Commit graph

21611 commits

Author SHA1 Message Date
Gusted
3e3ef76808
fix: require code permissions for branch feed
- The RSS and atom feed for branches exposes details about the code, it
therefore should be guarded by the requirement that the doer has access
to the code of that repository.
- Added integration testing.
2024-11-15 10:59:36 +01:00
Gusted
7067cc7da4
fix: strict matching of allowed content for sanitizer
- _Simply_ add `^$` to regexp that didn't had it yet, this avoids any
content being allowed that simply had the allowed content as a
substring.
- Fix file-preview regex to have `$` instead of `*`.
2024-11-15 10:59:36 +01:00
Gusted
e6bbecb02d
fix: disallow basic authorization when security keys are enrolled
- This unifies the security behavior of enrolling security keys with
enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use
basic authorization (user:password) to make API request on behalf of the
user, this is now also the case when you enroll security keys.
- The usage of access tokens are the only method to make API requests on
behalf of the user when a 2FA method is enrolled for the user.
- Integration test added.
2024-11-15 10:59:36 +01:00
Gusted
b70196653f
fix: anomynous users code search for private/limited user's repository
- Consider private/limited users in the `AccessibleRepositoryCondition`
query, previously this only considered private/limited organization.
This limits the ability for anomynous users to do code search on
private/limited user's repository
- Unit test added.
2024-11-15 10:59:36 +01:00
Gusted
9508aa7713
Improve usage of HMAC output for mailer tokens
- If the incoming mail feature is enabled, tokens are being sent with
outgoing mails. These tokens contains information about what type of
action is allow with such token (such as replying to a certain issue
ID), to verify these tokens the code uses the HMAC-SHA256 construction.
- The output of the HMAC is truncated to 80 bits, because this is
recommended by RFC2104, but RFC2104 actually doesn't recommend this. It
recommends, if truncation should need to take place, it should use
max(80, hash_len/2) of the leftmost bits. For HMAC-SHA256 this works out
to 128 bits instead of the currently used 80 bits.
- Update to token version 2 and disallow any usage of token version 1,
token version 2 are generated with 128 bits of HMAC output.
- Add test to verify the deprecation of token version 1 and a general
MAC check test.
2024-11-15 10:59:36 +01:00
Gusted
1ce33aa38d
fix: extend forgejo_auth_token table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.
2024-11-15 10:59:36 +01:00
Michael Kriese
0fa436c373 Merge pull request 'ci: use oci mirror images' (#5963) from viceice/ci/oci-mirror into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5963
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-15 08:22:35 +00:00
Michael Kriese
296935b0d7 Merge pull request 'chore: improve preparing tests' (#5948) from gusted/improve-testz into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5948
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-15 07:35:22 +00:00
Michael Kriese
c8d97e5594
ci: use oci mirror images 2024-11-15 08:19:50 +01:00
Earl Warren
e426a52a87 Merge pull request 'chore(release-notes): update the v9.0.2 & v7.0.11 links' (#5943) from earl-warren/forgejo:wip-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5943
2024-11-15 07:11:46 +00:00
Michael Kriese
faa796feb9 Merge pull request 'ci: proper job name' (#5964) from viceice/ci/job-name into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5964
Reviewed-by: Antonin Delpeuch <wetneb@noreply.codeberg.org>
2024-11-15 07:02:58 +00:00
Michael Kriese
19c9e0a0c2
ci: proper job name 2024-11-15 00:48:45 +01:00
Earl Warren
ef9a0c8d3d Merge pull request 'Update module code.forgejo.org/forgejo/act to v1.22.0 (forgejo)' (#5949) from renovate/forgejo-code.forgejo.org-forgejo-act-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5949
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-14 23:28:23 +00:00
Otto
d1ad4dd561 Merge pull request 'Highlight user mention in comments and commit messages' (#5899) from 0ko/forgejo:mention-highlight into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5899
Reviewed-by: Otto <otto@codeberg.org>
2024-11-14 17:46:03 +00:00
Otto
b92863b024 Merge pull request 'ci: use tmpfs for service storage' (#5958) from viceice/ci/use-tmpfs into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5958
Reviewed-by: Otto <otto@codeberg.org>
2024-11-14 17:44:22 +00:00
Michael Kriese
91fda7ee81 Merge pull request 'test: use sqlite in-memory db for integration' (#5956) from viceice/test/integration/use-sqlite-in-memory-db into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5956
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-14 17:14:39 +00:00
Michael Kriese
8a4407ef72
ci: use tmpfs for service storage 2024-11-14 17:27:48 +01:00
Michael Kriese
a8beeff422 Merge pull request 'ci: disable mysql binlog' (#5957) from viceice/ci/mysql/no-bin-log into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5957
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-14 16:26:48 +00:00
Michael Kriese
eda83cc7ed
ci: disable mysql binlog 2024-11-14 16:39:34 +01:00
Michael Kriese
aea3c7d6e8
test: use memory for integration and journal for migration 2024-11-14 15:38:06 +01:00
Michael Kriese
24028747d3
test: use sqlite in-memory db for integration 2024-11-14 15:38:06 +01:00
Michael Kriese
5bd682b59d Merge pull request 'test: add trailing newline to testlogger.go:recordError message' (#5955) from viceice/test/add-newline-to-record-error-msg into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5955
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-14 14:20:42 +00:00
Michael Kriese
969027e3f2
test: add trailing newline to testlogger.go:recordError message 2024-11-14 14:38:47 +01:00
Otto Richter
019e38a746 chore(ci): Upload screenshots on test failure 2024-11-14 14:12:31 +01:00
Otto Richter
1f7a648057 tests(e2e): mention highlights in commit messages 2024-11-14 14:12:23 +01:00
Otto Richter
c17b4bdaeb tests(e2e): Separate accessibility and form checks
- automatically test for light and dark themes
2024-11-14 14:08:12 +01:00
0ko
634519e891 feat(ui): highlight user mention in comments and commit messages 2024-11-14 14:08:12 +01:00
Earl Warren
bd42f677b4 Merge pull request 'chore: improve slow tests' (#5954) from gusted/improve-slow-test into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5954
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-14 12:37:37 +00:00
Gusted
75a8b83946
chore: improve slow tests
- Optimize generting random files.
- Reduce big file of 128MiB to 32MiB (git was never made for large files
anyways, but simply tests that it works).
- Reduce looped git operations from 100 iterations to 10.
- Add extra print statements to know what a slow test is doing, this
also helps to see if a particular piece of code in a slow test is the
culprit or if the test is just very extensive.
- Set `[ui.notification].EVENT_SOURCE_UPDATE_TIME` to 1s to speed up
`TestEventSourceManagerRun`.
- Sneaked in some general test improvements.
2024-11-14 12:41:11 +01:00
Codeberg Translate
e600fe97a3 i18n: update of translations from Codeberg Translate (#5845)
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: SomeTr <SomeTr@users.noreply.translate.codeberg.org>
Co-authored-by: artnay <artnay@users.noreply.translate.codeberg.org>
Co-authored-by: Edgarsons <Edgarsons@users.noreply.translate.codeberg.org>
Co-authored-by: raspher <raspher@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: kwoot <kwoot@users.noreply.translate.codeberg.org>
Co-authored-by: Atul_Eterno <Atul_Eterno@users.noreply.translate.codeberg.org>
Co-authored-by: xtex <xtexchooser@duck.com>
Co-authored-by: Benedikt Straub <Nordfriese@users.noreply.translate.codeberg.org>
Co-authored-by: Juno Takano <jutty@users.noreply.translate.codeberg.org>
Co-authored-by: faoquad <faoquad@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: Atalanttore <Atalanttore@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5845
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-11-14 10:20:25 +00:00
Gusted
d1520cf08d
chore: improve preparing tests
- Only prepare repositories once.
- Move the repositories to temporary directories (these should usually be stored in
memory) which are recreated for each test to avoid persistentance
between tests. Doing some dirty profiling suggests that the preparing
test functions from 140-100ms to 70-40ms
2024-11-14 10:07:52 +01:00
Gusted
b86f6cae03 Merge pull request 'feat: Make AVIF Images work with Forgejo' (#5940) from JakobDev/forgejo:avif into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5940
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-14 08:40:53 +00:00
Earl Warren
9e95f80d94 Merge pull request 'chore(i18n): allow datnes nosaukums for filename (Latvian)' (#5951) from earl-warren/forgejo:wip-i18n-filename into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5951
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-11-14 08:34:11 +00:00
Earl Warren
c7b0132a78
chore(i18n): allow datnes nosaukums for filename (Latvian) 2024-11-14 08:54:49 +01:00
Renovate Bot
8206d509fc Update module code.forgejo.org/forgejo/act to v1.22.0 2024-11-14 02:03:09 +00:00
Gusted
3fe67dba8b Merge pull request 'Update module github.com/blevesearch/bleve/v2 to v2.4.3 (forgejo)' (#5946) from renovate/forgejo-github.com-blevesearch-bleve-v2-2.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5946
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-14 01:22:21 +00:00
Renovate Bot
c0309ee367 Update module github.com/blevesearch/bleve/v2 to v2.4.3 2024-11-14 00:03:01 +00:00
Otto
17ec79ccfc Merge pull request 'fix: handle renamed dependency for cargo registry' (#5941) from gusted/forgejo-renamed-cargo-dep into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5941
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-13 22:51:34 +00:00
Earl Warren
a5ba7cadf7
chore(release-notes): update the v9.0.2 & v7.0.11 links 2024-11-13 23:23:47 +01:00
Earl Warren
2581c9cfc8 Merge pull request 'chore(ci): ROLE forgejo-coding & forgejo-testing (part two)' (#5944) from earl-warren/forgejo:wip-testing-only into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5944
2024-11-13 22:21:33 +00:00
Earl Warren
068558accd
chore(ci): ROLE forgejo-coding & forgejo-testing (part two)
When the CI vars.ROLE is forgejo-coding, it is assumed to be the
repository where collaborative coding happens,
i.e. https://codeberg.org/forgejo/forgejo

When the CI vars.ROLE is forgejo-testing, it is assumed that only codebase
testing is to be run and no other tests such as release build
integration, label constraints, backporting etc.
2024-11-13 23:04:47 +01:00
Earl Warren
5562ea4566 Merge pull request 'chore(ci): ROLE forgejo-coding & forgejo-testing' (#5942) from earl-warren/forgejo:wip-testing-only into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5942
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-13 21:43:48 +00:00
Earl Warren
f82840f1ea
chore(ci): ROLE forgejo-coding & forgejo-testing
When the CI vars.ROLE is forgejo-coding, it is assumed to be the
repository where collaborative coding happens,
i.e. https://codeberg.org/forgejo/forgejo

When the CI vars.ROLE is forgejo-testing, it is assumed that only codebase
testing is to be run and no other tests such as release build
integration, label constraints, backporting etc.
2024-11-13 22:18:35 +01:00
Gusted
bb93d3e6c8
fix: handle renamed dependency for cargo registery
- When a dependency is renamed, specified via `package="actual-name"` in
Cargo.toml, this should become the name of the depedency when the
package is retrieved from the registery by cargo and the old name should
be available in the `package` field.
- The reference implementation also does this: 490e66a9d6/src/controllers/krate/publish.rs (L702-L705)
- Resolves #5936
- Unit test added.
2024-11-13 21:26:49 +01:00
JakobDev
19a27ded86
feat: Make AVIF Images work with Forgejo 2024-11-13 19:09:40 +01:00
Earl Warren
5614719e0a Merge pull request 'chore(release): also copy the release to code.forgejo.org' (#5732) from earl-warren/forgejo:wip-mirror into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5732
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-13 16:47:45 +00:00
Earl Warren
7492330721
chore(ci): trigger a mirror when a release is publish
Notify https://code.forgejo.org/forgejo/forgejo that a new release was
published by setting the trigger label to
https://code.forgejo.org/forgejo/forgejo/issues/5.

It is only ever useful when a stable release is published, the
experimental releases are not mirrored. But it is triggered in all
cases. This will waste a few mirror check daily, when experimental
releases are built. This is an improvement compared to the current
situation where mirrors are checked hourly:

* Instead of being checked 24 times per day it will be down to less
  than 5
* The mirror happens immediately after the release is published
  instead of waiting for the next run of the cron job.

If a mirror operation is in progress, as evidenced by the presence of
the trigger label on the issure, it means two releases are being
published. Wait up to 1h for the mirror to complete and remove the
trigger label.
2024-11-13 17:17:08 +01:00
Otto
9c86c4f170 Merge pull request 'tests(e2e): Refactor various tests' (#5929) from fnetx/e2e-flakiness into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5929
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-13 14:53:16 +00:00
Earl Warren
e6bddc66ef Merge pull request 'chore(renovate): throttle down upgrade of linters & test packages' (#5935) from earl-warren/forgejo:wip-renovate-tests into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5935
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-13 14:49:20 +00:00
Otto Richter
40551de313 tests(e2e): Refactor various tests
Goals:

- speedup
- less flakiness
- best practices and more use
- documentation

config:
- sync ports in Makefile and playwright config
  (otherwise, some tests fail locally because they assert the full URL including the (wrong) port)
- even more generous timeouts
- limit workers to one again (because I finally understand how
  Playwright works)
- allow nested functions to group them together with the related test

all:

- deprecate waitForLoadState('networkidle')
  - it is discouraged as per https://playwright.dev/docs/api/class-page#page-wait-for-load-state
  - I could not find a usage that seems to require it actually (see
    added documentation in README)
  - adding an exception should be made explicitly
  - it does not do what you might expect anyway in most cases
- only log in when necessary

webauthn:

- verify that login is possible after disabling key
- otherwise, the cleanup was not necessary after the previous refactor to create a fresh user each

issue-sidebar / WIP toggle:

- split into smaller chunks
- restore original state first
- add missed assertion to fix race condition (not waiting
  before state was reached)
- explicitly toggle the state to detect mismatch earlier

issue-sidebar / labels:

- restore original state first
- better waiting for background request
2024-11-13 13:15:37 +01:00