Commit graph

21092 commits

Author SHA1 Message Date
Gusted
d97cf0e854
[BUG] Return blocking errors as JSON errors
- These endspoints are since b71cb7acdc
JSON-based and should therefore return JSON errors.
- Integration tests adjusted.
2024-08-09 20:34:38 +02:00
Renovate Bot
f70d50a8dc Update vitest monorepo to v2 2024-08-09 18:13:31 +00:00
Renovate Bot
ade201095a Update dependency minimatch to v10 2024-08-09 18:13:13 +00:00
Renovate Bot
c541431773 Update dependency @stylistic/stylelint-plugin to v3 2024-08-09 18:12:59 +00:00
Gusted
0f7a98d34d Merge pull request '[CHORE] Fix darwin compatibility' (#4906) from gusted/forgejo-os-compile into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4906
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
2024-08-09 17:33:47 +00:00
Solomon Victorino
b8a5ca2c40 fix(ui): allow unreacting from comment popover
- fix selectors for hasReacted
- don't send empty HTML on reaction errors
- add E2E test
2024-08-09 10:17:04 -06:00
forgejo-renovate-action
91115b39a9 Merge pull request 'Update x/tools to v0.24.0 (forgejo)' (#4895) from renovate/forgejo-xtools into forgejo 2024-08-09 15:53:49 +00:00
Gusted
ac8856ac2b
[CHORE] Fix darwin compatibility
- Always convert (syscall.Stat_t).Dev to uint64.
- Resolves #4905
2024-08-09 17:44:41 +02:00
Gusted
d5ba61a104 Merge pull request '[UI] Fix inconsitencies in link/login account page' (#4902) from gusted/forgejo-ui-linking into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4902
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
2024-08-09 15:03:29 +00:00
Earl Warren
a486c684f9
Update x/tools to v0.24.0 (licenses updates) 2024-08-09 16:35:50 +02:00
Marcell Mars
d6647f710f tests additional grant scopes
- parsing scopes in `grantAdditionalScopes`
- read basic user info if `read:user`
- fail reading repository info if only `read:user`
- read repository info if `read:repository`
- if `setting.OAuth2.EnabledAdditionalGrantScopes` not provided it reads
  all groups (public+private)
- if `setting.OAuth2.EnabledAdditionalGrantScopes` provided it reads
  only public groups
- if `setting.OAuth2.EnabledAdditionalGrantScopes` and `read:organization`
 provided it reads all groups
2024-08-09 14:58:15 +02:00
Marcell Mars
8524589d8c show OAuth2 requested scopes in authorization UI
- by displaying the scopes requested for authorization in the OAuth2 app,
  users can make more informed decisions when granting access
2024-08-09 14:58:15 +02:00
Marcell Mars
7dbad27156 id_token & userinfo endpoint's public groups check
- if `groups` scope provided it checks if all, r:org or r:admin are
provided to pass all the groups. otherwise only public memberships
- in InfoOAuth it captures scopes from the token if provided in the
header. the extraction from the header is maybe a candidate for the
separate function so no duplicated code
2024-08-09 14:58:15 +02:00
Marcell Mars
4eb8d8c496 OAuth2 provider: support for granular scopes
- `CheckOAuthAccessToken` returns both user ID and additional scopes
- `grantAdditionalScopes` returns AccessTokenScope ready string (grantScopes)
   compiled from requested additional scopes by the client
- `userIDFromToken` sets returned grantScopes (if any) instead of default `all`
2024-08-09 14:58:15 +02:00
Renovate Bot
99d78fb9e7 Update x/tools to v0.24.0 2024-08-09 10:25:53 +00:00
forgejo-renovate-action
3301e7dc75 Merge pull request 'Update dependency vue to v3.4.37 (forgejo)' (#4893) from renovate/forgejo-patch-vue-monorepo into forgejo 2024-08-09 09:22:36 +00:00
Gusted
75b3645bc3
[UI] Fix inconsitencies in link/login account page
- Add the 'correct' styling for column on the link account page, this
follows what was done for the login/register page in 629ca22a97.
- Move some if conditions to be outside of the container which allocates
space on the page, this ensures it's not being shown if it's not needed.
- Resolves #4844
2024-08-09 10:52:17 +02:00
Renovate Bot
000f3562c2 Update dependency vue to v3.4.37 2024-08-09 08:07:03 +00:00
Ivan Shapovalov
012a1e0497 log: journald integration (#2869)
Provide a bit more journald integration. Specifically:

- support emission of printk-style log level prefixes, documented in [`sd-daemon`(3)](https://man7.org/linux/man-pages/man3/sd-daemon.3.html#DESCRIPTION), that allow journald to automatically annotate stderr log lines with their level;
- add a new "journaldflags" item that is supposed to be used in place of "stdflags" when under journald to reduce log clutter (i. e. strip date/time info to avoid duplication, and use log level prefixes instead of textual log levels);
- detect whether stderr and/or stdout are attached to journald by parsing `$JOURNAL_STREAM` environment variable and adjust console logger defaults accordingly.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/2869): <!--number 2869 --><!--line 0 --><!--description bG9nOiBqb3VybmFsZCBpbnRlZ3JhdGlvbg==-->log: journald integration<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2869
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Ivan Shapovalov <intelfx@intelfx.name>
Co-committed-by: Ivan Shapovalov <intelfx@intelfx.name>
2024-08-09 07:49:13 +00:00
Earl Warren
a72763f5a3 Merge pull request 'docs: add links to the v7.0.7 & v8.0.1 release notes' (#4899) from earl-warren/forgejo:wip-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4899
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-09 07:34:40 +00:00
Earl Warren
ae85e285db Merge pull request 'disallow javascript: URI in the repository description' (#4896) from earl-warren/forgejo:wip-xss-repo-description into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4896
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-09 05:56:49 +00:00
Earl Warren
b87b38d3b9
docs: add links to the v7.0.7 & v8.0.1 release notes
They are now published in the milestone in part manually edited and in
part generated by the release notes assistant. Maintaining a single
file with all the release notes is prone to conflicts and requires
manual copy/pasting that is of little value.

It may make sense to transition to a release notes directory in which
the release notes assistant could create one file per release, with a
copy of the release notes edited in the milestone. This could be more
conveniently backported and would not require human intervention.
2024-08-09 07:26:50 +02:00
Gusted
bb448f3dc2
disallow javascript: URI in the repository description
- Fixes an XSS that was introduced in
https://codeberg.org/forgejo/forgejo/pulls/1433
- This XSS allows for `href`s in anchor elements to be set to a
`javascript:` uri in the repository description, which would upon
clicking (and not upon loading) the anchor element execute the specified
javascript in that uri.
- [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description
policy, which ensures that URIs in anchor elements are `mailto:`,
`http://` or `https://` and thereby disallowing the `javascript:` URI.
It also now allows non-relative links and sets `rel="nofollow"` on
anchor elements.
- Unit test added.
2024-08-09 07:04:01 +02:00
Earl Warren
d7cb2ab3b2 Merge pull request 'feat(performance): remove BranchName in /:owner/:repo/commit/:commit' (#4891) from emilylange/feat-performance-remove-branchname into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4891
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-08 21:24:51 +00:00
emilylange
c1f85ce27b
feat(performance): remove BranchName in /:owner/:repo/commit/:commit
`BranchName` provides the nearest branch of the requested `:commit`.

It's plenty fast on smaller repositories.
On larger repositories like nixpkgs, however, this can easily take 2-3
seconds on a modern machine on a NVMe.

For context, at the time of writing, nixpkgs has over 650k commits and
roughly 250 branches.

`BranchName` is used once in the whole view:
The cherry-pick target branch default selection.

And I believe that's a logic error, which is why this patch is so small.

The nearest branch of a given commit will always be a branch the commit
is already part of. The branch you most likely *don't* want to
cherry-pick to.

Sure, one can technically cherry-pick a commit onto the same branch, but
that simply results in an empty commit.

I don't believe this is intended and even less so worth the compute.

Instead, the cherry-pick branch selection suggestion now always uses
the default branch, which used to be the fallback.

If a user wants to know which branches contain the given commit,
`load-branches-and-tags` exists and should be used instead.

Also, to add insult to injury, `BranchName` was calculated for both
logged-in and not logged-in users, despite its only consumer, the
cherry-pick operation, only being rendered when a given user has
write/commit permissions.

But this isn't particularly surprising, given this happens a lot in
Forgejo's codebase.
2024-08-08 22:29:42 +02:00
Earl Warren
7ac390bcb4 Merge pull request 'chore(ci): optimize end-to-end runs [skip ci]' (#4888) from wip-ci-end-to-end into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4888
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-08 20:24:10 +00:00
Yaroslav Halchenko
5ae2dbcb14 Adjust codespell config + make it fix few typos which sneaked in since addition of codespell support (#4857)
Now that my colleague just posted a wonderful blog post https://blog.datalad.org/posts/forgejo-runner-podman-deployment/ on forgejo runner, some time I will try to add that damn codespell action to work on CI here ;)  meanwhile some typos managed to sneak in and this PR should address them (one change might be functional in a test -- not sure if would cause a fail or not)

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4857
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-08-08 16:07:35 +00:00
Earl Warren
1f8e6b6e31
chore(ci): optimize end-to-end runs
* specify the version targeted by the pull request. The end-to-end
  tests previously compiled all known branches which was a waste. The
  pull request now must specify which version it is targeting so that
  only this version is recompiled and used for testing.
* when building the daily releases, use the release from the
  integration organization to ensure the tests are run against the
  latest build. Clarify in a comment why the lookup order of
  organizations is reversed in this particular case.

Refs: https://code.forgejo.org/forgejo/end-to-end/pulls/239
2024-08-08 17:53:12 +02:00
0ko
06d25815d3 Merge pull request 'chore(renovate): add labels and reviewer to renovate updates' (#4883) from viceice/chore/renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4883
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-08 11:34:59 +00:00
Michael Kriese
62b6e48a9e
chore(renovate): add labels and reviewer to renovate updates 2024-08-08 11:42:32 +02:00
forgejo-renovate-action
8b79c5d7b6 Merge pull request 'Update renovate to v38.21.3 (forgejo)' (#4880) from renovate/forgejo-renovate into forgejo 2024-08-08 09:31:37 +00:00
Renovate Bot
52666d4a8a Update renovate to v38.21.3 2024-08-08 08:05:32 +00:00
Earl Warren
7cfa3305bf Merge pull request 'Update dependency tailwindcss to v3.4.8 (forgejo)' (#4873) from renovate/forgejo-tailwindcss-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4873
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-08 07:29:03 +00:00
Exploding Dragon
1bc986423d fix: rpm sign resource leak (#4878)
Fixed the resource leak  in #4780.

Related:  [go-gitea/gitea#31794](https://github.com/go-gitea/gitea/pull/31794)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4878
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-08 07:28:09 +00:00
Codeberg Translate
abc3364a7b i18n: update of translations from Weblate (#4783)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Localization
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4783): <!--number 4783 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIFdlYmxhdGU=-->i18n: update of translations from Weblate<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: natalie_drowned02 <k_letovskiy02@protonmail.com>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: hugoalh <hugoalh@users.noreply.translate.codeberg.org>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: pswsm <pswsm@users.noreply.translate.codeberg.org>
Co-authored-by: dragon <dragon@users.noreply.translate.codeberg.org>
Co-authored-by: Zughy <Zughy@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Marco Ciampa <ciampix@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4783
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-08-08 07:16:13 +00:00
Earl Warren
d9c87cf498 Merge pull request 'Update module golang.org/x/crypto to v0.26.0 (forgejo)' (#4874) from renovate/forgejo-golang.org-x-crypto-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4874
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-08 07:02:20 +00:00
Shivaram Lingamneni
878c236f49 cherry-pick OIDC changes from gitea (#4724)
These are the three conflicted changes from #4716:

* https://github.com/go-gitea/gitea/pull/31632
* https://github.com/go-gitea/gitea/pull/31688
* https://github.com/go-gitea/gitea/pull/31706

cc @earl-warren; as per discussion on https://github.com/go-gitea/gitea/pull/31632 this involves a small compatibility break (OIDC introspection requests now require a valid client ID and secret, instead of a valid OIDC token)

## Checklist

The [developer guide](https://forgejo.org/docs/next/developer/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Breaking features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4724): <!--number 4724 --><!--line 0 --><!--description T0lEQyBpbnRlZ3JhdGlvbnMgdGhhdCBQT1NUIHRvIGAvbG9naW4vb2F1dGgvaW50cm9zcGVjdGAgd2l0aG91dCBzZW5kaW5nIEhUVFAgYmFzaWMgYXV0aGVudGljYXRpb24gd2lsbCBub3cgZmFpbCB3aXRoIGEgNDAxIEhUVFAgVW5hdXRob3JpemVkIGVycm9yLiBUbyBmaXggdGhlIGVycm9yLCB0aGUgY2xpZW50IG11c3QgYmVnaW4gc2VuZGluZyBIVFRQIGJhc2ljIGF1dGhlbnRpY2F0aW9uIHdpdGggYSB2YWxpZCBjbGllbnQgSUQgYW5kIHNlY3JldC4gVGhpcyBlbmRwb2ludCB3YXMgcHJldmlvdXNseSBhdXRoZW50aWNhdGVkIHZpYSB0aGUgaW50cm9zcGVjdGlvbiB0b2tlbiBpdHNlbGYsIHdoaWNoIGlzIGxlc3Mgc2VjdXJlLg==-->OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure.<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4724
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Co-committed-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
2024-08-08 06:32:14 +00:00
Earl Warren
c59c83024c
Update module golang.org/x/crypto to v0.26.0 (license update)
80fd97208d
2024-08-08 08:15:29 +02:00
Renovate Bot
64e56f0d0d Update module golang.org/x/crypto to v0.26.0 2024-08-08 00:03:21 +00:00
Renovate Bot
8deaea0b69 Update dependency tailwindcss to v3.4.8 2024-08-08 00:02:42 +00:00
Earl Warren
633406704c Merge pull request 'Revert telemetry integration' (#4866) from thefox/revert-otel into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4866
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-08-07 20:47:04 +00:00
0ko
bad3b32037 feat(i18n): allow different translations of creation links and titles (#4829)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4829
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-07 16:54:05 +00:00
TheFox0x7
2e2a044493
Revert "Open telemetry integration (#3972)"
This reverts commit c738542201.
2024-08-07 11:22:43 +02:00
Earl Warren
690b63fc74 Merge pull request '[BUG] Ensure all filters are persistent in issue filters' (#4852) from gusted/forgejo-filter-links into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4852
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-07 05:49:25 +00:00
Aravinth Manivannan
f9cbea3d6b feat: access ActivityPub client through interfaces to facilitate mocking in unit tests (#4853)
Was facing issues while writing unit tests for federation code. Mocks weren't catching all network calls, because was being out of scope of the mocking infra. Plus, I think we can have more granular tests.

This PR puts the client behind an interface, that can be retrieved from `ctx`. Context doesn't require initialization, as it defaults to the implementation available in-tree. It may be overridden when required (like testing).

## Mechanism

1. Get client factory from `ctx` (factory contains network and crypto parameters that are needed)
2. Initialize client with sender's keys and the receiver's public key
3. Use client as before.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4853
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
2024-08-07 05:45:24 +00:00
Earl Warren
1ddf44edd6 Merge pull request '[BUG] Render references to cross-repo issues with external issues' (#4860) from gusted/forgejo-ref-on-external into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4860
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-07 05:42:36 +00:00
Gusted
05e163aaf3
[BUG] Render references to cross-repo issues with external issues
- If you have the external issue setting enabled, any reference would
have been rendered as an external issue, however this shouldn't be
happening to references that refer to issues in other repositories.
- Unit test added.
2024-08-07 03:19:26 +02:00
Gusted
3bf87d157e Merge pull request 'Update dependency vue to v3.4.36 (forgejo)' (#4858) from renovate/forgejo-patch-vue-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4858
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-07 00:48:35 +00:00
Renovate Bot
6f3a88971e Update dependency vue to v3.4.36 2024-08-07 00:03:03 +00:00
Gusted
85f455964d Merge pull request 'ci: add workflow_dispatch to renovate and mirror' (#4846) from viceice/workflow-dispatch into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4846
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-06 21:39:35 +00:00