo&via=matrix.org&via=catgirl.cloud

(cherry picked from commit 450a34d08d6d00063e97c4e176cdfe0695367985)
(cherry picked from commit 2770af7044cc8e5e564318a0d733b43ec16bdde5)
(cherry picked from commit 0fadf41985917d629b18c0a822b6317fa618c841)
(cherry picked from commit 9c3aa1dbbd13f2670d76ea00c00fec3b9cbb0339)
(cherry picked from commit f8ecff84222163ba513e81244c37d78c47499922)
(cherry picked from commit 1e289375462e4ba24be5432d035fe5d149789c73)
(cherry picked from commit e566ffbb8de285c40c322744d48c32c17de93852)
(cherry picked from commit cf89ca48b66ba077e7fbcfb7c8a353574db63fac)
(cherry picked from commit e2897d15b45012fbdd77ce6c37527c50d7b12d40)
(cherry picked from commit 8b49f1195de14bf21ed3dd2d0e15369d183971f4)
2024-02-05 16:09:41 +01:00
Antonin Delpeuch 55306dfb24
[GITEA] fix VSCode settings
Without this change, I get the error:
> Error creating test engine: sqlite3 requires: import _ "github.com/mattn/go-sqlite3" or -tags sqlite,sqlite_unlock_notify

(cherry picked from commit 15fa4cf98e6f72203e4e1e8906ae32ce5cc6b753)
(cherry picked from commit 29932030932e74410857fcdb97ccca9374c8232a)
(cherry picked from commit f5054e48832d056ab72bf6c46369bc64098dc06b)
(cherry picked from commit e14c5f934c65441e5b2a75e084f17fc4812f6e52)
(cherry picked from commit ed53157084bfac78c76ad924a9473caee4897829)
(cherry picked from commit dc8346508bef1436d2486d7ba887f76d247081a3)
(cherry picked from commit e6d8e1a973eb8ddcd1efa444dfa768c79de88c1e)
(cherry picked from commit f3b9ca02f3134b79b48b88191f25e5a517bdebf2)
(cherry picked from commit 3799c133b419bdc0133a7732bc1155795c5cef74)
2024-02-05 16:09:41 +01:00
Gergely Nagy ff00749191
[GITEA] new doctor check: fix-push-mirrors-without-git-remote (#1853)
This adds a new `doctor` check: `fix-push-mirrors-without-git-remote`. The new check looks for push mirrors that do not have their remotes configured in git. If automatic fixing is enabled, it will remove these push mirrors from the database.

The check is not run by default, and thus, must be invoked manually. It should be usable in a half-migrated state, too, and as such, fixes #1800.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1853
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 9038e07ef35978336612588d68c1315179a45c73)
(cherry picked from commit b15bafcbc7d9033b0cc7b0fd888915b117e08d42)
(cherry picked from commit 93ba05a2dd9fdec46f337542cd5f22c8960ac55f)
(cherry picked from commit e418ea80822361e387b460c583592bbd83d4a39e)
(cherry picked from commit 321790a91ec8553d1b3668f606ebec762865dd17)
(cherry picked from commit f4e19d332392cb455b3b4e32e271f3e42302bbc8)
(cherry picked from commit 4d9923dee851a4046050761d3dd352f2f343f4fc)
(cherry picked from commit 049df69eda1ceb47f6e74c9a67e9ce5041e65c3b)

Conflicts:
	services/doctor/push_mirror_consistency.go
	https://codeberg.org/forgejo/forgejo/pulls/2214
(cherry picked from commit c79cba8d556320be0da7ca8324b39cd8930465bf)
(cherry picked from commit f3a3969c02cade7261a5f25c9e342800ccdf9111)
2024-02-05 16:09:41 +01:00
Gusted 9341b37520
[GITEA] Add download URL for executable files
- Consider executable files as a valid case when returning a downloadURL
for them. They are just regular files with the difference being the
executable permission bit being set.
- Not integration testing as it's not possible without adding adjusting
the existing repositories to have a executable file.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1825

(cherry picked from commit ca32891d548c302b0f3b3072647058278ffb9cbf)
(cherry picked from commit 72c9df8e457ea291f767e6edf2b3c8f9af15700f)
(cherry picked from commit 0eae22d429a66f137daa200f559883a6b6a31de0)
(cherry picked from commit d37d0773bc005df19f300f9ada03632ea9f97642)
(cherry picked from commit de4532a96721ed4259aa36cb417bb49ed979f6e5)
(cherry picked from commit f5b41300a86222308eb605c84945ed7c9770b04d)
(cherry picked from commit d3be0480b78ec2edbd78c4c0685f097b2ee841d6)
(cherry picked from commit c72307fd3bbb6b29cffe112dd71c70871595a0ce)
(cherry picked from commit 71db59305787decb1beb817d399bb3ffc2b78566)
(cherry picked from commit 568e668fb8d707b84ba0ba47c2ed9e2ef35df4c5)
2024-02-05 16:09:41 +01:00
Gusted e1a82a15d3
[GITEA] Require Latex code to have a end sequence
- Currently the parser will look for `\[` and `$$` to detect when Latex
code starts, it will look for `\]` and `$$` respectively in order to
determine the end of the code. However if no end is found the parser
assumes the rest of the input is part of the Latex code.
- Adjust the parser's behavior to not allow the case to assume the rest
of the input is part of the Latex code and requires in order to
determine if some input is Latex code that the end sequence is also
specified.
- Example: `\[hello]` would no longer be detected as Latex code with
this patch.
- Added unit tests.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1817

(cherry picked from commit 452aef1bb1a5ccf986f187b6467d9827b01789f3)
(cherry picked from commit 8a857c24b0421145ece67a69d54e78af20689e0d)
(cherry picked from commit acd1456db9e5a16ad0f697b52b789cca4f96fc7c)
(cherry picked from commit 6523b45073838c168df75108b444f7fb2ef9dd2c)
(cherry picked from commit e2e1a8afe7f8a2627d518e7dc18cc7f97ca86e48)
(cherry picked from commit a46ef652ebac4422f6e4d48a676f8386dbfb7d0d)
(cherry picked from commit 54d5a8c073f49332358d181a8dd78464c6d58641)
(cherry picked from commit 4a88dc6416c7c6c552018ca0382373aa63329c9e)
(cherry picked from commit f88b58be3f6964d71094a7d7fe5067d9004a303c)
(cherry picked from commit 316ff9767ffc37a44949b6c504d465fc65ed4a60)
2024-02-05 16:09:41 +01:00
Gusted 75ce1e2ac1
[GITEA] Allow user to select email for file operations in Web UI
- Add a dropdown to the web interface for changing files to select which
Email should be used for the commit. It only shows (and verifies) that a
activated mail can be used, while this isn't necessary, it's better to
have this already in place.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/281

(cherry picked from commit 564e701f407c0e110f3c7a4102bf7ed7902b815f)
(cherry picked from commit de8f2e03cc7d274049dd6a849b3d226968782644)
(cherry picked from commit 0182cff12ed4b68bd49ebc2b9951d9a29f7a36ca)
(cherry picked from commit 9c74254d4606febd702315c670db4fb6b14040a1)
(cherry picked from commit 2f0b68f821ae53dd12b496cc660353d5bf7cd143)
(cherry picked from commit 079b995d49ba7a625035fe9ec53741f6b0112007)
(cherry picked from commit 6952ea6ee3de8157d056c4381de7529de6eaef7b)
(cherry picked from commit 6c7d5a5d140152be80ec38a979a2a7b704ce653a)
(cherry picked from commit 49c39f0ed5a011b26f2e33f35811bb31fab3cf64)
(cherry picked from commit a8f9727388192c6c22b2f8cbbae15a96203ec3b6)
2024-02-05 16:09:41 +01:00
Antonin Delpeuch 51fab30187
[GITEA] Avoid conflicts of issue and PR numbers in GitLab migration (#1790)
Closes #1789.

The bug was due to the fact that GitLab does not guarantee that issue numbers are created sequentially: some identifiers can be skipped. Therefore, the new pull requests numbers should not be offset by the number of issues, but by the maximum issue number.

See for instance https://gitlab.com/troyengel/archbuild/-/issues/?sort=created_date&state=all&first_page_size=20, where there is only a singe issue with number "2".

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1790
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
(cherry picked from commit 2c185c39fe600041701d5f59cb1076a788815cb4)
(cherry picked from commit 8f68dc4c9c2f0acab55d59a496b0f141befad969)
(cherry picked from commit 7e932b7fca1b119e7cc646183c383ba51a5f1d14)
(cherry picked from commit 6bbe75ecf8ac502bd42ff5765e6e7733f290a54e)
(cherry picked from commit b18c2e8d658c3311e0a299696bd1b6612c52ef13)

Conflicts:
	services/migrations/gitlab.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit abc129c762b3c1a992ad5c67adf62d8336eadbbe)
(cherry picked from commit 28884fac10c455a9f40bebd961fca40afd4a749e)
(cherry picked from commit 5f528dd85fa6705c60d15bce616a46f00df1b85b)

(cherry picked from commit cb9b8a31b25b27fa5e386b20f02e532bbf3462a2)
(cherry picked from commit 97f02df163e2b4e23b82e23e5ef57a586b17f021)
(cherry picked from commit 4611e10e6acef9185e1f8c84e63d1fe95fcf6436)
2024-02-05 16:09:41 +01:00
Antonin Delpeuch 01b0ead664
[GITEA] Enable mocked HTTP responses for GitLab migration test
Fix gitlab migration unit test

Closes #1837.

The differences in dates can be explained by commit e19b9653ea, which
changed the order in which "created_date" and "updated_date" are
considered.

(cherry picked from commit b0bba20aa44e30ef0296b89f336d426224d73a16)

Mock HTTP requests in GitLab migration test

This introduces a new utility which can be added to other tests
making HTTP calls to a live service, to cache the responses of this
service in the repository.

(cherry picked from commit 52053b138948bd74c7eb88c0796c2e18f4247f3c)

Enable mocked HTTP responses for GitLab migration test

(cherry picked from commit 19cefc4de24b935a6a5c92be8360301f196f3aa5)

Simplify HTTP mocking utility in unit tests

Follow-up to https://codeberg.org/forgejo/forgejo/pulls/1841

(cherry picked from commit ca517c8bb4bf97f061b8b19fd3303d734f46660c)
(cherry picked from commit b227e0dd6bdf2dc3e8679443fc538fbce4b3bcf5)
(cherry picked from commit 6cc9d06556cda6c952a0542284fbe504114971ce)
(cherry picked from commit f0746e648dc30510d655b8a3b821199b2638800f)
(cherry picked from commit 414193341b8493723c16694789cbc08dc80b9ce5)
(cherry picked from commit 6e93df3bbb6c589502afc9dc74a7ae1a7c0f7da8)
(cherry picked from commit db0dbab5527c9f1783fd0eddb057c2d91cbb67e4)
(cherry picked from commit 8f9c9c63fbd3f266bb29d38791e83dc369cc1350)

(cherry picked from commit e74e26203095b675ccedbc2e166faed59369d467)
(cherry picked from commit 2e0933edcfa102b578fb3c2500f9e6af9e5ba1c7)
(cherry picked from commit 65060c69616631221d3dd9ef8b48fbcb007ad0c6)
2024-02-05 16:09:41 +01:00
Loïc Dachary 21c4d844f3
[GITEA] test GET /{owner}/{repo}/comments/{id}/attachments
Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers

(cherry picked from commit 888dda12cf9bc95f9ef85ba5a518cf40152e07ea)
(cherry picked from commit aceeca55da0c2e94f3e495c4a60148411a27c4ac)
(cherry picked from commit ab7e649668dfcabfb03e2a87c3c4641f8d2fa6ff)
(cherry picked from commit 7fb8598c7df683d701ca04d01d9ff52db1e39298)
(cherry picked from commit fb4961e2a5d6b249b0761cbabb80d68106764835)
(cherry picked from commit 9fe856a29a1e233d8cd15edcfd03847ca9b4c7d8)
(cherry picked from commit 6db21c013dd4003937532587471c2411622dd384)
(cherry picked from commit 72c84eb19c0ee6f7eaf13162991b79249e0d6ed7)
(cherry picked from commit 07ebc9761dc2633dbb3fea0b85abd047dcbec9e8)
(cherry picked from commit 0c8f4840022fcf521dc2264b8a2e8f9a9833b212)
(cherry picked from commit 25df7d89bc7d726b6d18d135f8cef281702b6267)
(cherry picked from commit 0f436a0d229164ce59cb563cf0d5a0607eaae3ed)
(cherry picked from commit 6109f8b6c10c7eb9bf1de7658867473ed5bb5069)
2024-02-05 16:09:41 +01:00
Loïc Dachary 3f71a0ef02
[GITEA] test POST /{username}/{reponame}/{type:issues|pulls}/move_pin
Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers

(cherry picked from commit 52f50792606a22cbf1e144e1bd480984abf6f53f)
(cherry picked from commit 65b942fa1ee50f9098bebc8948d7924a5a4668fa)
(cherry picked from commit e140c5c983e3413dcfab45f5e522dfdc3feda26e)
(cherry picked from commit 4d108fa1cf07d2ecc7a482010e75f36140657dd4)
(cherry picked from commit 9430badc5c8245b287c6ec2ba9432324c2e95417)
(cherry picked from commit 1e67f4665d6be336c09446c8698830459aad3975)
(cherry picked from commit 992e0d3218bca7f4b0f1471e3d7d64b69c33bad8)
(cherry picked from commit 0e25ca17f39aac88fc20147e54d40ee76bc70cdd)
(cherry picked from commit 3c7d9769faf4287bfe9d7366fea3bfbce48d911c)

Conflicts:
	tests/integration/issue_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2119
(cherry picked from commit f6bdf76a1d45f1f100323d8e1a3749b24cf6d2d4)
(cherry picked from commit a5e527f87262722542097b69de72d96ca68cd2e6)
(cherry picked from commit be3f9a28a12c22c35fd6f95260902704a2e5b7bd)
(cherry picked from commit 836a95eab896aab6b3d9e5831186edce0f4cc7ce)
2024-02-05 16:09:41 +01:00
Loïc Dachary efbe483057
[GITEA] test POST /{username}/{reponame}/{tags,release}/delete
Refs: https://forgejo.org/2023-11-release-v1-20-5-1/#api-and-web-endpoint-vulnerable-to-manually-crafted-identifiers

(cherry picked from commit 78dcbb62fe87abe044034d880c9e8c22b44c2c98)
(cherry picked from commit 6707c08c1791926060a7735529f1945650030257)
(cherry picked from commit 68da5a9cd82415caedac15a07e38206f7bd6fbde)
(cherry picked from commit c27fb08cb00f130870d6059a0ebb67b505a3c252)
(cherry picked from commit f15a2c558a74aaf954550c71974593bf012004db)
(cherry picked from commit 8eb3ae693922fdb65a185ee63703b866d10fa60a)
(cherry picked from commit d54d5952f25828e84f7024aae6e62d1a18b788ae)
(cherry picked from commit ce22d57485ed718612cd0e40979cc591a5e18126)
(cherry picked from commit bfc110ba3303b4d2664638712435cc8d47906da0)
(cherry picked from commit 1fb3d555d972ad72d257c7d00e71148c88926e5d)
(cherry picked from commit 859c2275db185df4b38be6d50a8b4886622ecfde)
(cherry picked from commit b21cf2567ae7395ba6815309dc192911b396d91c)
(cherry picked from commit 8b9d75974f61caebc37739f970e1b030daea0ebf)
2024-02-05 16:09:41 +01:00
Gusted 7022378173
[GITEA] Add cancel button to wiki
- Add a cancel button to the Edit and New wiki pages.
- Resolves https://codeberg.org/forgejo/forgejo/issues/705

(cherry picked from commit 3284f690ea6a9a41da05f8229aadfd55e222df1c)
(cherry picked from commit 9f8bf83b0e7845a44ca91bc8497356dbab059374)
(cherry picked from commit bfd03a9f309fbb9413601daa304cea8f16b627ad)
(cherry picked from commit 6b5d5e0cf7547acf38d28e5ec26be82e78357e49)
(cherry picked from commit 3ef3ec0d8205bf168b02e8a91d20a6df685e242a)
(cherry picked from commit 5ae55325ef8213242f3a946d2347499bd5b960bd)
(cherry picked from commit f0894ae00319e0dff37392af752447f849bbe783)
(cherry picked from commit 18564b26f667b8837c5bf4a0165dfa75633afe5f)
(cherry picked from commit 06c130fd1f267a296e43b706ec40bf3191ab0489)
(cherry picked from commit c7e595f903925d268b017bad86398e3733b45ad4)
(cherry picked from commit 72b2e7e0d449267ba494747a836f9f95223da9de)
2024-02-05 16:09:40 +01:00
Antonin Delpeuch 6338fe8bef
[GITEA] oauth2: use link_account page when email/username is missing (#1757)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1757
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
(cherry picked from commit 0f6e0f90359b4b669d297a533de18b41e3293df2)
(cherry picked from commit 779168a572c521507a35ba624dbd032ec28f272e)
(cherry picked from commit 29a2457321e4587f55b333d0c5698925e403f026)
(cherry picked from commit a1edc2314d2687c9320d884f8a584d8b539eec96)
(cherry picked from commit cd015946109d39c6e30091de2fff47eba01eb937)
(cherry picked from commit 74db46b0f50a5b465269688ef83e170b7584e2be)
(cherry picked from commit fd98f55204f1cec66c3941d85b45dc84f8ab9ecd)
(cherry picked from commit 3099d0e2818d1de763a686b6a23dcf5d55ba75ef)
(cherry picked from commit 9fbbe613649331243b3777955cf2818862583f7e)
(cherry picked from commit 8c0056500697937d27f64bdebd42ba8f05f83288)
(cherry picked from commit 0977a1ed75122a2976ab3f9a98af2d146e2c854c)
2024-02-05 16:09:40 +01:00
Gusted 4d76bbeda7
[GITEA] Accept shorter commit IDs in web route
- Be more liberal in what Forgejo accepts, by reducing the minimum
amount of characters for SHA to 4 characters, which is the minimum
amount that  Git needs in order to figure out which commit was meant.
- It's safe to reduce this requirements, as commits are passed to Git
which will error if the given commit ID results in more than one Git
object. Forgejo will catch this error as that the Commit doesn't exist,
which is a error that's already being handled in most places gracefully.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1760

(cherry picked from commit 0d655c7384b081c36aa4c6b7167280f52c1c42d3)
(cherry picked from commit 9b9aca2a02b06f41f6db847a77ea29f6385b46d2)
(cherry picked from commit 0d0ab1af1fb05e26168c112523f1400fef67f9b0)
(cherry picked from commit d3b352c85482e59c9d1da24a8fe0eb68b0f5858e)
(cherry picked from commit d6af2094df4611d590d8c5062743f5e39f2a7bd8)
(cherry picked from commit f96e55a7a9f06ff987a5e9663da492720d162b76)
(cherry picked from commit bb6261f8479ee8925ddc7f0079b414ef85f04d73)
(cherry picked from commit f6a4146161fda22341c17dc74d42fd13ad181e1f)
(cherry picked from commit ed0292137991d08ee2e6518e74ec221f94f51415)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2214
(cherry picked from commit 768377cb02b180d49dd025eb373dd8ab6d787cf7)
(cherry picked from commit 2cebe3ef94e6db45091ca8f02b2ed770b23564d6)
2024-02-05 16:09:40 +01:00
Gusted 6f8fc9392c
[GITEA] Add noreply email address as verified for SSH signed Git commits
- When someone really wants to avoid sharing their email, they could
configure git to use the noreply email for git commits. However if they
also wanted to use SSH signing, it would not show up as verified as the
noreply email address was technically not an activated email address for
the user.
- Add unit tests for the `ParseCommitWithSSHSignature` function.
- Resolves https://codeberg.org/Codeberg/Community/issues/946

(cherry picked from commit 1685de7eba9343043c1e2cb277482eafb578095a)
(cherry picked from commit b1e8858de9d4f1e2f6bee31d4e399b07a7a69a8e)
(cherry picked from commit 1a6bf24d28522d57a56dcbdcf23ef19508ac39c8)
(cherry picked from commit 01229433456aa0836adbaafa06bcbefcf4111451)
(cherry picked from commit cc836148534ecf6e007eeb913cd94264fda171d3)
(cherry picked from commit 429febe0dc2e49bae6ce747c318e68a99b1da9a8)
(cherry picked from commit 58a9c2ebe9518576a1b399cce9089fd4894a5c38)
(cherry picked from commit fef94aff1c8b35d9a10cf735d4c7ba05f82c95b4)
(cherry picked from commit 5c6ecd757992f117d3aafc3a2034807cfccbf5a6)
(cherry picked from commit ffa33a82bf012dd7918e5c89873bf0309f95f62c)
(cherry picked from commit a97de1d5bbc1da33ff04db42025bdccdcd085f68)
(cherry picked from commit 57ab2b4a4009fee96e4071e5501d6f27e34f4945)
2024-02-05 16:09:40 +01:00
Gusted 295cd6be94
[GITEA] Use existing error functionality
- There's no need to use `github.com/pkg/errors` when the standard
library already has the functionality to wrap and create errors.

(cherry picked from commit 40f603a538036ce7e150adf404374d794eb46993)
(cherry picked from commit aa68a2753f204dfe44a037ccc91dacc2a0a53803)
(cherry picked from commit 48e252d73961ae17b56544bae79bc812dac10c44)
(cherry picked from commit cc6f40ccd208a6fd1527ba08e3123e9b01b218ab)
(cherry picked from commit 03c4b9735824bfaed19df14550ef458d52667b40)
(cherry picked from commit f25eeb76958b78fbe00fc6556aec8a37aba0ecdf)
(cherry picked from commit 989d8fa1cb81e0ff017ac575fdd1cf12507eb42b)
(cherry picked from commit 10e890ed8e7205c140677ff74db393fc0052da14)
(cherry picked from commit 581519389d3a35e775f7d3fdc15c251a3e0828b6)
(cherry picked from commit 03d00b11ac4880fd897631180c40bc1dedf5d7e5)
(cherry picked from commit 04e6c853d48b0dab767046c968717f3982304c40)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 2c4c29f7bc20e31321c4932998692dd1ef73aa14)
2024-02-05 16:09:40 +01:00
Gusted 62f866de99
[GITEA] Add repo empty check for branch feed
- If you attempted to get a branch feed on a empty repository, it would
result in a panic as the code expects that the branch exists.
- `context.RepoRefByType` would normally already 404 if the branch
doesn't exist, however if a repository is empty, it would not do this
check.
- Fix bug where `/atom/branch/*` would return a RSS feed.

(cherry picked from commit d27bcd98a41b69e313535e5e91e4272136a4bab1)
(cherry picked from commit c58566403df728c1f71b1dd554a573c011a59d7e)
(cherry picked from commit b8b3f6ab8b576a28ed06cc0e501b14950cf78282)
(cherry picked from commit 195520100b214d6bf7a2740507f0a7ae10e5a7d1)
(cherry picked from commit 6e417087ddf41e79a146366a5db157c7a76af615)
(cherry picked from commit ff91e5957ac728118cddb06bddd95d32cb4df815)
(cherry picked from commit 6626d5cc75681d3b16b4496a4e0e83a257a3f46a)
(cherry picked from commit 62f8ab793b12251e1793bc14ace95cda76121baa)
(cherry picked from commit e5bbf1a2d060b4ef1324afd8ed9b38e294b3dffb)
(cherry picked from commit f5b8c8edea5d17ba51327684a6e8127ac0f09503)
(cherry picked from commit 50948fa11b9c9ccac9e86dc9943bad71cf189370)
(cherry picked from commit 83a9f7f4429ac4e91d7a80a0aced32cd74bbfc4c)
(cherry picked from commit 679438b5d621fd58d0618c28cd08abe0a5625037)
(cherry picked from commit 17db07d6d0fcf40980129274e35ca76306dd205f)
2024-02-05 16:09:40 +01:00
Grigory Kirillov 8c0cbd3549
[GITEA] convert feed items' titles to plain text
Refs: https://codeberg.org/forgejo/forgejo/pulls/1595

(cherry picked from commit 35b962e6313df748e8855b4dfbf748f095ea1003)
(cherry picked from commit 1004e35b84a4a0deae999cb8a4c2924b85b47c8b)
(cherry picked from commit af51dd594db229f7a986325a6070d33782d85d28)
(cherry picked from commit ef10fae29607533db3616a23043cc0f2fc2dc71a)
(cherry picked from commit ff8027ed1b0a1274b7b6e4840e31e2ad4d18b159)
(cherry picked from commit 2540ff52ef2229ad6e17578c30ae617b3771c696)
(cherry picked from commit 57b4d775e1734d2cb6dd78a4e890d3548e2324eb)
(cherry picked from commit c388aba9b50bbdd7eb13518d91f8e00c5d1bce18)
(cherry picked from commit 7a3b605c11d5a9033b7c3db882b606fb009afca3)
(cherry picked from commit cc02354d0a6872e761d8215b6630a1467c6f8e75)
(cherry picked from commit e11c5ce82aeaaa62ced4bead72aa3d37453b792a)
(cherry picked from commit d1e7798bb2b32eb3a8bd1be669191d3e3a9a2510)
(cherry picked from commit 1813af7391a47b79b4cd44d4feb64e3002032db6)
(cherry picked from commit 0d55a8894508aae4225d76235d4bd7a9f862a849)
(cherry picked from commit bd9ac9ac6f0c7374c8254f9fe65f53758d90e0d2)
(cherry picked from commit 3794698320fbe4424d0311d639e22edac1e54f1b)
(cherry picked from commit 0f22c4be847fdf7fd40bd54e05e731474e1a330d)
2024-02-05 16:09:40 +01:00
Gusted 92413041bd
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d82001babd8d40c87d03169f21c14cd)
(cherry picked from commit 99ba56a8761dd08e08d9499cab2ded1a6b7b970f)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193daa2311e2ead6249a47dcec47b4e335)
(cherry picked from commit 9c12a37fde6fa84414bf332ff4a066facdb92d38)
(cherry picked from commit d13065345431a499f9e0b7a3c2043d7487b8aa5b)
(cherry picked from commit 45a16f8c3c6f7d5e4aab8fdde6a621cf36e4801c)
(cherry picked from commit a497acb31f76d580c8b0567f9461274bd78080f4)
(cherry picked from commit fe87fd828973945192b98310c5c3b2001c6e0f86)
(cherry picked from commit 6ac12e6693cf45cb12109028dabd868957c4b74c)
(cherry picked from commit 981ec37e1e72ab19c20067ff4d2a7e20a60d3305)
(cherry picked from commit 5d6892ec10086f0ba63f26693faa82d0fd4e3f4a)
(cherry picked from commit 9df7968f4fc72de9788d84ca3f349e4c98ee630e)
(cherry picked from commit 7d588d183329cd760053663ea2e1e82e62958409)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit defb101281f5a6ba410abc763674bafa7b63dffd)
(cherry picked from commit 5830f204a17767fda3e45d16dbf3af8c32e7f387)
(cherry picked from commit 029f4e98636a7776f430684e9d7142d69a444f96)
(cherry picked from commit 816fe558126d0ecce969fdf2a196fa6afdcca792)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 99866d804560b415b6158371eb0efd17d097cfe0)
2024-02-05 16:09:40 +01:00
Gusted 662c8ee341
[GITEA] Use existing jsonschema library
- Use the 'existing' jsonschema library for the nodeinfo integration test.

(cherry picked from commit 73864840f27274d4cdaef23d47a6a71fc60529c3)
(cherry picked from commit da36df306b7a75434c75ed5f63608e06266ca480)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 2b4ab46d8eacd2e6b2318f26e327ec59b804ea23)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 8064130344eb0d797838f8444a6d5c0e3d425716)
(cherry picked from commit 0ccefc633e5cd206bd51f642c9fe7be56dae51ec)
(cherry picked from commit 19e647b531c5cfaba5beabbd1de2fe65dfd44da0)
(cherry picked from commit 2bcc04889d4d765eba0ebdffe7ba788c91923d35)
(cherry picked from commit 2fd1932699572a666ef616b7fb191ab5f56d75c6)
(cherry picked from commit b9a3e1e5258e1896550cc3750b7f688fdab1bb22)
(cherry picked from commit 92d932d23f2fcab4b38b72bb6b39778026418ecd)
(cherry picked from commit c125217fea154d6eb87ae86735906c90575bbff3)
(cherry picked from commit f9801ba57b58fefe5a4cc8c9da91a3593129f656)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 2558a8a764ff6d35c70beb7510626cdeac38771d)
(cherry picked from commit f53b2d31127ddf17b6593d1bb3ec536ee04c8937)
(cherry picked from commit c098055f0a3266a94651bc2783330cf7b12efff2)
(cherry picked from commit 0e1591554a275d14da09114db8572bf731c5f112)
(cherry picked from commit 876d9d5c6f272120d31bdb18df39c3a9d25e2917)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 7110bb6a783cb37db3a75abd08534760812d05fd)
2024-02-05 16:09:40 +01:00