Backport #24362 by @jolheiser
> The scoped token PR just checked all API routes but in fact, some web
routes like `LFS`, git `HTTP`, container, and attachments supports basic
auth. This PR added scoped token check for them.
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit d2efd2bf73)
Backport #24035 by @garymoon
This change prevents Gitea from bypassing the manual approval process
for newly registered users when OIDC is used.
- Resolves https://github.com/go-gitea/gitea/issues/23392
Signed-off-by: Gary Moon <gary@garymoon.net>
Co-authored-by: Gary Moon <garymoon@users.noreply.github.com>
(cherry picked from commit 1bbbeb24ef)
Backport #24148
`repoCtx.CommitsCount` is not reliably the commit count of the default
branch (Repository.GetCommitsCount depends on what is currently
displayed).
_contributed in the context of @forgejo_
---------
Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 077160b838)
FORGEJO_* environment variables are set to the corresponding GITEA_*
variable when the cli starts. This approach is intended to minimize
the conflicts on rebase. All occurences of GITEA_* are left untouched
in the codebase and they are only changed to FORGEJO_* if exposed to
the user.
(cherry picked from commit e466f9d10e)
(cherry picked from commit e33e95931b)
(cherry picked from commit 5f528f0a25)
(cherry picked from commit 65146bfbcd)
(cherry picked from commit 393eede84a)
(cherry picked from commit df68ae9d1f)
templates/swagger/v1_json.tmpl updated with `make generate-swagger`
(cherry picked from commit 88899c492e)
(cherry picked from commit 7171bd9617)
(cherry picked from commit 1a742446c1)
(cherry picked from commit 132342ae8d)
(cherry picked from commit b47b815fbe)
(cherry picked from commit 2dbb52c8ec)
(cherry picked from commit c846de4322)
Replaces `Gitea` with `Forgejo` in the default config settings for new installs.
This will not affect existing installs.
Co-authored-by: Caesar Schinas <caesar@caesarschinas.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/140
Co-authored-by: Caesar Schinas <caesar@noreply.codeberg.org>
Co-committed-by: Caesar Schinas <caesar@noreply.codeberg.org>
(cherry picked from commit ca1319aa16)
(cherry picked from commit 52a4d238a0)
(cherry picked from commit f63536538c)
Conflicts:
web_src/js/features/install.js
(cherry picked from commit 861cc434e1)
(cherry picked from commit 78482c3f78)
(cherry picked from commit dd491a44a7)
(cherry picked from commit f56b7c4550)
(cherry picked from commit 0be7abc8da)
(cherry picked from commit 20b5669269)
(cherry picked from commit 1574643a6a)
Update semantic version according to specification
(cherry picked from commit 22510f4130)
Mise à jour de 'Makefile'
(cherry picked from commit c3d85d8409)
(cherry picked from commit 5ea2309851)
(cherry picked from commit 4f3970e6c4)
[API] [SEMVER] replace number with version
[API] [SEMVER] [v1.20] less is replaced by css
(cherry picked from commit 43a3a40825)
(cherry picked from commit 669cea25bb)
(cherry picked from commit e25190d2b4)
(cherry picked from commit 5df876e19e)
Backport #24194 by @harryzcy
- [x] Identify endpoints that should be public
- [x] Update integration tests
Fix#24159
Co-authored-by: harryzcy <harry@harryzheng.com>
Backport #24202Close#24195
Fix the bug:
1. The old code doesn't handle `removedfile` event correctly
2. The old code doesn't provide attachments for type=CommentTypeReview
---------
Co-authored-by: silverwind <me@silverwind.io>
Backport #24133 by @jtran
For 2-dot direct compare, we should use the base commit in the title and
templates, as is used elsewhere, not the common ancestor which is used
for 3-dot compare. I believe that this change should have been included
in #22949.
Co-authored-by: Jonathan Tran <jonnytran@gmail.com>
Backport #23786
Refactor commit status for Actions jobs (#23786)
Highlights:
- Treat `StatusSkipped` as `CommitStatusSuccess` instead of
`CommitStatusFailure`, so it fixed#23599.
- Use the bot user `gitea-actions` instead of the trigger as the creator
of commit status.
- New format `<run_name> / <job_name> / (<event>)` for the context of
commit status to avoid conflicts.
- Add descriptions for commit status.
- Add the missing calls to `CreateCommitStatus`.
- Refactor `CreateCommitStatus` to make it easier to use.
Co-authored-by: Jason Song <i@wolfogre.com>
Backport #23944 by @sillyguodong
Fix#23943
When trigger event is `release`, ref should be like
`refs/tags/<tag_name>` instead of `CommitID`
Co-authored-by: sillyguodong <33891828+sillyguodong@users.noreply.github.com>
Backport #23887 by @6543
User descriptions should be rendered so that links and other markup
appear correct in RSS feeds.
test will be added by #23874
Co-authored-by: 6543 <6543@obermui.de>
Backport #23823 by @wxiaoguang
Thanks to @trwnh
Close#23802
The ActivityPub id is an HTTPS URI that should remain constant, even if
the user changes their name.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #23804 by @yp05327
Visibility dropdown list will not work in add/edit user page when error
occurred
Co-authored-by: yp05327 <576951401@qq.com>
Follow #21962
After I eat my own dogfood, I would say that
ONLY_SHOW_RELEVANT_REPOS=false is necessary for many private/enterprise
instances, because many private repositories do not have
"description/topic", users just want to search by their names.
This PR also adds `PageIsExploreRepositories` check, to make code more
strict, because the `search` template is shared for different purpose.
And during the test, I found a bug that the "Search" button didn't
respect the "relevant" parameter, so this PR fixes the bug by the way
together.
Backport #23747 by @wxiaoguang
Always respect the `setting.UI.ShowUserEmail` and `KeepEmailPrivate`
setting.
* It doesn't make sense to show user's own E-mail to themself.
* Always hide the E-mail if KeepEmailPrivate=true, then the user could
know how their profile page looks like for others.
* Revert the `setting.UI.ShowUserEmail` change from #4981 . This setting
is used to control the E-mail display, not only for the user list page.
ps: the incorrect `<div .../>` tag on the profile page has been fixed by
#23748 together, so this PR becomes simpler.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Backport #23326 by @yp05327
A part of https://github.com/go-gitea/gitea/pull/22865
We have edit buttons in projects list page and project view page.
But after user edit a project, it will always redirect to the projects
list page.
Co-authored-by: yp05327 <576951401@qq.com>
Backport #23564 by @silverwind
The `q` parameter was not rendered in pagination links because
`context.Pagination:AddParam` checks for existance of the parameter in
`ctx.Data` where it was absent. Added the parameter there to fix it.
Co-authored-by: silverwind <me@silverwind.io>
Backport #23552 by @atomaka
When attempting to migrate a repository via the API endpoint comments
are always included. This can create a problem if your source repository
has issues or pull requests but you do not want to import them into
Gitea that displays as something like:
> Error 500: We were unable to perform the request due to server-side
problems. 'comment references non existent IssueIndex 4
There are only two ways to resolve this:
1. Migrate using the web interface
2. Migrate using the API including at issues or pull requests.
This PR matches the behavior of the API migration router to the web
migration router.
Co-authored-by: Andrew Tomaka <atomaka@atomaka.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #23387Close#22934
In `/user/repos` API (and other APIs related to creating repos), user
can specify a readme template for auto init. At present, if the
specified template does not exist, a `500` will be returned . This PR
improved the logic and will return a `400` instead of `500`.
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Backport #23420 by @wxiaoguang
Close#23411
Always pass "page" query parameter to backend, and make backend respect
it.
The `ctx.FormInt("limit")` is never used, so removed.
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Backport #23451 by @jolheiser
This PR just adds the `purge` query parameter to the swagger docs for
admin user delete.
I considered using the same verbiage we have in the UI, but that seemed
more verbose than descriptions we use elsewhere in swagger. I'm fine if
that's preferred, though, just let me know. 🙂
Signed-off-by: jolheiser <john.olheiser@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
Backport #23406 by @baez90
When creating attachments (issue, release, repo) the file size (being
part of the multipart file header) is passed through the chain of
creating an attachment to ensure the MinIO client can stream the file
directly instead of having to read it to memory completely at first.
Fixes#23393
Co-authored-by: Peter <peter.kurfer@googlemail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Backport #22705 by @yp05327
Fixes https://github.com/go-gitea/gitea/issues/22676
Context Data `IsOrganizationMember` and `IsOrganizationOwner` is used to
control the visibility of `people` and `team` tab.
2871ea0809/templates/org/menu.tmpl (L19-L40)
And because of the reuse of user projects page, User Context is changed
to Organization Context. But the value of `IsOrganizationMember` and
`IsOrganizationOwner` are not being given.
I reused func `HandleOrgAssignment` to add them to the ctx, but may have
some unnecessary variables, idk whether it is ok.
I found there is a missing `PageIsViewProjects` at create project page.
Co-authored-by: yp05327 <576951401@qq.com>
Backport #23397
When there is an error creating a new openIDConnect authentication
source try to handle the error a little better.
Close#23283
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: zeripath <art27@cantab.net>
