Commit graph

17001 commits

Author SHA1 Message Date
KN4CK3R
c6c829fe3f
Enhanced auth token / remember me (#27606)
Closes #27455

> The mechanism responsible for long-term authentication (the 'remember
me' cookie) uses a weak construction technique. It will hash the user's
hashed password and the rands value; it will then call the secure cookie
code, which will encrypt the user's name with the computed hash. If one
were able to dump the database, they could extract those two values to
rebuild that cookie and impersonate a user. That vulnerability exists
from the date the dump was obtained until a user changed their password.
> 
> To fix this security issue, the cookie could be created and verified
using a different technique such as the one explained at
https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies.

The PR removes the now obsolete setting `COOKIE_USERNAME`.
2023-10-14 00:56:41 +00:00
GiteaBot
ee6a390675 [skip ci] Updated translations via Crowdin 2023-10-14 00:22:28 +00:00
techknowlogick
c573d96b70
rm outdated docs from some languages (#27530)
related to #27499
2023-10-13 19:29:18 +00:00
Chongyi Zheng
b5a4ec0fb1
Upgrade go dependencies (#27599)
Upgrade all dependencies in `go.mod`

`golang.org/x/net` v0.17.0 also fixes
[CVE-2023-39325](https://github.com/advisories/GHSA-4374-p667-p6c8)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-10-13 16:11:15 +00:00
Sergey Zolotarev
cf74f5fc40
Fix build errors on BSD (in BSDMakefile) (#27594)
1. `make build` fails because `||` and `&&` have the same precedence in
sh/bash, so the `false` command always evaluated (leading to an error).

   ```
   + which gmake /usr/local/bin/gmake
   + false

   *** Failed target:  .BEGIN
*** Failed command: which "gmake" || printf "Error: GNU Make is
required!\n\n" 1>&2 && false
   *** Error code 1
   ```

2. When `GPREFIX` is set to an empty string with quotation marks,
`gmake` mistakenly thinks that it's a file name:

   ``` gmake: *** empty string invalid as file name.  Stop. ```
2023-10-13 15:38:27 +00:00
silverwind
532f166c4d
Enable shorthands in declaration-strict-value linter (#27597)
Enable [shorthand
matching](https://github.com/AndyOGo/stylelint-declaration-strict-value#expandshorthand)
in this lint rule and match color properties by regex. Patterns like
this will now fail lint:

```css
background: #123456;
border: 1px sold rgba(0,0,0,0);
```
2023-10-13 08:19:21 +00:00
GiteaBot
3e9a379d38 [skip ci] Updated translations via Crowdin 2023-10-13 00:23:41 +00:00
silverwind
c37f95fc56
Make disk clean action a bit more robust (#27590) 2023-10-12 00:24:13 -04:00
GiteaBot
d020343269 [skip ci] Updated translations via Crowdin 2023-10-12 00:21:30 +00:00
JakobDev
bf24852b20
Keep filter when showing unfiltered results on explore page (#27192)
Fixes https://codeberg.org/Codeberg/Community/issues/1302

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-11 22:10:51 +00:00
JakobDev
328da56a28
Don't show Link to TOTP if not set up (#27585) 2023-10-11 20:12:54 +00:00
wxiaoguang
1d155a43ad
Fix data-race bug when accessing task.LastRun (#27584) 2023-10-11 14:51:20 +00:00
Lunny Xiao
fb74fe99d6
Fix template bug (#27581)
Regression from #27414
2023-10-11 14:02:15 +00:00
silverwind
73b63d9311
Replace ajax with fetch, improve image diff (#27267)
1. Dropzone attachment removal, pretty simple replacement
2. Image diff: The previous code fetched every image twice, once via
`img[src]` and once via `$.ajax`. Now it's only fetched once and a
second time only when necessary. The image diff code was partially
rewritten.

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2023-10-11 12:34:21 +00:00
Nanguan Lin
dc04044716
Replace assert.Fail with assert.FailNow (#27578)
assert.Fail() will continue to execute the code while assert.FailNow()
not. I thought those uses of assert.Fail() should exit immediately.
PS: perhaps it's a good idea to use
[require](https://pkg.go.dev/github.com/stretchr/testify/require)
somewhere because the assert package's default behavior does not exit
when an error occurs, which makes it difficult to find the root error
reason.
2023-10-11 11:02:24 +00:00
Lunny Xiao
dca195e9bd
Fix the robots.txt path 2023-10-11 18:01:52 +08:00
Earl Warren
1050d7a78f
show manual cron run's last time (#27544)
- Currently in the cron tasks, the 'Previous Time' only displays the
previous time of when the cron library executes the function, but not
any of the manual executions of the task.
- Store the last run's time in memory in the Task struct and use that,
when that time is later than time that the cron library has executed
this task.
- This ensures that if an instance admin manually starts a task, there's
feedback that this task is/has been run, because the task might be run
that quick, that the status icon already has been changed to an
checkmark,
- Tasks that are executed at startup now reflect this as well, as the
time of the execution of that task on startup is now being shown as
'Previous Time'.
- Added integration tests for the API part, which is easier to test
because querying the HTML table of cron tasks is non-trivial.
- Resolves https://codeberg.org/forgejo/forgejo/issues/949

(cherry picked from commit fd34fdac14)

---------

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: silverwind <me@silverwind.io>
2023-10-11 07:28:16 +00:00
techknowlogick
dc7cf7a984
fully replace drone with actions (#27556)
this builds binaries and docker images for tags
2023-10-11 06:39:32 +00:00
zeripath
4378f9dfff
Revert "Simplify contrib/backport (#27520)" (#27566)
This reverts #27520 commit 79e8865aae
which breaks `--continue` functionality.
2023-10-11 05:55:17 +00:00
Nanguan Lin
248b7ee850
Align ISSUE_TEMPLATE with the new label system (#27573)
As title
2023-10-11 13:25:31 +08:00
JakobDev
ebe803e514
Penultimate round of db.DefaultContext refactor (#27414)
Part of #27065

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-10-11 04:24:07 +00:00
GiteaBot
50166d1f7c [skip ci] Updated translations via Crowdin 2023-10-11 00:22:56 +00:00
Lunny Xiao
5c9fbcca00
Fix attachment download bug (#27486) 2023-10-10 15:33:56 +00:00
Lunny Xiao
7ff1f2527c
Make actions default enabled for newly created repository if global configuraion enabled (#27482) 2023-10-10 14:45:31 +00:00
Nanguan Lin
5b6258a0b9
Fix the wrong HTTP response status code for duplicate packages (#27480)
fix #27470 
(hope there is nothing missing 😢 )

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-10 15:39:58 +02:00
Jason Song
2c7b6c378e
Increase queue length (#27555) 2023-10-10 18:47:49 +08:00
Sebastian Grabowski
3c131307ac
Respect SSH.KeygenPath option when calculating ssh key fingerprints (#27536)
Fixes #27535
2023-10-10 00:01:46 +00:00
Kyle D
ac4ae35542
Remove max-width and add hide text overflow (#27359)
Closes https://github.com/go-gitea/gitea/issues/27358
2023-10-09 19:04:31 -04:00
wxiaoguang
e2e0280108
Fix environment-to-ini inherited key bug (#27543)
Fix  #27541

The INI package has a quirk: by default, the keys are inherited.
When maintaining the keys, the newly added sub key should not be
affected by the parent key.
2023-10-10 01:10:37 +08:00
Nanguan Lin
28ead9ea62
Improve docs about register/run as a service (#27461)
As title
2023-10-09 13:20:16 +00:00
Michael Santos
5283ce9650
api: GetPullRequestCommits: return file list (#27483)
Fixes https://github.com/go-gitea/gitea/issues/27481

----

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-09 11:22:12 +00:00
techknowlogick
65eea1d536
switch to using official AWS step in release nightly (#27532)
`jakejarvis/s3-sync-action@master` is out of date, and using official
actions is always recommended
2023-10-09 10:12:19 +00:00
wxiaoguang
d1527dac3d
Improve file history UI and fix URL escaping bug (#27531)
Follow #27354

Major changes:

1. The `right aligned` in `<th class="one wide right aligned">` is a
no-op because it doesn't have any content
2. The `gt-df` in `<td class="sha gt-df">` was wrong, it causes UI
misalignment, a table cell shouldn't be "flex"
3. Use `gt-py-0` for `gt-pt-0 gt-pb-0`
4. Simplify the layout for buttons, because the `text right aligned` is
widely used and good enough, it doesn't make sense to introduce the
`<div class="gt-df gt-je">`
5. Escape the `$.FileName` correctly


Before:


![image](https://github.com/go-gitea/gitea/assets/2114189/eb2ced3f-1dad-4149-9ed2-aee4c0663621)

After:


![image](https://github.com/go-gitea/gitea/assets/2114189/08244b61-416b-4279-b495-029bc0a96f67)
2023-10-09 07:19:23 +00:00
wxiaoguang
43632d9d34
Improve dropdown's behavior when there is a search input in menu (#27526)
Follow #27225

The change in #27225 is not ideal, this should be the complete fix:
support the layout which Fomantic doesn't support.
2023-10-09 06:48:51 +00:00
silverwind
79e8865aae
Simplify contrib/backport (#27520)
This script was trying to be too smart, make it more straightforward and
less error-prone so that i could be used by the backport bot too
ideally.

- Always delete the backport branch so that script is idempotent in this
regard
- Remove the push functionality, it's best done by the user because only
they know the remote name
- Remove reading docs/config.yaml, it no longer exists
- Remove version detection, version is now a required argument
- Remove opening the pull request with xdg-open, xdg-open is not
portable
- Remove continue from failed cherry pick. It's best to reset manually
in this case
- Clean up the console logging

Example run:

```
$ go run ./contrib/backport --version v1.21 27503
* Backporting 27503 to origin/release/v1.21 as backport-27503-v1.21
* `git fetch origin main`
* `git fetch origin release/v1.21`
* `git branch -D backport-27503-v1.21`
* `git checkout -b backport-27503-v1.21 origin/release/v1.21`
* Attempting git cherry-pick 08efeb5cdc
* Amending commit to prepend `Backport #27503` to body
Backport done! You can now push it with `git push yourremote backport-27503-v1.21`
```

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-10-09 06:16:16 +00:00
KN4CK3R
e94a4ad28d
Add docs section for sub-paths with the container registry (#27505)
Fixes #21092

suggested by
https://github.com/go-gitea/gitea/issues/21092#issuecomment-1749965397

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-09 12:45:41 +08:00
delvh
ae2794c958
Document our new labeling strategy (#27523) 2023-10-09 09:16:05 +08:00
GiteaBot
4aae15af7a [skip ci] Updated translations via Crowdin 2023-10-09 00:23:39 +00:00
silverwind
5bf367f904
Restore warning commit status (#27504)
Partial revert of https://github.com/go-gitea/gitea/pull/25839. This
commit status is used by a number of external integrations, so I think
we should not remove it (See
https://github.com/go-gitea/gitea/pull/25839#issuecomment-1729002077).
This is a rare case where an existing migration needed to be alterted to
avoid data loss.

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-10-08 22:16:06 +00:00
Denys Konovalov
0c2a3f4cdc
Update labeler to match new labeling system (#27525) 2023-10-08 12:16:56 -04:00
Gary Wang
4335c332ba
Apply to become a maintainer (#27522) 2023-10-08 10:36:40 -04:00
Lunny Xiao
f40538e667
Remove unnecessary desc for openssh key cron task (#27515) 2023-10-08 14:23:39 +00:00
silverwind
ab074c9b98
Tweak labeler config (#27502)
Alternative to https://github.com/go-gitea/gitea/pull/27439. Removes a
few spammy labels, and disables `sync-labels` which make it never remove
labels (which is default behaviour).
2023-10-08 13:11:26 +00:00
Gary Wang
abe8fe3527
Add hover background to wiki list page (#27507)
This patch adds a hover background for the wiki row in wiki list page,
which make its behavior more close to repo's file list page.

This patch also make the wiki-git-entry visible on the row is hovered
instead of the cel, so users won't be confused since the 'grid' is not
visible from the web page.

After the patch: (when the wiki named 'Home' is hovered)

![image](https://github.com/go-gitea/gitea/assets/10095765/f6c67c41-ad54-4ce4-a3b1-8c7551396ce0)
2023-10-08 10:07:55 +00:00
mohammed ahmed
551dc8bb4d
[FIX] missing ctx in new_form (#27514)
added the ctx for the project link in new_form.tmpl

---

![Screenshot_20231008_075757](https://github.com/go-gitea/gitea/assets/64513301/8adaa287-9e55-4428-bc48-f8e6a2080624)
2023-10-08 14:35:20 +08:00
M Hickford
a825cc0f34
Pre-register OAuth application for tea (#27509)
It remains to implement OAuth login in tea
https://gitea.com/gitea/tea/issues/598

Fixes #27510
2023-10-08 03:51:08 +00:00
silverwind
08efeb5cdc
Fix mermaid flowchart margin issue (#27503)
Fixes: https://github.com/go-gitea/gitea/issues/27435
Related: https://github.com/mermaid-js/mermaid/issues/4907

<img width="924" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/494a1d2e-4c56-48d0-9843-82a5e5aa977e">
2023-10-08 03:20:12 +00:00
techknowlogick
e96e440b8b
add a shortcut to user's profile page to admin user details (#27299) 2023-10-08 02:48:32 +00:00
silverwind
7065944ac7
Fix actionlint (#27513)
`make lint-actions` is currently failing because of undeclared runner
name.
2023-10-07 20:42:32 -04:00
GiteaBot
4bde16e1ba [skip ci] Updated translations via Crowdin 2023-10-08 00:25:56 +00:00