18262 Commits

Author SHA1 Message Date
Giteabot
0d1fc2b2e9 Fix delete branch perm checking (#32654) (#32707)
Backport #32654 by @lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-12-04 13:25:35 +08:00
Giteabot
a332805f6e Fix word overflow in file search page (#32695) (#32699)
Backport #32695 by yp05327

Co-authored-by: yp05327 <576951401@qq.com>
2024-12-04 08:19:43 +08:00
Giteabot
4b73e92264 Fix race condition in mermaid observer (#32599) (#32673)
Backport #32599 by william-allspice
2024-11-29 19:44:41 +08:00
Giteabot
27489f2e0b Don't create action when syncing mirror pull refs (#32659) (#32664)
Backport #32659 by @lunny

Fix #27961

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-29 02:13:16 +08:00
293355777f Add release note for v1.22.4 (#32513)
Add release note for v1.22.4

---------

Co-authored-by: Kyle D. <kdumontnu@gmail.com>
v1.22.4
2024-11-26 03:01:54 +08:00
cf1a38b03d Fix get reviewers' bug (#32415) (#32616)
This PR rewrites `GetReviewer` function and move it to service layer.

Reviewers should not be watchers, so that this PR removed all watchers
from reviewers. When the repository is under an organization, the pull
request unit read permission will be checked to resolve the bug of

Fix #32394
Backport #32415
2024-11-23 12:42:58 +08:00
073ba977fc Fix clean tmp dir (#32360) (#32593)
Backport #32360 

Try to fix #31792 

Credit to @jeroenlaylo
Copied from
https://github.com/go-gitea/gitea/issues/31792#issuecomment-2311920520

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-22 08:50:35 +00:00
2b8b2772fd Fix PR creation on forked repositories (#31863) (#32591)
Resolves #20475
Backport #31863

Co-authored-by: Job <LordChunk@users.noreply.github.com>
2024-11-22 08:12:40 +00:00
87ceecfb3a Fix the missing menu in organization project view page (#32313) (#32592)
Backport #32313 

#29248 didn't modify the view page.
The class name is not good enough, so this is a quick fix.

Before:
org:

![image](https://github.com/user-attachments/assets/3e26502d-66b4-4043-ab03-003ba7391487)
user:

![image](https://github.com/user-attachments/assets/9b22b90c-d63c-4228-acad-4d9fb20590ac)

After:
org:

![image](https://github.com/user-attachments/assets/21bf98a7-8a5b-4dc6-950a-88f529e36450)
user: (no change)

![image](https://github.com/user-attachments/assets/fea0dcae-3625-44e8-bb9e-4c3733da8764)

Co-authored-by: yp05327 <576951401@qq.com>
2024-11-22 01:50:34 +00:00
c2598b4642 Support HTTP POST requests to /userinfo, aligning to OpenID Core specification (#32578) (#32594) 2024-11-21 07:22:18 -08:00
a290aab0e8 Fix debian package clean up (#32351) (#32590)
Partially backport #32351
2024-11-21 06:27:02 +00:00
Giteabot
8f6cc95734 Fix GetInactiveUsers (#32540) (#32588)
Backport #32540 by @lunny

Fix #31480

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-21 13:25:36 +08:00
Rowan Bohde
0b5da27570 allow the actions user to login via the jwt token (#32527) (#32580)
Backport #32527

We have some actions that leverage the Gitea API that began receiving
401 errors, with a message that the user was not found. These actions
use the `ACTIONS_RUNTIME_TOKEN` env var in the actions job to
authenticate with the Gitea API. The format of this env var in actions
jobs changed with go-gitea/gitea/pull/28885 to be a JWT (with a
corresponding update to `act_runner`) Since it was a JWT, the OAuth
parsing logic attempted to parse it as an OAuth token, and would return
user not found, instead of falling back to look up the running task and
assigning it to the actions user.

Make ACTIONS_RUNTIME_TOKEN in action runners could be used, attempting
to parse Oauth JWTs. The code to parse potential old
`ACTION_RUNTIME_TOKEN` was kept in case someone is running an older
version of act_runner that doesn't support the Actions JWT.
2024-11-21 03:18:00 +00:00
81ec66c257 Fix submodule parsing (#32571) (#32577)
A quick fix for #32568
Partially backport from #32571
2024-11-21 10:32:19 +08:00
Giteabot
3661b14d97 Remove unnecessary code (#32560) (#32567)
Backport #32560 by @lunny

PushMirrors only be used in the repository setting page. So it should
not be loaded on every repository page.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-20 02:55:59 +08:00
cf2d332443 Refactor find forks and fix possible bugs that weak permissions check (#32528) (#32547)
Backport #32528

- Move models/GetForks to services/FindForks
- Add doer as a parameter of FindForks to check permissions
- Slight performance optimization for get forks API with batch loading
of repository units
- Add tests for forking repository to organizations

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-19 04:08:32 +00:00
Giteabot
1b7031c5c2 Fix some places which doesn't repsect org full name setting (#32243) (#32550)
Backport #32243 by @lunny

Partially fix #31345

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-19 02:49:29 +00:00
673fee427e Refactor push mirror find and add check for updating push mirror (#32539) (#32549)
backport #32539

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-18 23:55:27 +08:00
578c02d652 Improve some sanitizer rules (#32534)
This is a backport-only fix for 1.22

1.23 has a proper fix #32533
2024-11-18 03:42:30 +00:00
Giteabot
6555cfcac3 Fix basic auth with webauthn (#32531) (#32536)
Backport #32531 by @lunny

WebAuthn should behave the same way as TOTP. When enabled, basic auth
with username/password should need to WebAuthn auth, otherwise returned
401.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-16 18:21:00 +00:00
Giteabot
b6eef34874 Fix artifact v4 upload above 8MB (#31664) (#32523) 2024-11-16 09:15:33 -08:00
Giteabot
d03dd04d65 Remove transaction for archive download (#32186) (#32520)
Backport #32186 by @lunny

Since there is a status column in the database, the transaction is
unnecessary when downloading an archive. The transaction is blocking
database operations, especially with SQLite.

Replace #27563

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-15 10:27:38 +01:00
Giteabot
257ce61023 Fix oauth2 error handle not return immediately (#32514) (#32516)
Backport #32514 by lunny

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-15 11:27:04 +08:00
781310df77 Trim title before insert/update to database to match the size requirements of database (#32498) (#32507) 2024-11-14 18:06:31 -08:00
Giteabot
f79f8e13e3 Fix nil panic if repo doesn't exist (#32501) (#32502)
Backport #32501 by wxiaoguang

fix  #32496

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-14 04:47:04 +00:00
Giteabot
a4263d341c Add a doctor check to disable the "Actions" unit for mirrors (#32424) (#32497)
Backport #32424 by @Zettat123

Resolve #32232

Users can disable the "Actions" unit for all mirror repos by running 
```
gitea doctor check --run  disable-mirror-actions-unit --fix
```

Co-authored-by: Zettat123 <zettat123@gmail.com>
2024-11-13 18:47:56 +00:00
6543
52a66d78d4 Update nix development environment vor v1.22.x (#32495)
just bump:

 * golang:  v1.22.2 ->  v1.22.9
 * nodejs: v20.12.2 -> v20.18.0
 * python: v3.12.3 -> v3.12.7
2024-11-13 12:40:52 -05:00
ef339713c2 Refactor internal routers (partial backport, auth token const time comparing) (#32473) (#32479)
Partially backport #32473. LFS related changes are not in 1.22, so skip
them.

1. Ignore non-existing repos during migrations
2. Improve ReadBatchLine's comment
3. Use `X-Gitea-Internal-Auth` header for internal API calls and make
the comparing constant time (it wasn't a serous problem because in a
real world it's nearly impossible to timing-attack the token, but indeed
security related and good to fix and backport)
4. Fix route mock nil check
2024-11-13 10:26:37 +08:00
26437a03b0 Disable Oauth check if oauth disabled (#32368) (#32480)
Partially backport Disable Oauth check if oauth disabled #32368
2024-11-12 06:09:47 +00:00
Giteabot
b48df1082e cargo registry - respect renamed dependencies (#32430) (#32478)
Backport #32430 by usbalbin

Co-authored-by: Albin Hedman <albin9604@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-12 03:26:26 +00:00
Giteabot
eb5733636b Fix broken releases when re-pushing tags (#32435) (#32449)
Backport #32435 by @Zettat123

Fix #32427

---------

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-11-10 23:49:59 +00:00
Giteabot
62d8433194 Fix mermaid diagram height when initially hidden (#32457) (#32464)
Backport #32457 by @silverwind

In a hidden iframe, `document.body.clientHeight` is not reliable. Use
`IntersectionObserver` to detect the visibility change and update the
height there.

Fixes: https://github.com/go-gitea/gitea/issues/32392

<img width="885" alt="image"
src="https://github.com/user-attachments/assets/a95ef6aa-27e7-443f-9d06-400ef27919ae">

Co-authored-by: silverwind <me@silverwind.io>
2024-11-11 04:05:42 +08:00
Giteabot
22a93c1cdc Only provide the commit summary for Discord webhook push events (#32432) (#32447)
Backport #32432 by @kemzeb

Resolves #32371.

#31970 should have just showed the commit summary, but
`strings.SplitN()` was misused such that we did not perform any
splitting at all and just used the message. This was not caught in the
unit test made in that PR since the test commit summary was > 50 (which
truncated away the commit description).

This snapshot resolves this and adds another unit test to ensure that we
only show the commit summary.

Co-authored-by: Kemal Zebari <60799661+kemzeb@users.noreply.github.com>
2024-11-08 09:13:49 +08:00
16e51e91a1 Only query team tables if repository is under org when getting assignees (#32414) (#32426)
backport #32414 

It's unnecessary to query the team table if the repository is not under
organization when getting assignees.
2024-11-06 11:22:11 +08:00
936847b3da Quick fix milestone deadline 9999 for 1.22 (#32423) 2024-11-05 14:13:19 +08:00
7430d069b3 Fix created_unix for mirroring (#32342) (#32406)
Fix #32233
Backport #32342
2024-11-05 11:43:30 +08:00
a3b7b98336 Fix broken image when editing comment with non-image attachments (#32319) (#32345)
Backport #32319 

Fix #32316

---------

Co-authored-by: yp05327 <576951401@qq.com>
2024-11-02 13:34:09 +08:00
898f852d03 Fix missing signature key error when pulling Docker images with SERVE_DIRECT enabled (#32365) (#32397)
Backport #32365

Fix #28121

I did some tests and found that the `missing signature key` error is
caused by an incorrect `Content-Type` header. Gitea correctly sets the
`Content-Type` header when serving files.


348d1d0f32/routers/api/packages/container/container.go (L712-L717)
However, when `SERVE_DIRECT` is enabled, the `Content-Type` header may
be set to an incorrect value by the storage service. To fix this issue,
we can use query parameters to override response header values.

https://docs.aws.amazon.com/AmazonS3/latest/API/API_GetObject.html <img
width="600px"

src="https://github.com/user-attachments/assets/f2ff90f0-f1df-46f9-9680-b8120222c555"
/>

In this PR, I introduced a new parameter to the `URL` method to support
additional parameters.

```
URL(path, name string, reqParams url.Values) (*url.URL, error)
```
2024-11-01 03:53:59 +00:00
6543
9d62d7a443 Respect UI.ExploreDefaultSort setting again (#32357) (#32385)
Backport #32357

fix regression of https://github.com/go-gitea/gitea/pull/29430

---
*Sponsored by Kithara Software GmbH*
2024-10-31 13:49:09 +08:00
bf53ab26fa Fix disable 2fa bug (#32320) (#32330)
Backport #32320
2024-10-25 17:54:56 +08:00
0d11ba93dd Fix the permission check for user search API and limit the number of returned users for /user/search (#32310)
Partially backport #32288

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-10-23 04:56:13 +00:00
b7d12347f3 Add warn log when deleting inactive users (#32318) (#32321)
Backport #32318 

Add log for the problem #31480
2024-10-23 10:48:42 +08:00
6543
b6f8372d7d API: enhance SearchIssues swagger docs (#32208) (#32298)
Backport  #32208

This will result in better api clients generated out of the openapi docs for SearchIssues

---
*Sponsored by Kithara Software GmbH*
2024-10-21 08:32:34 +08:00
YR Chen
0c12252c23 Update github.com/go-enry/go-enry to v2.9.1 (#32295) (#32296)
Backport #32295

`go-enry` v2.9.1 includes latest file patterns from Linguist, which can
identify more generated file type, eg. `pdm.lock`.
2024-10-21 02:12:51 +08:00
99cac1f50c Always update expiration time when creating an artifact (#32281) (#32285)
Backport #32281

Fix #32256
2024-10-18 10:36:23 +08:00
a1012112796
2a99607add make show stats work when only one file changed (#32244) (#32268)
Backport #32244

fix https://github.com/go-gitea/gitea/issues/32226

in https://github.com/go-gitea/gitea/pull/27775 , it do some changes to
only show diff file tree when more than one file changed. But looks it
also break the `diff-file-list` logic, which looks not expected change.
so try fix it.

/cc @silverwind

example view:

![image](https://github.com/user-attachments/assets/281e9c4f-a269-4d36-94eb-a132058aea87)

Signed-off-by: a1012112796 <1012112796@qq.com>
2024-10-17 08:03:21 +00:00
cloudchamb3r
c1023b97aa [v1.22 backport] Fix null errors on conversation holder (#32258) (#32266) (#32282)
Backport #32266

fix #32258

Errors in the issue was due to unhandled null check. so i fixed it.

### Detailed description for Issue & Fix
To reproduce that issue, the comment must be deleted on Conversation
tab.
#### Before Delete
<img width="1032" alt="image"

src="https://github.com/user-attachments/assets/72df61ba-7db6-44c9-bebc-ca1178dd27f1">

#### After Delete (AS-IS)
<img width="1010" alt="image"

src="https://github.com/user-attachments/assets/36fa537e-4f8e-4535-8d02-e538c50f0dd8">

gitea already have remove logic for `timeline-item-group`, but because
of null ref exception the later logic that removes `timeline-item-group`
could be not be called correctly.
2024-10-17 13:34:39 +08:00
7e0fd4c208 Warn users when they try to use a non-root-url to sign in/up (#32272) (#32273) 2024-10-17 09:01:44 +08:00
db7349bc0d Make owner/repo/pulls handlers use "PR reader" permission (#32254) (#32265)
Backport #32254 (no conflict)
2024-10-15 22:32:54 +08:00
55562f9c79 Update scheduled tasks even if changes are pushed by "ActionsUser" (#32246) (#32252)
Backport #32246

Fix #32219

Co-authored-by: delvh <dev.lh@web.de>
2024-10-14 16:55:16 +08:00