0
0
mirror of https://github.com/go-gitea/gitea.git synced 2024-12-05 02:59:13 +01:00
Commit Graph

18676 Commits

Author SHA1 Message Date
Simon Pistache
2abef971dc
fix(#32667): 🐛 Fixe a keystring misuse and refactor duplicates keystrings (#32668)
- Fixes a translation keystring misuse where the string 'open
milestones' is used in place of 'closed milestones'.
- De-duplicates the use of 'open milesones' and 'closed milestones'
keystrings on the sidebar of an issue, reusing the ones on the issues
filter and action bars.
- Closes #32667

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-01 10:14:56 +08:00
Lunny Xiao
79d593a9be
Split mail sender sub package from mailer service package (#32618)
Move all mail sender related codes into a sub package of
services/mailer. Just move, no code change.
Then we just have dependencies on go-mail package in the new sub
package. We can use other package to replace it because it's
unmaintainable. ref #18664
2024-11-30 01:15:41 +00:00
Zettat123
fd3aa5bedb
Fix a bug in actions artifact test (#32672)
This bug exists in `TestActionsArtifactDownload`.


a1f56f83bf/tests/integration/api_actions_artifact_test.go (L123-L134)

We assert that `listResp.Count` is `2`, so `artifactIdx` could be `0` or `1`.

a1f56f83bf/tests/integration/api_actions_artifact_test.go (L144-L147)

Then we assert that the length of `downloadResp.Value` is `1`. If
`artifactIdx` is `1` at this point, the assertion on Line 147 will throw
an `index out of range` error.
2024-11-29 20:32:10 +00:00
Lunny Xiao
1ed5f379b9
Move GetFeeds to service layer (#32526)
Move GetFeeds from models to service layer, no code change.
2024-11-29 17:53:49 +00:00
wxiaoguang
93640993e3
Refactor render system (orgmode) (#32671)
Close  #29100
2024-11-29 16:08:29 +08:00
silverwind
a1f56f83bf
Improve diff file tree (#32658)
- Unfolded directories now show a "open" icon
- Prevent accidential text selection while toggling directories
- Increase vertical item padding from 3px to 6px

<img width="257" alt="image"
src="https://github.com/user-attachments/assets/d5372306-a666-4732-827e-3ddeee3c711e">
2024-11-28 12:25:21 +00:00
Lunny Xiao
00f8090de4
Don't create action when syncing mirror pull refs (#32659)
Fix #27961
2024-11-28 07:43:38 +00:00
Pedro Nishiyama
1b296ed1a4
Allow users with write permission to run actions (#32644)
---
I have a use case where I need a team to be able to run actions without
admin access.
2024-11-28 07:18:23 +00:00
Rowan Bohde
16a7d343d7
Validate OAuth Redirect URIs (#32643)
This fixes a TODO in the code to validate the RedirectURIs when adding
or editing an OAuth application in user settings.

This also includes a refactor of the user settings tests to only create
the DB once per top-level test to avoid reloading fixtures.
2024-11-28 10:50:27 +08:00
Kerwin Bryant
68d9f36543
Allow cropping an avatar before setting it (#32565)
Provide a cropping tool on the avatar editing page, allowing users to
select the cropping area themselves. This way, users can decide the
displayed area of the image, rather than us deciding for them.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-11-28 02:15:59 +00:00
silverwind
f1bea3c3b8
Add webpack EnvironmentPlugin (#32661)
Fixes: https://github.com/go-gitea/gitea/issues/32660

Environment vars in Webpack need to be declared in the config, otherwise
they will not be elimininated during compilation.
2024-11-28 01:50:54 +00:00
Lunny Xiao
f62f68cbdd
Move team related functions to service layer (#32537)
There are still some functions under `models` after last big refactor
about `models`. This change will move all team related functions to
service layer with no code change.
2024-11-27 21:12:26 +00:00
wxiaoguang
5a50b271e7
Make frontend unit test code could know it is in testing (#32656)
See the comment of isInFrontendUnitTest
2024-11-28 01:40:32 +08:00
6543
846f618716
Add priority to protected branch (#32286)
## Solves

Currently for rules to re-order them you have to alter the creation
date. so you basicly have to delete and recreate them in the right
order. This is more than just inconvinient ...

## Solution

Add a new col for prioritization

## Demo WebUI Video

https://github.com/user-attachments/assets/92182a31-9705-4ac5-b6e3-9bb74108cbd1


---
*Sponsored by Kithara Software GmbH*
2024-11-27 05:41:06 +01:00
silverwind
3fc1bbe971
Regenerate fomantic package-lock.json (#32650)
Fixes: https://github.com/go-gitea/gitea/security/dependabot/83
Fixes: https://github.com/go-gitea/gitea/security/dependabot/84

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-27 04:04:12 +00:00
wxiaoguang
6e507c45ed
Fix global form submit event (#32652) 2024-11-27 11:54:50 +08:00
Lunny Xiao
f49d82309b
Introduce OrgList and add LoadTeams, optimaze Load teams for orgs (#32543) 2024-11-26 21:55:06 +00:00
wxiaoguang
b6ce2d6dc9
Refactor markup render system (#32645)
This PR mainly removes some global variables, moves some code and
renames some functions to make code clearer.

This PR also removes a testing-only option ForceHardLineBreak during
refactoring since the behavior is clear now.
2024-11-26 16:46:02 +00:00
hiifong
87bb5ed0bc
Fix: passkey login not working anymore (#32623)
Quick fix #32595, use authenticator auth flags to login

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-26 16:04:17 +00:00
wxiaoguang
0f4b0cf892
Refactor some frontend problems (#32646)
1. correct the modal usage on "admin email list" page (then
`web_src/js/features/admin/emails.ts` is removed)
2. use `addDelegatedEventListener` instead of `jQuery().on`
3. more jQuery related changes and remove jQuery from
`web_src/js/features/common-button.ts`
4. improve `confirmModal` to make it support header, and remove
incorrect double-escaping
5. fix more typescript related types
6. fine tune devtest pages and add more tests
2024-11-26 15:36:55 +00:00
wxiaoguang
722e703c6b
Bypass vitest bug (#32647) 2024-11-26 23:10:45 +08:00
william-allspice
88f5d33ab2
Fix race condition in mermaid observer (#32599)
This Pull Request addresses a race condition in the updateIframeHeight
function where it is sometimes called when the iframe is not fully
loaded or accessible resulting in an alarming error message for the
user.

To address this we:
1. Add defensive programming within the updateIframeHeight function
2. Delay instantiating the intersection observer until the iframe has
loaded

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-26 06:37:24 +00:00
wxiaoguang
9ed768adc4
Improve oauth2 scope token handling (#32633) 2024-11-26 02:03:02 +00:00
Kerwin Bryant
25cacaf0aa
Fixed Issue of Review Menu Shown Behind (#32631)
Fixed #31144 

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-26 09:24:56 +08:00
Lunny Xiao
703be6bf30
Add github compatible tarball download API endpoints (#32572)
Fix #29654 
Fix #32481
2024-11-25 19:35:49 +00:00
wxiaoguang
44909f6e2c
Fix markup render regression and fix some tests (#32640)
Fix #32639,
https://github.com/go-gitea/gitea/issues/32608#issuecomment-2497918210

By the way, fix some incorrect SQLs (use single quote but not double
quote)
2024-11-26 03:04:55 +08:00
wxiaoguang
5d57c287fb
Fix sqlite3 test (#32622) 2024-11-25 06:10:11 +00:00
Lunny Xiao
c363bd06e9
Strict pagination check (#32548) 2024-11-25 09:56:50 +08:00
wxiaoguang
633785a5f3
Refactor markup render system (#32612)
This PR removes (almost) all path tricks, and introduces "renderhelper"
package.

Now we can clearly see the rendering behaviors for comment/file/wiki,
more details are in "renderhelper" tests.

Fix #31411 , fix #18592, fix #25632 and maybe more problems. (ps: fix
#32608 by the way)
2024-11-24 16:18:57 +08:00
silverwind
fa175c1694
Add vue-tsc (#32601)
As per https://vuejs.org/guide/typescript/overview#overview,
typescript's `tsc` does not support importing `.vue` files from `.ts`
files, so we need to use `vue-tsc` which patches in that support. Added
a convenience alias `make tsc` to run it.
2024-11-23 23:02:37 +00:00
Michael Owoc
713364fc71
Support optional/configurable IAMEndpoint for Minio Client (#32581) (#32581)
Targeting issue #32271

This modification allows native Kubernetes + AWS (EKS) authentication
with the Minio client, to Amazon S3 using the IRSA role assigned to a
Service account by replacing the hard coded reference to the
`DefaultIAMRoleEndpoint` with an optional configurable endpoint.

Internally, Minio's `credentials.IAM` provider implements a discovery
flow for IAM Endpoints if it is not set.

For backwards compatibility: 
- We have added a configuration mechanism for an `IamEndpoint` to retain
the unit test safety in `minio_test.go`.
- We believe existing clients will continue to function the same without
needing to provide a new config property since the internals of Minio
client also often resolve to the `http://169.254.169.254` default
endpoint that was being hard coded before

To test, we were able to build a docker image from source and, observe
it choosing the expected IAM endpoint, and see files uploaded via the
client.
2024-11-22 20:12:06 +00:00
Yarden Shoham
f2a9951741
Update the list of watchers and stargazers when clicking watch/unwatch or star/unstar (#32570)
We make sure the user cards are updated

- Fixes https://github.com/go-gitea/gitea/issues/32561

I also removed `ctx.Data["PageIsWatchers"] = true` and
`ctx.Data["PageIsStargazers"] = true` as they are not used anywhere.

# Before

![before](https://github.com/user-attachments/assets/e3bc3235-35eb-4eda-862d-bdf2510282ea)

# After

![after](https://github.com/user-attachments/assets/bc0488a5-8399-4cf6-95c9-17328a9702eb)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-11-22 18:51:51 +00:00
hiifong
ae90b21db0
Apply to became a maintainer (#32614)
[PRs
list](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+author%3Ahiifong+is%3Aclosed+is%3Amerged)
2024-11-22 18:26:05 +00:00
Lunny Xiao
fe49cb0243
Fix get reviewers' bug (#32415)
This PR rewrites `GetReviewer` function and move it to service layer.

Reviewers should not be watchers, so that this PR removed all watchers
from reviewers. When the repository is under an organization, the pull
request unit read permission will be checked to resolve the bug of
#32394

Fix #32394
2024-11-22 10:44:48 -05:00
Kerwin Bryant
bc7d599030
Fix issues with inconsistent spacing in areas (#32607)
Fix issues with inconsistent spacing in areas where the branch_dropdown
component is used.
before:

![1732238359257](https://github.com/user-attachments/assets/38edda1f-ec4e-419e-9264-68009375d177)

![1732238334410](https://github.com/user-attachments/assets/c4770aea-bc83-477c-9b6a-632f984c0d7d)

after:

![1732238273317](https://github.com/user-attachments/assets/4d05068e-db97-45af-86c4-29442dff1bdf)

![1732238723881](https://github.com/user-attachments/assets/69acd286-f79b-44fe-ad73-2d5fc6dfc98c)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-22 06:12:50 +00:00
wxiaoguang
c4e27cb27b
Refactor markup render system (#32589)
This PR mainly moves some code and introduces `RenderContext.WithXxx`
functions
2024-11-22 05:48:09 +00:00
Kerwin Bryant
81ac8d914c
Style unification for the issue_management area (#32605)
Style unification for the issue_management area (consistent across the
layout

before:

![1732237277916](https://github.com/user-attachments/assets/52a20b2d-d6a4-4118-9cdf-9b377115b7f7)

![1732237288802](https://github.com/user-attachments/assets/05592fe8-cab2-412b-99bc-f0a201c08413)

![1732237299849](https://github.com/user-attachments/assets/8be4a891-c514-4983-bad4-fcc5a7a9d838)

after:

![1732237471086](https://github.com/user-attachments/assets/0bd19ef6-79c1-490a-8ffa-6a42208befd9)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-22 04:33:31 +00:00
Marcell Mars
a3881ffa3d
Enhancing Gitea OAuth2 Provider with Granular Scopes for Resource Access (#32573)
Resolve #31609

This PR was initiated following my personal research to find the
lightest possible Single Sign-On solution for self-hosted setups. The
existing solutions often seemed too enterprise-oriented, involving many
moving parts and services, demanding significant resources while
promising planetary-scale capabilities. Others were adequate in
supporting basic OAuth2 flows but lacked proper user management
features, such as a change password UI.

Gitea hits the sweet spot for me, provided it supports more granular
access permissions for resources under users who accept the OAuth2
application.

This PR aims to introduce granularity in handling user resources as
nonintrusively and simply as possible. It allows third parties to inform
users about their intent to not ask for the full access and instead
request a specific, reduced scope. If the provided scopes are **only**
the typical ones for OIDC/OAuth2—`openid`, `profile`, `email`, and
`groups`—everything remains unchanged (currently full access to user's
resources). Additionally, this PR supports processing scopes already
introduced with [personal
tokens](https://docs.gitea.com/development/oauth2-provider#scopes) (e.g.
`read:user`, `write:issue`, `read:group`, `write:repository`...)

Personal tokens define scopes around specific resources: user info,
repositories, issues, packages, organizations, notifications,
miscellaneous, admin, and activitypub, with access delineated by read
and/or write permissions.

The initial case I wanted to address was to have Gitea act as an OAuth2
Identity Provider. To achieve that, with this PR, I would only add
`openid public-only` to provide access token to the third party to
authenticate the Gitea's user but no further access to the API and users
resources.

Another example: if a third party wanted to interact solely with Issues,
it would need to add `read:user` (for authorization) and
`read:issue`/`write:issue` to manage Issues.

My approach is based on my understanding of how scopes can be utilized,
supported by examples like [Sample Use Cases: Scopes and
Claims](https://auth0.com/docs/get-started/apis/scopes/sample-use-cases-scopes-and-claims)
on auth0.com.

I renamed `CheckOAuthAccessToken` to `GetOAuthAccessTokenScopeAndUserID`
so now it returns AccessTokenScope and user's ID. In the case of
additional scopes in `userIDFromToken` the default `all` would be
reduced to whatever was asked via those scopes. The main difference is
the opportunity to reduce the permissions from `all`, as is currently
the case, to what is provided by the additional scopes described above.

Screenshots:

![Screenshot_20241121_121405](https://github.com/user-attachments/assets/29deaed7-4333-4b02-8898-b822e6f2463e)

![Screenshot_20241121_120211](https://github.com/user-attachments/assets/7a4a4ef7-409c-4116-9d5f-2fe00eb37167)

![Screenshot_20241121_120119](https://github.com/user-attachments/assets/aa52c1a2-212d-4e64-bcdf-7122cee49eb6)

![Screenshot_20241121_120018](https://github.com/user-attachments/assets/9eac318c-e381-4ea9-9e2c-3a3f60319e47)
---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-22 12:06:41 +08:00
Lunny Xiao
a175f9805c
Add line-through for deleted branch on pull request view page (#32500)
Base branch deleted

![图片](https://github.com/user-attachments/assets/bc45aa33-d514-47c8-885a-de9732f2f3d5)

branch deleted comment

![图片](https://github.com/user-attachments/assets/83729bbb-2ee8-4bd3-b6f1-780d2daad3d4)

Head branch deleted

![图片](https://github.com/user-attachments/assets/90120b22-34a9-4387-aae9-5c882e8d421a)
2024-11-21 17:04:18 +00:00
wxiaoguang
a32cfb2a8d
Fix issue sidebar regression (#32598) 2024-11-22 00:38:34 +08:00
wxiaoguang
e90753a712
Fix PR diff review form submit (#32596)
Fix #31622, there is a longstanding bug in #19612, 
it doesn't handle submit event, correctly.
2024-11-21 14:09:16 +00:00
silverwind
675c288811
Fix some typescript issues (#32586)
Fixes around 30 or so typescript errors. No runtime changes.
2024-11-21 13:57:42 +00:00
Lunny Xiao
9bf821ae6c
Fix GetInactiveUsers (#32540)
Fix #31480
2024-11-21 04:55:32 +00:00
Rowan Bohde
9ac74a1a40
disable gravatar in test (#32529)
When running e2e tests on flaky networks, gravatar can cause a timeout
and test failures. Turn off, and populate avatars on e2e test suite run
to make them reliable.
2024-11-21 04:30:48 +00:00
silverwind
d11f8d24b0
Add 'Copy path' button to file view (#32584)
Also adds a tooltip which is replicated to the same button in the diff
box. Fixes: https://github.com/go-gitea/gitea/issues/32583
2024-11-21 04:03:17 +00:00
wxiaoguang
07373f1d5d
Improve issue sidebar UI (#32587)
1. remove duplicate dividers
2. align reviewer items
3. merge & remove unused CSS styles


Before:

<details>


![image](https://github.com/user-attachments/assets/1b3121ee-b5fa-4fe9-b0f2-344d96dc5fbc)


![image](https://github.com/user-attachments/assets/ba8b97e6-114d-488c-adee-48f6c7a3b580)

</details>

After:

<details>


![image](https://github.com/user-attachments/assets/978eab3e-a5d7-4b68-90ce-079b61994d25)


![image](https://github.com/user-attachments/assets/a8b58a27-dd05-4c8d-be60-816439ce77c6)


![image](https://github.com/user-attachments/assets/b7e6a16c-bf98-4465-a805-9f4a642d366e)

</details>
2024-11-21 03:31:54 +00:00
Kerwin Bryant
efb55cd8ef
Supplement and Improvement for #32558 (#32585)
Thank you for @wxiaoguang's reminders and suggestions:
https://github.com/go-gitea/gitea/pull/32558#discussion_r1849972913
2024-11-21 02:42:37 +00:00
a1012112796
23d0f9083e
make search box in issue sidebar dropdown list always show when scrolling (#32576)
as title, replace #31597 after #32460 

---------

Signed-off-by: a1012112796 <1012112796@qq.com>
2024-11-21 09:23:50 +08:00
Lunny Xiao
33850a83fe
Fix submodule parsing (#32571)
Fix #32568, parse `.gitmodules` correctly

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-20 19:26:12 +00:00
Rowan Bohde
407b6e6dfc
allow the actions user to login via the jwt token (#32527)
We have some actions that leverage the Gitea API that began receiving
401 errors, with a message that the user was not found. These actions
use the `ACTIONS_RUNTIME_TOKEN` env var in the actions job to
authenticate with the Gitea API. The format of this env var in actions
jobs changed with go-gitea/gitea/pull/28885 to be a JWT (with a
corresponding update to `act_runner`) Since it was a JWT, the OAuth
parsing logic attempted to parse it as an OAuth token, and would return
user not found, instead of falling back to look up the running task and
assigning it to the actions user.

Make ACTIONS_RUNTIME_TOKEN in action runners could be used,
attempting to parse Oauth JWTs. The code to parse potential old
`ACTION_RUNTIME_TOKEN` was kept in case someone is running an older
version of act_runner that doesn't support the Actions JWT.
2024-11-20 15:24:09 +00:00