Commit graph

16989 commits

Author SHA1 Message Date
6543
c6366089df
Dont leak private users via extensions (#28023) 2023-11-13 16:30:24 -06:00
yp05327
089ac06969
Improve profile for Organizations (#27982)
Fixes some problems in #27955:
- autofocus of the search box
before:
if access the home page will jump to the search box

![image](https://github.com/go-gitea/gitea/assets/18380374/7f100e8d-2bd6-4563-85ba-d6008ffc71d7)
after:
will not jump to the search box

![image](https://github.com/go-gitea/gitea/assets/18380374/9aab382c-8ebe-4d18-b990-4adbb6c341ad)

- incorrect display of overview tab
before:

![image](https://github.com/go-gitea/gitea/assets/18380374/b24c79e8-9b79-4576-9276-43bd19172043)
after:

![image](https://github.com/go-gitea/gitea/assets/18380374/7aab5827-f086-4874-bd84-39bd81b872f3)

- improve the permission check to the private profile repo
In #26295, we simply added access control to the private profile.
But if user have access to the private profile repo , we should also
display the profile.

- add a button which can jump to the repo list?
I agree @wxiaoguang 's opinion here:
https://github.com/go-gitea/gitea/pull/27955#issuecomment-1803178239
But it seems that this feature is sponsored. 
So can we add a button which can quickly jump to the repo list or just
move profile to the `overview` page?

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-11-13 15:33:22 +01:00
Earl Warren
340055ab6c
Enable system users search via the API (#28013)
Refs: https://codeberg.org/forgejo/forgejo/issues/1403

(cherry picked from commit dd4d17c159)
2023-11-13 15:31:38 +01:00
Earl Warren
f2ea31de36
Enable system users for comment.LoadPoster (#28014)
System users (Ghost, ActionsUser, etc) have a negative id and may be the
author of a comment, either because it was created by a now deleted user
or via an action using a transient token.

The GetPossibleUserByID function has special cases related to system
users and will not fail if given a negative id.

Refs: https://codeberg.org/forgejo/forgejo/issues/1425 

(cherry picked from commit 6a2d2fa243)
2023-11-13 15:30:08 +01:00
Nanguan Lin
0678c82265
Change default size of issue/pr attachments and repo file (#27946)
As title. Some attachments and file sizes can easily be larger than
these limits
2023-11-13 14:19:22 +00:00
KN4CK3R
3081e7e153
Fix missing mail reply address (#27997)
Fixes https://codeberg.org/forgejo/forgejo/issues/1458

Some mails such as issue creation mails are missing the reply-to-comment
address. This PR fixes that and specifies which comment types should get
a reply-possibility.
2023-11-13 03:20:34 +00:00
GiteaBot
024fe11cd3 [skip ci] Updated licenses and gitignores 2023-11-13 00:24:40 +00:00
Nanguan Lin
d95102d650
Fix wrong xorm Delete usage (#27995)
## Bug in Gitea
I ran into this bug when I accidentally used the wrong redirect URL for
the oauth2 provider when using mssql. But the oauth2 provider still got
added.
Most of the time, we use `Delete(&some{id: some.id})` or
`In(condition).Delete(&some{})`, which specify the conditions. But the
function uses `Delete(source)` when `source.Cfg` is a `TEXT` field and
not empty. This will cause xorm `Delete` function not working in mssql.

61ff91f960/models/auth/source.go (L234-L240)

## Reason
Because the `TEXT` field can not be compared in mssql, xorm doesn't
support it according to [this
PR](https://gitea.com/xorm/xorm/pulls/2062)
[related
code](b23798dc98/internal/statements/statement.go (L552-L558))
in xorm
```go
if statement.dialect.URI().DBType == schemas.MSSQL && (col.SQLType.Name == schemas.Text ||
   col.SQLType.IsBlob() || col.SQLType.Name == schemas.TimeStampz) {
   if utils.IsValueZero(fieldValue) {
     continue
   }
   return nil, fmt.Errorf("column %s is a TEXT type with data %#v which cannot be as compare condition", col.Name, fieldValue.Interface())
   }
}
```
When using the `Delete` function in xorm, the non-empty fields will
auto-set as conditions(perhaps some special fields are not?). If `TEXT`
field is not empty, xorm will return an error. I only found this usage
after searching, but maybe there is something I missing.

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-11-12 07:38:45 +00:00
wxiaoguang
f860fe31d9
Move some JS code from fomantic.js to standalone files (#27994)
To improve maintainability, this PR: 

1. Rename `web_src/js/modules/aria` to `web_src/js/modules/fomantic`
(the code there are all for aria of fomantic)
2. Move api/transition related code to
`web_src/js/modules/fomantic/api.js` and
`web_src/js/modules/fomantic/transition.js`

No logic is changed.
2023-11-12 07:15:00 +00:00
Lunny Xiao
61ff91f960
Fix the wrong oauth2 name (#27993)
Fix #27989 
Regression #27798
2023-11-11 11:27:02 +01:00
Yarden Shoham
1c0566f66d
Render email addresses as such if followed by punctuation (#27987)
Added the following characters to the regular expression for the email:

- ,
- ;
- ?
- !

Also added a test case.

- Fixes #27616 

# Before

![image](https://github.com/go-gitea/gitea/assets/20454870/c57eac26-f281-43ef-a51d-9c9a81b63efa)

# After

![image](https://github.com/go-gitea/gitea/assets/20454870/fc7d5c08-4350-4af0-a7f0-d1444d2d75af)

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2023-11-11 05:08:19 +01:00
Nanguan Lin
6c9e196e54
Show error toast when file size exceeds the limits (#27985)
As title.
Before that, there was no alert at all.
After:

![error_toast](https://github.com/go-gitea/gitea/assets/70063547/c54ffeed-76f8-4c3a-b5dc-b9b3e0f8fc76)
2023-11-10 19:43:18 +08:00
KN4CK3R
481e738e7f
Remove title from elements on Org mode (#27968)
The Org mode rendering has some problems:
1.  `[[https://example.com][pre https://example.com/example.mp4 post]]`
 renders as
`<p><a href="https://example.com" title="pre <video
src="https://example.com/example.mp4"
title="https://example.com/example.mp4">https://example.com/example.mp4</video>
post">pre <video src="https://example.com/example.mp4"
title="https://example.com/example.mp4">https://example.com/example.mp4</video>
post</a></p>`
As you can see, the `title` attribute contains the inner html in
unescaped form. I removed the `title` attribute because it is of little
value.
3. The `title` attribute on `img` and `video` is of little value.
4. The inner elements of `video` are different depending on the `if`.
2023-11-10 01:45:13 +00:00
6543
603573366a
Add Profile Readme for Organisations (#27955)
https://blog.gitea.com/release-of-1.20.0/#-user-profile-readme-23260
(#23260) did introduce Profile Readme for Users.

This makes it usable for Organisations:


![image](https://github.com/go-gitea/gitea/assets/24977596/464ab58b-a952-414b-8a34-6deaeb4f7d35)

---
*Sponsored by Kithara Software GmbH*

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-11-09 14:05:52 +00:00
6543
16ba16dbe9
Allow to set explore page default sort (#27951)
as title


---
*Sponsored by Kithara Software GmbH*
2023-11-09 10:11:45 +00:00
Lunny Xiao
69d98f83f9
Fix format error (#27963) 2023-11-08 21:50:20 +08:00
yp05327
f48a863b99
Fix citation error when the file size is larger than 1024 bytes (#27958)
Mentioned in:
https://github.com/go-gitea/gitea/pull/27931#issuecomment-1798016960

Same to #25131, so use the same method to fix this problem.
2023-11-08 06:40:12 +00:00
silverwind
6447b3e6b2
Use flex-container on user dashboard (#27956)
Same as https://github.com/go-gitea/gitea/pull/26046 but for user
dashboard, the sidebar got a bit smaller and there is less padding
between sections.

<img width="1265" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/0c8d2faa-03ec-4515-a4f2-0a106ef2a928">
2023-11-08 02:30:39 +00:00
6543
8ef169a173
Document REACTION_MAX_USER_NUM setting option (#27954)
4a0103fa29/modules/setting/ui.go (L24)

4a0103fa29/modules/setting/ui.go (L77)

---
*Sponsored by Kithara Software GmbH*
2023-11-08 01:50:31 +01:00
yp05327
4a0103fa29
Add word-break to repo description in home page (#27924)
In #25315, @denyskon fixed UI on mobile view.
But for the repo description, on desktop view there's no word-break. 
So maybe we can just add `gt-word-break` to fix it on both mobile view
and desktop view.

Before:
desktop view:

![image](https://github.com/go-gitea/gitea/assets/18380374/a7659f5b-fbe9-400a-8cc2-cca44778556e)
mobile view:

![image](https://github.com/go-gitea/gitea/assets/18380374/611f1b81-58ac-4213-b165-5c73e24ca79e)

After:
desktop view:

![image](https://github.com/go-gitea/gitea/assets/18380374/f21bf3a7-f6aa-457d-9bfa-5c57659c68b1)
mobile view(almost same?)

![image](https://github.com/go-gitea/gitea/assets/18380374/ad2d1a4d-1172-402c-b5fc-5e910657847d)

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-11-07 23:52:08 +00:00
silverwind
2e6af43a06
Remove go versions from .golangci.yml (#27953)
1. `linter.lang-version` is deprecated in favor of `run.go`
2. `run.go` defaults to the version in `go.mod` as per
[docs](https://golangci-lint.run/usage/configuration/#run-configuration):

```yaml
  # Define the Go version limit.
  # Mainly related to generics support since go1.18.
  # Default: use Go version from the go.mod file, fallback on the env var `GOVERSION`, fallback on 1.18
  go: '1.19'
```

So in summary, we don't need these versions in the file as long as we
keep the version in go.mod bumped.
2023-11-07 22:03:27 +01:00
wxiaoguang
10a6ebb3fd
Fix the overflow style for "Hide all checks" (#27932)
Fix #27928

---------

Co-authored-by: silverwind <me@silverwind.io>
2023-11-07 18:53:35 +00:00
Sebastian Brückner
e80f446d3a
Fix rendering assignee changed comments without assignee (#27927)
When an assignee changed event comment is rendered, most of it is
guarded behind the assignee ID not being 0. However, if it is 0, that
results in quite broken rendering for that comment and the next one.
This can happen, for example, when repository data imported from outside
of Gitea is incomplete.

This PR makes sure comments with an assignee ID of 0 are not rendered at
all.

---

Screenshot before:
<img width="272" alt="Bildschirm­foto 2023-11-05 um 20 12 18"
src="https://github.com/go-gitea/gitea/assets/42910/7d629d76-fee4-4fe5-9e3a-bf524050cead">
The comments in this screenshot are:
1. A regular text comment
2. A user being unassigned
3. A user being assigned
4. The title of the PR being changed

Comments 2 and 3 are rendered without any text, which indents the next
comment and does not leave enough vertical space.

Co-authored-by: Giteabot <teabot@gitea.io>
2023-11-07 19:45:06 +01:00
yp05327
3a924fdc83
Add word break to release title (#27942)
Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/74c925e0-15ae-4602-8b56-0b69f54a5e7a)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/027c34ef-0cbc-4156-a198-44bf5dd924e2)
2023-11-07 10:53:04 +00:00
silverwind
abd79ddebf
Update JS dependencies (#27922)
- Update all JS dependencies minus @mcaptcha/vanilla-glue (unsolved
error, see https://github.com/mCaptcha/glue/issues/65)
- Migrate deprecated eslint rules to `@stylistic/eslint-plugin-js`
- Enable and autofix `@stylistic/js/no-multiple-empty-lines`
- Regenerate poetry.lock with latest poetry
- Tested Mermaid, Swagger, Citation, Vue
2023-11-06 21:14:32 +00:00
Folke
c823af26db
Update environment-to-ini flag parsing (#27914)
This Fixes #27913 

This commit updates `environment-to-ini` to be compatible with update
urfave/cli/v2

Doc: <https://cli.urfave.org/v2/examples/combining-short-options/>
2023-11-06 21:36:58 +01:00
silverwind
0999721c7b
Add --no-root to update-py (#27937)
Missed this command in https://github.com/go-gitea/gitea/pull/27919.
2023-11-06 15:44:04 +00:00
Nanguan Lin
1e25c15d98
Remove known issue section in Gitea Actions Doc (#27930)
The bug has been fixed for several months in the
`docker/build-push-action`
The fix commit is
[d8823bfaed](d8823bfaed)
as the Gitea Actions Doc mentioned too.
2023-11-06 22:45:37 +08:00
yp05327
7a2ff6c162
Fix edit topic UI (#27925)
Before:
desktop view:

![image](https://github.com/go-gitea/gitea/assets/18380374/c04d8730-5dac-4318-9643-72801da0ca16)
mobile view:

![image](https://github.com/go-gitea/gitea/assets/18380374/187220d3-1fcc-4db8-9cf8-ee88fe92d989)
after click `Save` btn:

![image](https://github.com/go-gitea/gitea/assets/18380374/c3242470-7e6f-4ddc-a2ac-d896bbd39529)

![image](https://github.com/go-gitea/gitea/assets/18380374/82e03ba5-a6d2-4437-b074-387e7ad5b6ba)
refresh the page, you will see that `gt-m-0` is missing after save
topic:

![image](https://github.com/go-gitea/gitea/assets/18380374/26914820-9363-483c-af70-78b76de47523)


After:
desktop view:

![image](https://github.com/go-gitea/gitea/assets/18380374/12d878e1-351e-4983-b3d9-5216e9f30a19)
mobile view:

![image](https://github.com/go-gitea/gitea/assets/18380374/4adf9b0f-977b-4bbc-a42f-b9bfb2d648dd)
after click `Save` btn:

![image](https://github.com/go-gitea/gitea/assets/18380374/064c911e-d074-4432-8a55-8ff8ddb93989)
2023-11-06 09:23:50 +00:00
KN4CK3R
4f4fea734c
Unify two factor check (#27915)
Fixes #27819

We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.
2023-11-06 08:22:39 +00:00
KN4CK3R
8557a9455b
Revert #27870 (#27917)
Now that we have #27798 we don't need the check from #27870 anymore.
With the check it's not possible to remove an inactive auth source from
the user.
2023-11-06 06:09:34 +00:00
delvh
1f501dae9e
Fix JS NPE when viewing specific range of PR commits (#27912)
This should be the easiest fix.
While other solutions might be possible that exterminate the root cause,
they will not be as trivial.
2023-11-06 02:05:24 +00:00
silverwind
1ccdb546f0
Install poetry dependencies with --no-root (#27919)
Poetry 1.7.0 or higher will print a warning otherwise, see discussions:

https://github.com/python-poetry/poetry/pull/8369
https://github.com/python-poetry/poetry/issues/1132

> --no-root Do not install the root package (the current project).
2023-11-06 00:11:34 +00:00
sebastian-sauer
37a7c551d4
Show correct commit sha when viewing single commit diff (#27916)
Show the correct sha when viewing a single commit.


![image](https://github.com/go-gitea/gitea/assets/1135157/5f39a84e-11ed-4700-b40b-eb9da6e91bec)
2023-11-06 00:39:32 +01:00
Nanguan Lin
966dcb99e3
Fix 500 when deleting a dismissed review (#27903)
Fix #27767 
Add a test to ensure its behavior
2023-11-05 13:25:40 +00:00
Earl Warren
59f9ef9fee
Remove action runners on user deletion (#27902)
- On user deletion, delete action runners that the user has created.
- Add a database consistency check to remove action runners that have
nonexistent belonging owner.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1720

(cherry picked from commit 009ca7223d)

Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-11-05 13:48:32 +01:00
Earl Warren
da0c4b8d10
Remove SSH workaround (#27893)
Revert the workaround of #26409 and fix #26411, update github.com/gliderlabs/ssh to include 02f9d57300
2023-11-03 15:21:05 +00:00
Earl Warren
c46080bc9d
Remove "tabindex" from some form buttons (#27892)
Remove the "tabindex" from some form buttons on the "diff box" / "issue view content" page, let the browser use the default tab order.

---------

Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-11-03 14:40:48 +00:00
Lunny Xiao
d1dc9cb334
Refactor the function RemoveOrgUser (#27582)
This PR is a small refactor to merge removeOrgUser into RemoveOrgUser.
2023-11-03 14:01:45 +00:00
Zettat123
ae396ac7c0
Fix DownloadFunc when migrating releases (#27887)
We should not use `asset.ID` in DownloadFunc because DownloadFunc is a
closure.

1bf5527eac/services/migrations/gitea_downloader.go (L284-L295)

A similar bug when migrating from GitHub has been fixed in #14703. This
PR fixes the bug when migrating from Gitea and GitLab.
2023-11-03 15:56:53 +08:00
Lunny Xiao
1bf5527eac
Refactor Find Sources and fix bug when view a user who belongs to an unactive auth source (#27798)
The steps to reproduce it.

First, create a new oauth2 source.
Then, a user login with this oauth2 source.
Disable the oauth2 source.
Visit users -> settings -> security, 500 will be displayed.
This is because this page only load active Oauth2 sources but not all
Oauth2 sources.
2023-11-03 01:41:00 +00:00
GiteaBot
80715ae5c7 [skip ci] Updated translations via Crowdin 2023-11-03 00:23:16 +00:00
yp05327
dcb648ee71
Add Hide/Show all checks button to commit status check (#26284)
Step one for a GitHub like commit status check ui:

![image](https://github.com/go-gitea/gitea/assets/18380374/22953b88-1f91-4d19-bc57-ad92d33fa11f)

![image](https://github.com/go-gitea/gitea/assets/18380374/78572a49-c9b0-472b-86a8-8293197e807b)

![image](https://github.com/go-gitea/gitea/assets/18380374/bc5c8d1c-2ab5-4b03-b8c6-20c34b86d856)

Step two:

![image](https://github.com/go-gitea/gitea/assets/18380374/938b359e-8823-4192-b82d-55fa40b986fd)

![image](https://github.com/go-gitea/gitea/assets/18380374/2de5bb8f-40f5-462a-8d6d-bac13a32bc2a)

The design now will list all commit status checks which takes too much
space.
This is a pre-improve for #26247

---------

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-11-02 14:49:02 +00:00
Lunny Xiao
0ba4ecc3bd
Fix http protocol auth (#27875) 2023-11-02 22:14:33 +08:00
KN4CK3R
4776fde9e1
Display issue task list on project cards (#27865)
Display the issue task list on project cards.


![grafik](https://github.com/go-gitea/gitea/assets/1666336/e6cb3196-8980-403c-9795-3a7b03fbfb3c)

Co-authored-by: Giteabot <teabot@gitea.io>
2023-11-02 11:42:02 +01:00
silverwind
dc52f26d46
Reduce margin/padding on flex-list items and divider (#27872)
Small CSS tweak, reduces margin/padding from 14px to 10px, which I think
looks better
2023-11-02 12:30:38 +08:00
KN4CK3R
e378545f30
Filter inactive auth sources (#27870)
Fix nil access for inactive auth sources.

> Render failed, failed to render template:
user/settings/security/security, error: template error:
builtin(static):user/settings/security/accountlinks:32:20 : executing
"user/settings/security/accountlinks" at <$providerData.IconHTML>: nil
pointer evaluating oauth2.Provider.IconHTML

Code tries to access the auth source of an `ExternalLoginUser` but the
list contains only the active auth sources.
2023-11-02 01:46:26 +02:00
Moritz Poldrack
9b6e77c489
refactor postgres connection string building (#27723)
This patchset changes the connection string builder to use net.URL and
the host/port parser to use the stdlib function for splitting host from
port. It also adds a footnote about a potentially required portnumber
for postgres UNIX sockets.

Fixes: #24552
2023-11-01 18:00:20 +00:00
nodiscc
665d12cf84
doc: actions/act-runner: document running as a systemd service (#27844)
This documents running `act-runner` as a systemd service under a
dedicated user account.
2023-11-01 23:14:40 +08:00
Lunny Xiao
d519a39302
Support storage base path as prefix (#27827)
This PR adds a prefix path for all minio storage and override base path
will override the path.
The previous behavior is undefined officially, so it will be marked as
breaking.
2023-11-01 19:17:18 +08:00