Commit graph

21105 commits

Author SHA1 Message Date
Gusted
6102f48c7d Merge pull request '[CHORE] Fix swagger deprecation message' (#4916) from gusted/swagger-deprecated into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4916
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 12:50:40 +00:00
Earl Warren
3b82a634c5 Merge pull request 'feat(i18n): make the test string more fun :D' (#4904) from n0toose/i18n-fun-test-string into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4904
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 06:03:51 +00:00
Earl Warren
f8728ad881 Merge pull request '[BUG] Return blocking errors as JSON errors' (#4914) from gusted/forgejo-block-json into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4914
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-10 05:52:27 +00:00
Earl Warren
40e51e4ca7 Merge pull request 'fix(ui): allow unreacting from comment popover' (#4798) from solomonv/forgejo:issue-reaction-fixes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4798
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-10 05:45:55 +00:00
Gusted
851d567776
[CHORE] Fix swagger deprecation message
- Fix "WARNING: item list for enum is not a valid JSON array, using the
old deprecated format" messages from
https://github.com/go-swagger/go-swagger in the CI.
2024-08-10 01:21:13 +02:00
Gusted
784173f7e9 Merge pull request 'Update dependency @stylistic/eslint-plugin-js to v2 (forgejo)' (#4910) from renovate/forgejo-major-eslint-stylistic-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4910
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 23:17:38 +00:00
Renovate Bot
ca00643416 Update dependency @stylistic/eslint-plugin-js to v2 2024-08-09 22:03:02 +00:00
Gusted
6ba4fb5cf6 Merge pull request 'Update vitest monorepo to v2 (forgejo) (major)' (#4913) from renovate/forgejo-major-vitest-monorepo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4913
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:38:56 +00:00
Gusted
9cc2fdffde Merge pull request 'Update dependency minimatch to v10 (forgejo)' (#4912) from renovate/forgejo-minimatch-10.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4912
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:20:27 +00:00
Gusted
967153ba45 Merge pull request 'Update dependency @stylistic/stylelint-plugin to v3 (forgejo)' (#4911) from renovate/forgejo-stylistic-stylelint-plugin-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4911
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:19:46 +00:00
Gusted
437b84a5f9 Merge pull request 'Update module github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker to v3 (forgejo)' (#4909) from renovate/forgejo-github.com-editorconfig-checker-editorconfig-checker-v2-cmd-editorconfig-checker-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4909
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-09 20:19:32 +00:00
Panagiotis "Ivory" Vasilopoulos
57a2b99b3c feat(i18n): make the test string more fun :D 2024-08-09 21:51:07 +02:00
Renovate Bot
8039240c26
Update module github.com/editorconfig-checker/editorconfig-checker/v2/cmd/editorconfig-checker to v3 2024-08-09 21:03:37 +02:00
Gusted
d97cf0e854
[BUG] Return blocking errors as JSON errors
- These endspoints are since b71cb7acdc
JSON-based and should therefore return JSON errors.
- Integration tests adjusted.
2024-08-09 20:34:38 +02:00
Renovate Bot
f70d50a8dc Update vitest monorepo to v2 2024-08-09 18:13:31 +00:00
Renovate Bot
ade201095a Update dependency minimatch to v10 2024-08-09 18:13:13 +00:00
Renovate Bot
c541431773 Update dependency @stylistic/stylelint-plugin to v3 2024-08-09 18:12:59 +00:00
Gusted
0f7a98d34d Merge pull request '[CHORE] Fix darwin compatibility' (#4906) from gusted/forgejo-os-compile into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4906
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
2024-08-09 17:33:47 +00:00
Solomon Victorino
b8a5ca2c40 fix(ui): allow unreacting from comment popover
- fix selectors for hasReacted
- don't send empty HTML on reaction errors
- add E2E test
2024-08-09 10:17:04 -06:00
forgejo-renovate-action
91115b39a9 Merge pull request 'Update x/tools to v0.24.0 (forgejo)' (#4895) from renovate/forgejo-xtools into forgejo 2024-08-09 15:53:49 +00:00
Gusted
ac8856ac2b
[CHORE] Fix darwin compatibility
- Always convert (syscall.Stat_t).Dev to uint64.
- Resolves #4905
2024-08-09 17:44:41 +02:00
Gusted
d5ba61a104 Merge pull request '[UI] Fix inconsitencies in link/login account page' (#4902) from gusted/forgejo-ui-linking into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4902
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
2024-08-09 15:03:29 +00:00
Earl Warren
a486c684f9
Update x/tools to v0.24.0 (licenses updates) 2024-08-09 16:35:50 +02:00
Marcell Mars
d6647f710f tests additional grant scopes
- parsing scopes in `grantAdditionalScopes`
- read basic user info if `read:user`
- fail reading repository info if only `read:user`
- read repository info if `read:repository`
- if `setting.OAuth2.EnabledAdditionalGrantScopes` not provided it reads
  all groups (public+private)
- if `setting.OAuth2.EnabledAdditionalGrantScopes` provided it reads
  only public groups
- if `setting.OAuth2.EnabledAdditionalGrantScopes` and `read:organization`
 provided it reads all groups
2024-08-09 14:58:15 +02:00
Marcell Mars
8524589d8c show OAuth2 requested scopes in authorization UI
- by displaying the scopes requested for authorization in the OAuth2 app,
  users can make more informed decisions when granting access
2024-08-09 14:58:15 +02:00
Marcell Mars
7dbad27156 id_token & userinfo endpoint's public groups check
- if `groups` scope provided it checks if all, r:org or r:admin are
provided to pass all the groups. otherwise only public memberships
- in InfoOAuth it captures scopes from the token if provided in the
header. the extraction from the header is maybe a candidate for the
separate function so no duplicated code
2024-08-09 14:58:15 +02:00
Marcell Mars
4eb8d8c496 OAuth2 provider: support for granular scopes
- `CheckOAuthAccessToken` returns both user ID and additional scopes
- `grantAdditionalScopes` returns AccessTokenScope ready string (grantScopes)
   compiled from requested additional scopes by the client
- `userIDFromToken` sets returned grantScopes (if any) instead of default `all`
2024-08-09 14:58:15 +02:00
Renovate Bot
99d78fb9e7 Update x/tools to v0.24.0 2024-08-09 10:25:53 +00:00
forgejo-renovate-action
3301e7dc75 Merge pull request 'Update dependency vue to v3.4.37 (forgejo)' (#4893) from renovate/forgejo-patch-vue-monorepo into forgejo 2024-08-09 09:22:36 +00:00
Gusted
75b3645bc3
[UI] Fix inconsitencies in link/login account page
- Add the 'correct' styling for column on the link account page, this
follows what was done for the login/register page in 629ca22a97.
- Move some if conditions to be outside of the container which allocates
space on the page, this ensures it's not being shown if it's not needed.
- Resolves #4844
2024-08-09 10:52:17 +02:00
Renovate Bot
000f3562c2 Update dependency vue to v3.4.37 2024-08-09 08:07:03 +00:00
Ivan Shapovalov
012a1e0497 log: journald integration (#2869)
Provide a bit more journald integration. Specifically:

- support emission of printk-style log level prefixes, documented in [`sd-daemon`(3)](https://man7.org/linux/man-pages/man3/sd-daemon.3.html#DESCRIPTION), that allow journald to automatically annotate stderr log lines with their level;
- add a new "journaldflags" item that is supposed to be used in place of "stdflags" when under journald to reduce log clutter (i. e. strip date/time info to avoid duplication, and use log level prefixes instead of textual log levels);
- detect whether stderr and/or stdout are attached to journald by parsing `$JOURNAL_STREAM` environment variable and adjust console logger defaults accordingly.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/2869): <!--number 2869 --><!--line 0 --><!--description bG9nOiBqb3VybmFsZCBpbnRlZ3JhdGlvbg==-->log: journald integration<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2869
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Ivan Shapovalov <intelfx@intelfx.name>
Co-committed-by: Ivan Shapovalov <intelfx@intelfx.name>
2024-08-09 07:49:13 +00:00
Earl Warren
a72763f5a3 Merge pull request 'docs: add links to the v7.0.7 & v8.0.1 release notes' (#4899) from earl-warren/forgejo:wip-release-notes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4899
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-09 07:34:40 +00:00
Earl Warren
ae85e285db Merge pull request 'disallow javascript: URI in the repository description' (#4896) from earl-warren/forgejo:wip-xss-repo-description into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4896
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-09 05:56:49 +00:00
Earl Warren
b87b38d3b9
docs: add links to the v7.0.7 & v8.0.1 release notes
They are now published in the milestone in part manually edited and in
part generated by the release notes assistant. Maintaining a single
file with all the release notes is prone to conflicts and requires
manual copy/pasting that is of little value.

It may make sense to transition to a release notes directory in which
the release notes assistant could create one file per release, with a
copy of the release notes edited in the milestone. This could be more
conveniently backported and would not require human intervention.
2024-08-09 07:26:50 +02:00
Gusted
bb448f3dc2
disallow javascript: URI in the repository description
- Fixes an XSS that was introduced in
https://codeberg.org/forgejo/forgejo/pulls/1433
- This XSS allows for `href`s in anchor elements to be set to a
`javascript:` uri in the repository description, which would upon
clicking (and not upon loading) the anchor element execute the specified
javascript in that uri.
- [`AllowStandardURLs`](https://pkg.go.dev/github.com/microcosm-cc/bluemonday#Policy.AllowStandardURLs) is now called for the repository description
policy, which ensures that URIs in anchor elements are `mailto:`,
`http://` or `https://` and thereby disallowing the `javascript:` URI.
It also now allows non-relative links and sets `rel="nofollow"` on
anchor elements.
- Unit test added.
2024-08-09 07:04:01 +02:00
Earl Warren
d7cb2ab3b2 Merge pull request 'feat(performance): remove BranchName in /:owner/:repo/commit/:commit' (#4891) from emilylange/feat-performance-remove-branchname into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4891
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-08 21:24:51 +00:00
emilylange
c1f85ce27b
feat(performance): remove BranchName in /:owner/:repo/commit/:commit
`BranchName` provides the nearest branch of the requested `:commit`.

It's plenty fast on smaller repositories.
On larger repositories like nixpkgs, however, this can easily take 2-3
seconds on a modern machine on a NVMe.

For context, at the time of writing, nixpkgs has over 650k commits and
roughly 250 branches.

`BranchName` is used once in the whole view:
The cherry-pick target branch default selection.

And I believe that's a logic error, which is why this patch is so small.

The nearest branch of a given commit will always be a branch the commit
is already part of. The branch you most likely *don't* want to
cherry-pick to.

Sure, one can technically cherry-pick a commit onto the same branch, but
that simply results in an empty commit.

I don't believe this is intended and even less so worth the compute.

Instead, the cherry-pick branch selection suggestion now always uses
the default branch, which used to be the fallback.

If a user wants to know which branches contain the given commit,
`load-branches-and-tags` exists and should be used instead.

Also, to add insult to injury, `BranchName` was calculated for both
logged-in and not logged-in users, despite its only consumer, the
cherry-pick operation, only being rendered when a given user has
write/commit permissions.

But this isn't particularly surprising, given this happens a lot in
Forgejo's codebase.
2024-08-08 22:29:42 +02:00
Earl Warren
7ac390bcb4 Merge pull request 'chore(ci): optimize end-to-end runs [skip ci]' (#4888) from wip-ci-end-to-end into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4888
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-08 20:24:10 +00:00
Yaroslav Halchenko
5ae2dbcb14 Adjust codespell config + make it fix few typos which sneaked in since addition of codespell support (#4857)
Now that my colleague just posted a wonderful blog post https://blog.datalad.org/posts/forgejo-runner-podman-deployment/ on forgejo runner, some time I will try to add that damn codespell action to work on CI here ;)  meanwhile some typos managed to sneak in and this PR should address them (one change might be functional in a test -- not sure if would cause a fail or not)

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4857
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Yaroslav Halchenko <debian@onerussian.com>
Co-committed-by: Yaroslav Halchenko <debian@onerussian.com>
2024-08-08 16:07:35 +00:00
Earl Warren
1f8e6b6e31
chore(ci): optimize end-to-end runs
* specify the version targeted by the pull request. The end-to-end
  tests previously compiled all known branches which was a waste. The
  pull request now must specify which version it is targeting so that
  only this version is recompiled and used for testing.
* when building the daily releases, use the release from the
  integration organization to ensure the tests are run against the
  latest build. Clarify in a comment why the lookup order of
  organizations is reversed in this particular case.

Refs: https://code.forgejo.org/forgejo/end-to-end/pulls/239
2024-08-08 17:53:12 +02:00
0ko
06d25815d3 Merge pull request 'chore(renovate): add labels and reviewer to renovate updates' (#4883) from viceice/chore/renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4883
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-08 11:34:59 +00:00
Michael Kriese
62b6e48a9e
chore(renovate): add labels and reviewer to renovate updates 2024-08-08 11:42:32 +02:00
forgejo-renovate-action
8b79c5d7b6 Merge pull request 'Update renovate to v38.21.3 (forgejo)' (#4880) from renovate/forgejo-renovate into forgejo 2024-08-08 09:31:37 +00:00
Renovate Bot
52666d4a8a Update renovate to v38.21.3 2024-08-08 08:05:32 +00:00
Earl Warren
7cfa3305bf Merge pull request 'Update dependency tailwindcss to v3.4.8 (forgejo)' (#4873) from renovate/forgejo-tailwindcss-3.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4873
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
2024-08-08 07:29:03 +00:00
Exploding Dragon
1bc986423d fix: rpm sign resource leak (#4878)
Fixed the resource leak  in #4780.

Related:  [go-gitea/gitea#31794](https://github.com/go-gitea/gitea/pull/31794)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4878
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-08 07:28:09 +00:00
Codeberg Translate
abc3364a7b i18n: update of translations from Weblate (#4783)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Localization
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4783): <!--number 4783 --><!--line 0 --><!--description aTE4bjogdXBkYXRlIG9mIHRyYW5zbGF0aW9ucyBmcm9tIFdlYmxhdGU=-->i18n: update of translations from Weblate<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: natalie_drowned02 <k_letovskiy02@protonmail.com>
Co-authored-by: leana8959 <leana8959@users.noreply.translate.codeberg.org>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: hugoalh <hugoalh@users.noreply.translate.codeberg.org>
Co-authored-by: hankskyjames777 <hankskyjames777@users.noreply.translate.codeberg.org>
Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: pswsm <pswsm@users.noreply.translate.codeberg.org>
Co-authored-by: dragon <dragon@users.noreply.translate.codeberg.org>
Co-authored-by: Zughy <Zughy@users.noreply.translate.codeberg.org>
Co-authored-by: Outbreak2096 <Outbreak2096@users.noreply.translate.codeberg.org>
Co-authored-by: Marco Ciampa <ciampix@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4783
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-08-08 07:16:13 +00:00
Earl Warren
d9c87cf498 Merge pull request 'Update module golang.org/x/crypto to v0.26.0 (forgejo)' (#4874) from renovate/forgejo-golang.org-x-crypto-0.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4874
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-08 07:02:20 +00:00
Shivaram Lingamneni
878c236f49 cherry-pick OIDC changes from gitea (#4724)
These are the three conflicted changes from #4716:

* https://github.com/go-gitea/gitea/pull/31632
* https://github.com/go-gitea/gitea/pull/31688
* https://github.com/go-gitea/gitea/pull/31706

cc @earl-warren; as per discussion on https://github.com/go-gitea/gitea/pull/31632 this involves a small compatibility break (OIDC introspection requests now require a valid client ID and secret, instead of a valid OIDC token)

## Checklist

The [developer guide](https://forgejo.org/docs/next/developer/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Draft release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Breaking features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/4724): <!--number 4724 --><!--line 0 --><!--description T0lEQyBpbnRlZ3JhdGlvbnMgdGhhdCBQT1NUIHRvIGAvbG9naW4vb2F1dGgvaW50cm9zcGVjdGAgd2l0aG91dCBzZW5kaW5nIEhUVFAgYmFzaWMgYXV0aGVudGljYXRpb24gd2lsbCBub3cgZmFpbCB3aXRoIGEgNDAxIEhUVFAgVW5hdXRob3JpemVkIGVycm9yLiBUbyBmaXggdGhlIGVycm9yLCB0aGUgY2xpZW50IG11c3QgYmVnaW4gc2VuZGluZyBIVFRQIGJhc2ljIGF1dGhlbnRpY2F0aW9uIHdpdGggYSB2YWxpZCBjbGllbnQgSUQgYW5kIHNlY3JldC4gVGhpcyBlbmRwb2ludCB3YXMgcHJldmlvdXNseSBhdXRoZW50aWNhdGVkIHZpYSB0aGUgaW50cm9zcGVjdGlvbiB0b2tlbiBpdHNlbGYsIHdoaWNoIGlzIGxlc3Mgc2VjdXJlLg==-->OIDC integrations that POST to `/login/oauth/introspect` without sending HTTP basic authentication will now fail with a 401 HTTP Unauthorized error. To fix the error, the client must begin sending HTTP basic authentication with a valid client ID and secret. This endpoint was previously authenticated via the introspection token itself, which is less secure.<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4724
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
Co-committed-by: Shivaram Lingamneni <slingamn@cs.stanford.edu>
2024-08-08 06:32:14 +00:00