Commit graph

322 commits

Author SHA1 Message Date
Giteabot
70c7ee5475
Modernize merge button (#28140) (#28786)
Backport #28140 by @earl-warren

- Make use of the `form-fetch-action` for the merge button, which will
automatically prevent the action from happening multiple times and show
a nice loading indicator as user feedback while the merge request is
being processed by the server.
- Adjust the merge PR code to JSON response as this is required for the
`form-fetch-action` functionality.
- Resolves https://codeberg.org/forgejo/forgejo/issues/774
- Likely resolves the cause of
https://codeberg.org/forgejo/forgejo/issues/1688#issuecomment-1313044

(cherry picked from commit 4ec64c19507caefff7ddaad722b1b5792b97cc5a)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
(cherry picked from commit fbf29f29b5)
2024-01-16 14:40:18 +00:00
Jack Hay
0841fb63a1
Require token for GET subscription endpoint (#28765) (#28778)
Backport #28765 for 1.21

(cherry picked from commit 56e722f825)
2024-01-16 14:39:40 +00:00
Giteabot
01285dc47c
Fix incorrect URL for "Reference in New Issue" (#28716) (#28723)
Backport #28716 by wxiaoguang

Gitea prefers to use relative URLs in code (to make multiple domain work
for some users)

So it needs to use `toAbsoluteUrl` to generate a full URL when click
"Reference in New Issues"

And add some comments in the test code

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit def178ce32)

Conflicts:
	tests/integration/issue_test.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:37:07 +00:00
Giteabot
0a157ed950
Upgrade xorm to new version which supported update join for all supported databases (#28590) (#28668)
Backport #28590 by @lunny

Fix https://github.com/go-gitea/gitea/pull/28547#issuecomment-1867740842

Since https://gitea.com/xorm/xorm/pulls/2383 merged, xorm now supports
UPDATE JOIN.
To keep consistent from different databases, xorm use
`engine.Join().Update`, but the actural generated SQL are different
between different databases.

For MySQL, it's `UPDATE talbe1 JOIN table2 ON join_conditions SET xxx
Where xxx`.

For MSSQL, it's `UPDATE table1 SET xxx FROM TABLE1, TABLE2 WHERE
join_conditions`.

For SQLITE per https://www.sqlite.org/lang_update.html, sqlite support
`UPDATE table1 SET xxx FROM table2 WHERE join conditions` from
3.33.0(2020-8-14).

POSTGRES is the same as SQLITE.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit 18da3f8483)
2024-01-16 14:16:55 +00:00
Gusted
fe3b294f7b
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
(cherry picked from commit 8d2dab94a6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/issues/2158
2024-01-16 14:14:46 +00:00
Earl Warren
d694579bdf
Revert "[GITEA] rework long-term authentication"
This reverts commit 8d2dab94a6.
2024-01-16 14:11:28 +00:00
Gusted
120294c44e
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit 91191aaaed)
(cherry picked from commit 72be417f84)
(cherry picked from commit 98497c84da)
(cherry picked from commit fba042adb5)
(cherry picked from commit dd2414f226)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/issues/2016
2024-01-16 14:09:55 +00:00
wxiaoguang
265cd70bdb
Refactor CORS handler (#28587) (#28611)
Backport #28587, the only conflict is the test file.

The CORS code has been unmaintained for long time, and the behavior is
not correct.

This PR tries to improve it. The key point is written as comment in
code. And add more tests.

Fix #28515
Fix #27642
Fix #17098

(cherry picked from commit 7a2786ca6c)
2024-01-16 14:08:38 +00:00
Earl Warren
0b872a403d
Revert "[GITEA] Use maintained gziphandler"
This reverts commit dd2414f226.
2024-01-16 14:08:31 +00:00
Earl Warren
b856b108e9
Revert "[GITEA] Make reference URL absolute"
This reverts commit a8ce03660f.
2024-01-16 13:42:39 +00:00
Gergely Nagy
49efd192e9
tests: More testing in TestDatabaseMissingABranch
In the `TestDatabaseMissingABranch` testcase, make sure that the
branches are in sync between the db and git before deleting a branch via
git, then compare the branch count from the web UI, making sure that it
returns an out-of-sync value first, and the correct one after another
sync.

This is currently tested by scraping the UI, and relies on the fact that
the branch counter is out of date before syncing. If that issue gets
resolved, we'll have to adjust the test to verify the sync another way.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:24 +01:00
Gergely Nagy
754f97b1e2
tests: Add a testcase for missing branches
This tests the scenario reported in Codeberg/Community#1408: a branch
that is recorded in the database, but missing on disk was causing
internal server errors. With recent changes, that is no longer the case,
the error is logged and then ignored.

This test case tests this behaviour, that the repo's branches page on
the web UI functions even if the git branch is missing.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-01-15 00:15:22 +01:00
Gusted
ab1ccc55dc
[GITEA] Fix panic in canSoftDeleteContentHistory
- Backport of #2134
- It's possible that `canSoftDeleteContentHistory` is called without
`ctx.Doer` being set, such as an anonymous user requesting the
`/content-history/detail` endpoint.
- Add a simple condition to always set to `canSoftDelete` to false if an
anonymous user is requesting this, this avoids a panic in the code that
assumes `ctx.Doer` is set.
- Added integration testing.

(cherry picked from commit 0b5db0dcc6)
2024-01-13 22:05:35 +01:00
Gusted
316b633e62 Merge pull request '[GITEA] Make reference URL absolute' (#2104) from gusted/forgejo-bp-2100 into v1.21/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2104
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-01-06 19:49:11 +00:00
Gusted
a8ce03660f
[GITEA] Make reference URL absolute
- Backport of #2100
- Make the reference URL in the "Reference in New issue" feature
absolute again as it wouldn't render as a link otherwise.
- Adds integration test.
- Regression by 769be877f2
- Resolves #2012

(cherry picked from commit c74bae2897)
2024-01-06 20:16:52 +01:00
Gusted
b473a44a2b
[GITEA] Check for Commit in opengraph
- Backport of #2094
- It's possible that `PageIsDiff` is set but not `Commit` resulting in a
NPE in the template. This can happen when the requested commit doesn't exist.
- Regression of c802c46a9b &
5743d7cb5b
- Added 'hacky' integration test.

(cherry picked from commit 8db2d5e4a7)
2024-01-05 14:26:20 +01:00
Gusted
0fbf761d19
[GITEA] Handle non-existant commit in Archive request
- When a user requests a archive of a non-existant commit
`git.ErrNotExist` is returned, but was not gracefully handled resulting
in a 500 error.
- Doesn't exist in v1.22 due to it being refactored away in
cbf923e87b
- Adds integration test.
2024-01-04 23:56:33 +01:00
Gusted
cbe94214e9 [GITEA] Remove redundant syncBranchToDB
- The transaction in combination with Git push was causing deadlocks if
you had the `push_update` queue set to `immediate`. This was the root
cause of slow integration tests in CI.
- Remove the sync branch code as this is already being done in the Git
post-receive hook.
- Add tests to proof the branch models are in sync even with this code
removed.

Backport of https://codeberg.org/forgejo/forgejo/pulls/1962

(cherry picked from commit a064065cb9)
2023-12-21 11:07:41 +00:00
Lunny Xiao
3b672c9791
Do some missing checks (#28423) (#28432)
backport #28423

(cherry picked from commit 265f485295)
2023-12-12 15:21:33 +01:00
Lunny Xiao
14750f3d11
Also sync DB branches on push if necessary (#28361) (#28403)
Fix #28056
Backport #28361

This PR will check whether the repo has zero branch when pushing a
branch. If that, it means this repository hasn't been synced.

The reason caused that is after user upgrade from v1.20 -> v1.21, he
just push branches without visit the repository user interface. Because
all repositories routers will check whether a branches sync is necessary
but push has not such check.

For every repository, it has two states, synced or not synced. If there
is zero branch for a repository, then it will be assumed as non-sync
state. Otherwise, it's synced state. So if we think it's synced, we just
need to update branch/insert new branch. Otherwise do a full sync. So
that, for every push, there will be almost no extra load added. It's
high performance than yours.

For the implementation, we in fact will try to update the branch first,
if updated success with affect records > 0, then all are done. Because
that means the branch has been in the database. If no record is
affected, that means the branch does not exist in database. So there are
two possibilities. One is this is a new branch, then we just need to
insert the record. Another is the branches haven't been synced, then we
need to sync all the branches into database.

(cherry picked from commit 87db4a47c8)
2023-12-12 15:21:33 +01:00
Earl Warren
4148fb27db
[GITEA] GetScheduledMergeByPullID may involve a system user
Refs: https://codeberg.org/forgejo/forgejo/issues/1897
(cherry picked from commit ddc3c22558)
2023-12-11 18:43:03 +01:00
Giteabot
ce3a24ef5f
Add HEAD support for rpm repo files (#28309) (#28360)
Backport #28309 by @KN4CK3R

Fixes https://codeberg.org/forgejo/forgejo/issues/1810

zypper uses HEAD requests to check file existence.

https://github.com/openSUSE/libzypp/blob/HEAD/zypp/RepoManager.cc#L2549

https://github.com/openSUSE/libzypp/blob/HEAD/zypp-curl/ng/network/private/downloaderstates/basicdownloader_p.cc#L116

@ExplodingDragon fyi

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit 5105d2093c)
2023-12-08 13:41:16 +01:00
Gusted
114f18f105
[GITEA] Make pagination test more robust (squash)
- Backport #1882
- Be more specific of which element we want and also don't include the
href into the selector, so if the value changes, it will show the value
that was rendered.
- Ensure stable order of passed repository IDs.
- Resolves codeberg.org/forgejo/forgejo/issues/1880

(cherry picked from commit 79bc4cffe5)
2023-12-05 18:47:19 +01:00
Gusted
2552bb7b6e [GITEA] Only pass selected repository IDs to pagination
- Backport of https://codeberg.org/forgejo/forgejo/pulls/1848
- `ReposParam` is passed to the pagination as value for the `repos`
query. It should paginate to other pages with only the selected
repositories, which was currently not the case, but was already the case
for the links in the selectable items.
- Fix the wrong value being passed for issues/pulls lists.
- Fix the formatting of repository query value for milestones lists.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1836

(cherry picked from commit c648e5ab3a)
2023-12-01 19:59:21 +00:00
Gergely Nagy
1fea3ce659 [GITEA] new doctor check: fix-push-mirrors-without-git-remote (#1853)
Same as https://codeberg.org/forgejo/forgejo/pulls/1853, backported to v1.21/forgejo

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1864
Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-committed-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2023-12-01 13:56:03 +00:00
Antonin Delpeuch
e6fb2107f2 [GITEA] oauth2: use link_account page when email/username is missing (#1757)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1757
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
(cherry picked from commit 0f6e0f9035)
2023-11-30 15:40:12 +01:00
Loïc Dachary
ab7e649668
test GET /{owner}/{repo}/comments/{id}/attachments
(cherry picked from commit 888dda12cf9bc95f9ef85ba5a518cf40152e07ea)
(cherry picked from commit aceeca55da)
2023-11-26 14:12:06 +01:00
Loïc Dachary
e140c5c983
test POST /{username}/{reponame}/{type:issues|pulls}/move_pin
(cherry picked from commit 52f50792606a22cbf1e144e1bd480984abf6f53f)
(cherry picked from commit 65b942fa1e)
2023-11-26 14:11:46 +01:00
Loïc Dachary
68da5a9cd8
test POST /{username}/{reponame}/{tags,release}/delete
(cherry picked from commit 78dcbb62fe87abe044034d880c9e8c22b44c2c98)
(cherry picked from commit 6707c08c17)
2023-11-26 14:11:03 +01:00
Lunny Xiao
f4310d74ee
Fix comment permissions (#28213) (#28216)
backport #28213

This PR will fix some missed checks for private repositories' data on
web routes and API routes.

(cherry picked from commit bc3d8bff73)
2023-11-26 13:56:50 +01:00
Earl Warren
e672322ca8
[MODERATION] User blocking (squash) do not use shared fixture
It conflicts with a fixtured added in the commit
Fix comment permissions (#28213) (#28216)
2023-11-26 13:56:00 +01:00
Giteabot
702ef8d12f
Fix permissions for Token DELETE endpoint to match GET and POST (#27610) (#28099)
Backport #27610 by @evantobin

Fixes #27598

In #27080, the logic for the tokens endpoints were updated to allow
admins to create and view tokens in other accounts. However, the same
functionality was not added to the DELETE endpoint. This PR makes the
DELETE endpoint function the same as the other token endpoints and adds
unit tests

Co-authored-by: Evan Tobin <me@evantob.in>
(cherry picked from commit 93ede4bc83)
2023-11-22 17:12:11 +01:00
Earl Warren
8869464c1d
Merge branch 'rebase-v1.21/forgejo-branding' into wip-v1.21-forgejo 2023-11-13 16:47:18 +01:00
Earl Warren
30a15784d4
Merge branch 'rebase-v1.21/forgejo-dependency' into wip-v1.21-forgejo 2023-11-13 16:47:12 +01:00
Gusted
0944b7a92a
[GITEA] Add repo empty check for branch feed
- If you attempted to get a branch feed on a empty repository, it would
result in a panic as the code expects that the branch exists.
- `context.RepoRefByType` would normally already 404 if the branch
doesn't exist, however if a repository is empty, it would not do this
check.
- Fix bug where `/atom/branch/*` would return a RSS feed.

(cherry picked from commit d27bcd98a4)
(cherry picked from commit 07916c8723)
(cherry picked from commit 2eedbe0c55)
(cherry picked from commit 3810d905c6)
2023-11-13 14:06:32 +01:00
Gusted
8d2dab94a6
[GITEA] rework long-term authentication
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit eff097448b)

[GITEA] rework long-term authentication (squash) add migration

Reminder: the migration is run via integration tests as explained
in the commit "[DB] run all Forgejo migrations in integration tests"

(cherry picked from commit 4accf7443c)
(cherry picked from commit 99d06e344ebc3b50bafb2ac4473dd95f057d1ddc)
(cherry picked from commit d8bc98a8f0)
(cherry picked from commit 6404845df9)
(cherry picked from commit 72bdd4f3b9)
(cherry picked from commit 4b01bb0ce8)
(cherry picked from commit c26ac31816)
2023-11-13 14:06:31 +01:00
Grigory Kirillov
d7268d7266
[GITEA] convert feed items' titles to plain text
Refs: https://codeberg.org/forgejo/forgejo/pulls/1595

(cherry picked from commit 35b962e631)
(cherry picked from commit 1004e35b84)
(cherry picked from commit af51dd594d)
(cherry picked from commit 7fb66b4556)
(cherry picked from commit 0c409950f1)
(cherry picked from commit edf1cb72b4)
(cherry picked from commit d1e5d9d664)
2023-11-13 14:06:31 +01:00
Gusted
dd2414f226
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit 91191aaaed)
(cherry picked from commit 72be417f84)
(cherry picked from commit 98497c84da)
(cherry picked from commit fba042adb5)
2023-11-13 14:06:31 +01:00
Gusted
7e15173c16
[GITEA] Use existing jsonschema library
- Use the 'existing' jsonschema library for the nodeinfo integration test.

(cherry picked from commit 73864840f2)
(cherry picked from commit da36df306b)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 2b4ab46d8e)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 8064130344)
(cherry picked from commit ca32f14bc2)
(cherry picked from commit 6a4abb928f)
(cherry picked from commit 0059a44ae8)
(cherry picked from commit 8dc8451fd0)
2023-11-13 14:06:31 +01:00
Gusted
0d8478cff8
[GITEA] Drop sha256-simd in favor of stdlib
- In Go 1.21 the crypto/sha256 [got a massive
improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the
SHA instructions for AMD64 CPUs, which sha256-simd already was doing.
The performance is now on par and I think it's preferable to use the
standard library rather than a package when possible.

```
cpu: AMD Ryzen 5 3600X 6-Core Processor
                │  simd.txt   │               go.txt                │
                │   sec/op    │    sec/op     vs base               │
Hash/8Bytes-12    63.25n ± 1%    73.38n ± 1%  +16.02% (p=0.002 n=6)
Hash/64Bytes-12   98.73n ± 1%   105.30n ± 1%   +6.65% (p=0.002 n=6)
Hash/1K-12        567.2n ± 1%    572.8n ± 1%   +0.99% (p=0.002 n=6)
Hash/8K-12        4.062µ ± 1%    4.062µ ± 1%        ~ (p=0.396 n=6)
Hash/1M-12        512.1µ ± 0%    510.6µ ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        2.556m ± 1%    2.564m ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       5.112m ± 0%    5.127m ± 0%        ~ (p=0.093 n=6)
geomean           13.82µ         14.27µ        +3.28%

                │   simd.txt   │               go.txt                │
                │     B/s      │     B/s       vs base               │
Hash/8Bytes-12    120.6Mi ± 1%   104.0Mi ± 1%  -13.81% (p=0.002 n=6)
Hash/64Bytes-12   618.2Mi ± 1%   579.8Mi ± 1%   -6.22% (p=0.002 n=6)
Hash/1K-12        1.682Gi ± 1%   1.665Gi ± 1%   -0.98% (p=0.002 n=6)
Hash/8K-12        1.878Gi ± 1%   1.878Gi ± 1%        ~ (p=0.310 n=6)
Hash/1M-12        1.907Gi ± 0%   1.913Gi ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        1.911Gi ± 1%   1.904Gi ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       1.910Gi ± 0%   1.905Gi ± 0%        ~ (p=0.093 n=6)
geomean           1.066Gi        1.032Gi        -3.18%
```

(cherry picked from commit abd94ff5b5)
(cherry picked from commit 15e81637ab)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 5caea2d75aeac78fb306f58a3cf7809d5b70c7f2)
(cherry picked from commit 08da542cce)
(cherry picked from commit d71a8cc9fb)
(cherry picked from commit 63c9fc2bee)
(cherry picked from commit e1db85d48a)
(cherry picked from commit 5e86a5d2d1)
2023-11-13 14:06:31 +01:00
Gusted
f9cdbb889a
[GITEA] Detect file rename and show in history
- Add a indication to the file history if the file has been renamed,
this indication contains a link to browse the history of the file
further.
- Added unit testing.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1279

(cherry picked from commit 72c297521b)
(cherry picked from commit 283f964894)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 7c30af7fde)
(cherry picked from commit f3be6eb269)
(cherry picked from commit 78e1755b94)
(cherry picked from commit 9f30b92009)
(cherry picked from commit bb694684a4)
(cherry picked from commit 721f0ccf3e)
(cherry picked from commit 6a6ec50130)

[GITEA] Detect file rename and show in history (squash) ctx.Locale

(cherry picked from commit 08698d747f)
2023-11-13 14:06:30 +01:00
Earl Warren
00c8b16b8c
[GITEA] enable system users for comment.LoadPoster
System users (Ghost, ActionsUser, etc) have a negative id and may be
the author of a comment, either because it was created by a now
deleted user or via an action using a transient token.

The GetPossibleUserByID function has special cases related to system
users and will not fail if given a negative id.

Refs: https://codeberg.org/forgejo/forgejo/issues/1425
(cherry picked from commit 97667e06b3)
(cherry picked from commit 8ef73a09c9)
(cherry picked from commit fa8a00d264)
(cherry picked from commit 2ada2074b5)
(cherry picked from commit f9a59b940a)
(cherry picked from commit cd82834043)
(cherry picked from commit 7fb032c240)
(cherry picked from commit 64438ff837)
(cherry picked from commit 8174592b29)
(cherry picked from commit 46d36555f9)
2023-11-13 14:06:29 +01:00
Earl Warren
e54348f67c
[GITEA] enable system users search via the API
Refs: https://codeberg.org/forgejo/forgejo/issues/1403
(cherry picked from commit 87bd40411e)

Conflicts:
	routers/api/v1/user/user.go
	https://codeberg.org/forgejo/forgejo/pulls/1469
(cherry picked from commit 74f70ca873)
(cherry picked from commit 673a75bb43)
(cherry picked from commit fcd4535ac6)
(cherry picked from commit 56b229f22e)
(cherry picked from commit 45b922ae76)
(cherry picked from commit 03805f3bf4)
(cherry picked from commit 16c67f70d5)
(cherry picked from commit 1b862a14ad)
(cherry picked from commit 4a5cdcf649)
2023-11-13 14:06:29 +01:00
Gusted
67e512c863
[GITEA] Improve HTML title on repositories
- The `<title>` element that lives inside the `<head>` element is an important element that gives browsers and search engine crawlers the title of the webpage, hence the element name. It's therefor important that this title is accurate.
- Currently there are three issues with titles on repositories. It doesn't use the `FullName` and instead only uses the repository name, this doesn't distinguish which user or organisation the repository is on. It doesn't show the full treepath in the title when visiting an file inside a directory and instead only uses the latest path in treepath. It can show the repository name twice if the `.Title` variable also included the repository name such as on the repository homepage.
- Use the repository's fullname (which include which user the repository is on) instead of just their name.
- Display the repository's fullname if it isn't already in `.Title`.
- Use the full treepath in the repository code view instead of just the
last path.
- Adds integration tests.
- Adds a new repository (`repo59`) that has 3 depths for folders, which
wasn't in any other fixture repository yet, so the full treepath for
could be properly tested.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1276

(cherry picked from commit ff9a6a2cda)
(cherry picked from commit 76dffc8621)
(cherry picked from commit ff0615b9d0)
(cherry picked from commit 8712eaa394)
(cherry picked from commit 0c11587582)
(cherry picked from commit 3cbd9fb792)

Conflicts:
	tests/integration/repo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1512
(cherry picked from commit fbfdba8ae9)

Conflicts:
	models/fixtures/release.yml
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 8b2bf0534c)
(cherry picked from commit d706d9e222)
(cherry picked from commit 6d46261a3f)
(cherry picked from commit 87e8ad2307)
(cherry picked from commit f728a5e89d)
(cherry picked from commit 97534cd4a1)

[GITEA] Improve HTML title on repositories (squash) do not double escape

(cherry picked from commit 22882fe25c)
(cherry picked from commit 63e99df3d1)
(cherry picked from commit b65d777bc7)
(cherry picked from commit 2961f4f632)
(cherry picked from commit f7f723628c)
(cherry picked from commit 9ed7915826)
(cherry picked from commit 6d83f86cf0)
(cherry picked from commit 525f95cf1a)
(cherry picked from commit b68aebe0f5)
(cherry picked from commit c7c12904ba)
2023-11-13 14:04:16 +01:00
Gusted
cd53d56c68
[GITEA] Allow release creation on commit
- The code and tests are already there to allow releases to be created
on commits.
- This patch modifies the web code to take into account that an commitID
could've been passed as target.
- Added unit test.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1196

(cherry picked from commit 90863e0ab5)
(cherry picked from commit c805aa23b5)
(cherry picked from commit cf45567ca6)
(cherry picked from commit 672a2b91e5)
(cherry picked from commit 82c930152c)
(cherry picked from commit 95ac2508b3)
(cherry picked from commit b13a81ab98)
(cherry picked from commit 9f463a7c1f)
(cherry picked from commit 758ce84dc5)

Conflicts:
	tests/integration/release_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit edf0531aee)
(cherry picked from commit 44b29f3a1d)
(cherry picked from commit b851b67419)
(cherry picked from commit 59c22547d7)
(cherry picked from commit 1eae28475b)
(cherry picked from commit a7b25047b1)
(cherry picked from commit 867cdf9fd1)
2023-11-13 14:04:16 +01:00
Loïc Dachary
dd7f17c279
[BRANDING] X-Forgejo-OTP can be used instead of X-Gitea-OTP
(cherry picked from commit 7b0549cd70)
(cherry picked from commit 13e10a65d9)
(cherry picked from commit 65bdd73cf2)
(cherry picked from commit 64eba8bb92)
(cherry picked from commit 4c49b1a759)
(cherry picked from commit 93b4d06406)
(cherry picked from commit e2bc5f36d9)
(cherry picked from commit 2bee76f9df)
(cherry picked from commit 3d8a1b4a9f)
(cherry picked from commit 99dd092cd0)
(cherry picked from commit 0fdbd02204)
(cherry picked from commit 70b277a183)
(cherry picked from commit 3eece7fbb4)
(cherry picked from commit 4838fc9e11)
(cherry picked from commit b76ed541cf)
(cherry picked from commit dcdfb5b65c)
(cherry picked from commit 377dc48cdc)
(cherry picked from commit acc862f411)
(cherry picked from commit ac75ef101f)
(cherry picked from commit 08f2d9f7c5)
(cherry picked from commit e4096f0b64)
(cherry picked from commit bf5876f062)
(cherry picked from commit 7dc60637e5)
(cherry picked from commit ef3101774b)
(cherry picked from commit ecb9e8867c)
(cherry picked from commit 64f0ae72fe)
(cherry picked from commit 8dd6ec7862)
(cherry picked from commit b36723e52b)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/1466
(cherry picked from commit 5c378e0cb8)
(cherry picked from commit 1d87602819)
(cherry picked from commit 0f72002d66)
(cherry picked from commit da2556eb13)
(cherry picked from commit c01688cd90)
(cherry picked from commit af4bba8329)
(cherry picked from commit 33ca322c2e)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/1739
(cherry picked from commit c18e374d44)
(cherry picked from commit 27c4797c9f)
2023-11-13 14:01:40 +01:00
Gusted
2f6eae911f
[BRANDING] Update nodeinfo branding
- Change the values for the nodeinfo API, to use branded values.
- Resolves https://codeberg.org/forgejo/forgejo/issues/257

(cherry picked from commit 4608c57688)
(cherry picked from commit e837e8a529)
(cherry picked from commit 6601328d3c)
(cherry picked from commit c6be21d487)
(cherry picked from commit 5adc6ffee2)
(cherry picked from commit 2ff8d166ac)
(cherry picked from commit b6a90e7e5a)
(cherry picked from commit d1089e706c)

Conflicts:
	tests/integration/api_nodeinfo_test.go
(cherry picked from commit 7a29df737d)
(cherry picked from commit 3655a30c60)
(cherry picked from commit c90d611410)
(cherry picked from commit 0274bd8860)
(cherry picked from commit fdb786b71d)
(cherry picked from commit 4f08f100a1)
(cherry picked from commit 56a2711822)
(cherry picked from commit 3b2cfa452d)
(cherry picked from commit 773ddcf956)
(cherry picked from commit fe8321ed4e)
(cherry picked from commit a94833643b)
(cherry picked from commit 3fdbda7639)
(cherry picked from commit 7bc63d2cd3)
(cherry picked from commit a36400d9cf)
(cherry picked from commit 2535ab4201)
(cherry picked from commit 692e72f4f6)
(cherry picked from commit 265021f3e9)
(cherry picked from commit bc833125d6)
(cherry picked from commit f1f9f88155)
(cherry picked from commit 6076461ad7)
(cherry picked from commit cd1da0aa2b)
(cherry picked from commit f4e9a251d8)
(cherry picked from commit fed4a421ac)
(cherry picked from commit cb3ef32117)
(cherry picked from commit 232eec1945)
(cherry picked from commit 1390cd433a)
(cherry picked from commit 26538623f8)
(cherry picked from commit 4991098dde)
(cherry picked from commit 7511039393)
(cherry picked from commit 54c4fa77ee)
(cherry picked from commit b93b2bf0b5)
2023-11-13 13:58:18 +01:00
Earl Warren
5f980346a9
[BRANDING] add the forgejo webhook type & update webhook docs URLs
templates/swagger/v1_json.tmpl updated with `make generate-swagger`

(cherry picked from commit 88899c492e)
(cherry picked from commit 7171bd9617)
(cherry picked from commit 1a742446c1)
(cherry picked from commit d7c189d7b2)

Conflicts:
	routers/web/web.go
(cherry picked from commit cbdea868e4)
(cherry picked from commit 6cd150483b)
(cherry picked from commit 47246da8d3)
(cherry picked from commit f2aa0e6b76)
(cherry picked from commit 5a4fc69a16)
(cherry picked from commit 48e444ca09)
(cherry picked from commit 888e537811)
(cherry picked from commit 5121f493c9)
(cherry picked from commit 9394e55fdf)
(cherry picked from commit 3a2ce51768)
(cherry picked from commit 719ead3a65)
(cherry picked from commit 83e6f82e2a)
(cherry picked from commit 494a429b21)
(cherry picked from commit 4d775db6b4)
(cherry picked from commit b68f777dc2)
(cherry picked from commit 5b934023fa)
(cherry picked from commit 3b1ed8b16c)
(cherry picked from commit 6bc4a46c9f)
(cherry picked from commit 8064bb24a3)

Conflicts:
	templates/admin/hook_new.tmpl
	templates/org/settings/hook_new.tmpl
	templates/repo/settings/webhook/base_list.tmpl
	templates/repo/settings/webhook/new.tmpl
	templates/user/settings/hook_new.tmpl
	https://codeberg.org/forgejo/forgejo/pulls/1181
(cherry picked from commit 55f5588a91)
(cherry picked from commit a428bc06b3)
(cherry picked from commit d2186eceb9)
(cherry picked from commit b4e126e9af)
(cherry picked from commit e4c7a92c2d)
(cherry picked from commit a7165c8146)

Conflicts:
	templates/admin/hook_new.tmpl
	templates/repo/settings/webhook/new.tmpl
	https://codeberg.org/forgejo/forgejo/pulls/1420

[BRANDING] add the forgejo webhook type & update webhook docs URLs (squash) gitea logo for gitea webhooks

Refs: https://codeberg.org/forgejo/forgejo/issues/1367
(cherry picked from commit 2d8c1b9373)
(cherry picked from commit 9135a5e1db)
(cherry picked from commit 270f4020b0)
(cherry picked from commit 33e5e2f0d8)
(cherry picked from commit 7af8bcf479)

Conflicts:
	tests/integration/links_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1548
(cherry picked from commit ce2a434dcf)
(cherry picked from commit c2fa42b4fd)
(cherry picked from commit b04e3ab5bd)
(cherry picked from commit de7d892884)
(cherry picked from commit 0bc1651c36)
(cherry picked from commit 8570815742)
(cherry picked from commit 0666253dbb)
2023-11-13 13:58:18 +01:00
Lunny Xiao
6dcef7f2f7
Test more templates for if they contain an error (#27367)
(cherry picked from commit 439a0cca2c)
(cherry picked from commit a4ee21cb5b)
(cherry picked from commit 22a32ef309)
(cherry picked from commit 7d74822400)
(cherry picked from commit cb92fad0ef)
(cherry picked from commit a647f7d9aa)
(cherry picked from commit abe5a0343d)
2023-11-13 13:58:17 +01:00
Gusted
bfd4c8a15d
[MODERATION] User blocking
- Add the ability to block a user via their profile page.
- This will unstar their repositories and visa versa.
- Blocked users cannot create issues or pull requests on your the doer's repositories (mind that this is not the case for organizations).
- Blocked users cannot comment on the doer's opened issues or pull requests.
- Blocked users cannot add reactions to doer's comments.
- Blocked users cannot cause a notification trough mentioning the doer.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/540
(cherry picked from commit 687d852480)
(cherry picked from commit 0c32a4fde5)
(cherry picked from commit 1791130e3c)
(cherry picked from commit 37858b7e8f)
(cherry picked from commit a3e2bfd7e9)
(cherry picked from commit 7009b9fe87)

Conflicts: https://codeberg.org/forgejo/forgejo/pulls/1014
        routers/web/user/profile.go
        templates/user/profile.tmpl
(cherry picked from commit b2aec34791)
(cherry picked from commit e2f1b73752)

[MODERATION] organization blocking a user (#802)

- Resolves #476
- Follow up for: #540
- Ensure that the doer and blocked person cannot follow each other.
- Ensure that the block person cannot watch doer's repositories.
- Add unblock button to the blocked user list.
- Add blocked since information to the blocked user list.
- Add extra testing to moderation code.
- Blocked user will unwatch doer's owned repository upon blocking.
- Add flash messages to let the user know the block/unblock action was successful.
- Add "You haven't blocked any users" message.
- Add organization blocking a user.

Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/802
(cherry picked from commit 0505a10421)
(cherry picked from commit 37b4e6ef9b)
(cherry picked from commit c17c121f2c)

[MODERATION] organization blocking a user (#802) (squash)

Changes to adapt to:

  6bbccdd177 Improve AJAX link and modal confirm dialog (#25210)

Refs: https://codeberg.org/forgejo/forgejo/pulls/882/files#issuecomment-945962
Refs: https://codeberg.org/forgejo/forgejo/pulls/882#issue-330561
(cherry picked from commit 523635f83c)
(cherry picked from commit 4743eaa6a0)
(cherry picked from commit eff5b43d2e)

Conflicts: https://codeberg.org/forgejo/forgejo/pulls/1014
        routers/web/user/profile.go
(cherry picked from commit 9d359be5ed)
(cherry picked from commit b1f3069a22)

[MODERATION] add user blocking API

- Follow up for: #540, #802
- Add API routes for user blocking from user and organization
perspective.
- The new routes have integration testing.
- The new model functions have unit tests.
- Actually quite boring to write and to read this pull request.

(cherry picked from commit f3afaf15c7)
(cherry picked from commit 6d754db3e5)
(cherry picked from commit 2a89ddc0ac)
(cherry picked from commit 4a147bff7e)

Conflicts:
        routers/api/v1/api.go
        templates/swagger/v1_json.tmpl
(cherry picked from commit bb8c339185)
(cherry picked from commit 5a11569a01)
(cherry picked from commit 2373c801ee)

[MODERATION] restore redirect on unblock

 ctx.RedirectToFirst(ctx.FormString("redirect_to"), ctx.ContextUser.HomeLink())

was replaced by

 ctx.JSONOK()

in 128d77a3a Following up fixes for "Fix inconsistent user profile layout across tabs" (#25739)

thus changing the behavior (nicely spotted by the tests). This
restores it.

(cherry picked from commit 597c243707)
(cherry picked from commit cfa539e590)

[MODERATION] Add test case (squash)

- Add an test case, to test an property of the function.

(cherry picked from commit 70dadb1916)

[MODERATION] Block adding collaborators

- Ensure that the doer and blocked user cannot add each other as
collaborators to repositories.
- The Web UI gets an detailed message of the specific situation, the API
gets an generic Forbidden code.
- Unit tests has been added.
- Integration testing for Web and API has been added.
- This commit doesn't introduce removing each other as collaborators on
the block action, due to the complexity of database calls that needs to
be figured out. That deserves its own commit and test code.

(cherry picked from commit 747be949a1)

[MODERATION] move locale_en-US.ini strings to avoid conflicts

Conflicts:
        web_src/css/org.css
        web_src/css/user.css
        https://codeberg.org/forgejo/forgejo/pulls/1180

(cherry picked from commit e53f955c88)

Conflicts:
        services/issue/comments.go
        https://codeberg.org/forgejo/forgejo/pulls/1212
(cherry picked from commit b4a454b576)

Conflicts:
        models/forgejo_migrations/migrate.go
        options/locale/locale_en-US.ini
        services/pull/pull.go
        https://codeberg.org/forgejo/forgejo/pulls/1264

[MODERATION] Remove blocked user collaborations with doer

- When the doer blocks an user, who is also an collaborator on an
repository that the doer owns, remove that collaboration.
- Added unit tests.
- Refactor the unit test to be more organized.

(cherry picked from commit ec87016178)
(cherry picked from commit 313e6174d8)

[MODERATION] QoL improvements (squash)

- Ensure that organisations cannot be blocked. It currently has no
effect, as all blocked operations cannot be executed from an
organisation standpoint.
- Refactored the API route to make use of the `UserAssignmentAPI`
middleware.
- Make more use of `t.Run` so that the test code is more clear about
which block of code belongs to which test case.
- Added more integration testing (to ensure the organisations cannot be
blocked and some authorization/permission checks).

(cherry picked from commit e9d638d075)

[MODERATION] s/{{avatar/{{ctx.AvatarUtils.Avatar/

(cherry picked from commit ce8b30be13)
(cherry picked from commit f911dc4025)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/1354
(cherry picked from commit c1b37b7fda)
(cherry picked from commit 856a2e0903)

[MODERATION] Show graceful error on comment creation

- When someone is blocked by the repository owner or issue poster and
try to comment on that issue, they get shown a graceful error.
- Adds integration test.

(cherry picked from commit 490646302e)
(cherry picked from commit d3d88667cb)
(cherry picked from commit 6818de13a9)

[MODERATION] Show graceful error on comment creation (squash) typo

(cherry picked from commit 1588d4834a)
(cherry picked from commit d510ea52d0)
(cherry picked from commit 8249e93a14)

[MODERATION] Refactor integration testing (squash)

- Motivation for this PR is that I'd noticed that a lot of repeated
calls are happening between the test functions and that certain tests
weren't using helper functions like `GetCSRF`, therefor this refactor of
the integration tests to keep it: clean, small and hopefully more
maintainable and understandable.
- There are now three integration tests: `TestBlockUser`,
`TestBlockUserFromOrganization` and `TestBlockActions` (and has been
moved in that order in the source code).
- `TestBlockUser` is for doing blocking related actions as an user and
`TestBlockUserFromOrganization` as an organisation, even though they
execute the same kind of tests they do not share any database calls or
logic and therefor it currently doesn't make sense to merge them
together (hopefully such oppurtinutiy might be presented in the future).
- `TestBlockActions` now contain all tests for actions that should be
blocked after blocking has happened, most tests now share the same doer
and blocked users and a extra fixture has been added to make this
possible for the comment test.
- Less code, more comments and more re-use between tests.

(cherry picked from commit ffb393213d)
(cherry picked from commit 85505e0f81)
(cherry picked from commit 0f3cf17761)

[MODERATION] Fix network error (squash)

- Fix network error toast messages on user actions such as follow and
unfollow. This happened because the javascript code now expects an JSON
to be returned, but this wasn't the case due to
cfa539e590127b4953b010fba3dea21c82a1714.
- The integration testing has been adjusted to instead test for the
returned flash cookie.

(cherry picked from commit 112bc25e54)
(cherry picked from commit 1194fe4899)
(cherry picked from commit 9abb95a844)

[MODERATION] Modernize frontend (squash)

- Unify blocked users list.
- Use the new flex list classes for blocked users list to avoid using
the CSS helper classes and thereby be consistent in the design.
- Fix the modal by using the new modal class.
- Remove the icon in the modal as looks too big in the new design.
- Fix avatar not displaying as it was passing the context where the user
should've been passed.
- Don't use italics for 'Blocked since' text.
- Use namelink template to display the user's name and homelink.

(cherry picked from commit ec935a16a3)
(cherry picked from commit 67f37c8346)

Conflicts:
	models/user/follow.go
	models/user/user_test.go
	routers/api/v1/user/follower.go
	routers/web/shared/user/header.go
	routers/web/user/profile.go
	templates/swagger/v1_json.tmpl
	https://codeberg.org/forgejo/forgejo/pulls/1468
(cherry picked from commit 6a9626839c)

Conflicts:
	tests/integration/api_nodeinfo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1508#issuecomment-1242385
(cherry picked from commit 7378b251b4)

Conflicts:
	models/fixtures/watch.yml
	models/issues/reaction.go
	models/issues/reaction_test.go
	routers/api/v1/repo/issue_reaction.go
	routers/web/repo/issue.go
	services/issue/issue.go
	https://codeberg.org/forgejo/forgejo/pulls/1547
(cherry picked from commit c2028930c1)
(cherry picked from commit d3f9134aee)
(cherry picked from commit 7afe154c5c)
(cherry picked from commit e6839caa4e)
(cherry picked from commit f546c95c29)
(cherry picked from commit 839aa964a0)

Conflicts:
	services/user/delete.go
	https://codeberg.org/forgejo/forgejo/pulls/1731

[MODERATION] Add repo transfers to blocked functionality (squash)

- When someone gets blocked, remove all pending repository transfers
from the blocked user to the doer.
- Do not allow to start transferring repositories to the doer as blocked user.
- Added unit testing.
- Added integration testing.

(cherry picked from commit 8a3caac330)
(cherry picked from commit a92b4cfeb6)
(cherry picked from commit acaaaf07d9)
(cherry picked from commit 735818863c)
(cherry picked from commit f50fa43b32)
(cherry picked from commit e166836433)
(cherry picked from commit e0187b21fe)
(cherry picked from commit 697a492686)
(cherry picked from commit beb4a8a452)

[MODERATION] Fix unblock action (squash)

- Pass the whole context instead of only giving pieces.
- This fixes CSRF not correctly being inserted into the unblock buttons.

(cherry picked from commit 2aa51922ba)
(cherry picked from commit 7ee8db0f01)
(cherry picked from commit e4f8b999bc)
(cherry picked from commit 05aea60b13)
(cherry picked from commit dc0d61b012)
(cherry picked from commit f53fa583de)
(cherry picked from commit f3d129247e)
(cherry picked from commit 2369d918b4)
(cherry picked from commit 609f56d4f2)

[MODERATION] cope with shared fixtures

* There is one more issue in the fixtures and this breaks some tests
* The users in the shared fixtures were renamed for clarity and that
  breaks some tests

(cherry picked from commit 707a4edbdf)

Conflicts:
	modules/indexer/issues/indexer_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1508
(cherry picked from commit 82cc044366)
(cherry picked from commit 2776aec7e8)
(cherry picked from commit 1fbde36dc7)
(cherry picked from commit 1293db3c4e)
(cherry picked from commit 6dbce742d3)
(cherry picked from commit 652ad8f0f7)
(cherry picked from commit 6ad40a59dc)

[MODERATION] Fix transfer confirmation (squash)

- Fix problem caused by the clearer confirmation for dangerous actions commit.

(cherry picked from commit 3488f4a9cb)
(cherry picked from commit ed7de91f6a)
(cherry picked from commit 2d97929b9b)
(cherry picked from commit 50d035a7b0)
(cherry picked from commit 0a0c07d78a)
(cherry picked from commit 79009609e3)
(cherry picked from commit b576f3cda3)
(cherry picked from commit c5969abfb4)

[MODERATION] Purge issues on user deletion (squash)

(cherry picked from commit 4f529d9596)
(cherry picked from commit f0e3acadd3)
(cherry picked from commit 682c4effe6)
(cherry picked from commit eb99857433)
(cherry picked from commit 9af6e03aab)
(cherry picked from commit ad3ad4baec)

[MODERATION] Purge issues on user deletion (squash) revert shared fixtures workarounds

(cherry picked from commit 7224653a40)
(cherry picked from commit aa6e8672f9)
(cherry picked from commit 58c7947e95)
(cherry picked from commit 149f6b3533)
(cherry picked from commit 65e65e04f3)
(cherry picked from commit 57428561b5)
(cherry picked from commit 94b6046c52)
2023-11-13 13:58:02 +01:00