Commit graph

4508 commits

Author SHA1 Message Date
Gusted
41c9a2606b
[SHARED] make confirmation clearer for dangerous actions
[GITEA] Fix cancelled migration deletion modal

- https://codeberg.org/forgejo/forgejo/pulls/1473 made that dangerous
actions such as deletion also would need to type in the owner's name.
This was apparently not reflected to the deletion modal for migrations
that failed or were cancelled.

(cherry picked from commit c38dbd6f88)
(cherry picked from commit 7c07592d01)
(cherry picked from commit 78637af2b6)

[SHARED] make confirmation clearer for dangerous actions

- Currently the confirmation for dangerous actions such as transferring
the repository or deleting it only requires the user to ~~copy paste~~
type the repository name.
- This can be problematic when the user has a fork or another repository
with the same name as an organization's repository, and the confirmation
doesn't make clear that it could be deleting the wrong repository. While
it's mentioned in the dialog, it's better to be on the safe side and
also add the owner's name to be an element that has to be typed for
these dangerous actions.
- Added integration tests.

(cherry picked from commit bf679b24dd)
(cherry picked from commit 1963085dd9)
(cherry picked from commit fb94095d19)
(cherry picked from commit e1d1e46afe)
(cherry picked from commit 93993029e4)
(cherry picked from commit df3b058179)
(cherry picked from commit 8ccc6b9cba)
(cherry picked from commit 9fbe28fca3)
(cherry picked from commit 4ef2be6dc7)

https://codeberg.org/forgejo/forgejo/pulls/1873
  Moved test from repo_test.go to forgejo_confirmation_repo_test.go to
  avoid conflicts.
(cherry picked from commit 83cae67aa3)
(cherry picked from commit 447009ff56)
(cherry picked from commit 72c0a6150a)
(cherry picked from commit 8ee9c070b9)
(cherry picked from commit 89aba06403)
(cherry picked from commit 798407599f)
2024-01-15 14:48:04 +00:00
Earl Warren
87c65f2a49
[FEAT] allow setting the update date on issues and comments
This field adds the possibility to set the update date when modifying
an issue through the API.

A 'NoAutoDate' in-memory field is added in the Issue struct.
If the update_at field is set, NoAutoDate is set to true and the
Issue's UpdatedUnix field is filled.

That information is passed down to the functions that actually updates
the database, which have been modified to not auto update dates if
requested.

A guard is added to the 'EditIssue' API call, to checks that the
udpate_at date is between the issue's creation date and the current
date (to avoid 'malicious' changes). It also limits the new feature
to project's owners and admins.

(cherry picked from commit c524d33402)

Add a SetIssueUpdateDate() function in services/issue.go

That function is used by some API calls to set the NoAutoDate and
UpdatedUnix fields of an Issue if an updated_at date is provided.

(cherry picked from commit f061caa655)

Add an updated_at field to the API calls related to Issue's Labels.

The update date is applied to the issue's comment created to inform
about the modification of the issue's labels.

(cherry picked from commit ea36cf80f5)

Add an updated_at field to the API call for issue's attachment creation

The update date is applied to the issue's comment created to inform
about the modification of the issue's content, and is set as the
asset creation date.

(cherry picked from commit 96150971ca)

Checking Issue changes, with and without providing an updated_at date

Those unit tests are added:

- TestAPIEditIssueWithAutoDate
- TestAPIEditIssueWithNoAutoDate

- TestAPIAddIssueLabelsWithAutoDate
- TestAPIAddIssueLabelsWithNoAutoDate

- TestAPICreateIssueAttachmentWithAutoDate
- TestAPICreateIssueAttachmentWithNoAutoDate

(cherry picked from commit 4926a5d7a2)

Add an updated_at field to the API call for issue's comment creation

The update date is used as the comment creation date, and is applied to
the issue as the update creation date.

(cherry picked from commit 76c8faecdc)

Add an updated_at field to the API call for issue's comment edition

The update date is used as the comment update date, and is applied to
the issue as an update date.

(cherry picked from commit cf787ad7fd)

Add an updated_at field to the API call for comment's attachment creation

The update date is applied to the comment, and is set as the asset
creation date.

(cherry picked from commit 1e4ff424d3)

Checking Comment changes, with and without providing an updated_at date

Those unit tests are added:

- TestAPICreateCommentWithAutoDate
- TestAPICreateCommentWithNoAutoDate

- TestAPIEditCommentWithAutoDate
- TestAPIEditCommentWithNoAutoDate

- TestAPICreateCommentAttachmentWithAutoDate
- TestAPICreateCommentAttachmentWithNoAutoDate

(cherry picked from commit da932152f1)

Pettier code to set the update time of comments

Now uses sess.AllCols().NoAutoToime().SetExpr("updated_unix", ...)

XORM is smart enough to compose one single SQL UPDATE which all
columns + updated_unix.

(cherry picked from commit 1f6a42808d)

Issue edition: Keep the max of the milestone and issue update dates.

When editing an issue via the API, an updated_at date can be provided.
If the EditIssue call changes the issue's milestone, the milestone's
update date is to be changed accordingly, but only with a greater
value.

This ensures that a milestone's update date is the max of all issue's
update dates.

(cherry picked from commit 8f22ea182e)

Rewrite the 'AutoDate' tests using subtests

Also add a test to check the permissions to set a date, and a test
to check update dates on milestones.

The tests related to 'AutoDate' are:
- TestAPIEditIssueAutoDate
- TestAPIAddIssueLabelsAutoDate
- TestAPIEditIssueMilestoneAutoDate
- TestAPICreateIssueAttachmentAutoDate
- TestAPICreateCommentAutoDate
- TestAPIEditCommentWithDate
- TestAPICreateCommentAttachmentAutoDate

(cherry picked from commit 961fd13c55)
(cherry picked from commit d52f4eea44)
(cherry picked from commit 3540ea2a43)

Conflicts:
	services/issue/issue.go
	https://codeberg.org/forgejo/forgejo/pulls/1415
(cherry picked from commit 56720ade00)

Conflicts:
	routers/api/v1/repo/issue_label.go
	https://codeberg.org/forgejo/forgejo/pulls/1462
(cherry picked from commit 47c78927d6)
(cherry picked from commit 2030f3b965)
(cherry picked from commit f02aeb7698)

Conflicts:
	routers/api/v1/repo/issue_attachment.go
	routers/api/v1/repo/issue_comment_attachment.go
	https://codeberg.org/forgejo/forgejo/pulls/1575
(cherry picked from commit d072525b35)
(cherry picked from commit 8424d0ab3d)
(cherry picked from commit 5cc62caec7)
(cherry picked from commit d6300d5dcd)

[FEAT] allow setting the update date on issues and comments (squash) apply the 'update_at' value to the cross-ref comments (#1676)

[this is a follow-up to PR #764]

When a comment of issue A referencing issue B is added with a forced 'updated_at' date, that date has to be applied to the comment created in issue B.

-----

Comment:

While trying my 'RoundUp migration script', I found that this case was forgotten in PR #764 - my apologies...

I'll try to write a functional test, base on models/issues/issue_xref_test.go

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1676
Co-authored-by: fluzz <fluzz@freedroid.org>
Co-committed-by: fluzz <fluzz@freedroid.org>
(cherry picked from commit ac4f727f63)
(cherry picked from commit 5110476ee9)
(cherry picked from commit 77ba6be1da)
(cherry picked from commit 9c8337b5c4)
(cherry picked from commit 1d689eb686)
(cherry picked from commit 511c519c87)
(cherry picked from commit 2f0b4a8f61)
(cherry picked from commit fdd4da111c)

[FEAT] allow setting the update date on issues and comments (squash) do not use token= query param

See https://codeberg.org/forgejo/forgejo/commit/33439b733a

(cherry picked from commit c5139a75b9)
(cherry picked from commit c7b572c35d)
(cherry picked from commit aec7503ff6)
2024-01-15 14:48:04 +00:00
Earl Warren
d15627aa0d
[API] Forgejo API /api/forgejo/v1
(cherry picked from commit 20b5669269)
(cherry picked from commit 1574643a6a)

Update semantic version according to specification

(cherry picked from commit 22510f4130)

Mise à jour de 'Makefile'

(cherry picked from commit c3d85d8409)
(cherry picked from commit 5ea2309851)
(cherry picked from commit ec5217b9d1)
(cherry picked from commit 14f08e364b)
(cherry picked from commit b4465c67b8)

[API] [SEMVER] replace number with version

(cherry picked from commit fba48e6497)
(cherry picked from commit 532ec5d878)

[API] [SEMVER] [v1.20] less is replaced by css

(cherry picked from commit 01ca3a4f42)
(cherry picked from commit 1d928c3ab2)
(cherry picked from commit a39dc804cd)

Conflicts:
	webpack.config.js
(cherry picked from commit adc68578b3)
(cherry picked from commit 9b8d98475f)
(cherry picked from commit 2516103974)
(cherry picked from commit 18e6287963)
(cherry picked from commit e9694e67ab)
(cherry picked from commit a9763edaf0)
(cherry picked from commit e2b550f4fb)
(cherry picked from commit 2edac36701)

[API] Forgejo API /api/forgejo/v1 (squash)

Update semver as v1.20 is entering release candidate mode

(cherry picked from commit 4995098ec3)
(cherry picked from commit 578ccfdd27)
(cherry picked from commit 1bf6ac0952)
(cherry picked from commit 2fe16b2bfe)
(cherry picked from commit 7cd9d027ee)
(cherry picked from commit eaed4be2ae)
(cherry picked from commit cc94f3115f)
(cherry picked from commit d7a77e35cc)
(cherry picked from commit cd8eb68ab7)
(cherry picked from commit 68487ac95f)
(cherry picked from commit 616dceb565)
(cherry picked from commit 545fe5975b)
(cherry picked from commit c042cf8eda)
(cherry picked from commit ae5e5a7468)
(cherry picked from commit 8034ef5fa2)
(cherry picked from commit aaf0293034)
(cherry picked from commit daafa8ce58)
(cherry picked from commit 7ca3681d3e)
(cherry picked from commit 39f72cba71)
(cherry picked from commit 60a5917130)
(cherry picked from commit 4853bd9e16)

[API] Move forgejo api file (squash)

- Move the file to accommodate faa28b5a44

(cherry picked from commit bce89351d2)
(cherry picked from commit 11ae7f6e85)
(cherry picked from commit 25e96cfcb2)
(cherry picked from commit 6d8d19b391)
(cherry picked from commit 5afc5c454b)
(cherry picked from commit 86d07b4c24)
(cherry picked from commit e54d869fda)
(cherry picked from commit ab31ef1bba)
(cherry picked from commit 511cbca2f3)
(cherry picked from commit 333916fea8)
(cherry picked from commit 3802bcd7c9)
(cherry picked from commit 5d0fa034f7)
2024-01-15 14:48:03 +00:00
KN4CK3R
637451a45e
Rework markup link rendering (#26745)
Fixes #26548

This PR refactors the rendering of markup links. The old code uses
`strings.Replace` to change some urls while the new code uses more
context to decide which link should be generated.

The added tests should ensure the same output for the old and new
behaviour (besides the bug).

We may need to refactor the rendering a bit more to make it clear how
the different helper methods render the input string. There are lots of
options (resolve links / images / mentions / git hashes / emojis / ...)
but you don't really know what helper uses which options. For example,
we currently support images in the user description which should not be
allowed I think:

<details>
  <summary>Profile</summary> 

https://try.gitea.io/KN4CK3R

![grafik](https://github.com/go-gitea/gitea/assets/1666336/109ae422-496d-4200-b52e-b3a528f553e5)

</details>

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-01-15 08:49:24 +00:00
Jimmy Praet
5d3fdd1212
Add branch protection setting for ignoring stale approvals (#28498)
Fixes #27114.

* In Gitea 1.12 (#9532), a "dismiss stale approvals" branch protection
setting was introduced, for ignoring stale reviews when verifying the
approval count of a pull request.
* In Gitea 1.14 (#12674), the "dismiss review" feature was added.
* This caused confusion with users (#25858), as "dismiss" now means 2
different things.
* In Gitea 1.20 (#25882), the behavior of the "dismiss stale approvals"
branch protection was modified to actually dismiss the stale review.

For some users this new behavior of dismissing the stale reviews is not
desirable.

So this PR reintroduces the old behavior as a new "ignore stale
approvals" branch protection setting.

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-01-15 07:20:01 +00:00
yp05327
ce0225c1b8
Forbid removing the last admin user (#28337)
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-01-15 06:51:43 +00:00
Gwyneth Morgan
e5313248a8
Add non-JS fallback for reaction tooltips (#28785)
When JavaScript is not loaded, fall back to displaying reaction tooltips
with the default browser `title` attribute. An element with a present
but empty `data-tooltip-content` will use the `title` attribute for its
tippy.js tooltip content, so when JavaScript is enabled, this functions
the same as the current behavior.
2024-01-15 09:42:59 +08:00
wxiaoguang
ad0b637d46
Fix button size in "attached header right" (#28770)
Before:

<details>


![image](https://github.com/go-gitea/gitea/assets/2114189/c82f8615-04d4-408f-95bf-689c227a8814)



![image](https://github.com/go-gitea/gitea/assets/2114189/d01d05a7-09ca-48f3-a0e7-fec48119b426)

</details>

After:



![image](https://github.com/go-gitea/gitea/assets/2114189/e560398e-2fa4-4f46-9229-f6acc70e32ab)


![image](https://github.com/go-gitea/gitea/assets/2114189/bd18961d-0636-4584-b893-c465daaf40af)
2024-01-12 14:43:40 +00:00
wxiaoguang
34a0684397
Improve CSS helper naming (#28769)
* `gt-w-100` => `gt-w-full` to match tailwind
* clarify `gt-hidden` priority
2024-01-12 20:28:01 +08:00
Denys Konovalov
7d62615513
Revamp repo header (#27760)
Redesign repo header with following new aspects:
- responsive & better-looking repo title
- hide repo button text instead of icons in mobile view
- use same tab style as on explore and org page

<details>
<summary>Before:</summary>


![grafik](https://github.com/go-gitea/gitea/assets/47871822/57360b77-d43c-49ac-b798-2363c03da7ec)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/d4117f79-a5f5-4f36-bf65-bbada3e7e73b)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/e26f967f-e264-4337-9925-3d942e04fd6d)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/b4683c8d-9c6a-4089-afa7-8dd219e43a46)


</details>

<details>
<summary>After:</summary>


![grafik](https://github.com/go-gitea/gitea/assets/47871822/8ddbc9f6-53c7-4e4e-bea9-704fd93524ca)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/c0588aa9-788d-469c-98a0-81484fbd220c)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/206e931e-404d-4d1b-92ce-908698addfcc)

![grafik](https://github.com/go-gitea/gitea/assets/47871822/a508f9c8-fadc-4a85-94ba-18796f77e07b)
2024-01-12 03:44:06 +00:00
Exploding Dragon
ba4d0b8ffb
Support for grouping RPMs using paths (#26984)
The current rpm repository places all packages in the same repository,
and different systems (el7,f34) may hit packages that do not belong to
this distribution ( #25304 ) , which now supports grouping of rpm.

![图片](https://github.com/go-gitea/gitea/assets/33776693/d1e1d99f-7799-4b2b-a19b-cb2a5c692914)

Fixes #25304 .
Fixes #27056 .

Refactor: [#25866](https://github.com/go-gitea/gitea/pull/25866)
2024-01-12 03:16:05 +00:00
Lunny Xiao
c65f8623e6
Hide code related setting options in repository when code unit is disabled (#28631)
Since #20805, code can be hidden.
However, the related settings are still shown even though they don't
have any meaning then.


https://github.com/go-gitea/gitea/assets/81045/5fdee54d-ac81-418a-82f7-eadff048cedd
2024-01-10 11:55:59 +00:00
wxiaoguang
2df7563f31
Recommend/convert to use case-sensitive collation for MySQL/MSSQL (#28662)
Mainly for MySQL/MSSQL.

It is important for Gitea to use case-sensitive database charset
collation. If the database is using a case-insensitive collation, Gitea
will show startup error/warning messages, and show the errors/warnings
on the admin panel's Self-Check page.

Make `gitea doctor convert` work for MySQL to convert the collations of
database & tables & columns.

* Fix #28131

## ⚠️ BREAKING ⚠️

It is not quite breaking, but it's highly recommended to convert the
database&table&column to a consistent and case-sensitive collation.
2024-01-10 11:03:23 +00:00
JakobDev
a80debc208
Add download attribute to release attachments (#28739)
Fixes #28736
2024-01-09 16:51:20 +08:00
wxiaoguang
a04f8c0f81
Move the captcha script loader to the template which really needs it (#28718)
It improves the maintainability for the templates.

Now `base/footer.tmpl` doesn't need to depend on "captcha" feature.
2024-01-07 15:41:46 +00:00
wxiaoguang
c5901b622d
Avoid unnecessary 500 panic when a commit doesn't exist (#28719)
In #26851, it assumed that `Commit` always exists when
`PageIsDiff==true`.

But for a 404 page, the `Commit` doesn't exist, so the following code
would cause panic because nil value can't be passed as string parameter
to `IsMultilineCommitMessage(string)` (or the StringUtils.Cut in later
PRs)
2024-01-07 18:20:22 +08:00
Kyle D
e522e774ca
Add merge arrow direction and update styling (#28523)
Close https://github.com/go-gitea/gitea/issues/28522

~Adds some [negative
margin](https://tailwindcss.com/docs/margin#using-negative-values)
helper css classes using tailwind's [prefix
syntax](https://tailwindcss.com/docs/configuration#prefix)~

### Before

![image](https://github.com/go-gitea/gitea/assets/12700993/5bdabf91-facd-41c8-8e36-e1535beb9409)

### After

![image](https://github.com/go-gitea/gitea/assets/12700993/a6f11f6f-9e64-45b6-b9d7-dfea53fbc6d7)
2024-01-05 17:38:56 +00:00
yp05327
dd5693387e
Add links to owner home page in explore (#28341)
User can select access repo or owner's home page.

Before:

![image](https://github.com/go-gitea/gitea/assets/18380374/f40a833f-8560-4585-b047-3a225be2e6ee)

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/7893bf3a-5050-4bcb-af99-d56d6c7925f8)
2024-01-05 03:34:35 +00:00
361839fb1c
Fix tooltip of variable edit button (#28681)
The `variables.edit` key does not exist.

![image](https://github.com/go-gitea/gitea/assets/29505620/462a1c6c-775c-466a-8398-37115b2af47a)
2024-01-03 06:25:19 +00:00
wxiaoguang
91aa263225
Make template DateTime show proper tooltip (#28677)
There was a question about "how to improve the datetime display for
SSH/PGP/WebAuthn"
https://github.com/go-gitea/gitea/pull/28262#issuecomment-1831141611

The root problem is that `DateTime` misses the "data-tooltip-content"
attribute, which should be used to make the tooltip popup smoothly.

Now the UI is consistent and the end users could see the detailed
hour/minute/second easily by hovering the element.


![image](https://github.com/go-gitea/gitea/assets/2114189/2211336f-d59d-4f64-a83b-099f8ef6d29b)


![image](https://github.com/go-gitea/gitea/assets/2114189/f02a9c86-476d-48d6-aece-85a800235fbd)
2024-01-02 20:09:18 +01:00
Mihir Joshi
3d474110c1
Fix long package version names overflowing (#28619)
Fixes #28534 

---
Before:

![image](https://github.com/go-gitea/gitea/assets/50193156/b229551c-0a7d-4a99-9553-1f11b994876a)


After:
<img width="304" alt="image"
src="https://github.com/go-gitea/gitea/assets/50193156/53d04ad0-6d5c-47e2-8a7d-30a4d5dd9959">


Should we also apply this for long filenames in Assets?
It looks like this currently:
<img width="285" alt="image"
src="https://github.com/go-gitea/gitea/assets/50193156/e2dcbb2e-30d5-4e35-b304-6274ef60bda7">

---------

Co-authored-by: Mihir <mihir.joshi@senpiper.com>
2023-12-30 07:42:16 +00:00
Denys Konovalov
6c133b9fe0
switch destination directory for apt signing keys (#28639)
According to [Debian
docs](https://wiki.debian.org/DebianRepository/UseThirdParty):

> The certificate MUST NOT be placed in /etc/apt/trusted.gpg.d or loaded
by apt-key add.
> ...
> If future updates to the certificate will be managed by an apt/dpkg
package as recommended below, then it SHOULD be downloaded into
/usr/share/keyrings using the same filename that will be provided by the
package. If it will be managed locally , it SHOULD be downloaded into
/etc/apt/keyrings instead.
> ...
> A sources.list entry SHOULD have the signed-by option set.
2023-12-28 22:08:59 +01:00
wxiaoguang
e743570f65
Refactor timeutil package (#28623)
1. make names more readable
2. remove unused FormatLong/FormatShort
3. use `FormatDate` instead of `Format "2006-01-02"`
2023-12-28 10:09:57 +00:00
Lunny Xiao
baf0d402d9
Add get actions runner registration token for API routes, repo, org, user and global level (#27144)
Replace #23761

---------

Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-12-27 07:57:54 +00:00
Jean-Baptiste Gomond
d0f24ff4ca
Added instance-level variables (#28115)
This PR adds instance-level variables, and so closes #27726



![gitea_instance_variables_1](https://github.com/go-gitea/gitea/assets/8344487/ad409cd4-ce36-4c84-a764-34451b0fb63a)

![gitea_instance_variables_2](https://github.com/go-gitea/gitea/assets/8344487/426f0965-dec6-4560-948c-067cdeddd720)

![gitea_instance_variables_3](https://github.com/go-gitea/gitea/assets/8344487/cf1d7776-4938-4825-922e-cbbbf28a5f33)
2023-12-25 07:28:59 +00:00
Yarden Shoham
d9ed931c4d
Fix wrong due date rendering in issue list page (#28588)
It included the hours, minutes, and seconds. By removing these, the date
renders correctly.

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2023-12-22 10:53:12 -06:00
wxiaoguang
04b235d094
Fix 500 error of searching commits (#28576)
Regression of #28454 . Now the string is escaped HTML, so it doesn't
need `| Safe`.

Fix #28575
2023-12-21 23:09:14 +00:00
David Øvrelid
128eac9e0b
Fix duplicate ID when deleting repo (#28520)
There is an accessibility issue in the interface when attempting to
delete a repository. When I click on "Delete repository," a dialog box
appears, requiring confirmation to proceed with the repository deletion.
However, when I press the "Repo name" label, the wrong input field gains
focus. The focused field is located behind the dialog and is intended
for renaming the repository.
2023-12-19 04:40:05 +00:00
Bo-Yi Wu
14ffdf6173
chore(api): support ignore password if login source type is LDAP for creating user API (#28491)
- Modify the `Password` field in `CreateUserOption` struct to remove the
`Required` tag
- Update the `v1_json.tmpl` template to include the `email` field and
remove the `password` field

---------

Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>
2023-12-19 02:32:45 +00:00
wxiaoguang
bf8b082c40
Improve the prompt for "ssh-keygen sign" (#28509)
Close #28505, ref:
* https://github.com/go-gitea/gitea/pull/20112#issuecomment-1165423026
* https://github.com/go-gitea/gitea/issues/28505#issuecomment-1860048116
2023-12-18 22:53:04 +08:00
wxiaoguang
20929edc99
Add option to disable ambiguous unicode characters detection (#28454)
* Close #24483
* Close #28123
* Close #23682
* Close #23149

(maybe more)
2023-12-17 14:38:54 +00:00
The Magician
7fb6b51470
Remove duplicate option in admin screen and now-unused translation keys (#28492)
Resolves https://github.com/go-gitea/gitea/issues/28451.

This change follows the recommendation by wxiaoguang to remove the
"Disable Minimum Key Size Check" from the "Service Configuration"
section of the UI, because this option belongs to the "SSH
Configuration" section of the administration menu and already has a
functioning indicator in that section of the UI.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-12-17 04:33:37 +00:00
yp05327
3849fd2ac2
Remove unnecessary forgot password link in delete user section (#28355)
Before:
<img width="458" alt="image"
src="https://github.com/go-gitea/gitea/assets/18380374/92815496-38cc-4bb9-9182-1509a72b07f6">

After:

![image](https://github.com/go-gitea/gitea/assets/18380374/d96ed908-47ad-44cc-a624-4c10fa8c8c86)
2023-12-15 14:13:55 +00:00
Jack Hay
4e879fed90
Deprecate query string auth tokens (#28390)
## Changes
- Add deprecation warning to `Token` and `AccessToken` authentication
methods in swagger.
- Add deprecation warning header to API response. Example: 
  ```
  HTTP/1.1 200 OK
  ...
  Warning: token and access_token API authentication is deprecated
  ...
  ```
- Add setting `DISABLE_QUERY_AUTH_TOKEN` to reject query string auth
tokens entirely. Default is `false`

## Next steps
- `DISABLE_QUERY_AUTH_TOKEN` should be true in a subsequent release and
the methods should be removed in swagger
- `DISABLE_QUERY_AUTH_TOKEN` should be removed and the implementation of
the auth methods in question should be removed

## Open questions
- Should there be further changes to the swagger documentation?
Deprecation is not yet supported for security definitions (coming in
[OpenAPI Spec version
3.2.0](https://github.com/OAI/OpenAPI-Specification/issues/2506))
- Should the API router logger sanitize urls that use `token` or
`access_token`? (This is obviously an insufficient solution on its own)

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-12-12 03:48:53 +00:00
KN4CK3R
4b0940cb9f
Let curl write the content to file (#28427) 2023-12-12 07:19:30 +08:00
Panagiotis "Ivory" Vasilopoulos
18ba1c6d00
Improve text in Security settings (#28393)
- en-US: Rename "Scratch Tokens" to "single-use recovery keys".
  Longer, but clearer.
- Improve titles
- TOTP: Improve description
- TOTP: Inform user about Scratch Tokens to encourage TOTP usage
- WebAuthn: Add loss of access warning
2023-12-08 00:38:55 +02:00
Jason Song
beb71f5ef6
Include public repos in doer's dashboard for issue search (#28304)
It will fix #28268 .

<img width="1313" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/cb1e07d5-7a12-4691-a054-8278ba255bfc">

<img width="1318" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/4fd60820-97f1-4c2c-a233-d3671a5039e9">

## ⚠️ BREAKING ⚠️

But need to give up some features:

<img width="1312" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/281c0d51-0e7d-473f-bbed-216e2f645610">

However, such abandonment may fix #28055 .

## Backgroud

When the user switches the dashboard context to an org, it means they
want to search issues in the repos that belong to the org. However, when
they switch to themselves, it means all repos they can access because
they may have created an issue in a public repo that they don't own.

<img width="286" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/182dcd5b-1c20-4725-93af-96e8dfae5b97">

It's a confusing design. Think about this: What does "In your
repositories" mean when the user switches to an org? Repos belong to the
user or the org?

Whatever, it has been broken by #26012 and its following PRs. After the
PR, it searches for issues in repos that the dashboard context user owns
or has been explicitly granted access to, so it causes #28268.

## How to fix it

It's not really difficult to fix it. Just extend the repo scope to
search issues when the dashboard context user is the doer. Since the
user may create issues or be mentioned in any public repo, we can just
set `AllPublic` to true, which is already supported by indexers. The DB
condition will also support it in this PR.

But the real difficulty is how to count the search results grouped by
repos. It's something like "search issues with this keyword and those
filters, and return the total number and the top results. **Then, group
all of them by repo and return the counts of each group.**"

<img width="314" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/5206eb20-f8f5-49b9-b45a-1be2fcf679f4">

Before #26012, it was being done in the DB, but it caused the results to
be incomplete (see the description of #26012).

And to keep this, #26012 implement it in an inefficient way, just count
the issues by repo one by one, so it cannot work when `AllPublic` is
true because it's almost impossible to do this for all public repos.


1bfcdeef4c/modules/indexer/issues/indexer.go (L318-L338)

## Give up unnecessary features

We may can resovle `TODO: use "group by" of the indexer engines to
implement it`, I'm sure it can be done with Elasticsearch, but IIRC,
Bleve and Meilisearch don't support "group by".

And the real question is, does it worth it? Why should we need to know
the counts grouped by repos?

Let me show you my search dashboard on gitea.com.

<img width="1304" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/2bca2d46-6c71-4de1-94cb-0c9af27c62ff">

I never think the long repo list helps anything.

And if we agree to abandon it, things will be much easier. That is this
PR.

## TODO

I know it's important to filter by repos when searching issues. However,
it shouldn't be the way we have it now. It could be implemented like
this.

<img width="1316" alt="image"
src="https://github.com/go-gitea/gitea/assets/9418365/99ee5f21-cbb5-4dfe-914d-cb796cb79fbe">

The indexers support it well now, but it requires some frontend work,
which I'm not good at. So, I think someone could help do that in another
PR and merge this one to fix the bug first.

Or please block this PR and help to complete it.

Finally, "Switch dashboard context" is also a design that needs
improvement. In my opinion, it can be accomplished by adding filtering
conditions instead of "switching".
2023-12-07 13:26:18 +08:00
Panagiotis "Ivory" Vasilopoulos
dac7728e9d
Issue fixes for RSS feed improvements (#28380)
Follow-up for #28368

- Just replace button with an a-element with the button class
- Remove useless link-action class from template/org/home.tmpl
2023-12-07 03:01:32 +00:00
Lauris BH
bfacb5c501
Fix margin in server signed signature verification view (#28379)
Before:

![image](https://github.com/go-gitea/gitea/assets/165205/e2e2256d-03c5-4ab8-8ed9-08ef68571a43)

After:

![image](https://github.com/go-gitea/gitea/assets/165205/804132ef-18f9-4ab8-949d-f6c71e7f4d24)
2023-12-07 01:51:39 +00:00
Panagiotis "Ivory" Vasilopoulos
22cb5b0c17
Improve RSS feed icons (#28368)
- The RSS Feed icons were placed in a proper button, so that it does
  not look "inconsistent". This also makes the problem of the button
  being improperly aligned go away.
- The icon that shows on user profiles has not been modified because
  of a lack of better implementation ideas.
- Where applicable, the RSS Feed icon was put directly next to the
  Follow button (right menu), as both functionalities effectively
  share the same purpose.
- Despite the attempt at achieving less inconsistency, a conscious
  decision to not add any text to those buttons was made, opting for
  tooltips instead. "Make it present, but not too annoying."
- A special exception was made for the Releases pages (which contains
  text, not a tooltip), where an RSS feed would be particularly
  beneficial to users.

The fact that the RSS functionality is explicitly optional was taken
into account, and these improvements were made with public-facing
instances (where the feature works best) in mind.
2023-12-06 20:29:26 +00:00
Lunny Xiao
09d5028442
Fix the runs will not be displayed bug when the main branch have no workflows but other branches have (#28359) 2023-12-06 01:13:59 +00:00
Nanguan Lin
0aab2d38a7
Remove deprecated query condition in ListReleases (#28339)
close #24057 
call stack: 

25faee3c5f/routers/api/v1/repo/release.go (L154)

ec1feedbf5/routers/api/v1/utils/page.go (L13-L18)

ec1feedbf5/services/convert/utils.go (L15-L22)

## ⚠️ Breaking   ⚠️ (though it's not caused by this PR)
Do not use `per_page` to specify pagination; use `limit` instead
2023-12-05 07:30:43 +00:00
KN4CK3R
b3c258828f
Refactor template empty checks (#28351) 2023-12-04 15:48:42 -06:00
JakobDev
6ad145f5bd
Keep profile tab when clicking on Language (#28320)
Fixes https://codeberg.org/Codeberg/Community/issues/1355
2023-12-01 22:31:40 +02:00
Denys Konovalov
4d7c063f9e
Use full width for project boards (#28225)
Inspired by #28182
2023-11-27 17:43:52 +00:00
JakobDev
709a376c51
Fix link to Code tab on wiki commits (#28041)
Fixes https://codeberg.org/forgejo/forgejo/issues/1759

If you are bowing another branch than the default branch and click n the
Code tab, it will take you to the root of the branch. The `BranchName`
variable is also set when viewing a Wiki commit, so we also need to
check if we are on a Wiki.
2023-11-27 05:59:56 +00:00
Nanguan Lin
7d1933717d
Use full width for PR comparison (#28182)
Follow-up #22844 
close #28142 
Before 

![ksnip_20231123-183906](https://github.com/go-gitea/gitea/assets/70063547/78428a22-b0a0-45f9-9458-7fd5ec73aa29)
After

![full](https://github.com/go-gitea/gitea/assets/70063547/047242cf-9d6c-4b3a-9f92-54102740c27e)

Co-authored-by: Giteabot <teabot@gitea.io>
2023-11-23 15:52:57 +00:00
Nanguan Lin
778d604346
Fix missing buttons (#28179)
fix #28173 
regression #25948 
That PR is supposed to only change the style but somehow delete a code
snippet. See the
diff(https://github.com/go-gitea/gitea/pull/25948/files#diff-7c36d66fe058f4ff9f2beaac73cf710dca45b350d0dd98daf806828a4745fe62L125-L129)
for details.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-11-23 11:36:52 +01:00
Nanguan Lin
37ed92d6fd
Revert "Fix EOL handling in web editor" (#28101)
Reverts go-gitea/gitea#27141
close #28097
2023-11-22 09:14:16 +00:00
yp05327
4d0eba8e0a
Fix swagger title (#28164)
![image](https://github.com/go-gitea/gitea/assets/18380374/380859b2-a643-42fd-b53e-78c93c05c826)
Don't know why there's a `.` behind. 🤔
2023-11-22 08:09:19 +00:00