Commit graph

4510 commits

Author SHA1 Message Date
Giteabot
655302fc96
Fix for attribute not pointing to the ID of the color picker (#29813) (#29815)
Backport #29813 by @yardenshoham

It didn't include the word picker.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit 47dc4598a305ea1e6017803b95c7c60d0be64784)
2024-03-21 17:09:50 +01:00
Giteabot
0dcc9b8466
Fix missing translation on milestons (#29785) (#29789)
Backport #29785 by @lunny

Caused by #26569
Fix #29778

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit e03cf66e8b537430d24665b647b5af5716d182ee)
2024-03-21 09:36:50 +01:00
wxiaoguang
b68fa8ee09
Fix incorrect package link method calls in templates (#29580) (#29764)
Backport #29580
Fix #29562
Fix #29762
Follow  #29531

(cherry picked from commit bb2640c485071088dd91e47fb510c44e028624fa)
2024-03-21 09:29:05 +01:00
Gusted
c70719c59c
[BUG] Fix manual merge button
- Backport of #2696
- Add `form-fetch-action` to indicate that this form POST to an link
that returns JSON and thus should be handled by Javascript code.
- Found by @fnetx
- Regression of https://codeberg.org/forgejo/forgejo/pulls/1793

(cherry picked from commit 9551c1a6f8)
2024-03-19 19:43:58 +01:00
Earl Warren
bd71bdda26 Merge pull request '[gitea] v1.21 cherry-pick' (#2621) from earl-warren/forgejo:wip-v1.21-gitea-cherry-pick into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2621
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-03-12 23:17:05 +00:00
oliverpool
d9418651af [BUG 1.21] prevent error 500 on /user/settings/security when SignedUser has a linked account from a deactivated authentication source (#2626)
This should fix #2266.

This has apparently be fixed in `main` https://github.com/go-gitea/gitea/pull/27798 (but quite a big PR, which was not backported). I should likely push the test to the main branch as well.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2626
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-03-11 14:10:51 +00:00
Giteabot
9f7a51d3d7
Fix wrong line number in code search result (#29260) (#29623)
Backport #29260 by @yp05327

Fix #29136

Before:
The result is a table and all line numbers are all in one row.

![image](https://github.com/go-gitea/gitea/assets/18380374/7a18b354-e257-4f57-a5ca-f6d37378edf6)

![image](https://github.com/go-gitea/gitea/assets/18380374/98416e11-89b5-4b4f-920b-91bcf041a87f)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/f189e436-9046-4431-926a-cd0deb58e8f1)

![image](https://github.com/go-gitea/gitea/assets/18380374/07d213ed-2401-4b7f-b951-5df7dc776af4)

~~Updated:~~
~~added `active` class to the target line.~~

![image](https://github.com/go-gitea/gitea/assets/18380374/0b274e48-048a-4c66-ba95-df515212ec08)

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 9db426ad8c7122633fa3e31a427fd1e65ddad334)
2024-03-10 18:45:59 +07:00
wxiaoguang
ecc0107809
Only use supported sort order for "explore/users" page (#29430) (#29443)
Backport #29430

Thanks to inferenceus : some sort orders on the "explore/users" page
could list users by their lastlogintime/updatetime.

It leaks user's activity unintentionally. This PR makes that page only
use "supported" sort orders.

Removing the "sort orders" could also be a good solution, while IMO at
the moment keeping the "create time" and "name" orders is also fine, in
case some users would like to find a target user in the search result,
the "sort order" might help.

(cherry picked from commit 2b059f493e46b8b0fb52492623e36a8375cb5fbb)
2024-03-10 18:45:59 +07:00
Giteabot
446d7bd7a7
Fix incorrect redirection when creating a PR fails (#29537) (#29543)
Backport #29537 by wxiaoguang

This is only a quick fix to make it easier to backport.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 971eab18fa0b29312105df739fba443cf9e84d50)
2024-03-10 18:45:59 +07:00
Giteabot
22419d9f8d
Fix incorrect subpath in links (#29535) (#29541)
Backport #29535 by wxiaoguang

* `$referenceUrl`: it is constructed by "Issue.Link", which already has
the "AppSubURL"
* `window.location.href`: AppSubURL could be empty string, so it needs
the trailing slash

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 401cc394d52c6126d3cbca1e1367c4e4da5110f9)
2024-03-10 18:45:59 +07:00
Giteabot
0b287c4d4c
Fix URL calculation in clone input box (#29470) (#29473)
Backport #29470 by @silverwind

Ported the function as-is and added comments so we don't forget about
this in the future.

Fixes: https://github.com/go-gitea/gitea/issues/29462

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 222f93822eb4d03f5001ef665377a115bc27ccb6)
2024-03-10 18:08:36 +07:00
Lunny Xiao
40c602df9b
Fix template bug (#27581) (#29446)
Fix #29152
Backport #27581

(cherry picked from commit dc48eb070b2e4143739b7ab22bb9e172af90106d)
2024-03-10 18:07:56 +07:00
Giteabot
91a2d3ecc4
Add missing space (#29393) (#29399)
Backport #29393 by @KN4CK3R

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 0f35cb5a2a9ad3b1d78f9547148b594adc4bdabf)
2024-03-06 12:20:42 +08:00
Giteabot
40c3a1d2ea
enforce maxlength in frontend (#29389) (#29396)
Backport #29389 by @zokkis

Set maxlength attribute in frontend

to long file-name

![image](https://github.com/go-gitea/gitea/assets/72873130/15111614-55ab-4583-acb2-15c25997601d)

![image](https://github.com/go-gitea/gitea/assets/72873130/4105ddd8-4973-4da8-b3ab-4cfae1b45554)
(same for branch-name and commit-summary)

Co-authored-by: Tim-Niclas Oelschläger <72873130+zokkis@users.noreply.github.com>
(cherry picked from commit 0b3d6c399c88e42e827f422dc4c8458f0d20c613)
2024-03-06 12:20:42 +08:00
Lunny Xiao
e4d3067138
Fix project counter in organization/individual profile (#28068) (#29361)
Fix #28052
Backport #28068
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/5f299983-4b38-4d68-ac0e-4be3c62c0558)

![image](https://github.com/go-gitea/gitea/assets/18380374/f0e12afd-483b-4882-80e9-0261beb3fe0c)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/47cccb7b-bb35-4a7d-9c5b-83133be0323a)

![image](https://github.com/go-gitea/gitea/assets/18380374/77825c0c-4bf2-4762-83a2-1a5a173cc22d)

Co-authored-by: yp05327 <576951401@qq.com>
(cherry picked from commit 5043ad54c7a0d1dc6bf5f1caf21b4646ec9344d3)
2024-03-06 12:20:42 +08:00
Gusted
9955e38fa2
[BUG] Remember topic only in repo search
- Backport of #2489
- If the user is searching repositories with an specific topic, adding
any other filter option, such as showing unrelevant repositories or
using another sort Forgejo should remember that 'topic only' was set.
- Adds integration test.
- Resolves #2461

(cherry picked from commit b4360d504c)
2024-02-27 23:37:26 +01:00
Earl Warren
031822b8fc Merge pull request '[SECURITY] Fix XSS vulnerabilities' (#2434) from earl-warren/forgejo:wip-v1.21-xss into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2434
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-02-22 15:03:20 +00:00
Gusted
fe2df46d05
[SECURITY] Fix XSS in dismissed review
- It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
- Pass `$reviewerName` trough `Escape`.
2024-02-22 15:04:36 +01:00
Gusted
d24c37e132
[SECURITY] Fix XSS in wiki last commit information
- On the wiki and revisions page, information is shown about the last
commit that modified that wiki page. This includes the time it was last
edited and by whom. That whole string is not being sanitized (passed
trough `Safe` in the templates), because the last edited bit is
formatted as an HTML element and thus shouldn't be sanitized. The
problem with this is that now `.Author.Name` is not being sanitized.
- This can be exploited, the names of authors and commiters on a Git
commit is user controlled, they can be any value and thus also include
HTML. It's not easy to actually exploit this, as you cannot use the
official git binary to do use, as they actually strip `<` and `>` from
user names (trivia: this behaviour was introduced in the initial commit
of Git). In the integration testing, go-git actually has to generate
this commit as they don't have such restrictions.
- Pass `.Author.Name` trough `Escape` in order to be sanitized.
2024-02-22 13:04:47 +01:00
jolheiser
33af169223
[SECURITY] review(kn4ck3r): more template escapes
Signed-off-by: jolheiser <john.olheiser@gmail.com>
2024-02-22 12:54:34 +01:00
Zettat123
c49dd9de9b
Do not show delete button when time tracker is disabled (#29257) (#29279)
Backport #29257
Fix #29233

The delete button of time logs won't be shown when the time tracker is
disabled.

![image](https://github.com/go-gitea/gitea/assets/15528715/5cc4e0c9-d2f9-4b8f-a2f5-fe202b94c191)

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit e940443b276fa4f30633902f025fd2adad1b22de)
2024-02-22 11:07:20 +01:00
Tim-Nicas Oelschläger
a40762d929
Convert visibility to number (#29226) (#29244)
Backport #29226

Don't throw error while creating user (Fixes #29218)

---

The backport info from Giteabot
https://github.com/go-gitea/gitea/pull/29226#issuecomment-1951341322
needs to specify the version, because the default is v1.18

(cherry picked from commit 39735c43a8b6f7db3b3e3531ca9115a60335d524)
2024-02-20 09:36:28 +01:00
Gusted
53460829f7
[GITEA] Fix cancelled migration deletion modal
- Backport of #1805
- https://codeberg.org/forgejo/forgejo/pulls/1473 made that dangerous
actions such as deletion also would need to type in the owner's name.
This was apparently not reflected to the deletion modal for migrations
that failed or were cancelled.
- Resolves #2404

(cherry picked from commit c38dbd6f88)
2024-02-19 21:00:26 +01:00
oliverpool
07bc099401 [BUG] split code conversations in diff tab (#2306)
Follow-up of #2282 and #2296 (which tried to address #2278)

One of the issue with the previous PR is that when a conversation on the Files tab was marked as "resolved", it would fetch all the comments for that line (even the outdated ones, which should not be shown on this page - except when explicitly activated).

To properly fix this, I have changed `FetchCodeCommentsByLine` to `FetchCodeConversation`. Its role is to fetch all comments related to a given (review, path, line) and reverted my changes in the template (which were based on a misunderstanding).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2306
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-02-16 14:06:43 +01:00
Giteabot
941c47f08f
Hide code links on release page if user cannot read code (#29064) (#29066)
Backport #29064 by @wolfogre

On the release list page, if the user doesn't have the permission to
read code, the code links will lead to 404 pages or api errors:

<img width="1297" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/a74fbc63-6dd6-43c6-853c-28acdbfdcb4e">

After this PR:

<img width="1297" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/a626373d-c2df-40a9-8fed-1b12ff6bc56f">

And this PR also removed some dead code. After #23465, the tag list page
has an independent template, and all `IsTag` in the release list
template are always false.

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit 7ed79b748f772e931317f941390695be3ac0d0bd)
2024-02-13 14:17:43 +01:00
Giteabot
8c20eb668b
Wrap contained tags and branches again (#29021) (#29026)
Backport #29021 by @delvh

Fixes #29016

## After

![grafik](https://github.com/go-gitea/gitea/assets/51889757/2c72ee8f-439e-4328-85df-77772e0f4aef)

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 5ac41026f9)
2024-02-13 14:17:25 +01:00
Giteabot
565b4efe4d
Fix incorrect button CSS usages (#29015) (#29023)
Backport #29015 by @wxiaoguang

Fix 2 problems:

1. Remove the legacy (non-existing) CSS: `class="btn btn-gray
btn-radius"`
2. Remove the button styles inside the `ui message`, according to:
https://fomantic-ui.com/collections/message.html , the button shouldn't
have any border/padding.

### Before

![image](https://github.com/go-gitea/gitea/assets/2114189/4c7e98e2-4e8a-493f-9b7e-446a365066a1)

![image](https://github.com/go-gitea/gitea/assets/2114189/05221251-7a79-4c96-8973-fb4588275672)

### After

![image](https://github.com/go-gitea/gitea/assets/2114189/8bc3edbc-42a6-40bd-85fd-de40e94841d4)

![image](https://github.com/go-gitea/gitea/assets/2114189/93f69143-d835-437c-b5eb-0f6dddde97a1)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 333d02ddfd)
2024-02-13 14:17:18 +01:00
oliverpool
ad67d9ef1a [GITEA] always load outdated comments 2024-02-04 12:44:13 +01:00
Giteabot
b272224918
Preserve BOM in web editor (#28935) (#28959)
Backport #28935 by @silverwind

The `ToUTF8*` functions were stripping BOM, while BOM is actually valid
in UTF8, so the stripping must be optional depending on use case. This
does:

- Add a options struct to all `ToUTF8*` functions, that by default will
strip BOM to preserve existing behaviour
- Remove `ToUTF8` function, it was dead code
- Rename `ToUTF8WithErr` to `ToUTF8`
- Preserve BOM in Monaco Editor
- Remove a unnecessary newline in the textarea value. Browsers did
ignore it, it seems but it's better not to rely on this behaviour.

Fixes: https://github.com/go-gitea/gitea/issues/28743
Related: https://github.com/go-gitea/gitea/issues/6716 which seems to
have once introduced a mechanism that strips and re-adds the BOM, but
from what I can tell, this mechanism was removed at some point after
that PR.

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit b8e6cffd31)
2024-01-31 14:18:26 +01:00
Jimmy Praet
1c3c6aea47
Don't reload timeline page when (un)resolving or replying conversation (#28654) (#28917)
Backport #28654
Fixes #15981

(cherry picked from commit 9210ce4045)
2024-01-31 14:18:26 +01:00
Giteabot
766305f47c
Render code block in activity tab (#28816) (#28818)
Backport #28816 by @JakobDev

This is a little bugfix. Inline code is usually rendered in issue
titles, but it is missing in the activity tab.

Before:
![Screenshot 2024-01-16 at 14-20-51
Test](https://github.com/go-gitea/gitea/assets/15185051/383370f3-0fb2-49de-81cc-014e5cf86727)
After:

![grafik](https://github.com/go-gitea/gitea/assets/15185051/83eaf973-ce9a-44ce-beea-2db49fc8bd73)

Co-authored-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit d590607106)
2024-01-31 13:35:54 +01:00
KN4CK3R
875b398e5e
Rework markup link rendering (#26745) (#28803)
Backport #26745
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary>

https://try.gitea.io/KN4CK3R

![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>

(cherry picked from commit 022552d5b6)
2024-01-16 14:41:11 +00:00
Giteabot
5124be72aa
Forbid removing the last admin user (#28337) (#28793)
Backport #28337 by @yp05327

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 376fa0d8c4)
2024-01-16 14:41:11 +00:00
Giteabot
1069987293
Fix button size in "attached header right" (#28770) (#28774)
Backport #28770 by wxiaoguang

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 2a0fbe23b8)
2024-01-16 14:39:23 +00:00
Giteabot
703ed272cc
Hide code related setting options in repository when code unit is disabled (#28631) (#28749)
Backport #28631 by @lunny

Since #20805, code can be hidden.
However, the related settings are still shown even though they don't
have any meaning then.

https://github.com/go-gitea/gitea/assets/81045/5fdee54d-ac81-418a-82f7-eadff048cedd

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 5e9fd0ab5e)
2024-01-16 14:39:23 +00:00
Giteabot
fab93c6393
Add download attribute to release attachments (#28739) (#28740)
Backport #28739 by @JakobDev

Fixes #28736

Co-authored-by: JakobDev <jakobdev@gmx.de>
(cherry picked from commit 12f418a7e8)
2024-01-16 14:39:23 +00:00
wxiaoguang
d537b63521
Make template DateTime show proper tooltip (#28677) (#28683)
Backport #28677

(cherry picked from commit 83457805bb)
2024-01-16 14:16:55 +00:00
Giteabot
29a0e7738c
Fix wrong due date rendering in issue list page (#28588) (#28591)
Backport #28588 by @yardenshoham

It included the hours, minutes, and seconds. By removing these, the date
renders correctly.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit 564068aa99)
2024-01-16 14:07:46 +00:00
Earl Warren
b856b108e9
Revert "[GITEA] Make reference URL absolute"
This reverts commit a8ce03660f.
2024-01-16 13:42:39 +00:00
Gusted
316b633e62 Merge pull request '[GITEA] Make reference URL absolute' (#2104) from gusted/forgejo-bp-2100 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2104
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-06 19:49:11 +00:00
Gusted
a8ce03660f
[GITEA] Make reference URL absolute
- Backport of #2100
- Make the reference URL in the "Reference in New issue" feature
absolute again as it wouldn't render as a link otherwise.
- Adds integration test.
- Regression by 769be877f2
- Resolves #2012

(cherry picked from commit c74bae2897)
2024-01-06 20:16:52 +01:00
Gusted
b473a44a2b
[GITEA] Check for Commit in opengraph
- Backport of #2094
- It's possible that `PageIsDiff` is set but not `Commit` resulting in a
NPE in the template. This can happen when the requested commit doesn't exist.
- Regression of c802c46a9b &
5743d7cb5b
- Added 'hacky' integration test.

(cherry picked from commit 8db2d5e4a7)
2024-01-05 14:26:20 +01:00
Aravinth Manivannan
ac889d4290 [GITEA] notifies admins on new user registration (squash) fix URL
## Changes:

1. Use absolute URL in the admin panel link sent on new registrations
2. Include absolute URL of the newly signed-up user's profile.

New email looks like this:

<details><summary>Please click to expand</summary>

```
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

User Information: @realaravinth ( http://localhost:3000/realaravinth )
----------------------------------------------------------------------

* Created: 2023-12-13 19:36:50 +05:30

Please click here ( http://localhost:3000/admin/users/9 ) to manage the use=
r from the admin panel.
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
	<title>New user realaravinth just signed up</title>

	<style>
		blockquote { padding-left: 1em; margin: 1em 0; border-left: 1px solid gre=
y; color: #777}
		.footer { font-size:small; color:#666;}
	</style>

</head>

<body>
	<ul>
		<h3>User Information: <a href=3D"http://localhost:3000/realaravinth">@rea=
laravinth</a></h3>
		<li>Created: <relative-time format=3D"datetime" weekday=3D"" year=3D"nume=
ric" month=3D"short" day=3D"numeric" hour=3D"numeric" minute=3D"numeric" se=
cond=3D"numeric" datetime=3D"2023-12-13T19:36:50+05:30">2023-12-13 19:36:50=
 +05:30</relative-time></li>
	</ul>
	<p> Please <a href=3D"http://localhost:3000/admin/users/9" rel=3D"nofollow=
">click here</a> to manage the user from the admin panel. </p>
</body>
</html>

--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770--
```

</details>

fixes: https://codeberg.org/forgejo/forgejo/issues/1927
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1940
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit b8d764e36a)
2023-12-24 14:41:12 +00:00
Giteabot
90a650d2b0
Fix 500 error of searching commits (#28576) (#28579)
Backport #28576 by wxiaoguang

Regression of #28454 . Now the string is escaped HTML, so it doesn't
need `| Safe`.

Fix #28575

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit acc8100d47)
2023-12-22 12:10:04 +01:00
Giteabot
9693f08812
Fix duplicate ID when deleting repo (#28520) (#28528)
Backport #28520 by @framitdavid

There is an accessibility issue in the interface when attempting to
delete a repository. When I click on "Delete repository," a dialog box
appears, requiring confirmation to proceed with the repository deletion.
However, when I press the "Repo name" label, the wrong input field gains
focus. The focused field is located behind the dialog and is intended
for renaming the repository.

I am submitting these pull requests to ensure that the correct input
field is focused when the user clicks on the label. This change will
also facilitate the writing of tests using Playwright or Testing Library
to retrieve elements based on roles. This PR will also improve
acessibility of this area.

Co-authored-by: David Øvrelid <46874830+framitdavid@users.noreply.github.com>
(cherry picked from commit 932e282e15)
2023-12-22 12:10:03 +01:00
Giteabot
5d1d66ac3a
chore(api): support ignore password if login source type is LDAP for creating user API (#28491) (#28525)
Backport #28491 by @appleboy

- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
Co-authored-by: Bo-Yi Wu <appleboy.tw@gmail.com>
(cherry picked from commit 411310d698)
2023-12-22 12:10:03 +01:00
Giteabot
2878d07926
Improve the prompt for "ssh-keygen sign" (#28509) (#28510)
Backport #28509 by wxiaoguang

Close #28505

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit 4462628a26)
2023-12-22 12:07:12 +01:00
wxiaoguang
cd5a0ec1c8
Add option to disable ambiguous unicode characters detection (#28454) (#28499)
Backport #28454 (the only conflict is caused by some comments)

* Close #24483
* Close #28123
* Close #23682
* Close #23149

(cherry picked from commit a3f403f438)

Conflicts:
	modules/setting/ui.go
	trivial context conflict
2023-12-22 12:07:01 +01:00
Earl Warren
c477780163
Revert "Deprecate query string auth tokens (#28390) (#28430)"
It shows warnings although the setting is not set, this will surely be
fixed later but there is no sense in spaming the users right now. This
revert can be discarded when another fix lands in v1.21.

su -c "forgejo admin user generate-access-token -u root --raw --scopes 'all,sudo'" git
2023/12/12 15:54:45 .../setting/security.go:166:loadSecurityFrom() [W] Enabling Query API Auth tokens is not recommended. DISABLE_QUERY_AUTH_TOKEN will default to true in gitea 1.23 and will be removed in gitea 1.24.

This reverts commit 0e3a5abb69.

Conflicts:
	routers/api/v1/api.go
2023-12-12 17:04:38 +01:00
Giteabot
0e3a5abb69
Deprecate query string auth tokens (#28390) (#28430)
Backport #28390 by @jackHay22

## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example:
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

Co-authored-by: Jack Hay <jack@allspice.io>
Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit f144521aea)
2023-12-12 15:21:33 +01:00