Commit graph

14674 commits

Author SHA1 Message Date
M Hickford
34f509eb7a
Parse OAuth Authorization header when request omits client secret (#21351)
This fixes error "unauthorized_client: invalid client secret" when
client includes secret in Authorization header rather than request body.
OAuth spec permits both.

Sanity validation that client id and client secret in request are
consistent with Authorization header.

Improve error descriptions. Error codes remain the same.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: zeripath <art27@cantab.net>
2022-10-07 10:53:49 +08:00
silverwind
f09f73d784
Disable Firefox E2E tests (#21363)
Make CI green again, until we figure out
https://github.com/go-gitea/gitea/issues/21355.
2022-10-06 21:55:26 +01:00
Joe Constant
d7f0d8d8ea
Add redirect of /upgrade/ to /upgrade-from-gitea/ on docs site (#21330)
Since adding an aliases block doesn't seem to work locally for me (I
suspect because a page actually exists and Hugo is granting preference
to existing pages over aliases), I also added entries to
static/_redirects file so Netlify will handle the redirects

Fixes #7208
2022-10-06 21:53:02 +01:00
Clark Boylan
f1f911df41
Update to go-enry v2.8.3 (#21360)
This fixes an issue with enry's isVendor() method being too greedy. This
lead to gitea classifying unvendored code as vendored. The impact of
this is fairly minimal, but our Gitea users did notice which led me to
fixing this in go-enry. Some files will be tagged with a vendored flag
in the UI. I think it also impacts the calculation of language
statistics in the repo as vendored files are not incorporated into the
stats.

For more information on the issue see the go-enry bug:
  https://github.com/go-enry/go-enry/issues/135
2022-10-06 21:51:38 +01:00
zeripath
64073276c4
Update go to 1.19 (#21361)
It appears that updating go to 1.19 for playwright was missed when we
updated to go 1.19 elsewhere.

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-10-06 21:51:18 +01:00
Paweł Bogusławski
2d3b52c244
SessionUser protection against nil pointer dereference (#21358)
`SessionUser` should be protected against passing `sess` = `nil` to
avoid

```
PANIC: runtime error: invalid memory address or nil pointer dereference
```

in


https://github.com/go-gitea/gitea/pull/18452/files#diff-a215b82aadeb8b4c4632fcf31215dd421f804eb1c0137ec6721b980136e4442aR69

after upgrade from gitea v1.16 to v1.17.

Related: https://github.com/go-gitea/gitea/pull/18452
Author-Change-Id: IB#1126459
2022-10-06 21:50:38 +01:00
delvh
b001812df4
Fix and improve incorrect error messages (#21342)
L
2022-10-06 07:00:54 +01:00
rock2dust
1294f6c511
Fix default theme-auto selector when nologin (#21346)
the bug is theme selector is `theme-` when not login to Gitea

![theme-auto](https://user-images.githubusercontent.com/76462613/194099390-0ff6854a-1eb9-4dba-bb28-fd238f2225f8.png)

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-06 11:52:43 +08:00
Gennady Kovshenin
fd2d5f06b0
Add stat to ToCommit function for speed (#21337)
Calls to ToCommit are very slow due to fetching diffs, analyzing files.
This patch lets us supply `stat` as false to speed fetching a commit
when we don't need the diff.

/v1/repo/commits has a default `stat` set as true now. Set to false to
experience fetching thousands of commits per second instead of 2-5 per
second.
2022-10-06 11:21:04 +08:00
wxiaoguang
8765f139c7
Fix typo in API comment document (#21347)
Close #21307

After the fix:

![image](https://user-images.githubusercontent.com/2114189/194120843-52566b84-6e29-4f91-859a-eb5839c68c54.png)
2022-10-05 21:26:34 +01:00
rock2dust
abd59cd5cd
Update comment about repository.DISABLED_REPO_UNITS in app.example.ini (#21343)
Add allowed values: `repo.projects`
2022-10-05 20:38:30 +01:00
rock2dust
f693863a4f
Remove extra space from title element (#21345)
Removes a spurious additional space in the head template. 

![](https://user-images.githubusercontent.com/76462613/194077336-1e757242-6f92-4238-8856-746b2e9a1a2c.png)
2022-10-05 20:24:21 +01:00
zeripath
93df41f506
Fix slight bug in katex (#21171)
There is a small bug in #20571 whereby `$a a$b b$` will not be correctly
detected as a math inline block of `a a$b b`. This PR fixes this.

Also reenable test cases as per #21340 

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-05 19:55:36 +01:00
John Olheiser
2d2cf589f7
Fix linked account translation (#21331)
fix key used for translation
2022-10-04 07:51:07 -05:00
Jason Song
274523baf4 [skip ci] Updated translations via Crowdin 2022-10-04 00:20:52 +00:00
Jason Song
a08b484549
Tag list should include draft releases with existing tags (#21263)
Before, a tag for a draft release disappeared in the tag list, fix #21262.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-03 20:05:53 +08:00
techknowlogick
af849ac009 [skip ci] Updated translations via Crowdin 2022-10-03 00:20:54 +00:00
techknowlogick
9e2f37404c
Foreign ID conflicts if ID is 0 for each item (#21271)
The default is 0 if not defined, and that causes dupe index errors

Co-authored-by: 6543 <6543@obermui.de>
2022-10-02 17:43:16 -04:00
John Olheiser
f82f1d05b1
Make app.ini read-only message more prominent (#21315) 2022-10-02 04:12:59 -04:00
wxiaoguang
eaa67671cc
Fix doc and heatmap for the Vue3 refactoring (#21312) 2022-10-02 10:13:44 +08:00
Clar Fon
3d10193be2
Allow specifying SECRET_KEY_URI, similar to INTERNAL_TOKEN_URI (#19663)
Only load SECRET_KEY and INTERNAL_TOKEN if they exist.
Never write the config file if the keys do not exist, which was only a fallback for Gitea upgraded from < 1.5

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-10-02 01:26:33 +08:00
André Jaenisch
04e97b8311
Refactor from Vue2 to Vue3 (#20044)
Close #19902
2022-10-01 22:26:38 +08:00
techknowlogick
726afe8a9e
Update Golang deps (#21304) 2022-10-01 08:49:30 -05:00
Chongyi Zheng
c333b4d499
Fix issue that sync_on_commit is not set (#21309)
<!--

Please check the following:

1. Make sure you are targeting the `main` branch, pull requests on
release branches are only allowed for bug fixes.
2. Read contributing guidelines:
https://github.com/go-gitea/gitea/blob/main/CONTRIBUTING.md
3. Describe what your pull request does and which issue you're targeting
(if any)

-->  
Fixes #21308.

With the original frontend template
`templates/repo/settings/options.tmpl`, the field
`push_mirror_sync_on_commit` is always empty even when checkbox is
checked. Removing `value` from the input tag seems to solve the issue,
and will set `push_mirror_sync_on_commit: on` when the checkbox is
checked.

(I'm not familiar with the frontend logics Gitea is using, so I don't
really understand the cause of it)
2022-10-01 16:07:05 +03:00
qwerty287
edfba99f11 [skip ci] Updated translations via Crowdin 2022-10-01 00:20:52 +00:00
qwerty287
08609d439d
Add pages to view watched repos and subscribed issues/PRs (#17156)
Adds GitHub-like pages to view watched repos and subscribed issues/PRs
This is my second try to fix this, but it is better than the first since
it doesn't uses a filter option which could be slow when accessing
`/issues` or `/pulls` and it shows both pulls and issues (the first try
is #17053).

Closes #16111 
Replaces and closes #17053


![Screenshot](https://user-images.githubusercontent.com/80460567/134782937-3112f7da-425a-45b6-9511-5c9695aee896.png)

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 22:09:14 +03:00
wxiaoguang
3b6a7e5c8a
Fix the hook related FAQ contents (#21297)
Follows
https://github.com/go-gitea/gitea/issues/21129#issuecomment-1260802986
* https://github.com/go-gitea/gitea/issues/21129#issuecomment-1260802986

A lot of users are asking similar questions.

The old content in FAQ doesn't seem to be related to the problem.
2022-09-29 19:20:22 +02:00
Alexander Shimchik
1d3095b718
Check if email is used when updating user (#21289)
Fix #21075 
When updating user data should check if email is used by other users
2022-09-29 14:36:29 +02:00
KN4CK3R
b7309b8ccb
Add name field for org api (#21270)
related #21205

The field `UserName` is not really usefull for an organization.
This adds a second `Name` field.

The [GitHub API](https://docs.github.com/en/rest/orgs/orgs#get-an-organization) uses `name` too. `UserName` should be deprecated then.
2022-09-29 05:27:33 +02:00
qwerty287
1dfa28ffa5
Add API endpoint to get changed files of a PR (#21177)
This adds an api endpoint `/files` to PRs that allows to get a list of changed files.

built upon #18228, reviews there are included
closes https://github.com/go-gitea/gitea/issues/654

Co-authored-by: Anton Bracke <anton@ju60.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-29 04:27:20 +02:00
M Hickford
78c15dabf3 [skip ci] Updated translations via Crowdin 2022-09-29 00:20:54 +00:00
M Hickford
6a45a691c1
Ignore port for loopback redirect URIs (#21293)
Following https://datatracker.ietf.org/doc/html/rfc8252#section-7.3

Fixes #21285
2022-09-29 00:19:55 +02:00
M Hickford
0e83ab8df7
Improve error descriptions for unauthorized_client (#21292)
Fixes #21282


As suggested by the [OAuth RFC](https://www.rfc-editor.org/rfc/rfc6749)
(quoted below), it's helpful to give more detail in the description

> error_description
OPTIONAL. Human-readable ASCII
[[USASCII](https://www.rfc-editor.org/rfc/rfc6749#ref-USASCII)] text
providing **additional information, used to assist the client developer
in understanding the error that occurred.**
Values for the "error_description" parameter MUST NOT include characters
outside the set %x20-21 / %x23-5B / %x5D-7E.
2022-09-28 15:10:27 -04:00
silverwind
677a09eb74
Consolidate more CSS rules, fix inline code on arc-green (#21260)
- Consolidate various CSS rules into base rules
- Fix inline code in Markdown not having enough contrast on arc-green

Adds one new color variable, `--color-label-active-bg` for the
background of active labels.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-28 21:19:22 +08:00
6543
5a3b9ac875
Update bluemonday (#21281)
https://github.com/microcosm-cc/bluemonday/releases/tag/v1.0.20

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-09-27 22:02:41 -04:00
Hasnain Lakhani
64c3d55de7
Add support for authentication based on reverse proxy email (#19949)
This is useful in scenarios where the reverse proxy may have knowledge
of user emails, but does not know about usernames set on gitea,
as in the feature request in #19948.

I tested this by setting up a fresh gitea install with one user `mhl`
and email `m.hasnain.lakhani@gmail.com`. I then created a private repo,
and configured gitea to allow reverse proxy authentication.

Via curl I confirmed that these two requests now work and return 200s:

curl http://localhost:3000/mhl/private -I --header "X-Webauth-User: mhl"
curl http://localhost:3000/mhl/private -I --header "X-Webauth-Email: m.hasnain.lakhani@gmail.com"

Before this commit, the second request did not work.

I also verified that if I provide an invalid email or user,
a 404 is correctly returned as before

Closes #19948

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-09-28 02:00:15 +02:00
Wim
889a41c6a8
Do not allow organisation owners add themselves as collaborator (#20043)
We're already checking for repo owners, but we also need to check for
organisation owners that try to add themselves as collaborator

Closes #17966
2022-09-28 01:25:40 +02:00
HeySora
dabc06d13b
Feature: Case-insensitive "find files in repo" (#21269)
This (short) PR builds upon #15028 and makes the file search
case-insensitive.

Previously, having a file named `TestFile.cs` would not be shown if
`test` was typed in the search box.
This now changes the matching function to be case-insensitive (without
affecting the UI).

The matching function, `strSubMatch`, is only used for this feature (it
has been introduced by #15028), meaning that this PR does not affect the
behaviour of any unrelated functionality of Gitea.
2022-09-28 00:55:15 +02:00
John Olheiser
8cd3237a9e
Better repo API unit checks (#21130)
This PR would presumably
Fix #20522
Fix #18773
Fix #19069
Fix #21077

Fix #13622

-----

1. Check whether unit type is currently enabled
2. Check if it _will_ be enabled via opt
3. Allow modification as necessary


Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-09-28 00:23:58 +02:00
KN4CK3R
904b324716
Fix empty container layer history and UI (#21251)
Fixes #21248
2022-09-27 15:03:24 +02:00
sebastian-sauer
31f934c1d8
Add filetree on left of diff view (#21012)
This PR adds a filetree to the left side of the files/diff view.

Initially the filetree will not be shown and may be shown via a new
"Show file tree" button.

Showing and hiding is using the same icon as github. Folders are
collapsible. On small devices (max-width 991 PX) the file tree will be
hidden.

Close #18192

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-27 13:22:19 +08:00
Tyrone Yeh
525751243e [skip ci] Updated translations via Crowdin 2022-09-27 00:21:05 +00:00
Tyrone Yeh
2d94774c34
Add author search input (#21246)
New author filter in #20578 missing author search input
#20623 lost author, so add this

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-09-26 18:15:12 +08:00
silverwind
ec0a06e52c
Upgrade chroma to v2.3.0 (#21259)
The behaviour of `PreventSurroundingPre` has changed in
https://github.com/alecthomas/chroma/pull/618 so that apparently it now
causes line wrapper tags to be no longer emitted, but we need some form
of indication to split the HTML into lines, so I did what
https://github.com/yuin/goldmark-highlighting/pull/33 did and added the
`nopWrapper`.

Maybe there are more elegant solutions but for some reason, just
splitting the HTML string on `\n` did not work.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-26 13:50:03 +08:00
Julien Palard
2649e7ffbd [skip ci] Updated translations via Crowdin 2022-09-26 00:20:43 +00:00
Julien Palard
ed255fd8a1
Typo in config-cheat-sheet (#21261) 2022-09-25 18:16:46 -04:00
silverwind
3d92ad8eb9
Use native inputs in whitespace dropdown (#20980)
Use native `<input type="radio">` instead of fake icon font. The
`pointer-events: none` is necessary so the link click always takes
effect. Tested in Firefox, Safari and Chrome.

Before:
<img width="305" alt="Screen Shot 2022-08-27 at 20 42 11"
src="https://user-images.githubusercontent.com/115237/187044786-6655c766-c3fb-4672-9e3e-219b3ec4896c.png">

After:
<img width="298" alt="Screen Shot 2022-08-27 at 21 10 05"
src="https://user-images.githubusercontent.com/115237/187044790-33f87741-062e-4744-80b1-d3bd3fd725e3.png">
<img width="302" alt="image"
src="https://user-images.githubusercontent.com/115237/187044872-6c133cea-65ee-4ebd-b18a-a8b38c791565.png">
2022-09-25 22:01:05 +08:00
wxiaoguang
c4742fbea3 [skip ci] Updated licenses and gitignores 2022-09-25 00:20:43 +00:00
wxiaoguang
bb1e0d0aa5
Use en-US as fallback when using other default language (#21200)
Only en-US has complete translations. When use other language as
default, the en-US should still be used as fallback.

Close #21199

### Screenshot


![image](https://user-images.githubusercontent.com/2114189/190882906-b7a83958-0ea2-46c4-9084-42c4f9a239aa.png)

Co-authored-by: Lauris BH <lauris@nix.lv>
2022-09-25 02:00:16 +03:00
KN4CK3R
0c8ce71188
Make NuGet service index publicly accessible (#21242)
Addition to #20734, Fixes #20717

The `/index.json` endpoint needs to be accessible even if the registry
is private. The NuGet client uses this endpoint without
authentification.

The old fix only works if the NuGet cli is used with `--source <name>`
but not with `--source <url>/index.json`.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-09-24 23:17:08 +08:00