Commit graph

4374 commits

Author SHA1 Message Date
Caesar Schinas 271db6ff22
[FEAT] support .forgejo dir for issue and PR templates 2024-02-06 10:22:32 +01:00
Gergely Nagy be8d16438a
Fix /api/v1/{owner}/{repo}/issue_templates
When issue templates were moved into services in
def4956122, the code was also refactored
and simplified. Unfortunately, that simplification broke the
`/api/v1/{owner}/{repo}/issue_templates` route, because it was
previously using a helper function that ignored invalid templates, and
after the refactor, the function it called *always* returned non-nil as
the second return value. This, in turn, results in the aforementioned
end point always returning an internal server error.

This change restores the previous behaviour of ignoring invalid files
returned by `issue.GetTemplatesFromDefaultBranch`, and adds a few test
cases to exercise the endpoint.

Other users of `GetTemplatesFromDefaultBranch` already ignore the second
return value, or handle it correctly, so no changes are necessary there.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-05 20:58:41 +01:00
Earl Warren 030cdd6ae2
[GITEA] Allow changing the email address before activation (squash)
See https://codeberg.org/forgejo/forgejo/pulls/2300
2024-02-05 16:57:58 +01:00
oliverpool ecfc3cb3f0
[GITEA] always load outdated comments
(cherry picked from commit 2615dea9af)
2024-02-05 16:57:58 +01:00
Earl Warren 49b51cbdd7
Revert "Do not render empty comments (#29039)"
This reverts commit b4513f48ce.
2024-02-05 16:57:58 +01:00
Gergely Nagy c335d076aa
[GITEA] admin: "Self Check" should only show for some db types
The "Self Check" menu essentially runs the collation check that is also
performed at startup, and displays the results. This is only a thing for
MariaDB/MySQL and MSSQL. As such, the menu item should only be available
for these database types.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 0ca118fdc3)
2024-02-05 16:57:56 +01:00
Gergely Nagy 2ca4862f8b
[GITEA] Allow changing the repo Wiki branch to main
Previously, the repo wiki was hardcoded to use `master` as its branch,
this change makes it possible to use `main` (or something else, governed
by `[repository].DEFAULT_BRANCH`, a setting that already exists and
defaults to `main`).

The way it is done is that a new column is added to the `repository`
table: `wiki_branch`. The migration will make existing repositories
default to `master`, for compatibility's sake, even if they don't have a
Wiki (because it's easier to do that). Newly created repositories will
default to `[repository].DEFAULT_BRANCH` instead.

The Wiki service was updated to use the branch name stored in the
database, and fall back to the default if it is empty.

Old repositories with Wikis using the older `master` branch will have
the option to do a one-time transition to `main`, available via the
repository settings in the "Danger Zone". This option will only be
available for repositories that have the internal wiki enabled, it is
not empty, and the wiki branch is not `[repository].DEFAULT_BRANCH`.

When migrating a repository with a Wiki, Forgejo will use the same
branch name for the wiki as the source repository did. If that's not the
same as the default, the option to normalize it will be available after
the migration's done.

Additionally, the `/api/v1/{owner}/{repo}` endpoint was updated: it will
now include the wiki branch name in `GET` requests, and allow changing
the wiki branch via `PATCH`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit d87c526d2a)
2024-02-05 16:57:47 +01:00
Gusted 464ae81a36
[GITEA] Refactor generation of JWT secret
- Remove non base64-ed version of JWT secret generation. Because all
occurences need the Base64 version.

(cherry picked from commit 6a6b5a31a8)
(cherry picked from commit 066b8ca6b4)
2024-02-05 16:54:44 +01:00
Gusted c831ff67e4
[GITEA] Simplify blame handler
- Remove unnecessary checks for `ctx.Repo.TreePath`, because it will
already early-return if it's empty.
- Simplify `performBlame` to extract the repoPath from the context.
- Don't render the topics, as they are not shown in the blame
page (there's a condition in the template for the blame page).
- Fix that `performBlame` doesn't call `NotFound`, it should instead
only return the error.
- Fix that the error handlings call `ServerError` instead of `NotFound`.
- Simplify `bypass-blame-ignore` to use `ctx.FormBool`.
- Remove `TreeLink`, `HasParentPath` and `ParentPath` as it's not used
in the blame template.
- Inline `BranchLink` and `RawFileLink` string operations.
- Move around `NumLines` to make it clear the error is handled.
- Less code, less things the code does, more readable and thus more
maintanable!

(cherry picked from commit e02baca55c)
(cherry picked from commit 74e00620ca)
2024-02-05 16:54:44 +01:00
Earl Warren fe8622dae3
Revert "Fix schedule tasks bugs (#28691)"
This reverts commit 97292da960.

(cherry picked from commit 83e5eba031)
(cherry picked from commit f6ef8f3819)

Conflicts:
	services/repository/setting.go
2024-02-05 16:54:42 +01:00
Earl Warren f7fd1c7c86
Revert "Fix an actions schedule bug (#28942)"
This reverts commit adc3598a75.
2024-02-05 16:53:39 +01:00
Gergely Nagy d4396acf82
[GITEA] Don't consider orphan branches as recently pushed
When displaying the recently pushed branches banner, don't display
branches that have no common history with the default branch. These
branches are usually not meant to be merged, so the banner is just noise
in this case.

Refs: https://codeberg.org/forgejo/forgejo/pulls/2196

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e1fba517f4)
(cherry picked from commit 2d3c81d4f2)
(cherry picked from commit 624a61b3b8)
2024-02-05 16:09:43 +01:00
voltagex 578ab6a3c9
[GITEA] API comment update routers/api/v1/shared/runners.go
Refs: https://codeberg.org/forgejo/forgejo/pulls/2191

(cherry picked from commit 1e89dd95b9)
(cherry picked from commit fecc14a16c)
(cherry picked from commit b4509aa4c7)
(cherry picked from commit 6fdf3b2ad1)
2024-02-05 16:09:43 +01:00
Gusted 938a450c9e
[GITEA] Document correct status code for creating Tag
- When there's a succesful POST operation, it should return a 201 status
code (which is the status code for succesful created) and additionally
the created object.
- Currently for the `POST /repos/{owner}/{repo}/tags` endpoint an 200
status code was documented in the OpenAPI specification, while an 201
status code was actually being returned. In this case the code is
correct and the documented status code needs to be adjusted.
- Resolves #2200

(cherry picked from commit a2939116f5)
(cherry picked from commit 22cff41585)
(cherry picked from commit b23a7f27bb)
2024-02-05 16:09:43 +01:00
Gergely Nagy bc7e448d49
[GITEA] Rework when recently pushed branches are displayed
With this change, the "You pushed on branch xyz" banner will be
displayed when either the viewed repository or its base repo (if the
current one's a fork) has pull requests enabled. Previously it only
displayed if the viewed repo had PRs enabled.

Furthermore, if the viewed repository is an original repository that the
viewing user has a fork of, if the forked repository has recently pushed
branches, then the banner will appear for the original repository too.
In this case, the notification will include branches from the viewing
user's fork, and branches they pushed to the base repo, too.

Refs: https://codeberg.org/forgejo/forgejo/pulls/2195

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit a29f10661d)
(cherry picked from commit 70c5e2021d)
(cherry picked from commit 48b25be67a)
2024-02-05 16:09:43 +01:00
Gusted b020ded391
[GITEA] Adjust name of operation
- The name could be conflucted with the `GET
/user/applications/oauth2/{id}` operation, as it only differed in a
single letter being uppercase. Change it to be
userGetOAuth2Application**s**, as that's also more accurate for this function.
- Resolves #2163

(cherry picked from commit 1891dac547)
(cherry picked from commit 68fceb9b7a)
(cherry picked from commit 7335d6de54)
2024-02-05 16:09:43 +01:00
Gusted bbe5a881cc
[GITEA] Fix API inconsistencies
- Document the correct content types for Git archives. Add code that
actually sets the correct application type for `.zip` and `.tar.gz`.
- When an action (POST/PUT/DELETE method) was successful, an 204 status
code should be returned instead of status code 200.
- Add and adjust integration testing.
- Resolves #2180
- Resolves #2181

(cherry picked from commit 6c8c4512b5)
(cherry picked from commit 3f74bcb14d)
(cherry picked from commit 6ed9057fd7)
2024-02-05 16:09:43 +01:00
Earl Warren 0b503e5e86
[GITEA] DELETE /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments/{comment}
* reuse deleteIssueComment by adding the commentType parameter
* ensure tests start with a PR with no random reviews from fixtures

Refs: https://codeberg.org/forgejo/forgejo/issues/2109
(cherry picked from commit 5b90ab77f6)
(cherry picked from commit 28ecd6f5a6)
(cherry picked from commit 24870cf133)
2024-02-05 16:09:43 +01:00
Earl Warren bd1cea3f82
[GITEA] GET /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments/{comment}
Refs: https://codeberg.org/forgejo/forgejo/issues/2109
(cherry picked from commit 69fcf26dee)
(cherry picked from commit 1296f4d115)
(cherry picked from commit 119d10d9e2)
(cherry picked from commit eb5b55b1b7)
2024-02-05 16:09:43 +01:00
Earl Warren e658a6a9cd
[GITEA] API commentAssignment() to verify the id belongs
Instead of repeating the tests that verify the ID of a comment
is related to the repository of the API endpoint, add the middleware
function commentAssignment() to assign ctx.Comment if the ID of the
comment is verified to be related to the repository.

There already are integration tests for cases of potential unrelated
comment IDs that cover some of the modified endpoints which covers the
commentAssignment() function logic.

* TestAPICommentReactions - GetIssueCommentReactions
* TestAPICommentReactions - PostIssueCommentReaction
* TestAPICommentReactions - DeleteIssueCommentReaction
* TestAPIEditComment - EditIssueComment
* TestAPIDeleteComment - DeleteIssueComment
* TestAPIGetCommentAttachment - GetIssueCommentAttachment

The other modified endpoints do not have tests to verify cases of
potential unrelated comment IDs. They no longer need to because they
no longer implement the logic to enforce this. They however all have
integration tests that verify the commentAssignment() they now rely on
does not introduce a regression.

* TestAPIGetComment - GetIssueComment
* TestAPIListCommentAttachments - ListIssueCommentAttachments
* TestAPICreateCommentAttachment - CreateIssueCommentAttachment
* TestAPIEditCommentAttachment - EditIssueCommentAttachment
* TestAPIDeleteCommentAttachment - DeleteIssueCommentAttachment

(cherry picked from commit d414376d74)
(cherry picked from commit 09db07aeae)
(cherry picked from commit f44830c3cb)

Conflicts:
	modules/context/api.go
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 9d1bf7be15)
2024-02-05 16:09:43 +01:00
Gusted 2cfcd266b4
[GITEA] Fix panic in canSoftDeleteContentHistory
- It's possible that `canSoftDeleteContentHistory` is called without
`ctx.Doer` being set, such as an anonymous user requesting the
`/content-history/detail` endpoint.
- Add a simple condition to always set to `canSoftDelete` to false if an
anonymous user is requesting this, this avoids a panic in the code that
assumes `ctx.Doer` is set.
- Added integration testing.

(cherry picked from commit 0b5db0dcc6)
(cherry picked from commit 30d168bcc8)
(cherry picked from commit 19be82b7ef)
(cherry picked from commit 334b703b17)
2024-02-05 16:09:42 +01:00
Earl Warren 603a44edf0
[GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments
Refs: https://codeberg.org/forgejo/forgejo/issues/2109
(cherry picked from commit 8b4ba3dce7)
(cherry picked from commit 196edea0f9)

[GITEA] POST /repos/{owner}/{repo}/pulls/{index}/reviews/{id}/comments (squash) do not implicitly create a review

If a comment already exists in a review, the comment is added. If it
is the first comment added to a review, it will implicitly create a
new review instead of adding to the existing one.

The pull_service.CreateCodeComment function is responsibe for this
behavior and it will defer to createCodeComment once the review is
determined, either because it was found or because it was created.

Rename createCodeComment into CreateCodeCommentKnownReviewID to expose
it and change the API endpoint to use it instead. Since the review is
provided by the user and verified to exist already, there is no need
for the logic implemented by CreateCodeComment.

The tests are modified to remove the initial comment from the fixture
because it was creating the false positive. I was verified to fail
without this fix.

(cherry picked from commit 6a555996dc)
(cherry picked from commit b173a0ccee)
(cherry picked from commit 838ab9740a)
2024-02-05 16:09:42 +01:00
Gergely Nagy 639b428cf4
[FEAT] API support for repository flags
Expose the repository flags feature over the API, so the flags can be
managed by a site administrator without using the web API.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit bac9f0225d)
(cherry picked from commit e7f5c1ba14)
(cherry picked from commit 95d9fe19cf)
(cherry picked from commit 7fc51991e4)
2024-02-05 16:09:42 +01:00
Gergely Nagy 36f7c162e2
[FEAT] Repository flags
This implements "repository flags", a way for instance administrators to
assign custom flags to repositories. The idea is that custom templates
can look at these flags, and display banners based on them, Forgejo does
not provide anything built on top of it, just the foundation. The
feature is optional, and disabled by default. To enable it, set
`[repository].ENABLE_FLAGS = true`.

On the UI side, instance administrators will see a new "Manage flags"
tab on repositories, and a list of enabled tags (if any) on the
repository home page. The "Manage flags" page allows them to remove
existing flags, or add any new ones that are listed in
`[repository].SETTABLE_FLAGS`.

The model does not enforce that only the `SETTABLE_FLAGS` are present.
If the setting is changed, old flags may remain present in the database,
and anything that uses them, will still work. The repository flag
management page will allow an instance administrator to remove them, but
not set them, once removed.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ba735ce222)
(cherry picked from commit f09f6e029b)
(cherry picked from commit 2f8b041489)
(cherry picked from commit d3186ee5f4)
2024-02-05 16:09:42 +01:00
Gergely Nagy e019eb33a2
[GITEA] Find README.md for user profiles case insensitively
When trying to find a `README.md` in a `.profile` repo, do so case
insensitively. This change does not make it possible to render readmes
in formats other than Markdown, it just removes the hard-coded
"README.md".

Also adds a few tests to make sure the change works.

Fixes #1494.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit edd219d8e9)
(cherry picked from commit 2c0105ef17)
(cherry picked from commit 3975a9f3aa)
(cherry picked from commit dee4a18423)
(cherry picked from commit 60aee6370f)
2024-02-05 16:09:42 +01:00
Gergely Nagy f90b802634
[GITEA] Add support for shields.io-based badges
Adds a new `/{username}/{repo}/badges` family of routes, which redirect
to various shields.io badges. The goal is to not reimplement badge
generation, and delegate it to shields.io (or a similar service), which
are already used by many. This way, we get all the goodies that come
with it: different styles, colors, logos, you name it.

So these routes are just thin wrappers around shields.io that make it
easier to display the information we want. The URL is configurable via
`app.ini`, and is templatable, allowing to use alternative badge
generator services with slightly different URL patterns.

Additionally, for compatibility with GitHub, there's an
`/{username}/{repo}/actions/workflows/{workflow_file}/badge.svg` route
that works much the same way as on GitHub. Change the hostname in the
URL, and done.

Fixes gitea#5633, gitea#23688, and also fixes #126.

Work sponsored by Codeberg e.V.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit fcd0f61212)
(cherry picked from commit 20d14f7844)
(cherry picked from commit 4359741431)
(cherry picked from commit 35cff45eb8)
(cherry picked from commit 2fc0d0b8a3)
2024-02-05 16:09:42 +01:00
Gergely Nagy 92f41d11dd
[GITEA] repo: Don't redirect the repo to external units
When displaying the repo home view, do not redirect to unit types that
can't be defaults (which, at the moment, are the external wiki and issue
tracker unit types).

If we'd redirect to those, that would mean that a repository with the
Code unit disabled, and an external issue tracker would immediately
redirect to the external issue tracker, making it harder to reach other,
non-external units of the repo.

Fixes #1965.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 44078e5460)
(cherry picked from commit 1868dec2e4)
(cherry picked from commit c3a8e98870)
(cherry picked from commit 9266b1916f)
(cherry picked from commit 8fa5ff65af)
2024-02-05 16:09:42 +01:00
Antonin Delpeuch f3b298133e
[GITEA] pulls: "Edit File" button in "Files Changed" tab
Closes #1894.
Gitea issue: https://github.com/go-gitea/gitea/issues/23848

(cherry picked from commit 79c75164ca)
(cherry picked from commit 58c76aad8f)
(cherry picked from commit 5bdb3c6c53)
(cherry picked from commit 94e954ce22)
(cherry picked from commit 1388e7c7be)
(cherry picked from commit 6a234abff5)
2024-02-05 16:09:42 +01:00
Gusted be6416e990
[GITEA] Fix /issues/search endpoint
- The endpoint was moved from being an API endpoint to an web endpoint
with JSON result. However the API context isn't the same as the web
context, for example the `ctx.Error` only takes in the first two
arguments into consideration and doesn't do logging, which is not the
same behavior as the API context where there's three arguments and does
do logging and only reveal the function + error if the user is admin.
- Remove any details in the error message and do the logging seperatly,
this is somewhat consistent with how other API endpoints behave.
- Ref: https://codeberg.org/forgejo/forgejo/issues/1998

(cherry picked from commit fe71e32ace)
(cherry picked from commit c89e0735fa)
(cherry picked from commit 4c04dcfc59)
(cherry picked from commit 66eae1041c)
(cherry picked from commit 7b70fa9392)
(cherry picked from commit abf64ca0e3)
2024-02-05 16:09:42 +01:00
Gergely Nagy 5eeccecafc
[GITEA] Optionally allow anyone to edit Wikis
This is largely based on gitea#6312 by @ashimokawa, with updates and
fixes by myself, and incorporates the review feedback given in that pull
request, and more.

What this patch does is add a new "default_permissions" column to the
`repo_units` table (defaulting to read permission), adjusts the
permission checking code to take this into consideration, and then
exposes a setting that lets a repo administrator enable any user on a
Forgejo instance to edit the repo's wiki (effectively giving the wiki
unit of the repo "write" permissions by default).

By default, wikis will remain restricted to collaborators, but with the
new setting exposed, they can be turned into globally editable wikis.

Fixes Codeberg/Community#28.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 4b74439922)
(cherry picked from commit 337cf62c10)
(cherry picked from commit b6786fdb32)
(cherry picked from commit a5d2829a10)

[GITEA] Optionally allow anyone to edit Wikis (squash) AddTokenAuth

(cherry picked from commit fed50cf72e)
(cherry picked from commit 42c55e494e)
(cherry picked from commit e3463bda47)
2024-02-05 16:09:42 +01:00
Gusted 33b1dec846
[GITEA] Fix NPE in UsernameSubRoute
- When the user is not found in `reloadparam`, early return when the
user is not found to avoid calling `IsUserVisibleToViewer` which in turn
avoids causing a NPE.
- This fixes the case that a 500 error and 404 error is shown on the
same page.
- Add integration test for non-existant user RSS.
- Regression by c6366089df

(cherry picked from commit f0e0696278)
(cherry picked from commit 75d8066908)
(cherry picked from commit 4d0a1e0637)
(cherry picked from commit 5f40a485da)
(cherry picked from commit c4cb7812e3)
(cherry picked from commit d31ce2f03d)
(cherry picked from commit cfebef4f82)
2024-02-05 16:09:41 +01:00
Gergely Nagy d4fc0d2c5a
[GITEA] Allow changing the email address before activation
During registration, one may be required to give their email address, to
be verified and activated later. However, if one makes a mistake, a
typo, they may end up with an account that cannot be activated due to
having a wrong email address.

They can still log in, but not change the email address, thus, no way to
activate it without help from an administrator.

To remedy this issue, lets allow changing the email address for logged
in, but not activated users.

This fixes gitea#17785.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit aaaece28e4)
(cherry picked from commit 639dafabec)
(cherry picked from commit d699c12ceb)

[GITEA] Allow changing the email address before activation (squash) cache is always active

This needs to be revisited because the MailResendLimit is not enforced
and turns out to not be tested.

See e7cb8da2a8 * Always enable caches (#28527)

(cherry picked from commit 43ded8ee30)

Rate limit pre-activation email change separately

Changing the email address before any email address is activated should
be subject to a different rate limit than the normal activation email
resending. If there's only one rate limit for both, then if a newly
signed up quickly discovers they gave a wrong email address, they'd have
to wait three minutes to change it.

With the two separate limits, they don't - but they'll have to wait
three minutes before they can change the email address again.

The downside of this setup is that a malicious actor can alternate
between resending and changing the email address (to something like
`user+$idx@domain`, delivered to the same inbox) to effectively halving
the rate limit. I do not think there's a better solution, and this feels
like such a small attack surface that I'd deem it acceptable.

The way the code works after this change is that `ActivatePost` will now
check the `MailChangeLimit_user` key rather than `MailResendLimit_user`,
and if we're within the limit, it will set `MailChangedJustNow_user`. The
`Activate` method - which sends the activation email, whether it is a
normal resend, or one following an email change - will check
`MailChangedJustNow_user`, and if it is set, it will check the rate
limit against `MailChangedLimit_user`, otherwise against
`MailResendLimit_user`, and then will delete the
`MailChangedJustNow_user` key from the cache.

Fixes #2040.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e35d2af2e5)
(cherry picked from commit 03989418a7)
(cherry picked from commit f50e0dfe5e)
(cherry picked from commit cad9184a36)
(cherry picked from commit e2da5d7fe1)
(cherry picked from commit 3a80534d4d)
2024-02-05 16:09:41 +01:00
Gergely Nagy fa0759962b
[GITEA] allow viewing the latest Action Run on the web
Similar to how some other parts of the web UI support a `/latest` path
to directly go to the latest of a certain thing, let the Actions web UI
do the same: `/{owner}/{repo}/actions/runs/latest` will redirect to the
latest run, if there's one available.

Fixes gitea#27991.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit f67ccef1dd)

Code cleanup in the actions.ViewLatest route handler

Based on feedback received after the feature was merged, use
`ctx.NotFound` and `ctx.ServerError`, and drop the use of the
unnecessary `ctx.Written()`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 74e42da563)
(cherry picked from commit f7535a1cef)
(cherry picked from commit 1a90cd37c3)
(cherry picked from commit d86d71340a)
(cherry picked from commit 9e5cce1afc)
(cherry picked from commit 2013fb3fab)
(cherry picked from commit 88b9d21d11)
(cherry picked from commit 72c020298e)
(cherry picked from commit 6525f730df)
2024-02-05 16:09:41 +01:00
Gusted 533c87da65
[GITEA] Make HTTPS schema default for Swagger
- Switch the supported schemas for the Swagger API around, such that
https is the first one listed. This ensures that when the Swagger API is
used it will default to the https schema, which is likely the schema you
want to use in the majority of the cases.
- Resolves #1895

BREAKING CHANGE NOTICE:
If you are using the Swagger API JSON directly to communicate with the
Forgejo API, the library you are using may be using the first schema
defined in the JSON file (e.g. https://code.forgejo.org/swagger.v1.json)
to construct the request url, this used to be `http` but has now changed
to `https`. This can cause failures if you want to send the swagger
request over `http` (and there is no HTTPS redirection configured).

(cherry picked from commit 81e5f43886)
(cherry picked from commit d847469ea2)
(cherry picked from commit 96e75e1d5c)
(cherry picked from commit 65baa64261)
(cherry picked from commit cd3e0a74e6)
(cherry picked from commit a3127e90b2)
(cherry picked from commit 2b22272dc5)
(cherry picked from commit 7363790592)
(cherry picked from commit 432b9a4451)
2024-02-05 16:09:41 +01:00
Gusted 75ce1e2ac1
[GITEA] Allow user to select email for file operations in Web UI
- Add a dropdown to the web interface for changing files to select which
Email should be used for the commit. It only shows (and verifies) that a
activated mail can be used, while this isn't necessary, it's better to
have this already in place.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/281

(cherry picked from commit 564e701f40)
(cherry picked from commit de8f2e03cc)
(cherry picked from commit 0182cff12e)
(cherry picked from commit 9c74254d46)
(cherry picked from commit 2f0b68f821)
(cherry picked from commit 079b995d49)
(cherry picked from commit 6952ea6ee3)
(cherry picked from commit 6c7d5a5d14)
(cherry picked from commit 49c39f0ed5)
(cherry picked from commit a8f9727388)
2024-02-05 16:09:41 +01:00
Antonin Delpeuch 6338fe8bef
[GITEA] oauth2: use link_account page when email/username is missing (#1757)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1757
Co-authored-by: Antonin Delpeuch <antonin@delpeuch.eu>
Co-committed-by: Antonin Delpeuch <antonin@delpeuch.eu>
(cherry picked from commit 0f6e0f9035)
(cherry picked from commit 779168a572)
(cherry picked from commit 29a2457321)
(cherry picked from commit a1edc2314d)
(cherry picked from commit cd01594610)
(cherry picked from commit 74db46b0f5)
(cherry picked from commit fd98f55204)
(cherry picked from commit 3099d0e281)
(cherry picked from commit 9fbbe61364)
(cherry picked from commit 8c00565006)
(cherry picked from commit 0977a1ed75)
2024-02-05 16:09:40 +01:00
Gusted 4d76bbeda7
[GITEA] Accept shorter commit IDs in web route
- Be more liberal in what Forgejo accepts, by reducing the minimum
amount of characters for SHA to 4 characters, which is the minimum
amount that  Git needs in order to figure out which commit was meant.
- It's safe to reduce this requirements, as commits are passed to Git
which will error if the given commit ID results in more than one Git
object. Forgejo will catch this error as that the Commit doesn't exist,
which is a error that's already being handled in most places gracefully.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1760

(cherry picked from commit 0d655c7384)
(cherry picked from commit 9b9aca2a02)
(cherry picked from commit 0d0ab1af1f)
(cherry picked from commit d3b352c854)
(cherry picked from commit d6af2094df)
(cherry picked from commit f96e55a7a9)
(cherry picked from commit bb6261f847)
(cherry picked from commit f6a4146161)
(cherry picked from commit ed02921379)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2214
(cherry picked from commit 768377cb02)
(cherry picked from commit 2cebe3ef94)
2024-02-05 16:09:40 +01:00
Gusted 62f866de99
[GITEA] Add repo empty check for branch feed
- If you attempted to get a branch feed on a empty repository, it would
result in a panic as the code expects that the branch exists.
- `context.RepoRefByType` would normally already 404 if the branch
doesn't exist, however if a repository is empty, it would not do this
check.
- Fix bug where `/atom/branch/*` would return a RSS feed.

(cherry picked from commit d27bcd98a4)
(cherry picked from commit c58566403d)
(cherry picked from commit b8b3f6ab8b)
(cherry picked from commit 195520100b)
(cherry picked from commit 6e417087dd)
(cherry picked from commit ff91e5957a)
(cherry picked from commit 6626d5cc75)
(cherry picked from commit 62f8ab793b)
(cherry picked from commit e5bbf1a2d0)
(cherry picked from commit f5b8c8edea)
(cherry picked from commit 50948fa11b)
(cherry picked from commit 83a9f7f442)
(cherry picked from commit 679438b5d6)
(cherry picked from commit 17db07d6d0)
2024-02-05 16:09:40 +01:00
Grigory Kirillov 8c0cbd3549
[GITEA] convert feed items' titles to plain text
Refs: https://codeberg.org/forgejo/forgejo/pulls/1595

(cherry picked from commit 35b962e631)
(cherry picked from commit 1004e35b84)
(cherry picked from commit af51dd594d)
(cherry picked from commit ef10fae296)
(cherry picked from commit ff8027ed1b)
(cherry picked from commit 2540ff52ef)
(cherry picked from commit 57b4d775e1)
(cherry picked from commit c388aba9b5)
(cherry picked from commit 7a3b605c11)
(cherry picked from commit cc02354d0a)
(cherry picked from commit e11c5ce82a)
(cherry picked from commit d1e7798bb2)
(cherry picked from commit 1813af7391)
(cherry picked from commit 0d55a88945)
(cherry picked from commit bd9ac9ac6f)
(cherry picked from commit 3794698320)
(cherry picked from commit 0f22c4be84)
2024-02-05 16:09:40 +01:00
Gusted 92413041bd
[GITEA] Use maintained gziphandler
- https://github.com/NYTimes/gziphandler doesn't seems to be maintained
anymore and Forgejo already includes
https://github.com/klauspost/compress which provides a maintained and
faster gzip handler fork.
- Enables Jitter to prevent BREACH attacks, as this *seems* to be
possible in the context of Forgejo.

(cherry picked from commit cc2847241d)
(cherry picked from commit 99ba56a876)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 711638193d)
(cherry picked from commit 9c12a37fde)
(cherry picked from commit d130653454)
(cherry picked from commit 45a16f8c3c)
(cherry picked from commit a497acb31f)
(cherry picked from commit fe87fd8289)
(cherry picked from commit 6ac12e6693)
(cherry picked from commit 981ec37e1e)
(cherry picked from commit 5d6892ec10)
(cherry picked from commit 9df7968f4f)
(cherry picked from commit 7d588d1833)

Conflicts:
	routers/web/web.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit defb101281)
(cherry picked from commit 5830f204a1)
(cherry picked from commit 029f4e9863)
(cherry picked from commit 816fe55812)

Conflicts:
	go.sum
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 99866d8045)
2024-02-05 16:09:40 +01:00
Gusted fa37a211fb
[GITEA] Drop sha256-simd in favor of stdlib
- In Go 1.21 the crypto/sha256 [got a massive
improvement](https://go.dev/doc/go1.21#crypto/sha256) by utilizing the
SHA instructions for AMD64 CPUs, which sha256-simd already was doing.
The performance is now on par and I think it's preferable to use the
standard library rather than a package when possible.

```
cpu: AMD Ryzen 5 3600X 6-Core Processor
                │  simd.txt   │               go.txt                │
                │   sec/op    │    sec/op     vs base               │
Hash/8Bytes-12    63.25n ± 1%    73.38n ± 1%  +16.02% (p=0.002 n=6)
Hash/64Bytes-12   98.73n ± 1%   105.30n ± 1%   +6.65% (p=0.002 n=6)
Hash/1K-12        567.2n ± 1%    572.8n ± 1%   +0.99% (p=0.002 n=6)
Hash/8K-12        4.062µ ± 1%    4.062µ ± 1%        ~ (p=0.396 n=6)
Hash/1M-12        512.1µ ± 0%    510.6µ ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        2.556m ± 1%    2.564m ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       5.112m ± 0%    5.127m ± 0%        ~ (p=0.093 n=6)
geomean           13.82µ         14.27µ        +3.28%

                │   simd.txt   │               go.txt                │
                │     B/s      │     B/s       vs base               │
Hash/8Bytes-12    120.6Mi ± 1%   104.0Mi ± 1%  -13.81% (p=0.002 n=6)
Hash/64Bytes-12   618.2Mi ± 1%   579.8Mi ± 1%   -6.22% (p=0.002 n=6)
Hash/1K-12        1.682Gi ± 1%   1.665Gi ± 1%   -0.98% (p=0.002 n=6)
Hash/8K-12        1.878Gi ± 1%   1.878Gi ± 1%        ~ (p=0.310 n=6)
Hash/1M-12        1.907Gi ± 0%   1.913Gi ± 1%        ~ (p=0.485 n=6)
Hash/5M-12        1.911Gi ± 1%   1.904Gi ± 0%        ~ (p=0.093 n=6)
Hash/10M-12       1.910Gi ± 0%   1.905Gi ± 0%        ~ (p=0.093 n=6)
geomean           1.066Gi        1.032Gi        -3.18%
```

(cherry picked from commit abd94ff5b5)
(cherry picked from commit 15e81637ab)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/1581
(cherry picked from commit 325d92917f)

Conflicts:
	modules/context/context_cookie.go
	https://codeberg.org/forgejo/forgejo/pulls/1617
(cherry picked from commit 358819e895)
(cherry picked from commit 362fd7aae1)
(cherry picked from commit 4f64ee294e)
(cherry picked from commit 4bde77f7b1)
(cherry picked from commit 1311e30a81)
(cherry picked from commit 57b69e334c)
(cherry picked from commit 52dc892fad)
(cherry picked from commit 77f54f4187)
(cherry picked from commit 0d0392f3a5)

Conflicts:
	go.mod
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 92798364e8)
(cherry picked from commit 43d2181277)
(cherry picked from commit 45c88b86a3)
(cherry picked from commit a1cd6f4e3a)
(cherry picked from commit 01191dc2ad)
(cherry picked from commit 151e07f37e)
2024-02-05 16:09:40 +01:00
Gusted a5b1c1b0b3
[GITEA] Detect file rename and show in history
- Add a indication to the file history if the file has been renamed,
this indication contains a link to browse the history of the file
further.
- Added unit testing.
- Added integration testing.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1279

(cherry picked from commit 72c297521b)
(cherry picked from commit 283f964894)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 7c30af7fde)
(cherry picked from commit f3be6eb269)
(cherry picked from commit 78e1755b94)
(cherry picked from commit 73799479e0)
(cherry picked from commit 938359b941)
(cherry picked from commit b168a9c081)

[GITEA] Detect file rename and show in history (squash) ctx.Locale

(cherry picked from commit 40447752ff)
(cherry picked from commit ea23594cdb)
(cherry picked from commit cdc473850c)
(cherry picked from commit 86e6641c29)
(cherry picked from commit 2757de586b)
(cherry picked from commit def4ae32dd)
(cherry picked from commit 6dada09329)
(cherry picked from commit 5d6d527251)

Conflicts:
	tests/integration/repo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2119
(cherry picked from commit d3c1bce7db)
(cherry picked from commit 04bcb22d5c)
(cherry picked from commit e16241fd99)
(cherry picked from commit 8e2beb3ed5)
2024-02-05 16:09:40 +01:00
Aravinth Manivannan 2d06901a18
[GITEA] notifies admins on new user registration
Sends email with information on the new user (time of creation and time of last sign-in) and a link to manage the new user from the admin panel

closes: https://codeberg.org/forgejo/forgejo/issues/480

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1371
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit c721aa828b)
(cherry picked from commit 6487efcb9d)

Conflicts:
	modules/notification/base/notifier.go
	modules/notification/base/null.go
	modules/notification/notification.go
	https://codeberg.org/forgejo/forgejo/pulls/1422
(cherry picked from commit 7ea66ee1c5)

Conflicts:
	services/notify/notifier.go
	services/notify/notify.go
	services/notify/null.go
	https://codeberg.org/forgejo/forgejo/pulls/1469
(cherry picked from commit 7d2d997011)
(cherry picked from commit 435a54f140)
(cherry picked from commit 8ec7b3e448)

[GITEA] notifies admins on new user registration (squash) performance bottleneck

Refs: https://codeberg.org/forgejo/forgejo/issues/1479
(cherry picked from commit 97ac9147ff)
(cherry picked from commit 19f295c16b)
(cherry picked from commit 3367dcb2cf)

[GITEA] notifies admins on new user registration (squash) cosmetic changes

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit 9f1670e040)
(cherry picked from commit de5bb2a224)
(cherry picked from commit 8f8e52f31a)
(cherry picked from commit e0d5130312)
(cherry picked from commit f1288d6d9b)
(cherry picked from commit 1db4736fd7)
(cherry picked from commit e8dcbb6cd6)
(cherry picked from commit 09625d6476)

[GITEA] notifies admins on new user registration (squash) ctx.Locale

(cherry picked from commit dab7212fad)
(cherry picked from commit 9b7bbae8c4)
(cherry picked from commit f750b71d3d)
(cherry picked from commit f79af36679)
(cherry picked from commit e76eee334e)

[GITEA] notifies admins on new user registration (squash) fix locale

(cherry picked from commit 54cd100d8d)
(cherry picked from commit 053dbd3d50)

[GITEA] notifies admins on new user registration (squash) fix URL

1. Use absolute URL in the admin panel link sent on new registrations
2. Include absolute URL of the newly signed-up user's profile.

New email looks like this:

<details><summary>Please click to expand</summary>

```
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset=UTF-8

User Information: @realaravinth ( http://localhost:3000/realaravinth )
----------------------------------------------------------------------

* Created: 2023-12-13 19:36:50 +05:30

Please click here ( http://localhost:3000/admin/users/9 ) to manage the use=
r from the admin panel.
--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html>
<head>
	<meta http-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
	<title>New user realaravinth just signed up</title>

	<style>
		blockquote { padding-left: 1em; margin: 1em 0; border-left: 1px solid gre=
y; color: #777}
		.footer { font-size:small; color:#666;}
	</style>

</head>

<body>
	<ul>
		<h3>User Information: <a href=3D"http://localhost:3000/realaravinth">@rea=
laravinth</a></h3>
		<li>Created: <relative-time format=3D"datetime" weekday=3D"" year=3D"nume=
ric" month=3D"short" day=3D"numeric" hour=3D"numeric" minute=3D"numeric" se=
cond=3D"numeric" datetime=3D"2023-12-13T19:36:50+05:30">2023-12-13 19:36:50=
 +05:30</relative-time></li>
	</ul>
	<p> Please <a href=3D"http://localhost:3000/admin/users/9" rel=3D"nofollow=
">click here</a> to manage the user from the admin panel. </p>
</body>
</html>

--153937b1864f158f4fd145c4b5d4a513568681dd489021dd466a8ad7b770--
```

</details>

fixes: https://codeberg.org/forgejo/forgejo/issues/1927
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1940
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Aravinth Manivannan <realaravinth@batsense.net>
Co-committed-by: Aravinth Manivannan <realaravinth@batsense.net>
(cherry picked from commit b8d764e36a)
(cherry picked from commit d48b84f623)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/pulls/2034
(cherry picked from commit 02d3c125cc)
(cherry picked from commit 367374ecc3)

Conflicts:
	models/user/user_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2119
(cherry picked from commit 4124fa5aa4)
(cherry picked from commit 7f12610ff6)

[GITEA] notifies admins on new user registration (squash) DeleteByID

trivial conflict because of
   778ad795fd Refactor deletion (#28610)

(cherry picked from commit 05682614e5)
(cherry picked from commit 64bd374803)
(cherry picked from commit 63d086f666)
(cherry picked from commit 3cd48ef4d5)

Conflicts:
	options/locale/locale_en-US.ini
	https://codeberg.org/forgejo/forgejo/pulls/2249
(cherry picked from commit 6578ec4ed6)

Conflicts:
	routers/web/auth/auth.go
	https://codeberg.org/forgejo/forgejo/pulls/2300
2024-02-05 16:09:28 +01:00
Gusted 23d32eb493
[GITEA] Improve HTML title on repositories
- The `<title>` element that lives inside the `<head>` element is an important element that gives browsers and search engine crawlers the title of the webpage, hence the element name. It's therefor important that this title is accurate.
- Currently there are three issues with titles on repositories. It doesn't use the `FullName` and instead only uses the repository name, this doesn't distinguish which user or organisation the repository is on. It doesn't show the full treepath in the title when visiting an file inside a directory and instead only uses the latest path in treepath. It can show the repository name twice if the `.Title` variable also included the repository name such as on the repository homepage.
- Use the repository's fullname (which include which user the repository is on) instead of just their name.
- Display the repository's fullname if it isn't already in `.Title`.
- Use the full treepath in the repository code view instead of just the
last path.
- Adds integration tests.
- Adds a new repository (`repo59`) that has 3 depths for folders, which
wasn't in any other fixture repository yet, so the full treepath for
could be properly tested.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1276

(cherry picked from commit ff9a6a2cda)
(cherry picked from commit 76dffc8621)
(cherry picked from commit ff0615b9d0)
(cherry picked from commit 8712eaa394)
(cherry picked from commit 0c11587582)
(cherry picked from commit 3cbd9fb792)

Conflicts:
	tests/integration/repo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1512
(cherry picked from commit fbfdba8ae9)

Conflicts:
	models/fixtures/release.yml
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 8b2bf0534c)
(cherry picked from commit d706d9e222)
(cherry picked from commit 6d46261a3f)
(cherry picked from commit f864d18ad3)
(cherry picked from commit 80f8620d0d)

[GITEA] Improve HTML title on repositories (squash) do not double escape

(cherry picked from commit 22882fe25c)
(cherry picked from commit 63e99df3d1)
(cherry picked from commit b65d777bc7)
(cherry picked from commit 2961f4f632)
(cherry picked from commit f7f723628c)
(cherry picked from commit 9ed7915826)
(cherry picked from commit 8b9ead4608)
(cherry picked from commit 50eeaf1fbc)
(cherry picked from commit ee6f32820e)
(cherry picked from commit bf337bed35)
(cherry picked from commit 6be9501ec0)
(cherry picked from commit b39860570d)
(cherry picked from commit 3f30f486d5)
(cherry picked from commit 5680ecdbe9)
(cherry picked from commit da6a19ad16)
(cherry picked from commit 5462493a77)
(cherry picked from commit 530fe57dde)
(cherry picked from commit f174f35644)

Conflicts:
	models/fixtures/repository.yml
	https://codeberg.org/forgejo/forgejo/pulls/2214
(cherry picked from commit 75212b3a59)
(cherry picked from commit 6e3c0be555)
2024-02-05 16:05:50 +01:00
Gusted c237ab9f18
[GITEA] Allow release creation on commit
- The code and tests are already there to allow releases to be created
on commits.
- This patch modifies the web code to take into account that an commitID
could've been passed as target.
- Added unit test.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1196

(cherry picked from commit 90863e0ab5)
(cherry picked from commit c805aa23b5)
(cherry picked from commit cf45567ca6)
(cherry picked from commit 672a2b91e5)
(cherry picked from commit 82c930152c)
(cherry picked from commit 95ac2508b3)
(cherry picked from commit b13a81ab98)
(cherry picked from commit 9f463a7c1f)
(cherry picked from commit 758ce84dc5)

Conflicts:
	tests/integration/release_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit edf0531aee)
(cherry picked from commit 44b29f3a1d)
(cherry picked from commit b851b67419)
(cherry picked from commit 37b408f5aa)
(cherry picked from commit e81dbedb88)
(cherry picked from commit d5fa6be6ec)
(cherry picked from commit b8c4be2529)
(cherry picked from commit f23ce2843c)
(cherry picked from commit 8b7bcabae2)
(cherry picked from commit 2d6e52dda9)
(cherry picked from commit 42e4f3ffdd)
(cherry picked from commit 39a1f689d8)
(cherry picked from commit 553d4872f8)
(cherry picked from commit df37433725)
(cherry picked from commit d67eac487b)
(cherry picked from commit 28cb0b1912)
(cherry picked from commit 031c04c579)
2024-02-05 16:05:50 +01:00
Gusted d3f9808151
[GITEA] Add password length check on install page
- Resolves #271
- Ensure that the adminstrator password is at least `MIN_PASSWORD_LENGTH`.

(cherry picked from commit 28cb04c3f5)
(cherry picked from commit 95371ebd92)
(cherry picked from commit a134288ab6)
(cherry picked from commit 4202f052cb)
(cherry picked from commit 510b7467d3)
(cherry picked from commit f3a6e1f121)
(cherry picked from commit f340508819)
(cherry picked from commit b891bb176d)
(cherry picked from commit 1a1bfc38cc)
(cherry picked from commit 083d5aefed)
(cherry picked from commit 4586096be9)
(cherry picked from commit 039fa20cc8)
(cherry picked from commit 3ec9cb5f59)
(cherry picked from commit 00be0eee37)
(cherry picked from commit a156603002)
(cherry picked from commit 4d305e7774)
(cherry picked from commit 51e8f21202)
(cherry picked from commit 58e354c98e)
(cherry picked from commit 20405564f5)
(cherry picked from commit 1d7f495683)
(cherry picked from commit d457b9c911)
(cherry picked from commit 72b54bc4cc)
(cherry picked from commit d7ce723e35)
(cherry picked from commit ce5f863d5d)
(cherry picked from commit 324b9318ac)
(cherry picked from commit fff11fc535)
(cherry picked from commit d3fa04aa69)
(cherry picked from commit d3b24691f3)
(cherry picked from commit 736dfab3ae)
(cherry picked from commit 8be95ef7f4)
(cherry picked from commit 0ce04d93a8)
2024-02-05 16:05:50 +01:00
Michael Kriese 97cc955101
[GITEA] feat(nuget): basic manifest download
Refs: https://codeberg.org/forgejo/forgejo/pulls/2222

(cherry picked from commit 5f837efc15)

fix: write xml header

(cherry picked from commit a715984a42)

fix: optional elements and xml schema

(cherry picked from commit 6ea6895a36)

fix: pass all other requests to file search

(cherry picked from commit 9bfc74833a)

test: add integration test

(cherry picked from commit b798f4ce86)

fix: use xmlResponse

(cherry picked from commit 7f76df0b24)
(cherry picked from commit e18d574ca4)
2024-02-05 15:08:04 +01:00
Gusted c2053dd076
[SHARED] make confirmation clearer for dangerous actions
[GITEA] Fix cancelled migration deletion modal

- https://codeberg.org/forgejo/forgejo/pulls/1473 made that dangerous
actions such as deletion also would need to type in the owner's name.
This was apparently not reflected to the deletion modal for migrations
that failed or were cancelled.

(cherry picked from commit c38dbd6f88)
(cherry picked from commit 7c07592d01)
(cherry picked from commit 78637af2b6)

[SHARED] make confirmation clearer for dangerous actions

- Currently the confirmation for dangerous actions such as transferring
the repository or deleting it only requires the user to ~~copy paste~~
type the repository name.
- This can be problematic when the user has a fork or another repository
with the same name as an organization's repository, and the confirmation
doesn't make clear that it could be deleting the wrong repository. While
it's mentioned in the dialog, it's better to be on the safe side and
also add the owner's name to be an element that has to be typed for
these dangerous actions.
- Added integration tests.

(cherry picked from commit bf679b24dd)
(cherry picked from commit 1963085dd9)
(cherry picked from commit fb94095d19)
(cherry picked from commit e1d1e46afe)
(cherry picked from commit 93993029e4)
(cherry picked from commit df3b058179)
(cherry picked from commit 8ccc6b9cba)
(cherry picked from commit 9fbe28fca3)
(cherry picked from commit 4ef2be6dc7)

https://codeberg.org/forgejo/forgejo/pulls/1873
  Moved test from repo_test.go to forgejo_confirmation_repo_test.go to
  avoid conflicts.
(cherry picked from commit 83cae67aa3)
(cherry picked from commit 447009ff56)
(cherry picked from commit 72c0a6150a)
(cherry picked from commit 8ee9c070b9)
(cherry picked from commit 89aba06403)
(cherry picked from commit 798407599f)
(cherry picked from commit 41c9a2606b)
(cherry picked from commit a57b214e36)
(cherry picked from commit fd287a9134)
2024-02-05 15:07:49 +01:00
Gusted c6a53c3172
[SECURITY] Rework long-term authentication
- This is a 'front-port' of the already existing patch on v1.21 and
v1.20, but applied on top of what Gitea has done to rework the LTA
mechanism. Forgejo will stick with the reworked mechanism by the Forgejo
Security team for the time being. The removal of legacy code (AES-GCM) has been
left out.
- The current architecture is inherently insecure, because you can
construct the 'secret' cookie value with values that are available in
the database. Thus provides zero protection when a database is
dumped/leaked.
- This patch implements a new architecture that's inspired from: [Paragonie Initiative](https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#secure-remember-me-cookies).
- Integration testing is added to ensure the new mechanism works.
- Removes a setting, because it's not used anymore.

(cherry picked from commit e3d6622a63)
(cherry picked from commit fef1a6dac5)
(cherry picked from commit b0c5165145)
(cherry picked from commit 7ad51b9f8d)
(cherry picked from commit 64f053f383)
(cherry picked from commit f5e78e4c20)

Conflicts:
	services/auth/auth_token_test.go
	https://codeberg.org/forgejo/forgejo/pulls/2069
(cherry picked from commit f69fc23d4b)
(cherry picked from commit d955ab3ab0)
(cherry picked from commit 9220088f90)
(cherry picked from commit c73ac63696)
(cherry picked from commit 747a176048)

Conflicts:
	models/user/user.go
	routers/web/user/setting/account.go
	https://codeberg.org/forgejo/forgejo/pulls/2295
2024-02-05 15:06:15 +01:00
Gusted 6f960f23e5
[CLEANUP] Reuse ForgejoVersion variable
- Resolves https://codeberg.org/forgejo/forgejo/issues/1226

(cherry picked from commit e383b70109)
(cherry picked from commit 029cfa34de)
(cherry picked from commit 81392b8c55)
(cherry picked from commit 0ebecca1e6)
(cherry picked from commit aff135418d)
(cherry picked from commit b5982f5008)
(cherry picked from commit 00f86df8f4)
(cherry picked from commit 178908c047)
(cherry picked from commit 9cc57d1b3f)
(cherry picked from commit dc80ba9a97)
(cherry picked from commit 5b2f1d7149)
(cherry picked from commit f0ab85cd06)
2024-02-05 14:45:11 +01:00