Commit graph

4414 commits

Author SHA1 Message Date
George Bartolomey
13ca6c14f1
feat: allow changing default branch update style
This commit allows chaning default branch update style through global
and repository settings. The setting affects "Update branch" button
in PR view (button shows when some commits are ahead of master branch).
When default update style is set to "rebase", dropdown button updates branch
by rebase by default. When update style is set to other value, dropdown button
updates branch by merge. Any of these actions may be selected using dropdown
in any case.

Signed-off-by: George Bartolomey <george@bh4.ru>
2024-12-23 18:55:25 +03:00
Earl Warren
380e266440 Merge pull request '[gitea] week 2024-51 cherry pick (gitea/main -> forgejo)' (#6271) from earl-warren/wcp/2024-51 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6271
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-12-19 07:08:01 +00:00
Otto
6a4a24e2d7 Merge pull request 'Add sorting functionality to /api/v1/admin/users endpoint' (#6228) from awiteb/forgejo:sort-user-search-endpoint into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6228
Reviewed-by: Otto <otto@codeberg.org>
2024-12-16 21:00:13 +00:00
Awiteb
7603de279a
chore: Update user1 createdunix
Signed-off-by: Awiteb <a@4rs.nl>
2024-12-16 23:27:37 +03:00
Awiteb
60c1fa840b
chore: Identify the created_unix in user fixtures
Signed-off-by: Awiteb <a@4rs.nl>
2024-12-16 23:27:37 +03:00
Zettat123
96a7f0a3f0
Fix missing outputs for jobs with matrix (#32823)
Fix #32795

If a job uses a matrix, multiple `ActionRunJobs` may have the same
`JobID`. We need to merge the outputs of these jobs to make them
available to the jobs that need them.

(cherry picked from commit 7269130d2878d51dcdf11f7081a591f85bd493e8)

Conflicts:
	models/fixtures/action_run.yml
	models/fixtures/action_run_job.yml
  trivial context conflicts
2024-12-15 10:14:21 +01:00
Lunny Xiao
2b5c69c451
Detect whether action view branch was deleted (#32764)
Fix #32761

![图片](https://github.com/user-attachments/assets/a5a7eef8-0fea-4242-b199-1b0b73d9bbdb)

(cherry picked from commit 6370d2fb93a5ee897b82969ca30a9feb33667714)

Conflicts:
	routers/web/repo/actions/actions.go
	routers/web/repo/actions/view.go
  trivial context conflicts
2024-12-15 09:45:10 +01:00
RiceChuan
c3d37894aa
chore: use errors.New to replace fmt.Errorf with no parameters (#32800)
use errors.New to replace fmt.Errorf with no parameters

Signed-off-by: RiceChuan <lc582041246@gmail.com>
(cherry picked from commit dfd75944992fc6508ec891b4c29715c23e59e4ed)
2024-12-15 09:15:57 +01:00
Otto
c1d882df5b Merge pull request 'fix: Do not offer duplicating a PR for a recently pushed branch' (#6191) from wetneb/forgejo:6187-recent-branches into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6191
Reviewed-by: Otto <otto@codeberg.org>
2024-12-13 19:09:39 +00:00
Awiteb
70348e159f Ensure source_id parameter is not skipped when set to 0 and correctly filter users in /api/v1/admin/users endpoint (#6240)
Signed-off-by: Awiteb <a@4rs.nl>
Fixes: #6239

## Checklist

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [X] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [X] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [X] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6240
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Awiteb <a@4rs.nl>
Co-committed-by: Awiteb <a@4rs.nl>
2024-12-13 05:42:01 +00:00
Gusted
7f8f9b878f
fix: Revert "allow synchronizing user status from OAuth2 login providers (#31572)"
This commit has a fundamental flaw, in order to syncronize if external
users are still active the commit checks if the refresh token is
accepted by the OAuth provider, if that is not the case it sees that as
the user is disabled and sets the is active field to `false` to signal
that. Because it might be possible (this commit makes this a highly
likelyhood) that the OAuth provider still recognizes this user the
commit introduces code to allow users to re-active themselves via the
oauth flow if they were disabled because of this. However this code
makes no distinction in why the user was disabled and always re-actives
the user.

Thus the reactivation via the OAuth flow allows users to bypass the
manually activation setting (`[service].REGISTER_MANUAL_CONFIRM`) or if
the admin for other reasons disabled the user.

This reverts commit 21fdd28f08.
2024-12-12 05:59:06 +01:00
Antonin Delpeuch
9c2f3dac71 Reduce delay to 30 minutes 2024-12-10 22:51:44 +01:00
Earl Warren
021c8fe15a Merge pull request '[gitea] week 2024-50 cherry pick (gitea/main -> forgejo)' (#6200) from earl-warren/wcp/2024-50 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6200
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-12-10 06:23:36 +00:00
Otto Richter
5f173bdab3 Add - as reserved user
used in routers such as
af640ac4d4/routers/init.go (L185)
2024-12-09 18:45:05 +01:00
Lunny Xiao
6ac88eab0f
Remove outdated code about fixture generation (#32708)
(cherry picked from commit e45ffc530f482a46de25d28f18b039f296750414)

Conflicts:
	models/fixture_test.go
  trivial context conflict and remove one line in deadcode
2024-12-08 07:31:32 +01:00
xtex
6e891ab1be
feat(secret): generate FORGEJO_TOKEN for all tasks
Improves the Forgejo branding.

Signed-off-by: xtex <xtexchooser@duck.com>
2024-12-08 09:42:18 +08:00
Antonin Delpeuch
4973d23ef8 fix: Do not offer duplicating a PR for a recently pushed branch
Fixes #6187.
2024-12-07 09:45:52 +01:00
Gusted
bc9f1e2533
fix: correct permission loading for limited organisation
- If a organisation is set to be limited visible, then it will still be
visible for signed-in users. However `UnitPermission` didn't take this
into account, it does now.
- Add unit test.
- Resolves #6141
2024-12-04 11:03:33 +01:00
Earl Warren
56007ff3a2 Merge pull request '[gitea] week 2024-49 cherry pick (gitea/main -> forgejo)' (#6110) from earl-warren/wcp/2024-49 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6110
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-12-03 15:06:55 +00:00
Mathieu Fenniak
2faa7ce749 Rework GetLatestCommitStatusForPairs query using a subquery for PG compatibility (#6113)
## Scope

Intended to fix #6099; and moves related tests to integration tests (per. request https://codeberg.org/forgejo/forgejo/pulls/6105#issuecomment-2486228)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests. **not applicable**
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes... **not applicable**
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] I do not want this change to show in the release notes.
  - Rationale: bug-fix for a change that hasn't been released yet.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6113
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2024-12-01 19:15:31 +00:00
Otto Richter
d2bf2e7631 Improve performance of allowed org repo creation query (#6100)
See https://codeberg.org/Codeberg-Infrastructure/build-deploy-forgejo/issues/144#issuecomment-2484031.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6100
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>
2024-12-01 15:16:25 +00:00
Lunny Xiao
3135e146f9
Strict pagination check (#32548)
(cherry picked from commit c363bd06e93986a564601527ade219d602c9d8dd)

Conflicts:
	models/user/search.go
  change already done in 9b85f97835
2024-12-01 07:56:45 +01:00
Mathieu Fenniak
bb8c712ffa add tests for GetLatestCommitStatusForRepoCommitIDs 2024-11-30 10:56:50 -07:00
Mathieu Fenniak
73583fdea1 Fix unconditional DB queries in commit status fetches 2024-11-30 10:42:38 -07:00
Fermé le Lundi
75f703326f Merge branch 'forgejo' into forgejo 2024-11-29 15:37:59 +00:00
Mathieu Fenniak
77fafbe578 Add a "summary card" to issues & PRs for consumption by OpenGraph clients (#6053)
## Overview

Hi all, I'm a first-time contributor to Forgejo.  I was looking for something interesting to contribute and the first thing that caught my attention was https://codeberg.org/forgejo/forgejo/issues/6043, a request for an enhancement to include "issue previews" when publishing links to social media platforms.  As a bit of background, the way these platforms work is that they search for meta tags in the posted link's content, and if they find a meta `og:image` (along with other meta tags) they'll pull the image to include in the social media post.  Forgejo currently provides an `og:image` tag but it just renders the repository or repository-owner's avatar.

This PR will render `og:image` for an issue or PR into a link to `{...}/summary-card`, which is a dynamically generated image that contains a summary of the issue.

## Design Notes

### Rendering / Rasterization

The tricky part of solving this problem is rendering an image that combines some text, some images, and some layout elements.  To address this, I've created a `card` module which allows for a handful of operations:
- Create a new rendered image (a "Card")
- Add a margin to a card
- Split the card, horizontally or vertically, into two pieces with a proportional layout (eg. 70%/30%, as desired), each of which are "Cards" that render into the same root image
- Render text into a card, with line-wrapping and text-alignment capabilities
- Render an image onto a card
- Fetches an external image as safely as possible (for server-side fetch of Gravatar, etc.)

The card module can be reused to create `og:image` summary cards for any object in the future, although obviously it's capabilities are limited.  The current implementation is on issues/PRs.

I considered a few alternative approaches before taking this approach, and here's why I rejected those options:
- Provide the summary card as an SVG object which could be rendered much more easily with a template file -- however, support for SVG isn't defined as positive for OpenGraph, and a quick look through some existing implementations suggest that it is not widely supported, if at all
- Rendering as HTML/CSS, or SVG, and then using an external tool to convert into a PNG (or other static) image -- this would be much nicer and easier to implement, but would require tying in some very heavy-weight dependencies
- Rendering using a more sophisticated graphics library, eg. cairo -- also would be nicer and easier to implement, but again a heavy dependency for a small functionality

As a result of the limited capabilities of the new card module, summary cards don't have icons on them (which would require SVG rasterization) or pretty status badges with colors and rounded rects.  In the future if better drawing capabilities were added, the graphics could be improved, but it doesn't seem too important.

### External Avatars

In order to rasterize a user's avatar onto the summary card, it might have to be retrieved by the server from the external source (eg. Gravatar).  A `fetchExternalImage` routine attempts to do this in the safest way possible to protect the server from any possible security exposure from this; (a) verifying that the content-types are acceptable, (b) ensuring that the file-size and image-size are within the safe bounds that are used for custom avatars, (c) using a very-short timeout to avoid stalling the server if an external dependency is offline.

### Caching

Summary cards are cached after rendered.  This has the downside of causing updates to statuses, avatars, titles, etc. being stale on the summary card for the cache TTL.  However, during testing I found that some social media engines like Mastodon will cause the summary card to be accessed a significant number of times after being referenced by a post, causing a mini-tornado of requests.  The cache compensates for this to avoid server load in this situation.

### Scope

I'm considering out-of-scope:
- Summary cards on other objects (eg. repos, users) can be left for future implementation

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- ~~I added test coverage for JavaScript changes...~~ n/a, no JS changes
  - [x] ~~in `web_src/js/*.test.js` if it can be unit tested.~~
  - [x] ~~in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).~~
- Manual testing
  - [x] Access & attach screenshots of both an issue and a pull-request's summary card; see below
  - [x] Ensure reasonable (non-crash) behavior of rendering text with glyphs outside the font -- correctly rendered as replacement unicode chars
  - [x] Using a public test instance, verify that og:image behavior looks good on platforms like Mastodon and BlueSky
    - [x] Bluesky: 
    - [x] Mastodon:    (Note that the summary card will be requested many times as the post is federated; either each server, or each client, will fetch it itself)
    - [x] OpenGraph test site (https://www.opengraph.xyz/): 
    - [x] Discord: Looks OK ; needs "twitter:card" to be set to "summary_large_image" to display the large-scale image, but (a) that's probably annoying to use, (b) probably wrong because it doesn't match Twitter Card's spec for a "photographic image", and (c) don't want to encourage/continue use of vendor-specific tag
  - [x] Verify cases with user avatar missing (or autogen), and repo avatar missing (falls back to repo owner avatar)

Pull request summary card:
![image](/attachments/b64283e3-9a3c-4f19-9d00-961662ffe86b)

Issue summary card:
![image](/attachments/318ce589-02e0-493e-b10c-5b2cb2627db2)

(images to the right are the custom repo avatar, w/ fallback to the repo owner avatar)

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
  - OpenGraph capabilities are expected to work in the background without user awareness, and so there is no need for documentation to explain the capabilities for users.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6053
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2024-11-29 15:02:03 +00:00
FermeLeLundi
f0de20e747 Update models/git/commit_status_test.go
Typos
2024-11-28 10:15:54 +00:00
Earl Warren
22d08c62f1 Merge pull request 'feat: migrate TOTP secrets to keying' (#6074) from gusted/forgejo-totp-keying into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6074
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-27 18:31:35 +00:00
Gusted
a8c61532d2
feat: migrate TOTP secrets to keying
- Currently the TOTP secrets are stored using the `secrets` module with
as key the MD5 hash of the Secretkey, the `secrets` module uses general
bad practices. This patch migrates the secrets to use the `keying`
module (#5041) which is easier to use and use better practices to store
secrets in databases.
- Migration test added.
- Remove the Forgejo migration databases, and let the gitea migration
databases also run forgejo migration databases. This is required as the
Forgejo migration is now also touching tables that the forgejo migration
didn't create itself.
2024-11-27 00:34:16 +01:00
Rowan Bohde
eb0645f185
disable gravatar in test (#32529)
When running e2e tests on flaky networks, gravatar can cause a timeout
and test failures. Turn off, and populate avatars on e2e test suite run
to make them reliable.

(cherry picked from commit 9ac74a1a408136455a9e0586fb8e65163048597b)

Conflicts:
	models/fixtures/user.yml
	services/repository/contributors_graph_test.go
  trivial context conflicts
2024-11-24 15:42:36 +00:00
Lunny Xiao
32a91add34
Fix GetInactiveUsers (#32540)
Fix #31480

(cherry picked from commit 9bf821ae6c108379d22ae11d8d5784a4ed7ad647)

Conflicts:
	models/user/user_test.go
  trivial context conflict
2024-11-24 15:42:36 +00:00
Rowan Bohde
ddabba5f89
allow the actions user to login via the jwt token (#32527)
We have some actions that leverage the Gitea API that began receiving
401 errors, with a message that the user was not found. These actions
use the `ACTIONS_RUNTIME_TOKEN` env var in the actions job to
authenticate with the Gitea API. The format of this env var in actions
jobs changed with go-gitea/gitea/pull/28885 to be a JWT (with a
corresponding update to `act_runner`) Since it was a JWT, the OAuth
parsing logic attempted to parse it as an OAuth token, and would return
user not found, instead of falling back to look up the running task and
assigning it to the actions user.

Make ACTIONS_RUNTIME_TOKEN in action runners could be used,
attempting to parse Oauth JWTs. The code to parse potential old
`ACTION_RUNTIME_TOKEN` was kept in case someone is running an older
version of act_runner that doesn't support the Actions JWT.

(cherry picked from commit 407b6e6dfc7ee9ebb8a16c7f1a786e4c24d0516e)

Conflicts:
	services/auth/oauth2.go
  trivial context conflicts because OAuth2 scopes are in Forgejo and
  not yet in Gitea
2024-11-24 10:41:56 +00:00
Otto Richter
1d5aee6ef8 fix: Do not delete global Oauth2 applications 2024-11-23 19:59:25 +01:00
Otto Richter
665d5f7317 test: Global OAuth should not be deleted
Expected to fail: Global (instance-wide) OAuth application should not be deleted, but it is
2024-11-23 19:49:55 +01:00
Earl Warren
1597dc078d Merge pull request '[gitea] week 2024-47 cherry pick (gitea/main -> forgejo)' (#5997) from earl-warren/wcp/2024-47 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5997
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-21 18:15:34 +00:00
JakobDev
45fa9e5ae9 fix: Allow Organisations to remove the Email Address (#5517)
It is possible to set a Email for a Organization. This Email is optional and only used to be displayed on the profile page. However, once you set an EMail, you can no longer remove it. This PR fixes that.

While working on the tests, I found out, that the API returns a 500 when trying to set an invalid EMail. I fixed that too. It returns a 422 now.

Fixes #4567

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5517
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-11-20 12:31:34 +00:00
Lunny Xiao
f6a46055aa
Reimplement GetUserOrgsList to make it simple and clear (#32486)
Reimplement GetUserOrgsList and also move some functions and test to
org_list file.

---------

Co-authored-by: Zettat123 <zettat123@gmail.com>
(cherry picked from commit b4abb6deff14b741c7666d7579e0eea68443306c)

Conflicts:
	models/organization/org_test.go
	services/oauth2_provider/access_token.go
  trivial conflicts due to codeblocks moving to different files
2024-11-17 21:57:34 +01:00
6543
7751bb64cb
Calculate PublicOnly for org membership only once (#32234)
Refactoring of #32211

this move the PublicOnly() filter calcuation next to the DB querys and
let it be decided by the Doer

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 43c252dfeaf9ab03c4db3e7ac5169bc0d69901ac)

Conflicts:
	models/organization/org_test.go
	models/organization/org_user_test.go
	routers/web/org/home.go

  rather simple conflict resolution but not trivial
  tests/integration/user_count_test.go had to be adapted (simple)
  because it does not exist in Gitea and uses the modified model
2024-11-17 21:57:34 +01:00
Gusted
2cc3278791 Merge pull request 'fix: use better code to group UID and stopwatches' (#5989) from gusted/improve-uid-stopwatches into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5989
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-17 19:13:30 +00:00
Lunny Xiao
c2e8790df3
Trim title before insert/update to database to match the size requirements of database (#32498)
Fix #32489

(cherry picked from commit 98d9a71ffe510da0e10d042d8f87a348022aca87)
2024-11-17 12:18:56 +01:00
wxiaoguang
03ab73d92e
Fix nil panic if repo doesn't exist (#32501)
fix  #32496

(cherry picked from commit 985e2a8af3d6468bac3ab178148c38bdbd8414f5)
2024-11-17 12:18:56 +01:00
ChristopherHX
7f51210672
Harden runner updateTask and updateLog api (#32462)
Per proposal https://github.com/go-gitea/gitea/issues/32461

(cherry picked from commit f888e45432ccb86b18e6709fbd25223e07f2c422)
2024-11-17 08:45:37 +01:00
Gusted
146824badc Merge pull request 'feat: improve GetLatestCommitStatusForPairs' (#5983) from gusted/improve-commit-pairs into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5983
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-16 15:54:40 +00:00
Gusted
e4eb82b738
fix: use better code to group UID and stopwatches
- Instead of having code that relied on the result being sorted (which
wasn't specified in the query and therefore not safe to assume so). Use
a map where it doesn't care if the result that we get from the database
is sorted or not.
- Added unit test.
2024-11-16 15:59:02 +01:00
Lunny Xiao
013cc1dee4
Only query team tables if repository is under org when getting assignees (#32414)
It's unnecessary to query the team table if the repository is not under
organization when getting assignees.

(cherry picked from commit 1887c75c35c1d16372b1dbe2b792e374b558ce1f)
2024-11-16 14:57:11 +01:00
Gusted
2cccc02e76
feat: improve GetLatestCommitStatusForPairs
- Simplify the function into a single SQL query. This may or may not
help with a monster query we are seeing in Codeberg that is using 400MiB
and takes 50MiB to simply log the query. The result is now capped to the
actual latest index,
- Add unit test.
2024-11-16 13:23:40 +01:00
Earl Warren
cf323a3d55
fix: extend forgejo_auth_token table (part two)
Add the default value of the purpose field to both the table and the
migration. The table in v9 and v7 backport already have the default
value.

ALTER TABLE `forgejo_auth_token` ADD `purpose` TEXT NOT NULL [] - Cannot add a NOT NULL column with default value NULL
2024-11-16 10:53:46 +01:00
Gusted
061abe6004
fix: don't show private forks in forks list
- If a repository is forked to a private or limited user/organization,
the fork should not be visible in the list of forks depending on the
doer requesting the list of forks.
- Added integration testing for web and API route.
2024-11-15 10:59:36 +01:00
Gusted
b70196653f
fix: anomynous users code search for private/limited user's repository
- Consider private/limited users in the `AccessibleRepositoryCondition`
query, previously this only considered private/limited organization.
This limits the ability for anomynous users to do code search on
private/limited user's repository
- Unit test added.
2024-11-15 10:59:36 +01:00
Gusted
1ce33aa38d
fix: extend forgejo_auth_token table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.
2024-11-15 10:59:36 +01:00