Commit graph

20558 commits

Author SHA1 Message Date
Gusted
89b1723d35
[FEAT] Enable INVALIDATE_REFRESH_TOKENS
- It's possible to detect if refresh tokens are used more than once, if
it's used more than it's a indication of a replay attack and it should
invalidate the associated access token. This behavior is controlled by
the `INVALIDATE_REFRESH_TOKENS` setting.
- Altough in a normal scenario where TLS is being used, it should be
very hard to get to situation where replay attacks are being used, but
this is better safe than sorry.
- Enable `INVALIDATE_REFRESH_TOKENS` by default.
2024-07-22 20:45:13 +02:00
Gusted
a67e420c38
[I18N] Add common section to new translation files
- Follow up for #4576
- Weblate currently cannot parse ini files if they contain keys that
don't belong to a section.
2024-07-22 20:14:24 +02:00
Gusted
40baa96fc3
[CHORE] Add playwright eslint plugin
- Add https://github.com/playwright-community/eslint-plugin-playwright
as a linter for the playwright tests.
- `no-networkidle` and `no-conditional-in-test` are disabled as fixing
those doesn't seem to really improve testing quality for our use case.
- Some non-recommended linters are enabled to ensure consistency (the
prefer rules).
2024-07-22 20:03:32 +02:00
0ko
de24846309 Merge pull request 'Allow .webp attachments by default' (#4605) from 0ko/forgejo:webp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4605
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-22 15:34:32 +00:00
0ko
e819c1622e i18n: restore Malayalam and Serbian files, remove ml-IN from the language selector (#4576)
* Closes https://codeberg.org/forgejo/forgejo/issues/4563
* A followup to my 2024-February investigation in the Localization room

* Restore Malayalam and Serbian locales that were deleted in 067b0c2664 and f91092453e. Bulgarian was also deleted, but we already have better Bulgarian translation.
* Remove ml-IN from the language selector. It was not usable for 1.5 years, has ~18% completion and was not maintained in those ~1.5 years. It could also have placeholder bugs due to refactors.

Restoring files gives the translators a base to work with and makes the project advertised on Weblate homepage for logged in users in the Suggestions tab. Unlike Gitea, we store our current translations directly in the repo and not on a separate platform, so it makes sense to add these files back.
Removing selector entry avoids bugs and user confusion. I will make a followup for the documentation.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4576
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
2024-07-22 14:08:15 +00:00
silverwind
f37d8fc0ed
Remove unneccessary uses of word-break: break-all (#31637)
Fixes: https://github.com/go-gitea/gitea/issues/31636

1. Issue sidebar topic is disussed in
https://github.com/go-gitea/gitea/issues/31636
2. Org description already has `overflow-wrap: anywhere` to ensure no
overflow.

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 0c1127a2fb4c07576b4a2e4cffbcd2b0c8670a27)
2024-07-22 15:50:57 +02:00
Gergely Nagy
0792f81e04
Add a release note for cherry-picked features
This adds a release note file for features cherry picked during the
2024-30 weekly gitea->forgejo cherry pick.

Thanks @earl-warren for the notes themselves!

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-07-22 15:46:01 +02:00
Rowan Bohde
21fdd28f08
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
(cherry picked from commit 416c36f3034e228a27258b5a8a15eec4e5e426ba)

Conflicts:
	- tests/integration/auth_ldap_test.go
	  Trivial conflict resolved by manually applying the change.
	- routers/web/auth/oauth.go
	  Technically not a conflict, but the original PR removed the
	  modules/util import, which in our version, is still in use. Added it
	  back.
2024-07-22 15:44:13 +02:00
6543
004cc6dc0a
Add option to change mail from user display name (#31528)
Make it posible to let mails show e.g.:

`Max Musternam (via gitea.kithara.com) <gitea@kithara.com>`

Docs: https://gitea.com/gitea/docs/pulls/23

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 0f533241829d0d48aa16a91e7dc0614fe50bc317)

Conflicts:
	- services/mailer/mail_release.go
	  services/mailer/mail_test.go

	  In both cases, applied the changes manually.
2024-07-22 15:44:13 +02:00
Lunny Xiao
54f2dcff9d
Upgrade xorm to v1.3.9 and improve some migrations Sync (#29899)
Co-authored-by: 6543 <6543@obermui.de>
(cherry picked from commit 0d08bb6112884411eb4f58b056278d3c824a8fc0)
2024-07-22 15:44:13 +02:00
6543
d0227c236a
Issue Templates: add option to have dropdown printed list (#31577)
Issue template dropdown can have many entries, and it could be better to
have them rendered as list later on if multi-select is enabled.

so this adds an option to the issue template engine to do so.

DOCS: https://gitea.com/gitea/docs/pulls/19

---

## demo:

```yaml
name: Name
title: Title
about: About
labels: ["label1", "label2"]
ref: Ref
body:
  - type: dropdown
    id: id6
    attributes:
      label: Label of dropdown (list)
      description: Description of dropdown
      multiple: true
      list: true
      options:
        - Option 1 of dropdown
        - Option 2 of dropdown
        - Option 3 of dropdown
        - Option 4 of dropdown
        - Option 5 of dropdown
        - Option 6 of dropdown
        - Option 7 of dropdown
        - Option 8 of dropdown
        - Option 9 of dropdown
```

![image](https://github.com/user-attachments/assets/102ed0f4-89da-420b-ab2a-1788b59676f9)

![image](https://github.com/user-attachments/assets/a2bdb14e-43ff-4cc6-9bbe-20244830453c)

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 1064e817c4a6fa6eb5170143150505503c4ef6ed)
2024-07-22 15:44:13 +02:00
Gusted
b67fa954a6
Make it consistent with the other sorting filters 2024-07-22 15:01:36 +02:00
Bartlomiej Komendarczuk
5e8a830505
[PORT] Added default sorting milestones by name (gitea#27084)
Resolves https://github.com/go-gitea/gitea/issues/26996
Added default sorting for milestones by name.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

---

Conflict resolution: trivial, was due to the improvement made to 'the due
date sorting' strings.

(cherry picked from commit e8d4b7a8b198eca3b0bd117efb422d7d7cac93fe)
2024-07-22 14:55:58 +02:00
Earl Warren
d405143919 Merge pull request 'fix(actions): no edited event triggered when a title is changed' (#4618) from twenty-panda/forgejo:wip-notify-title into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4618
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-22 11:45:48 +00:00
Emmanuel BENOÎT
320ab7ed7f
feat(cli): allow updates to runners' secrets
This commit allows the `forgejo-cli actions register` command to change
an existing runner's secret, as discussed in #4610.

It refactors `RegisterRunner` to extract the code that hashes the token,
moving this code to a method called `UpdateSecret` on `ActionRunner`.
A test for the method has been added.

The `RegisterRunner` function is updated so that:
- it relies on `ActionRunner.UpdateSecret` when creating new runners,
- it checks whether an existing runner's secret still matches the one
  passed on the command line,
- it updates the runner's secret if it wasn't created and it no longer
  matches.

A test has been added for the new behaviour.
2024-07-22 11:55:43 +02:00
Twenty Panda
f6000c3760 fix(actions): no edited event triggered when a title is changed
When the title of an issue or a pull request is changed, the edited
event must be triggered, in the same way it is when the body of the
description is changed.

The web endpoints and the API endpoints for both pull requests and
issues rely on issue_service.ChangeTitle which calls
notify_service.IssueChangeTitle.
2024-07-22 11:25:20 +02:00
Emmanuel BENOÎT
fdb1874ada feat(cli): add --keep-labels flag to forgejo actions register (#4610)
This commit adds a new flag, `--keep-labels`, to the runner registration CLI command. If this flag is present and the runner being registered already exists, it will prevent the runners' labels from being reset.

In order to accomplish this, the signature of the `RegisterRunner` function from the `models/actions` package has been modified so that the labels argument can be nil. If it is, the part of the function that updates the record will not change the runner.

Various tests have been added for this function, for the following cases: new runner with labels, new runner without label, existing runner with labels, existing runner without labels.

The flag has been added to the CLI command, the action function has been updated to read the labels parameters through a separate function (`getLabels`), and test cases for this function have been added.

<!--
Before submitting a PR, please read the contributing guidelines:
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/CONTRIBUTING.md
-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4610
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Emmanuel BENOÎT <tseeker@nocternity.net>
Co-committed-by: Emmanuel BENOÎT <tseeker@nocternity.net>
2024-07-22 07:33:45 +00:00
Earl Warren
8030ebf64c Merge pull request 'Update module xorm.io/xorm to v1.3.9 (forgejo)' (#4608) from renovate/forgejo-xorm.io-xorm-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4608
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-22 06:37:34 +00:00
Earl Warren
7511ae532e docs: add a PR checklist template (#4564)
Manual testing of  this template can be done with the new playground created for that purpose, see https://code.forgejo.org/forgejo/pr-and-issue-templates/pulls/19.

![image](/attachments/1ee36ae1-669f-47d8-8307-9734faa0dc2a)

## Testing instructions

* Fork https://code.forgejo.org/forgejo/pr-and-issue-templates
* Create a pull request against https://code.forgejo.org/forgejo/pr-and-issue-templates
* See that the commit message is on top and the checklist below it

---

Use cases:

* https://codeberg.org/forgejo/forgejo/pulls/4553
* https://codeberg.org/forgejo/forgejo/pulls/4554

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4564
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: twenty-panda <twenty-panda@noreply.codeberg.org>
Reviewed-by: thefox <thefox@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
2024-07-22 05:23:54 +00:00
Earl Warren
5a41d902bd Merge pull request 'Lock file maintenance (forgejo)' (#4616) from renovate/forgejo-lock-file-maintenance into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4616
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-22 04:34:15 +00:00
Earl Warren
b9272b2923 Merge pull request 'Update renovate to v37.438.2 (forgejo)' (#4615) from renovate/forgejo-renovate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4615
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-22 04:33:33 +00:00
Renovate Bot
fdf07888c3 Lock file maintenance 2024-07-22 00:07:27 +00:00
Renovate Bot
20de7e5fdf Update renovate to v37.438.2 2024-07-22 00:04:06 +00:00
Renovate Bot
1c63c47f5f Update module xorm.io/xorm to v1.3.9 2024-07-21 16:03:40 +00:00
0ko
78a0ca1c9d feat: allow .webp attachments by default 2024-07-21 13:01:08 +05:00
0ko
86298c5be2 Merge pull request 'English improvements' (#4599) from 0ko/forgejo:i18n-english-20240720 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4599
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-21 06:51:21 +00:00
Earl Warren
914f75533f Merge pull request '[BUG] Fix panic on too high page number' (#4603) from gusted/forgejo-commit-panic into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4603
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-07-21 05:59:40 +00:00
0ko
d3bb19e03b i18n(en): clarify texts on suspended account screen 2024-07-21 09:01:50 +05:00
0ko
19dbefc5c8 i18n(en): don't advertize trying to run Forgejo on Windows
Co-authored-by: Otto <fnetx@noreply.codeberg.org>
2024-07-21 09:01:32 +05:00
Gusted
15540445d9 Merge pull request '[BUG] Don't panic on empty blockquote' (#4602) from gusted/forgejo-md-panic into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4602
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-07-21 00:09:56 +00:00
Renovate Bot
ba7a442644 Update dependency monaco-editor to v0.50.0 2024-07-21 00:03:40 +00:00
Gusted
6a49e3f468
[BUG] Fix panic on too high page number
- Fixes a panic where the file history router would panic if the page
number was set to a page where no commits would be returned. It now
returns a 404 in such case.
- Regresion of a5b1c1b0b3
- Panic log provided by @algernon.
- Minimal integration test added.

Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-07-21 02:01:54 +02:00
Gusted
efd63ec1d8
[BUG] Don't panic on empty blockquote
- On a empty blockquote the callout feature would panic, as it expects
to always have at least one child.
- This panic cannot result in a DoS, because any panic that happens
while rendering any markdown input will be recovered gracefully.
- Adds a simple condition to avoid this panic.
2024-07-21 01:10:20 +02:00
forgejo-renovate-action
3beaee62bb Merge pull request 'Update dependency vue to v3.4.33 (forgejo)' (#4583) from renovate/forgejo-patch-vue-monorepo into forgejo 2024-07-20 17:44:11 +00:00
0ko
c235e9b919 ui: encourage participation in the localization of Forgejo in language settings (#4596)
Changes:
- clarify how the language selector works as this is not very unclear: the footer selector is per-session and the settings selector is per-account, usually users need the 2nd
- tell about how to participate in improvement of localization via this link: https://forgejo.org/docs/latest/developer/localization/. Test that the link is present by extending and existing test

Preview:
- https://codeberg.org/attachments/f5d04fa1-2e9a-46e4-ac94-d8effefb9762
- https://codeberg.org/attachments/2a820bf5-1326-4c4a-9aff-4b9b70ee1bc0

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4596
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-20 16:38:59 +00:00
Renovate Bot
f92bb4f8ee Update dependency vue to v3.4.33 2024-07-20 16:18:45 +00:00
Gusted
75af19a497 Merge pull request 'Remove APA as cite format' (#4595) from beowulf/remove-apa-cite-format into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4595
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-20 15:20:23 +00:00
0ko
db73870e0e i18n(en): clarify texts in modals for leaving orgs and teams 2024-07-20 19:29:12 +05:00
Beowulf
7dc0b2bab6
Remove APA as cite format
This removes APA as cite format, because it depends on an copyleft
dependency (https://github.com/Juris-M/citeproc-js).
2024-07-20 15:48:57 +02:00
Earl Warren
eb61437a52 Merge pull request '[UI] Convert milestone to HTMX' (#4542) from gusted/htmx-milestone into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4542
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-20 07:49:28 +00:00
Earl Warren
280db0bf37 Merge pull request '[CHORE] Use better license checker' (#4574) from gusted/forgejo-license-js into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4574
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-20 07:48:01 +00:00
Earl Warren
622479ef7f Merge pull request '[BUG] Add early-return to loading items from SpecList' (#4582) from gusted/forgejo-early-return into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4582
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-20 07:40:24 +00:00
0ko
f3207f92e7 Merge pull request '[UI] Replace vue-bar-graph with chart.js' (#4571) from gusted/forgejo-activity-bar into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4571
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-07-20 03:50:17 +00:00
Gusted
f7dac2c3d9
[BUG] Add early-return to loading items from SpecList
- Add an early-return to `LoadSchedules` and `LoadRepos` of the
`SpecList` type, @Beowulf noticed that useless queries were being run
every 30 seconds. These stemmed from these two functions being run even
if there were no scheduled actions.
- No tests were added, because there is zero testing infrastructure or
fixtures for the actions specifications models. I feel these are trivial
enough to not require any tests.
2024-07-20 01:27:11 +02:00
Gusted
2d3b7ae939 Merge pull request 'Update dependency dayjs to v1.11.12 (forgejo)' (#4575) from renovate/forgejo-dayjs-1.x into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4575
Reviewed-by: Beowulf <beowulf@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-19 23:04:08 +00:00
Gusted
a83002679d
[UI] Replace vue-bar-graph with chart.js
- The usage of the `vue-bar-graph` is complicated, because of the `GSAP`
dependency they pull in, the dependency uses a non-free license.
- The code is rewritten to use the `chart.js` library, which is already
used to draw other charts in the activity tab. Due to the limitation of
`chart.js`, we have to create a plugin in order to have images as labels
and do click handling for those images.
- The chart isn't the same as the previous one, once again simply due to
how `chart.js` works, the amount of commits isn't drawn anymore in the
bar, you instead have to hover over it or look at the y-axis.
- Resolves #4569
2024-07-19 21:07:18 +02:00
Gusted
06513103c9
[CHORE] Use better license checker
- The current way of detecting javascript licenses relies on
`license-checker-webpack-plugin`, which gets it information from
Webpack. However this isn't quite acurate as libraries might bundle
their dependencies into a output file, at which point Webpack no longer
sees that such dependency is used. For example, `vue-bar-graph` did
this which bundled `GSAP`.
- The new approach uses `license-checker-rseidelsohn`, which simply
scans all non-development (determined by `package.json`) packages and
read their LICENSE information, this might result in extra dependencies
being included into `license.txt` which aren't used in the final output
file (for example they would've been tree-shaken out by webpack), but
this takes a better safe than sorry approach as currently licenses are
missing from dependencies that are being bundled into Forgejo's
javascript code.
2024-07-19 19:49:29 +02:00
Renovate Bot
bf5db77aff Update dependency dayjs to v1.11.12 2024-07-19 00:03:48 +00:00
Earl Warren
3e8f975345 Merge pull request 'Remove hardcoded filenames for better readability' (#4225) from Xinayder/forgejo:alpine-noarch into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4225
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-18 13:28:09 +00:00
Codeberg Translate
a9d32b588a i18n: update of translations from Weblate (#4451)
Translations update from [Weblate](https://translate.codeberg.org) for [Forgejo/forgejo](https://translate.codeberg.org/projects/forgejo/forgejo/).

Current translation status:

![Weblate translation status](https://translate.codeberg.org/widget/forgejo/forgejo/horizontal-auto.svg)

Co-authored-by: Wuzzy <Wuzzy@users.noreply.translate.codeberg.org>
Co-authored-by: earl-warren <earl-warren@users.noreply.translate.codeberg.org>
Co-authored-by: 0ko <0ko@users.noreply.translate.codeberg.org>
Co-authored-by: manolosd <manolosd@users.noreply.translate.codeberg.org>
Co-authored-by: Nifou <Nifou@users.noreply.translate.codeberg.org>
Co-authored-by: kdh8219 <kdh8219@monamo.dev>
Co-authored-by: Kita Ikuyo <searinminecraft@courvix.com>
Co-authored-by: Anonymous <anonymous@users.noreply.translate.codeberg.org>
Co-authored-by: Fjuro <fjuro@alius.cz>
Co-authored-by: ch0ccyra1n <ch0ccyra1n@users.noreply.translate.codeberg.org>
Co-authored-by: mahlzahn <mahlzahn@users.noreply.translate.codeberg.org>
Co-authored-by: emansije <emansije@users.noreply.translate.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-authored-by: Xinayder <Xinayder@users.noreply.translate.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4451
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Codeberg Translate <translate@noreply.codeberg.org>
Co-committed-by: Codeberg Translate <translate@noreply.codeberg.org>
2024-07-18 05:14:01 +00:00