Commit graph

1098 commits

Author SHA1 Message Date
Earl Warren
1597dc078d Merge pull request '[gitea] week 2024-47 cherry pick (gitea/main -> forgejo)' (#5997) from earl-warren/wcp/2024-47 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5997
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-11-21 18:15:34 +00:00
JakobDev
45fa9e5ae9 fix: Allow Organisations to remove the Email Address (#5517)
It is possible to set a Email for a Organization. This Email is optional and only used to be displayed on the profile page. However, once you set an EMail, you can no longer remove it. This PR fixes that.

While working on the tests, I found out, that the API returns a 500 when trying to set an invalid EMail. I fixed that too. It returns a 422 now.

Fixes #4567

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5517
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-11-20 12:31:34 +00:00
JakobDev
f4c70a3c43
Fix regression from #4753 2024-11-19 19:17:46 +01:00
Earl Warren
298863c701 Merge pull request 'Don't display email in profile settings when hidden' (#6018) from 0ko/forgejo:ui-settings-email-vis into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6018
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-18 23:06:52 +00:00
JakobDev
f90928507a [FEAT]Allow changing git notes (#4753)
Git has a cool feature called git notes. It allows adding a text to a commit without changing the commit itself. Forgejo already displays git notes. With this PR you can also now change git notes.

<details>
<summary>Screenshots</summary>

![grafik](/attachments/53a9546b-c4db-4b07-92ae-eb15b209b21d)
![grafik](/attachments/1bd96f2c-6178-45d2-93d7-d19c7cbe5898)
![grafik](/attachments/9ea73623-25d1-4628-a43f-f5ecbd431788)
![grafik](/attachments/efea0c9e-43c6-4441-bb7e-948177bf9021)

</details>

## Checklist

The [developer guide](https://forgejo.org/docs/next/developer/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4753): <!--number 4753 --><!--line 0 --><!--description QWxsb3cgY2hhbmdpbmcgZ2l0IG5vdGVz-->Allow changing git notes<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4753
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: JakobDev <jakobdev@gmx.de>
Co-committed-by: JakobDev <jakobdev@gmx.de>
2024-11-18 22:56:17 +00:00
0ko
c3653e0eaa ui: don't display email in profile settings when hidden 2024-11-18 17:06:38 +05:00
6543
7751bb64cb
Calculate PublicOnly for org membership only once (#32234)
Refactoring of #32211

this move the PublicOnly() filter calcuation next to the DB querys and
let it be decided by the Doer

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 43c252dfeaf9ab03c4db3e7ac5169bc0d69901ac)

Conflicts:
	models/organization/org_test.go
	models/organization/org_user_test.go
	routers/web/org/home.go

  rather simple conflict resolution but not trivial
  tests/integration/user_count_test.go had to be adapted (simple)
  because it does not exist in Gitea and uses the modified model
2024-11-17 21:57:34 +01:00
Gusted
e31090cf4b Merge pull request 'fix: check read permissions for code owner review requests' (#5996) from gusted/forgejo-codeowners into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5996
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-17 19:13:46 +00:00
Gusted
693f7731f9
fix: check read permissions for code owner review requests
- Only send a review request based on the code owner file if the code
owner user has read permissions to the pull requests of that repository.
- This avoids leaking title of PRs from private repository when a
CODEOWNER file is present which contains users that do not have access
to the private repository.
- Found by @oliverpool.
- Integration test added.
2024-11-17 20:12:59 +01:00
Gusted
9701e5e0ff
fix: remember fuzzy for open/close state
- Remember if fuzzy was set or not for the open/close/all states.
- Use `fuzzy=false` for test, as `fuzzy=true` is the default (this is
the opposite of all the other values).
- Remove `ctx.Link` prefix for open/close states, this makes them
suspectible to the existing tests (the other filter links are also in
the format of simply having `?xx=xx&yy=yy`).
- Fix typo in test name.
2024-11-17 02:06:51 +01:00
Angel Nunez Mencias
ca0cd42d7a
simplify test based on feedback 2024-11-16 22:31:14 +01:00
Angel Nunez Mencias
01c9c19536
fmt 2024-11-16 18:12:40 +01:00
angelnu
1b9d1240eb
add test 2024-11-16 18:12:40 +01:00
Zettat123
fc26becba4
Fix broken releases when re-pushing tags (#32435)
Fix #32427

(cherry picked from commit 35bcd667b23de29a7b0d0bf1090fb10961d3aca3)

Conflicts:
	- tests/integration/repo_tag_test.go
	  Resolved by manually copying the added test, and also manually
	  adjusting the imported Go modules.
2024-11-16 15:12:25 +01:00
Gusted
4a5d9d4b78
chore: fix e2e
- Regression from #5948
- Use proper permission.
- Remove debug statement
2024-11-15 14:02:16 +01:00
Earl Warren
1e1b162cbe Merge pull request 'fix: 15 November 2024 security fixes batch' (#5974) from earl-warren/forgejo:wip-security-15-11 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5974
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-15 11:19:50 +00:00
Michael Kriese
01ab0583f5 Merge pull request 'test: fix e2e tests' (#5968) from viceice/test/e2e-fixes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5968
2024-11-15 10:16:18 +00:00
Gusted
786dfc7fb8
fix: add ID check for updating push mirror interval
- Ensure that the specified push mirror ID belongs to the requested
repository, otherwise it is possible to modify the intervals of the push
mirrors that do not belong to the requested repository.
- Integration test added.
2024-11-15 10:59:36 +01:00
Gusted
061abe6004
fix: don't show private forks in forks list
- If a repository is forked to a private or limited user/organization,
the fork should not be visible in the list of forks depending on the
doer requesting the list of forks.
- Added integration testing for web and API route.
2024-11-15 10:59:36 +01:00
Gusted
3e3ef76808
fix: require code permissions for branch feed
- The RSS and atom feed for branches exposes details about the code, it
therefore should be guarded by the requirement that the doer has access
to the code of that repository.
- Added integration testing.
2024-11-15 10:59:36 +01:00
Gusted
e6bbecb02d
fix: disallow basic authorization when security keys are enrolled
- This unifies the security behavior of enrolling security keys with
enrolling TOTP as a 2FA method. When TOTP is enrolled, you cannot use
basic authorization (user:password) to make API request on behalf of the
user, this is now also the case when you enroll security keys.
- The usage of access tokens are the only method to make API requests on
behalf of the user when a 2FA method is enrolled for the user.
- Integration test added.
2024-11-15 10:59:36 +01:00
Gusted
9508aa7713
Improve usage of HMAC output for mailer tokens
- If the incoming mail feature is enabled, tokens are being sent with
outgoing mails. These tokens contains information about what type of
action is allow with such token (such as replying to a certain issue
ID), to verify these tokens the code uses the HMAC-SHA256 construction.
- The output of the HMAC is truncated to 80 bits, because this is
recommended by RFC2104, but RFC2104 actually doesn't recommend this. It
recommends, if truncation should need to take place, it should use
max(80, hash_len/2) of the leftmost bits. For HMAC-SHA256 this works out
to 128 bits instead of the currently used 80 bits.
- Update to token version 2 and disallow any usage of token version 1,
token version 2 are generated with 128 bits of HMAC output.
- Add test to verify the deprecation of token version 1 and a general
MAC check test.
2024-11-15 10:59:36 +01:00
Gusted
1ce33aa38d
fix: extend forgejo_auth_token table
- Add a `purpose` column, this allows the `forgejo_auth_token` table to
be used by other parts of Forgejo, while still enjoying the
no-compromise architecture.
- Remove the 'roll your own crypto' time limited code functions and
migrate them to the `forgejo_auth_token` table. This migration ensures
generated codes can only be used for their purpose and ensure they are
invalidated after their usage by deleting it from the database, this
also should help making auditing of the security code easier, as we're
no longer trying to stuff a lot of data into a HMAC construction.
-Helper functions are rewritten to ensure a safe-by-design approach to
these tokens.
- Add the `forgejo_auth_token` to dbconsistency doctor and add it to the
`deleteUser` function.
- TODO: Add cron job to delete expired authorization tokens.
- Unit and integration tests added.
2024-11-15 10:59:36 +01:00
Michael Kriese
296935b0d7 Merge pull request 'chore: improve preparing tests' (#5948) from gusted/improve-testz into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5948
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-15 07:35:22 +00:00
Michael Kriese
1c25bbe773
test: fix e2e tests 2024-11-15 08:29:58 +01:00
Otto
d1ad4dd561 Merge pull request 'Highlight user mention in comments and commit messages' (#5899) from 0ko/forgejo:mention-highlight into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5899
Reviewed-by: Otto <otto@codeberg.org>
2024-11-14 17:46:03 +00:00
Michael Kriese
aea3c7d6e8
test: use memory for integration and journal for migration 2024-11-14 15:38:06 +01:00
Michael Kriese
24028747d3
test: use sqlite in-memory db for integration 2024-11-14 15:38:06 +01:00
Otto Richter
1f7a648057 tests(e2e): mention highlights in commit messages 2024-11-14 14:12:23 +01:00
Otto Richter
c17b4bdaeb tests(e2e): Separate accessibility and form checks
- automatically test for light and dark themes
2024-11-14 14:08:12 +01:00
0ko
634519e891 feat(ui): highlight user mention in comments and commit messages 2024-11-14 14:08:12 +01:00
Gusted
75a8b83946
chore: improve slow tests
- Optimize generting random files.
- Reduce big file of 128MiB to 32MiB (git was never made for large files
anyways, but simply tests that it works).
- Reduce looped git operations from 100 iterations to 10.
- Add extra print statements to know what a slow test is doing, this
also helps to see if a particular piece of code in a slow test is the
culprit or if the test is just very extensive.
- Set `[ui.notification].EVENT_SOURCE_UPDATE_TIME` to 1s to speed up
`TestEventSourceManagerRun`.
- Sneaked in some general test improvements.
2024-11-14 12:41:11 +01:00
Gusted
d1520cf08d
chore: improve preparing tests
- Only prepare repositories once.
- Move the repositories to temporary directories (these should usually be stored in
memory) which are recreated for each test to avoid persistentance
between tests. Doing some dirty profiling suggests that the preparing
test functions from 140-100ms to 70-40ms
2024-11-14 10:07:52 +01:00
Otto Richter
40551de313 tests(e2e): Refactor various tests
Goals:

- speedup
- less flakiness
- best practices and more use
- documentation

config:
- sync ports in Makefile and playwright config
  (otherwise, some tests fail locally because they assert the full URL including the (wrong) port)
- even more generous timeouts
- limit workers to one again (because I finally understand how
  Playwright works)
- allow nested functions to group them together with the related test

all:

- deprecate waitForLoadState('networkidle')
  - it is discouraged as per https://playwright.dev/docs/api/class-page#page-wait-for-load-state
  - I could not find a usage that seems to require it actually (see
    added documentation in README)
  - adding an exception should be made explicitly
  - it does not do what you might expect anyway in most cases
- only log in when necessary

webauthn:

- verify that login is possible after disabling key
- otherwise, the cleanup was not necessary after the previous refactor to create a fresh user each

issue-sidebar / WIP toggle:

- split into smaller chunks
- restore original state first
- add missed assertion to fix race condition (not waiting
  before state was reached)
- explicitly toggle the state to detect mismatch earlier

issue-sidebar / labels:

- restore original state first
- better waiting for background request
2024-11-13 13:15:37 +01:00
Earl Warren
983aed4268
fix(ci): synchronize updates the commit status asynchronously
When a new commit is pushed to an existing pull request, the update of
the commit status will happen asynchronously, via the git hook.

   --- FAIL: TestPullRequestCommitStatus/synchronize (2.14s)
        actions_trigger_test.go:331:
            	Error Trace:	/workspace/forgejo/forgejo/tests/integration/actions_trigger_test.go:331
            	Error:      	Should be true
            	Test:       	TestPullRequestCommitStatus/synchronize
2024-11-12 08:13:33 +01:00
Otto
1b3497c9c4 Merge pull request 'refactor: Migrate playwright to typescript' (#5734) from anbraten/forgejo:ts-test into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5734
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-11-11 16:58:29 +00:00
Otto Richter
7db3781abf chore(e2e): Update global patterns
Guard against regressions in template classes (see https://codeberg.org/forgejo/forgejo/pulls/5892 for example)
Fix broken frontend test patterns as per https://codeberg.org/forgejo/forgejo/pulls/5734#issuecomment-2406914
2024-11-11 15:23:33 +01:00
Otto
9e929bd709 Merge branch 'forgejo' into ts-test 2024-11-11 14:23:11 +00:00
Otto
3531710dc6 Merge pull request 'fix: Proper parsing of date for git commits' (#5892) from gusted/forgejo-port-32409 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5892
Reviewed-by: Otto <otto@codeberg.org>
2024-11-11 14:22:32 +00:00
Renovate Bot
7f31d892ac Update module github.com/golangci/golangci-lint/cmd/golangci-lint to v1.62.0 (forgejo) (#5911)
Co-authored-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
Co-committed-by: Renovate Bot <forgejo-renovate-action@forgejo.org>
2024-11-11 13:02:01 +00:00
Michael Kriese
c33cbae7cc
test: fix test linting
See forgejo/forgejo#5911
2024-11-11 12:44:36 +01:00
Otto Richter
c92b4b12c8 fix: Re-add least recently updated as sort order
Regression from https://codeberg.org/forgejo/forgejo/pulls/5819
Integration test added (my first! 🎉)
2024-11-11 01:37:20 +01:00
Gusted
b1481b8e54 Merge pull request 'chore: improve database docker instructions' (#5906) from gusted/forgejo-db-docker into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5906
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-11-10 22:03:55 +00:00
Gusted
74048f772e
fix: Add created_unix and updated_unix to repo1 fixture 2024-11-10 22:24:12 +01:00
Gusted
582ab21bc3
chore: improve test quality
- Merge tests together.
- Remove unecessary usage of `onGiteaRun`.
- Make proper use of `unittest`.
- Make proper use of `test.MockVariable`.
- I have not checked all of the testing files yet.
2024-11-10 20:34:14 +01:00
Gusted
f352d6db81
chore: improve database docker instructions
- Do not require minio for mariadb docker.
- Do not require elasticsearch for mysql.
- Fix postgress password parameter.
- Add the multistatement query for mysql (this is not optimal but adding
Makefile code doesn't seem to work really well either)
2024-11-10 19:41:04 +01:00
Gusted
59926daf7f Merge pull request '[PORT] Fix code owners will not be mentioned when a pull request comes from a forked repository (gitea#30476)' (#5850) from gusted/forgejo-fix-cond-codeowners into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5850
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-11-09 18:41:50 +00:00
Gusted
536e1923b4
chore: add extra integration test 2024-11-09 19:13:08 +01:00
Lunny Xiao
2efc1f5686
[PORT] Fix code owners will not be mentioned when a pull request comes from a forked repository (gitea#30476)
Fix #30277
Caused by #29783

---

- Resolves #5842
- Regression from #2855

(cherry picked from commit c63060b130d34e3f03f28f4dccbf04d381a95c17)
2024-11-09 00:46:48 +01:00
Earl Warren
2541a943ce
bug: require.Eventually must not test with assert
Otherwise it fails the test instead of retrying if the condition fails
at least once.
2024-11-09 00:07:18 +01:00