- When a user requests a archive of a non-existant commit
`git.ErrNotExist` is returned, but was not gracefully handled resulting
in a 500 error.
- Doesn't exist in v1.22 due to it being refactored away in
cbf923e87b
- Adds integration test.
Backport #28555 by @fuxiaohei
Related to https://github.com/go-gitea/gitea/issues/28279
When merging artifact chunks, it lists chunks from storage. When storage
is minio, chunk's path contains `MINIO_BASE_PATH` that makes merging
break.
<del>So trim the `MINIO_BASE_PATH` when handle chunks.</del>
Update the chunk file's basename to retain necessary information. It
ensures that the directory in the chunk's path remains unaffected.
Co-authored-by: FuXiaoHei <fuxiaohei@vip.qq.com>
(cherry picked from commit 8ca32dc873)
Backport #28491 by @appleboy
- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field
Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
(cherry picked from commit 411310d698)
Backport #28454 (the only conflict is caused by some comments)
* Close#24483
* Close#28123
* Close#23682
* Close#23149
(cherry picked from commit a3f403f438)
Conflicts:
modules/setting/ui.go
trivial context conflict
Backport #28457 by @KN4CK3R
Recently Docker started to use the optional `POST /v2/token` endpoint
which should respond with a `404 Not Found` status code instead of the
current `405 Method Not Allowed`.
> Note: Not all token servers implement oauth2. If the request to the
endpoint returns 404 using the HTTP POST method, refer to Token
Documentation for using the HTTP GET method supported by all token
servers.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 74ab798033)
It shows warnings although the setting is not set, this will surely be
fixed later but there is no sense in spaming the users right now. This
revert can be discarded when another fix lands in v1.21.
su -c "forgejo admin user generate-access-token -u root --raw --scopes 'all,sudo'" git
2023/12/12 15:54:45 .../setting/security.go:166:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.
This reverts commit 0e3a5abb69.
Conflicts:
routers/api/v1/api.go
Backport #28390 by @jackHay22
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example:
```
HTTP/1.1 200 OK
...
Warning: token and access_token API authentication is deprecated
...
```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`
## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed
## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)
Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit f144521aea)
Fix#28056
Backport #28361
This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.
The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.
For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.
For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.
(cherry picked from commit 87db4a47c8)
Backport #28314 by @yp05327
Fix#28264
`DataAsync()` will be called twice.
Caused by https://github.com/go-gitea/gitea/pull/27958.
I'm sorry, I didn't completely remove all unnecessary codes.
Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit c5c44d0951)
Backport #28359 by @lunny
The left menu will only display the default branch's workflows but the
right side will display the runs triggered by all branches' workflows.
So we cannot hide right side if default branch has no workflows.
Fix#28332
Replace #28333
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit b7e3adc66c)
Backport #28306 by @KN4CK3R
Fixes#28280
Reads the `previous` info from the `git blame` output instead of
calculating it afterwards.
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit e15fe85335)
- Backport #1882
- Be more specific of which element we want and also don't include the
href into the selector, so if the value changes, it will show the value
that was rendered.
- Ensure stable order of passed repository IDs.
- Resolves codeberg.org/forgejo/forgejo/issues/1880
(cherry picked from commit 79bc4cffe5)
- Backport of https://codeberg.org/forgejo/forgejo/pulls/1848
- `ReposParam` is passed to the pagination as value for the `repos`
query. It should paginate to other pages with only the selected
repositories, which was currently not the case, but was already the case
for the links in the selectable items.
- Fix the wrong value being passed for issues/pulls lists.
- Fix the formatting of repository query value for milestones lists.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1836
(cherry picked from commit c648e5ab3a)
backport #28213
This PR will fix some missed checks for private repositories' data on
web routes and API routes.
(cherry picked from commit bc3d8bff73)
Backport #28184Fix#25473
Although there was `m.Post("/login/oauth/access_token", CorsHandler()...`,
it never really worked, because it still lacks the "OPTIONS" handler.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 23838c2c2e)
Backport #28101 by @lng2020
Reverts go-gitea/gitea#27141close#28097
Co-authored-by: Nanguan Lin <70063547+lng2020@users.noreply.github.com>
(cherry picked from commit a2314ca9c5)
Backport #27610 by @evantobin
Fixes#27598
In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds
unit tests
Co-authored-by: Evan Tobin <me@evantob.in>
(cherry picked from commit 93ede4bc83)
Backport #28023 by @6543
there was no check in place if a user could see a other user, if you
append e.g. `.rss`
(cherry picked from commit eef4148935)
- If you attempted to get a branch feed on a empty repository, it would
result in a panic as the code expects that the branch exists.
- `context.RepoRefByType` would normally already 404 if the branch
doesn't exist, however if a repository is empty, it would not do this
check.
- Fix bug where `/atom/branch/*` would return a RSS feed.
(cherry picked from commit d27bcd98a4)
(cherry picked from commit 07916c8723)
(cherry picked from commit 2eedbe0c55)
(cherry picked from commit 3810d905c6)
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.
(cherry picked from commit eff097448b)
[GITEA] rework long-term authentication (squash) add migration
Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"
(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
- Add a indication to the file history if the file has been renamed,
this indication contains a link to browse the history of the file
further.
- Added unit testing.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1279
(cherry picked from commit 72c297521b)
(cherry picked from commit 283f964894)
Conflicts:
options/locale/locale_en-US.ini
https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 7c30af7fde)
(cherry picked from commit f3be6eb269)
(cherry picked from commit 78e1755b94)
(cherry picked from commit 9f30b92009)
(cherry picked from commit bb694684a4)
(cherry picked from commit 721f0ccf3e)
(cherry picked from commit 6a6ec50130)
[GITEA] Detect file rename and show in history (squash) ctx.Locale
(cherry picked from commit 08698d747f)
Sends email with information on the new user (time of creation and time of last sign-in) and a link to manage the new user from the admin panel
closes: https://codeberg.org/forgejo/forgejo/issues/480
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1371
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit c721aa828b)
(cherry picked from commit 6487efcb9d)
Conflicts:
modules/notification/base/notifier.go
modules/notification/base/null.go
modules/notification/notification.go
https://codeberg.org/forgejo/forgejo/pulls/1422
(cherry picked from commit 7ea66ee1c5)
Conflicts:
services/notify/notifier.go
services/notify/notify.go
services/notify/null.go
https://codeberg.org/forgejo/forgejo/pulls/1469
(cherry picked from commit 7d2d997011)
(cherry picked from commit 435a54f140)
(cherry picked from commit 8ec7b3e448)
[GITEA] notifies admins on new user registration (squash) performance bottleneck
Refs: https://codeberg.org/forgejo/forgejo/issues/1479
(cherry picked from commit 97ac9147ff)
(cherry picked from commit 19f295c16b)
(cherry picked from commit 3367dcb2cf)
[GITEA] notifies admins on new user registration (squash) cosmetic changes
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 9f1670e040)
(cherry picked from commit de5bb2a224)
(cherry picked from commit 8f8e52f31a)
(cherry picked from commit e0d5130312)
(cherry picked from commit f1288d6d9b)
(cherry picked from commit f664f41658)
(cherry picked from commit e44e6c7e47)
(cherry picked from commit c0d958cc4c)
(cherry picked from commit a88baa5e48)
[GITEA] notifies admins on new user registration (squash) ctx.Locale
(cherry picked from commit 2f6329f693)
- The `<title>` element that lives inside the `<head>` element is an important element that gives browsers and search engine crawlers the title of the webpage, hence the element name. It's therefor important that this title is accurate.
- Currently there are three issues with titles on repositories. It doesn't use the `FullName` and instead only uses the repository name, this doesn't distinguish which user or organisation the repository is on. It doesn't show the full treepath in the title when visiting an file inside a directory and instead only uses the latest path in treepath. It can show the repository name twice if the `.Title` variable also included the repository name such as on the repository homepage.
- Use the repository's fullname (which include which user the repository is on) instead of just their name.
- Display the repository's fullname if it isn't already in `.Title`.
- Use the full treepath in the repository code view instead of just the
last path.
- Adds integration tests.
- Adds a new repository (`repo59`) that has 3 depths for folders, which
wasn't in any other fixture repository yet, so the full treepath for
could be properly tested.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1276
(cherry picked from commit ff9a6a2cda)
(cherry picked from commit 76dffc8621)
(cherry picked from commit ff0615b9d0)
(cherry picked from commit 8712eaa394)
(cherry picked from commit 0c11587582)
(cherry picked from commit 3cbd9fb792)
Conflicts:
tests/integration/repo_test.go
https://codeberg.org/forgejo/forgejo/pulls/1512
(cherry picked from commit fbfdba8ae9)
Conflicts:
models/fixtures/release.yml
https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 8b2bf0534c)
(cherry picked from commit d706d9e222)
(cherry picked from commit 6d46261a3f)
(cherry picked from commit 87e8ad2307)
(cherry picked from commit f728a5e89d)
(cherry picked from commit 97534cd4a1)
[GITEA] Improve HTML title on repositories (squash) do not double escape
(cherry picked from commit 22882fe25c)
(cherry picked from commit 63e99df3d1)
(cherry picked from commit b65d777bc7)
(cherry picked from commit 2961f4f632)
(cherry picked from commit f7f723628c)
(cherry picked from commit 9ed7915826)
(cherry picked from commit 6d83f86cf0)
(cherry picked from commit 525f95cf1a)
(cherry picked from commit b68aebe0f5)
(cherry picked from commit c7c12904ba)
- Resolves#271
- Ensure that the adminstrator password is at least `MIN_PASSWORD_LENGTH`.
(cherry picked from commit 28cb04c3f5)
(cherry picked from commit 95371ebd92)
(cherry picked from commit a134288ab6)
(cherry picked from commit 4202f052cb)
(cherry picked from commit 510b7467d3)
(cherry picked from commit f3a6e1f121)
(cherry picked from commit f340508819)
(cherry picked from commit b891bb176d)
(cherry picked from commit 1a1bfc38cc)
(cherry picked from commit 083d5aefed)
(cherry picked from commit 4586096be9)
(cherry picked from commit 039fa20cc8)
(cherry picked from commit 3ec9cb5f59)
(cherry picked from commit 00be0eee37)
(cherry picked from commit a156603002)
(cherry picked from commit 4d305e7774)
(cherry picked from commit 51e8f21202)
(cherry picked from commit 9c3c4dd672)
(cherry picked from commit 4c017d931b)
(cherry picked from commit dae122958b)
(cherry picked from commit ff583ed7d7)
As the docs of codeberg refer to the strings printed by the Forgejo
ssh servers, this is user-facing and is nice to update to the new
product name.
(cherry picked from commit 103991d73f)
(cherry picked from commit 2a0d3f85f1)
(cherry picked from commit eb2b4ce388)
(cherry picked from commit 0998b51716)
[BRANDING] forgejo log message
(cherry picked from commit d51a046ebe)
(cherry picked from commit d66e1c7b6e)
(cherry picked from commit b5bffe4ce8)
(cherry picked from commit 3fa776d856)
(cherry picked from commit 18d064f472)
(cherry picked from commit c95094e355)
(cherry picked from commit 5784290bc4)
(cherry picked from commit aee336886b)
(cherry picked from commit ec2f60b516)
(cherry picked from commit 7af742a284)
(cherry picked from commit f279e2a264)
(cherry picked from commit fd38cfb14e)
(cherry picked from commit 64c8226618)
(cherry picked from commit b546fb2304)
(cherry picked from commit ad10202177)
(cherry picked from commit c89cab9c2b)
(cherry picked from commit 9579322ec2)
(cherry picked from commit 16b44ad18d)
(cherry picked from commit 2571ff703b)
(cherry picked from commit ad61d9ce9b)
(cherry picked from commit 9b2c45d4d3)
(cherry picked from commit ed01b79a59)
(cherry picked from commit d040b66427)
(cherry picked from commit ffe0bbea48)
(cherry picked from commit 4c1b2c409b)
(cherry picked from commit 3d8338ed10)
(cherry picked from commit a92f044ea9)
[BRANDING] link to forgejo.org/docs instead of docs.gitea.io
(cherry picked from commit 3efafd0e08)
(cherry picked from commit 148185e34b)
(cherry picked from commit 834e264698)
(cherry picked from commit e72fa6eb1e)
[BRANDING] link to forgejo.org/docs instead of docs.gitea.io
Fix the link that was 404.
(cherry picked from commit ae515d7258)
(cherry picked from commit facc2367f0)
(cherry picked from commit 25784b9f21)
(cherry picked from commit 2efc6138d9)
(cherry picked from commit b9d0871631)
(cherry picked from commit f0446e51b9)
(cherry picked from commit 1638aa67fb)
(cherry picked from commit 290db6a018)
(cherry picked from commit 89b87cf542)
(cherry picked from commit 656ed94962)
(cherry picked from commit 036f879f96)
(cherry picked from commit 69eea35f81)
(cherry picked from commit b72e3f4a92)
(cherry picked from commit af606b8574)
(cherry picked from commit 7e47f8135c)
(cherry picked from commit 0e5218cc53)
(cherry picked from commit 7c2a20a528)
(cherry picked from commit 4e94006363)
(cherry picked from commit e47cdfc43f)
(cherry picked from commit 1dcb3e1da4)
(cherry picked from commit 67367c4e0f)
(cherry picked from commit 252087d1ff)
(cherry picked from commit f5977a43e5)
Conflicts:
templates/base/head_navbar.tmpl
https://codeberg.org/forgejo/forgejo/pulls/1351
(cherry picked from commit 594938eb15)
(cherry picked from commit 0257d038a7)
(cherry picked from commit 72821dd140)
[BRANDING] s/gitea/forgejo/ in HTML placeholders
Replaced Gitea branding with Forgejo for input placeholders
Closes: #686
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/752
(cherry picked from commit 6160d37ca9)
(cherry picked from commit df61138c7e)
(cherry picked from commit 1f30566c3f)
(cherry picked from commit 539bb825f5)
(cherry picked from commit bee0f66c86)
(cherry picked from commit 60ad005c95)
(cherry picked from commit 282e26222e)
(cherry picked from commit f9ca551f3d)
(cherry picked from commit b2e04b04c3)
(cherry picked from commit c8f395a03c)
(cherry picked from commit 0d58ce49ae)
(cherry picked from commit c602ddf91e)
(cherry picked from commit 029e37271e)
(cherry picked from commit fdaa96b3cc)
(cherry picked from commit 515d99e27d)
(cherry picked from commit da73274ba1)
(cherry picked from commit ce90b696a0)
(cherry picked from commit b6bf98763b)
(cherry picked from commit 5b380d22d7)
[BRANDING] How to start a runner: URL to Actions admin documentation
(cherry picked from commit da91799e6f)
(cherry picked from commit 28231663b6)
(cherry picked from commit 533a90345b)
(cherry picked from commit 6a0e4e55dd)
(cherry picked from commit f47cd611c6)
(cherry picked from commit 001264b784)
(cherry picked from commit e4099e9bb9)
(cherry picked from commit 3a1885649f)
(cherry picked from commit c42802c710)
(cherry picked from commit a611ce8d6d)
(cherry picked from commit a3d7d10a80)
(cherry picked from commit 52adde671f)
(cherry picked from commit c9a3820fef)
(cherry picked from commit dce40997c9)
(cherry picked from commit 312a6b92f3)
[BRANDING] package templates & links
- Change Gitea to Forgejo where necessary.
- Point all documentation to Forgejo's documentation.
- Resolves#992
(cherry picked from commit d0b78a6ede)
(cherry picked from commit e2382f30ba)
(cherry picked from commit c41cf05a33)
(cherry picked from commit 797e598ae7)
(cherry picked from commit 970031a1c2)
(cherry picked from commit 0c1180e2e1)
Conflicts:
templates/package/content/alpine.tmpl
templates/package/content/cargo.tmpl
templates/package/content/chef.tmpl
templates/package/content/composer.tmpl
templates/package/content/conan.tmpl
templates/package/content/conda.tmpl
templates/package/content/container.tmpl
templates/package/content/cran.tmpl
templates/package/content/debian.tmpl
templates/package/content/generic.tmpl
templates/package/content/go.tmpl
templates/package/content/helm.tmpl
templates/package/content/maven.tmpl
templates/package/content/npm.tmpl
templates/package/content/nuget.tmpl
templates/package/content/pub.tmpl
templates/package/content/pypi.tmpl
templates/package/content/rpm.tmpl
templates/package/content/rubygems.tmpl
templates/package/content/swift.tmpl
templates/package/content/vagrant.tmpl
https://codeberg.org/forgejo/forgejo/pulls/1351
(cherry picked from commit 42ac9ff2ab)
(cherry picked from commit e390000bce)
(cherry picked from commit 56a437b29b)
Conflicts:
templates/package/content/cargo.tmpl
https://codeberg.org/forgejo/forgejo/pulls/1466
[BRANDING] s/Gitea/Forgejo/ in user visible help & comments
- Modify the README of the docker directory to point to the relevant
docker files and documentation for Forgejo.
(cherry picked from commit aca6371215)
(cherry picked from commit 0ba96b1bc4)
(cherry picked from commit 5c8e6b53f1)
Conflicts:
docker/README.md
https://codeberg.org/forgejo/forgejo/pulls/1351
(cherry picked from commit b3121c8004)
(cherry picked from commit 607f870416)
(cherry picked from commit 191d96afe4)
[BRANDING] healthcheck/check.go
(cherry picked from commit d703a236ce)
(cherry picked from commit d84ce3ff20)
(cherry picked from commit 2dbb844606)
(cherry picked from commit 14d3ae7e3a)
[BRANDING] s/Gitea/Forgejo/g in CLI output
(cherry picked from commit 7543c126bb)
(cherry picked from commit b66f422fc3)
(cherry picked from commit a81e4e46f3)
[BRANDING] Gitea->Forgejo in mailer code
(cherry picked from commit b91afea4ff)
(cherry picked from commit 5d7428167c)
(cherry picked from commit ed8101ba6c)
[BRANDING] use 'Forgejo' for Discord, Packagist, and Slack webhooks
Refs: https://codeberg.org/forgejo/forgejo/issues/1387
(cherry picked from commit 7dc3a05f5b)
(cherry picked from commit 133f2fc6cc)
[BRANDING] cmd/manager.go
(cherry picked from commit d1dba2c79d)
[BRANDING] pyproject.toml
(cherry picked from commit 7e8c868db2)
(cherry picked from commit 2395995c8b)
(cherry picked from commit dd6fbbf332)
Conflicts:
templates/package/content/cargo.tmpl
https://codeberg.org/forgejo/forgejo/pulls/1548
(cherry picked from commit 6f9a5d5cab)
(cherry picked from commit d0635c4a07)
(cherry picked from commit 5d3b4594df)
(cherry picked from commit 6da3b43eff)
(cherry picked from commit b60dfaba10)
(cherry picked from commit bcb9bb4dee)
(cherry picked from commit d5301b6a24)