Commit Graph

4461 Commits

Author SHA1 Message Date
Jason Song
5bdf805e05
Sync branches to DB immediately when handle git hook calling (#29493)
Unlike other async processing in the queue, we should sync branches to
the DB immediately when handling git hook calling. If it fails, users
can see the error message in the output of the git command.

It can avoid potential inconsistency issues, and help #29494.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-06 16:47:52 +08:00
wxiaoguang
5cddab4f74
Make wiki default branch name changable (#29603)
Fix #29000
Fix #28685
Fix #18568

Related: #27497

And by the way fix #24036, add a Cancel button there (one line)
2024-03-06 14:26:32 +08:00
wxiaoguang
61619c84d0
Fix 500 error when adding PR comment (#29622) 2024-03-06 13:09:38 +08:00
Zettat123
136dd99e86
Skip email domain check when admins edit user emails (#29609)
Follow #29522

Administrators should be able to set a user's email address even if the
email address is not in `EMAIL_DOMAIN_ALLOWLIST`
2024-03-05 16:51:56 +00:00
Zettat123
4fd9c56ed0
Skip email domain check when admin users adds user manually (#29522)
Fix #27457

Administrators should be able to manually create any user even if the
user's email address is not in `EMAIL_DOMAIN_ALLOWLIST`.
2024-03-05 05:55:47 +00:00
wxiaoguang
df1268ca08
Make "/user/login" page redirect if the current user has signed in (#29583)
Fix #29582 and maybe more.
Maybe fix #29116
2024-03-05 02:12:03 +00:00
Lunny Xiao
e91733468e
Add missing database transaction for new issue (#29490)
When creating an issue, inserting issue, assign users and set project
should be in the same transaction.
2024-03-04 11:24:02 +00:00
Lunny Xiao
e2277d07ca
Move some asymkey functions to service layer (#28894)
After the moving, all models will not depend on `util.Rename` so that I
can do next step refactoring.
2024-03-04 08:57:39 +00:00
KN4CK3R
c337ff0ec7
Add user blocking (#29028)
Fixes #17453

This PR adds the abbility to block a user from a personal account or
organization to restrict how the blocked user can interact with the
blocker. The docs explain what's the consequence of blocking a user.

Screenshots:


![grafik](https://github.com/go-gitea/gitea/assets/1666336/4ed884f3-e06a-4862-afd3-3b8aa2488dc6)


![grafik](https://github.com/go-gitea/gitea/assets/1666336/ae6d4981-f252-4f50-a429-04f0f9f1cdf1)


![grafik](https://github.com/go-gitea/gitea/assets/1666336/ca153599-5b0f-4b4a-90fe-18bdfd6f0b6b)

---------

Co-authored-by: Lauris BH <lauris@nix.lv>
2024-03-04 08:16:03 +00:00
Lunny Xiao
8e12ba34ba
Allow options to disable user ssh keys configuration from the interface on app.ini (#29447)
Follow #29275
Extract from #20549
Fix #24716

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-03-04 07:50:21 +00:00
Denys Konovalov
fe6792dff3
Enable/disable owner and repo projects independently (#28805)
Part of #23318 

Add menu in repo settings to allow for repo admin to decide not just if
projects are enabled or disabled per repo, but also which kind of
projects (repo-level/owner-level) are enabled. If repo projects
disabled, don't show the projects tab.


![grafik](https://github.com/go-gitea/gitea/assets/47871822/b9b43fb4-824b-47f9-b8e2-12004313647c)

---------

Co-authored-by: delvh <dev.lh@web.de>
2024-03-04 02:56:52 +00:00
wxiaoguang
8553b4600e
Add an trailing slash to dashboard links (#29555)
Fix #29533, and add some tests for "base/paginate.tmpl"
2024-03-04 01:02:51 +00:00
Nanguan Lin
6e2aafd513
Fix 500 when pushing release to an empty repo (#29554)
As title. 
The former code directly used `ctx.Repo.GitRepo`, causing 500.

22b4f0c09f/routers/api/v1/repo/release.go (L241)
2024-03-03 16:49:05 +00:00
Tim-Niclas Oelschläger
e3524c63d6
Filter Repositories by type (#29231)
Filter Repositories by type (resolves #1170, #1318)

before:

![image](https://github.com/go-gitea/gitea/assets/72873130/74e6be62-9010-4ab4-8f9b-bd8afbebb8fb)


after:

![image](https://github.com/go-gitea/gitea/assets/72873130/e4d85ed6-7864-4150-8d72-5194dac1293f)
2024-03-03 10:18:34 +00:00
wxiaoguang
44398e405f
Fix incorrect cookie path for AppSubURL (#29534)
Regression of #24107
2024-03-03 00:14:12 +00:00
6543
e3e6569c5f
Add option to set language in admin user view (#28449)
![image](https://github.com/go-gitea/gitea/assets/24977596/be7e3f92-af3f-4628-b4ed-abf6439687f3)
`/admin/users/<UserID>/edit`


![image](https://github.com/go-gitea/gitea/assets/24977596/906af0dd-cceb-4ed9-9cd9-32c71ae1bf71)
`/admin/users/<UserID>`

---
*Sponsored by Kithara Software GmbH*
2024-03-02 22:55:02 +01:00
Yarden Shoham
937e8b5514
Fix elipsis button not working if the last commit loading is deferred (#29544)
Before this change, if we had more than 200 entries being deferred in
loading, the entire table would get replaced thus losing any event
listeners attached to the elements within the table, such as the elipsis
button and commit list with tippy.

With this change we remove the previous javascript code that replaced
the table and use htmx to replace the table.

htmx attributes added:
- `hx-indicator="tr.notready td.message span"`: attach the loading
spinner to the files whose last commit is still being loaded
- `hx-trigger="load"` trigger the request-replace behavior as soon as
possible
- `hx-swap="morph"`: use the idiomorph morphing algorithm, this is the
thing that makes it so the elipsis button event listener is kept during
the replacement, fixing the bug because we don't actually replace the
table, only modifying it
- `hx-post="{{.LastCommitLoaderURL}}"`: make a post request to this url
to get the table with all of the commit information

As part of this change I removed the handling of partial replacement in
the case we have less than 200 "not ready" files. The first reason is
that I couldn't make htmx replace only a subset of returned elements,
the second reason is that we have a cache implemented in the backend
already so the only cost added is that we query the cache a few times
(which is sure to be populated due to the initial request), and the last
reason is that since the last refactor of this functionality that
removed jQuery we don't properly send the "not ready" entries as the
backend expects `FormData` with `f[]` and we send a JSON with `f` so we
always query for all rows anyway.

# Before

![before](https://github.com/go-gitea/gitea/assets/20454870/482ebfec-66c5-40cc-9c1e-e3b3bfe1bbc1)

# After

![after](https://github.com/go-gitea/gitea/assets/20454870/454c517e-3a4e-4006-a49f-99cc56e0fd60)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-03-02 19:31:59 +00:00
wxiaoguang
bf6502a8f7
Fix incorrect relative/absolute URL usages (#29531)
Add two "HTMLURL" methods for PackageDescriptor. 
And rename "FullWebLink" to "VersionWebLink"
2024-03-02 17:38:38 +00:00
KN4CK3R
70c126e618
Add support for API blob upload of release attachments (#29507)
Fixes #29502

Our endpoint is not Github compatible.


https://docs.github.com/en/rest/releases/assets?apiVersion=2022-11-28#upload-a-release-asset

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-03-02 17:02:01 +00:00
6543
a3f05d0d98
remove util.OptionalBool and related functions (#29513)
and migrate affected code

_last refactoring bits to replace **util.OptionalBool** with
**optional.Option[bool]**_
2024-03-02 16:42:31 +01:00
wxiaoguang
27deea7330
Make PR form use toast to show error message (#29545)
![image](https://github.com/go-gitea/gitea/assets/2114189/b7a14ed6-db89-4f21-a590-66cd33307233)
2024-03-02 15:05:07 +00:00
Lunny Xiao
cc27b50bdf
Fix a bug returning 404 when display a single tag with no release (#29466)
Partially caused by #29149 

When use

```go
releases, err := getReleaseInfos(ctx, &repo_model.FindReleasesOptions{
		ListOptions: db.ListOptions{Page: 1, PageSize: 1},
		RepoID:      ctx.Repo.Repository.ID,
		TagNames:    []string{ctx.Params("*")},
		// only show draft releases for users who can write, read-only users shouldn't see draft releases.
		IncludeDrafts: writeAccess,
	})
```
replace
```go
release, err := repo_model.GetRelease(ctx, ctx.Repo.Repository.ID, ctx.Params("*"))
```
It missed `IncludeTags: true,`. That means this bug will be occupied only when the release is a tag.
This PR will fix

 - Get the right tag record when it's not a release
 - Display correct tag tab but not release tag when it's a tag.
- The button will bring the tag name to the new page when it's a single tag page
- the new page will automatically hide the release target inputbox when the tag name is pre filled. This should be backport to v1.21.
2024-03-02 14:03:39 +00:00
wxiaoguang
e650f64d81
Fix incorrect redirection when creating a PR fails (#29537)
This is only a quick fix to make it easier to backport.

After this PR gets merged, I will propose a new PR to fix the FIXME.

<details>

![image](https://github.com/go-gitea/gitea/assets/2114189/98d1d5c4-2e79-4a75-80e9-76fd898986e0)

</details>
2024-03-02 12:45:14 +00:00
ChristopherHX
a53d268aca
Actions Artifacts v4 backend (#28965)
Fixes #28853 

Needs both https://gitea.com/gitea/act_runner/pulls/473 and
https://gitea.com/gitea/act_runner/pulls/471 on the runner side and
patched `actions/upload-artifact@v4` / `actions/download-artifact@v4`,
like `christopherhx/gitea-upload-artifact@v4` and
`christopherhx/gitea-download-artifact@v4`, to not return errors due to
GHES not beeing supported yet.
2024-03-02 09:12:17 +00:00
Lunny Xiao
9de5e39e25
Allow options to disable user gpg keys configuration from the interface on app.ini (#29486)
Follow #29447
Fix #29454 
Extract from #20549
2024-03-02 01:21:01 +00:00
wxiaoguang
4b8293aa09
Fix issue & comment history bugs (#29525)
* Follow #17746: `HasIssueContentHistory` should use expr builder to
make sure zero value (0) be respected.
* Add "doer" check to make sure `canSoftDeleteContentHistory` only be
called by sign-in users.
2024-03-01 16:46:02 +00:00
wxiaoguang
194479a741
Use a predictiable fork URL to allow forking repositories without providing a repo ID (#29519)
Close #29512

The "fork" URL:

* Before: `/repo/fork/{RepoID}`
* After: `/{OwnerName}/{RepoName}/fork`
2024-03-01 12:52:30 +00:00
wxiaoguang
fb42972c05
Rename Str2html to SanitizeHTML and clarify its behavior (#29516)
Str2html was abused a lot. So use a proper name for it: SanitizeHTML

And add some tests to show its behavior.
2024-03-01 10:16:19 +00:00
techknowlogick
cb52b17f92
Add admin API route for managing user's badges (#23106)
Fix #22785

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-01 03:23:28 -05:00
wxiaoguang
e71eb8930a
Refactor some Str2html code (#29397)
This PR touches the most interesting part of the "template refactoring".

1. Unclear variable type. Especially for "web/feed/convert.go":
sometimes it uses text, sometimes it uses HTML.
2. Assign text content to "RenderedContent" field, for example: `
project.RenderedContent = project.Description` in web/org/projects.go
3. Assign rendered content to text field, for example: `r.Note =
rendered content` in web/repo/release.go
4. (possible) Incorrectly calling `{{Str2html
.PackageDescriptor.Metadata.ReleaseNotes}}` in
package/content/nuget.tmpl, I guess the name Str2html misleads
developers to use it to "render string to html", but it only sanitizes.
if ReleaseNotes really contains HTML, then this is not a problem.
2024-03-01 07:11:51 +00:00
Lunny Xiao
58ce1de994
Move migration functions to services layer (#29497) 2024-03-01 02:23:00 +00:00
6543
f6656181e4
migrate some more "OptionalBool" to "Option[bool]" (#29479)
just some refactoring bits towards replacing **util.OptionalBool** with
**optional.Option[bool]**

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-29 18:52:49 +00:00
KN4CK3R
a6fd0176de
Fix wrong test usage of AppSubURL (#29459)
The tests use an invalid `setting.AppSubURL`. The wrong behaviour
disturbs other PRs like #29222 and #29427.
2024-02-29 03:39:24 +00:00
wxiaoguang
10cfa0879a
Fix incorrect user location link on profile page (#29474)
Fix #29472. Regression of #29236, a "if" check was missing.
2024-02-28 16:03:06 +00:00
Lunny Xiao
b5188cd55c
Move generate from module to service (#29465) 2024-02-28 14:40:36 +01:00
6543
274c0aea2e
Let ctx.FormOptionalBool() return optional.Option[bool] (#29461)
just some refactoring bits towards replacing **util.OptionalBool** with
**optional.Option[bool]**
2024-02-28 13:39:12 +08:00
Nanguan Lin
db545b208b
Implement actions badge svgs (#28102)
replace #27187 
close #23688
The badge has two parts: label(workflow name) and message(action
status). 5 colors are provided with 7 statuses.
Color mapping:
```go
var statusColorMap = map[actions_model.Status]string{
	actions_model.StatusSuccess:   "#4c1",    // Green
	actions_model.StatusSkipped:   "#dfb317", // Yellow
	actions_model.StatusUnknown:   "#97ca00", // Light Green
	actions_model.StatusFailure:   "#e05d44", // Red
	actions_model.StatusCancelled: "#fe7d37", // Orange
	actions_model.StatusWaiting:   "#dfb317", // Yellow
	actions_model.StatusRunning:   "#dfb317", // Yellow
	actions_model.StatusBlocked:   "#dfb317", // Yellow
}
```
preview:

![1](https://github.com/go-gitea/gitea/assets/70063547/5465cbaf-23cd-4437-9848-2738c3cb8985)

![2](https://github.com/go-gitea/gitea/assets/70063547/ec393d26-c6e6-4d38-b72c-51f2494c5e71)

![3](https://github.com/go-gitea/gitea/assets/70063547/3edb4fdf-1b08-4a02-ab2a-6bdd7f532fb2)

![4](https://github.com/go-gitea/gitea/assets/70063547/8c189de2-2169-4251-b115-0e39a52f3df8)

![5](https://github.com/go-gitea/gitea/assets/70063547/3fe22c73-c2d7-4fec-9ea4-c501a1e4e3bd)

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: delvh <dev.lh@web.de>
2024-02-27 18:56:18 +01:00
Lunny Xiao
e9f4c2db82
Fix missed return (#29450) 2024-02-27 15:09:13 +00:00
wxiaoguang
6bdfc84e6c
Allow to change primary email before account activation (#29412) 2024-02-27 10:55:13 +00:00
wxiaoguang
eedb8f4129
Only use supported sort order for "explore/users" page (#29430)
Thanks to inferenceus : some sort orders on the "explore/users" page
could list users by their lastlogintime/updatetime.

It leaks user's activity unintentionally. This PR makes that page only
use "supported" sort orders.

Removing the "sort orders" could also be a good solution, while IMO at
the moment keeping the "create time" and "name" orders is also fine, in
case some users would like to find a target user in the search result,
the "sort order" might help.

![image](https://github.com/go-gitea/gitea/assets/2114189/ce5c39c1-1e86-484a-80c3-33cac6419af8)
2024-02-27 17:10:51 +08:00
sillyguodong
bad4ad7018
Not trigger all jobs any more, when re-running the first job (#29439)
Previously, it will be treated as "re-run all jobs" when `jobIndex ==
0`. So when you click re-run button on the first job, it triggers all
the jobs actually.
2024-02-27 07:40:21 +00:00
Lunny Xiao
29f149bd9f
Move context from modules to services (#29440)
Since `modules/context` has to depend on `models` and many other
packages, it should be moved from `modules/context` to
`services/context` according to design principles. There is no logic
code change on this PR, only move packages.

- Move `code.gitea.io/gitea/modules/context` to
`code.gitea.io/gitea/services/context`
- Move `code.gitea.io/gitea/modules/contexttest` to
`code.gitea.io/gitea/services/contexttest` because of depending on
context
- Move `code.gitea.io/gitea/modules/upload` to
`code.gitea.io/gitea/services/context/upload` because of depending on
context
2024-02-27 08:12:22 +01:00
yp05327
f8c1efe944
Fix logic error from #28138 (#29417)
There's a miss in #28138:

![image](https://github.com/go-gitea/gitea/assets/18380374/b1e0c5fc-0e6e-44ab-9f6e-34bc8ffbe1cc)


https://github.com/go-gitea/gitea/pull/28138/files#diff-2556e62ad7204a230c91927a3f2115e25a2b688240d0ee1de6d34f0277f37dfeR162

@lunny 
Not sure about the impact of this, but it will only effect 1.22, and
maybe we should fix it ASAP.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-26 08:10:14 +00:00
qwerty287
65952417a8
Add API to get PR by base/head (#29242)
Closes https://github.com/go-gitea/gitea/issues/16289

Add a new API `/repos/{owner}/{repo}/pulls/{base}/{head}` to get a PR by
its base and head branch.
2024-02-26 02:39:01 +00:00
wxiaoguang
49e4826747
Refactor "user/active" related logic (#29390)
And add more tests. Remove a lot of fragile "if" blocks.

The old logic is kept as-is.
2024-02-25 21:55:00 +00:00
KN4CK3R
1c6858543c
Integrate alpine noarch packages into other architectures index (#29137)
Fixes #26691
Revert #24972

The alpine package manager expects `noarch` packages in the index of
other architectures too.

---------

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-02-25 15:10:55 +00:00
KN4CK3R
f79c9e817a
Use crypto/sha256 (#29386)
Go 1.21 improved the performance of `crypto/sha256`. It's now similar to
`minio/sha256-simd`, so we should just use the standard libs.

https://go.dev/doc/go1.21#crypto/sha256
https://go-review.googlesource.com/c/go/+/408795
https://github.com/multiformats/go-multihash/pull/173
2024-02-25 13:32:13 +00:00
Jimmy Praet
2e33671f2c
Add attachment support for code review comments (#29220)
Fixes #27960, #24411, #12183

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-25 06:00:55 +00:00
wxiaoguang
1ef87773b1
Refactor modules/git global variables (#29376)
Move some global variables into a struct to improve maintainability
2024-02-25 05:35:47 +00:00
wxiaoguang
10c7996b5a
Remove RenderEmojiPlain from template helper (#29375)
RenderEmojiPlain(emoji.ReplaceAliases) should be called explicitly for
some contents, but not for everything.

Actually in modern days, in most cases it doesn't need such
"ReplaceAliases". So only keep it for issue/PR titles.

If anyone really needs to do ReplaceAliases for some contents, I will
propose a following fix.
2024-02-24 22:34:51 +00:00
KN4CK3R
4197e28100
Refactor git attributes (#29356) 2024-02-24 18:46:49 +00:00
wxiaoguang
29a26d9d8c
Customizable "Open with" applications for repository clone (#29320)
Users could customize the "clone" menu with their own application URLs on the admin panel.

Replace #22378
Close #21121
Close #22149
2024-02-24 13:12:17 +00:00
Zettat123
c42083a339
Allow non-admin users to delete review requests (#29057)
Fix #14459

The following users can add/remove review requests of a PR
- the poster of the PR
- the owner or collaborators of the repository
- members with read permission on the pull requests unit
2024-02-24 12:38:43 +00:00
KN4CK3R
553d46e6f6
Do not double close reader (#29354)
Fixes #29346

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-24 11:45:59 +00:00
Şahin Akkaya
d3982bcd81
Implement recent commits graph (#29210)
This is the implementation of Recent Commits page. This feature was
mentioned on #18262.

It adds another tab to Activity page called Recent Commits. Recent
Commits tab shows number of commits since last year for the repository.
2024-02-24 10:22:51 +00:00
qwerty287
0a426cc575
Add API to get merged PR of a commit (#29243)
Adds a new API `/repos/{owner}/{repo}/commits/{sha}/pull` that allows
you to get the merged PR associated to a commit.

---------

Co-authored-by: 6543 <6543@obermui.de>
2024-02-24 08:18:39 +00:00
Lunny Xiao
b79c30435f
Use the database object format name but not read from git repoisitory everytime and fix possible migration wrong objectformat when migrating a sha256 repository (#29294)
Now we can get object format name from git command line or from the
database repository table. Assume the column is right, we don't need to
read from git command line every time.

This also fixed a possible bug that the object format is wrong when
migrating a sha256 repository from external.

<img width="658" alt="image"
src="https://github.com/go-gitea/gitea/assets/81045/6e9a9dcf-13bf-4267-928b-6bf2c2560423">
2024-02-24 06:55:19 +00:00
6543
4ba642d07d
Revert "Support SAML authentication (#25165)" (#29358)
This reverts #25165 (5bb8d1924d), as there
was a chance some important reviews got missed.

so after reverting this patch it will be resubmitted for reviewing again

https://github.com/go-gitea/gitea/pull/25165#issuecomment-1960670242

temporary Open #5512 again
2024-02-24 12:18:49 +08:00
Şahin Akkaya
875f5ea6d8
Implement code frequency graph (#29191)
### Overview
This is the implementation of Code Frequency page. This feature was
mentioned on these issues: #18262, #7392.


It adds another tab to Activity page called Code Frequency. Code
Frequency tab shows additions and deletions over time since the
repository existed.


Before:
<img width="1296" alt="image"
src="https://github.com/go-gitea/gitea/assets/32161460/2603504f-aee7-4929-a8c4-fb3412a7a0f6">

After:
<img width="1296" alt="image"
src="https://github.com/go-gitea/gitea/assets/32161460/58c03721-729f-4536-a663-9f337f240963">

---


#### Features
- See additions deletions over time since repository existed
- Click on "Additions" or "Deletions" legend to show only one type of
contribution
- Use the same cache from Contributors page so that the loading of data
will be fast once it is cached by visiting either one of the pages

---------

Co-authored-by: Giteabot <teabot@gitea.io>
2024-02-23 23:41:24 +00:00
Carlos Felgueiras
6f6120dfa8
Fix validity of the FROM email address not being checked (#29347)
Fixes #27188.
Introduces a check on the installation that tries to parse the FROM
address. If it fails, shows a new error message to the user.

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2024-02-23 23:02:14 +00:00
Lunny Xiao
3ef6252e06
Allow options to disable user deletion from the interface on app.ini (#29275)
Extract from #20549

This PR added a new option on app.ini `[admin]USER_DISABLED_FEATURES` to
allow the site administrator to disable users visiting deletion user
interface or allow.
This options are also potentially allowed to define more features in
future PRs.

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-23 07:24:04 +00:00
6543
7fbdb60fc1
Start to migrate from util.OptionalBool to optional.Option[bool] (#29329)
just create transition helper and migrate two structs
2024-02-23 02:18:33 +00:00
Tim-Nicas Oelschläger
532e422027
Unify organizations header (#29248)
Unify organizations header

before:

![image](https://github.com/go-gitea/gitea/assets/72873130/74474e0d-33c3-4bbf-9324-d130ea2c62f8)

after:

![image](https://github.com/go-gitea/gitea/assets/72873130/1c65de0d-fa0f-4b17-ab8d-067de8c7113b)

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-02-23 01:24:57 +01:00
techknowlogick
5bb8d1924d
Support SAML authentication (#25165)
Closes https://github.com/go-gitea/gitea/issues/5512

This PR adds basic SAML support
- Adds SAML 2.0 as an auth source
- Adds SAML configuration documentation
- Adds integration test:
- Use bare-bones SAML IdP to test protocol flow and test account is
linked successfully (only runs on Postgres by default)
- Adds documentation for configuring and running SAML integration test
locally

Future PRs:
- Support group mapping
- Support auto-registration (account linking)

Co-Authored-By: @jackHay22

---------

Co-authored-by: jackHay22 <jack@allspice.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: morphelinho <morphelinho@users.noreply.github.com>
Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: silverwind <me@silverwind.io>
2024-02-23 00:08:17 +00:00
wxiaoguang
c9d0e63c20
Remove unnecessary "Str2html" modifier from templates (#29319)
Follow #29165
2024-02-22 18:05:47 +00:00
Zettat123
79217ea63c
Fix error display when merging PRs (#29288)
Partially fix #29071, regression of Modernize merge button #28140 

Fix some missing `Redirect` -> `JSONRedirect`.

Thanks @yp05327 for the help in
https://github.com/go-gitea/gitea/issues/29071#issuecomment-1931261075
2024-02-21 19:40:46 +08:00
Jason Song
22b8de85dd
Do not use ctx.Doer when reset password (#29289)
Fix #29278.

Caused by a small typo in #28733
2024-02-21 12:57:22 +08:00
vincent
35d5e4aea4
Fix content size does not match error when uploading lfs file (#29259)
![image](https://github.com/go-gitea/gitea/assets/38434877/cd726b4d-4771-4547-8aee-ae4e4b56b1d1)
When we update an lfs file by API
`api/v1/repos/{owner}/{repo}/contents/{filepath}`, there will show an
error

```json
{
  "message": "Put \"05904d6c7b\": readfrom tcp [::1]:57300->[::1]:9000: content size does not match",
  "url": "http://localhost:3000/api/swagger"
}
```

The reason of this error is
https://github.com/go-gitea/gitea/blob/main/services/repository/files/update.go,
in this file, the `file.ContentReader` been used twice. So when use
`file.ContentReader` in the second time, the `i` of this Reader has been
updated to the length of the content. it will return 0 and an `io.EOF`
error when we try to read cotent from this Reader.
2024-02-19 14:50:03 +00:00
Şahin Akkaya
39a77d92d9
Deduplicate translations for contributors graph (#29256)
I have implemented three graph pages
([contributors](https://github.com/go-gitea/gitea/pull/27882), [code
frequency](https://github.com/go-gitea/gitea/pull/29191) and [recent
commits](https://github.com/go-gitea/gitea/pull/29210)) and they have
all same page title as the tab name so I decided to use same
translations for them. This PR is for contributors graph. Other PR's
have their own respective commits.
2024-02-19 12:47:38 +00:00
KN4CK3R
7e8ff70940
Show commit status for releases (#29149)
Fixes #29082

![grafik](https://github.com/go-gitea/gitea/assets/1666336/bb2ccde1-ee99-459d-9e74-0fb8ea79e8b3)
2024-02-19 10:27:05 +00:00
Markus Amshove
a11ccc9fcd
Disallow merge when required checked are missing (#29143)
fixes #21892 

This PR disallows merging a PR when not all commit status contexts
configured in the branch protection are met.

Previously, the PR was happy to merge when one commit status was
successful and the other contexts weren't reported.

Any feedback is welcome, first time Go :-)
I'm also not sure if the changes in the template break something else

Given the following branch protection:


![branch_protection](https://github.com/go-gitea/gitea/assets/2401875/f871b4e4-138b-435a-b496-f9ad432e3dec)

This was shown before the change:


![before](https://github.com/go-gitea/gitea/assets/2401875/60424ff0-ee09-4fa0-856e-64e6e3fb0612)

With the change, it is now shown as this:


![after](https://github.com/go-gitea/gitea/assets/2401875/4e464142-efb1-4889-8166-eb3be26c8f3d)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-19 09:57:08 +00:00
FuXiaoHei
67adc5c1dc
Artifact deletion in actions ui (#27172)
Add deletion link in runs view page.
Fix #26315


![image](https://github.com/go-gitea/gitea/assets/2142787/aa65a4ab-f434-4deb-b953-21e63c212033)

When click deletion button. It marks this artifact `need-delete`.

This artifact would be deleted when actions cleanup cron task.
2024-02-18 10:33:50 +00:00
wxiaoguang
31bb9f3247
Refactor more code in templates (#29236)
Follow #29165. 

* Introduce JSONTemplate to help to render JSON templates
* Introduce JSEscapeSafe for templates. Now only use `{{ ... |
JSEscape}}` instead of `{{ ... | JSEscape | Safe}}`
* Simplify "UserLocationMapURL" useage
2024-02-18 10:52:02 +01:00
Jimmy Praet
22b9c2c95c
Load outdated comments when (un)resolving conversation on PR timeline (#29203)
Relates to #28654, #29039 and #29050.

The "show outdated comments" flag should only apply to the file diff
view.
On the PR timeline, outdated comments are always shown.
So they should also be loaded when (un)resolving a conversation on the
timeline page.
2024-02-17 14:07:56 +00:00
Yarden Shoham
aa6f88638f
Fix missing template for follow button in organization (#29215)
Leftover from https://github.com/go-gitea/gitea/pull/29005

# Before

![before](https://github.com/go-gitea/gitea/assets/20454870/24c74278-ccac-4dc6-bf26-713e90c07239)

# After

![after](https://github.com/go-gitea/gitea/assets/20454870/f91d503b-87d4-4c17-a56c-9c0a81fd9082)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
2024-02-17 13:42:52 +00:00
yp05327
68227996a7
Fix broken following organization (#29005)
- following organization is broken from #28908
- add login check for the follow button in organization profile page
2024-02-17 13:13:37 +08:00
wxiaoguang
45c15387b2
Refactor JWT secret generating & decoding code (#29172)
Old code is not consistent for generating & decoding the JWT secrets.

Now, the callers only need to use 2 consistent functions:
NewJwtSecretWithBase64 and DecodeJwtSecretBase64

And remove a non-common function Base64FixedDecode from util.go
2024-02-16 15:18:30 +00:00
Yarden Shoham
c70f65e83b
Auto-update the system status in admin dashboard (#29163)
- Refactor the system status list into its own template
- Change the backend to return only the system status if htmx initiated
the request
- `hx-get="{{$.Link}}/system_status`: reuse the backend handler
- `hx-swap="innerHTML"`: replace the `<div>`'s innerHTML (essentially
the new template)
- `hx-trigger="every 5s"`: call every 5 seconds
- `hx-indicator=".divider"`: the `is-loading` class shouldn't be added
to the div during the request, so set it on an element it has no effect
on
- Render "Since Last GC Time" with `<relative-time>`, so we send a
timestamp

# Auto-update in action GIF

![action](https://github.com/go-gitea/gitea/assets/20454870/c6e1f220-f0fb-4460-ac3b-59f315e30e29)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-02-16 02:52:25 +00:00
Şahin Akkaya
21331be30c
Implement contributors graph (#27882)
Continuation of https://github.com/go-gitea/gitea/pull/25439. Fixes #847

Before:
<img width="1296" alt="image"
src="https://github.com/go-gitea/gitea/assets/32161460/24571ac8-b254-43c9-b178-97340f0dc8a9">

----
After:
<img width="1296" alt="image"
src="https://github.com/go-gitea/gitea/assets/32161460/c60b2459-9d10-4d42-8d83-d5ef0f45bf94">

---
#### Overview
This is the implementation of a requested feature: Contributors graph
(#847)

It makes Activity page a multi-tab page and adds a new tab called
Contributors. Contributors tab shows the contribution graphs over time
since the repository existed. It also shows per user contribution graphs
for top 100 contributors. Top 100 is calculated based on the selected
contribution type (commits, additions or deletions).

---
#### Demo
(The demo is a bit old but still a good example to show off the main
features)

<video src="https://github.com/go-gitea/gitea/assets/32161460/9f68103f-8145-4cc2-94bc-5546daae7014" controls width="320" height="240">
  <a href="https://github.com/go-gitea/gitea/assets/32161460/9f68103f-8145-4cc2-94bc-5546daae7014">Download</a>
</video>


#### Features:

- Select contribution type (commits, additions or deletions)
- See overall and per user contribution graphs for the selected
contribution type
- Zoom and pan on graphs to see them in detail
- See top 100 contributors based on the selected contribution type and
selected time range
- Go directly to users' profile by clicking their name if they are
registered gitea users
- Cache the results so that when the same repository is visited again
fetching data will be faster


---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: hiifong <i@hiif.ong>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: yp05327 <576951401@qq.com>
2024-02-15 23:21:13 +01:00
KN4CK3R
07597c71a4
Add support for action artifact serve direct (#29120)
Fixes #29093
2024-02-15 20:39:50 +00:00
6543
702a876453
Advertise WebAuthn support (#29176)
This well-known indicates for password manager, that passkeys are supported.

source:
https://android-developers.googleblog.com/2023/10/make-passkey-endpoints-well-known-url-part-of-your-passkey-implementation.html

spec:
https://github.com/ms-id-standards/MSIdentityStandardsExplainers/blob/main/PasskeyEndpointsWellKnownUrl/explainer.md
2024-02-15 17:49:13 +00:00
Tim-Nicas Oelschläger
374e886f51
Change webhook-type in create-view (#29114)
It's now possible to change webhook-type in create-view.

before:

![image](https://github.com/go-gitea/gitea/assets/72873130/9ee1b9fb-843b-4f28-b8d6-6361e5d184f1)

after:

![image](https://github.com/go-gitea/gitea/assets/72873130/9dbf058f-5912-43af-9acd-487271212f2d)

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-02-15 14:59:48 +01:00
wxiaoguang
f3eb835886
Refactor locale&string&template related code (#29165)
Clarify when "string" should be used (and be escaped), and when
"template.HTML" should be used (no need to escape)

And help PRs like  #29059 , to render the error messages correctly.
2024-02-14 21:48:45 +00:00
KN4CK3R
94d06be035
Extract linguist code to method (#29168) 2024-02-14 18:50:31 +00:00
techknowlogick
a346a8c852
bump to use go 1.22 (#29119) 2024-02-14 18:19:57 +00:00
Chris Copeland
47b5965862
Add merge style fast-forward-only (#28954)
With this option, it is possible to require a linear commit history with
the following benefits over the next best option `Rebase+fast-forward`:
The original commits continue existing, with the original signatures
continuing to stay valid instead of being rewritten, there is no merge
commit, and reverting commits becomes easier.

Closes #24906
2024-02-12 23:37:23 +01:00
wxiaoguang
ee242a08e9
Refactor issue template parsing and fix API endpoint (#29069)
The old code `GetTemplatesFromDefaultBranch(...) ([]*api.IssueTemplate,
map[string]error)` doesn't really follow Golang's habits, then the
second returned value might be misused. For example, the API function
`GetIssueTemplates` incorrectly checked the second returned value and
always responds 500 error.

This PR refactors GetTemplatesFromDefaultBranch to
ParseTemplatesFromDefaultBranch and clarifies its behavior, and fixes the
API endpoint bug, and adds some tests.

And by the way, add proper prefix `X-` for the header generated in
`checkDeprecatedAuthMethods`, because non-standard HTTP headers should
have `X-` prefix, and it is also consistent with the new code in
`GetIssueTemplates`
2024-02-12 05:04:10 +00:00
KN4CK3R
da2f03750f
Display friendly error message (#29105)
`ctx.Error` only displays the text but `ctx.ServerError` renders the
usual error page.
2024-02-08 22:01:19 +00:00
CEnnis91
6be3fda6fc
Fix swift packages not resolving (#29095)
Fixes #29094
2024-02-08 14:45:44 +08:00
wxiaoguang
a4859dcfea
Improve user experience for outdated comments (#29050)
Try to improve #28949

1. Make `ctx.Data["ShowOutdatedComments"] = true` by default: it brings
consistent user experience, and sometimes the "outdated (source
changed)" comments are still valuable.
2. Show a friendly message if the comment won't show, then the end users
won't fell that "the comment disappears" (it is the special case when
`ShowOutdatedComments = false`)
2024-02-08 01:50:48 +00:00
Yarden Shoham
6992ef98fc
Don't do a full page load when clicking Watch or Star (#29001)
- The watch/unwatch button and star/unstar get their own template
- The backend returns HTML instead of redirect

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2024-02-05 09:56:20 +00:00
Lunny Xiao
9bb1adf8ea
Move some repository transfer functions to service layer (#28855) 2024-02-05 06:17:23 +00:00
KN4CK3R
f8b471ace1
Unify user update methods (#28733)
Fixes #28660
Fixes an admin api bug related to `user.LoginSource`
Fixed `/user/emails` response not identical to GitHub api

This PR unifies the user update methods. The goal is to keep the logic
only at one place (having audit logs in mind). For example, do the
password checks only in one method not everywhere a password is updated.

After that PR is merged, the user creation should be next.
2024-02-04 13:29:09 +00:00
wxiaoguang
b4513f48ce
Do not render empty comments (#29039)
Follow #28654

The `comments` might be empty, so the templates shouldn't (and couldn't)
use it to render. When there is no comment, the UI should also be
updated to empty, so returning an empty body is good enough.
2024-02-04 13:05:01 +00:00
silverwind
a6cea59514
Update tool dependencies (#29030) 2024-02-02 19:11:39 -05:00
ChristopherHX
a9bc590d5d
Add artifacts v4 jwt to job message and accept it (#28885)
This change allows act_runner / actions_runner to use jwt tokens for
`ACTIONS_RUNTIME_TOKEN` that are compatible with
actions/upload-artifact@v4.

The official Artifact actions are now validating and extracting the jwt
claim scp to get the runid and jobid, the old artifact backend also
needs to accept the same token jwt.

---
Related to #28853

I'm not familar with the auth system, maybe you know how to improve this

I have tested
- the jwt token is a valid token for artifact uploading
- the jwt token can be parsed by actions/upload-artifact@v4 and passes
their scp claim validation

Next steps would be a new artifacts@v4 backend.

~~I'm linking the act_runner change soonish.~~
act_runner change to make the change effective and use jwt tokens
<https://gitea.com/gitea/act_runner/pulls/471>
2024-02-02 14:25:59 +00:00
KN4CK3R
c3e462921e
Improve user search display name (#29002)
I tripped over this strange method and I don't think we need that
workaround to fix the value.

old:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/c8b6797b-eb45-4dec-99db-1b0649a34ec5)

new:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/ab1a65ae-de5b-4ce4-9813-3b8b39c7922e)

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-01 17:10:16 +00:00
Lunny Xiao
3b50dd95ce
Some refactor for git http (#28995)
# Purpose

This PR makes git http related functions use the same `context.Context`
so they can be maintained easier.
2024-01-31 15:23:22 +00:00
Zettat123
adc3598a75
Fix an actions schedule bug (#28942)
In #28691, schedule plans will be deleted when a repo's actions unit is
disabled. But when the unit is enabled, the schedule plans won't be
created again.

This PR fixes the bug. The schedule plans will be created again when the
actions unit is re-enabled
2024-01-31 14:55:12 +00:00
Yarden Shoham
3e8414179c
Introduce htmx and use it to avoid full page load on Subscribe and Follow (#28908)
- Closes https://github.com/go-gitea/gitea/issues/28880

This change introduces htmx with the hope we could use it to make Gitea
more reactive while keeping our "HTML rendered on the server" approach.

- Add `htmx.js` that imports `htmx.org` and initializes error toasts
- Place `hx-headers='{"x-csrf-token": "{{.CsrfToken}}"}'` on the
`<body>` tag so every request that htmx sends is authenticated
- Place `hx-swap="outerHTML"` on the `<body>` tag so the response of
each htmx request replaces the tag it targets (as opposed to its inner
content)
- Place `hx-push-url="false"` on the `<body>` tag so no changes to the
URL happen in `<form>` tags
- Add the `is-loading` class during request

### Error toasts in action


![errors](https://github.com/go-gitea/gitea/assets/20454870/181a1beb-1cb8-4858-abe8-fa1fc3f5b8f3)

## Don't do a full page load when clicking the subscribe button
- Refactor the form around the subscribe button into its own template
- Use htmx to perform the form submission
- `hx-boost="true"` to prevent the default form submission behavior of a
full page load
- `hx-sync="this:replace"` to replace the current request (in case the
button is clicked again before the response is returned)
  - `hx-target="this"` to replace the form tag with the new form tag
- Change the backend response to return a `<form>` tag instead of a
redirect to the issue page

### Before


![subscribe_before](https://github.com/go-gitea/gitea/assets/20454870/cb2439a2-c3c0-425c-8d3c-5d646b1cdc28)

### After


![subscribe_after](https://github.com/go-gitea/gitea/assets/20454870/6fcd77d8-7b11-40b0-af4f-b152aaad787c)

## Don't do a full page load when clicking the follow button
- Use htmx to perform the button request
- `hx-post="{{.ContextUser.HomeLink}}?action=follow"` to send a POST
request to follow the user
- `hx-target="#profile-avatar-card"` to target the card div for
replacement
- `hx-indicator="#profile-avatar-card"` to place the loading indicator
on the card
- Change the backend response to return a `<div>` tag (the card) instead
of a redirect to the user page

### Before


![follow_before](https://github.com/go-gitea/gitea/assets/20454870/a210b643-6e74-4ff9-8e61-d658c62edf1f)

### After


![follow_after](https://github.com/go-gitea/gitea/assets/20454870/5bb19ae9-0d59-4ae3-b538-4c83334e4722)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: 6543 <m.huber@kithara.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-01-30 15:45:54 +01:00