Commit graph

4063 commits

Author SHA1 Message Date
KN4CK3R
00705da102
Unify two factor check () ()
Backport of 

Fixes 

We have support for two factor logins with the normal web login and with
basic auth. For basic auth the two factor check was implemented at three
different places and you need to know that this check is necessary. This
PR moves the check into the basic auth itself.
2023-11-06 23:06:21 +01:00
Giteabot
2147bfde05
Fix package webhook () ()
Backport  by @lunny

Fix 

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-10-31 11:26:06 +01:00
Lunny Xiao
a1c232cae3
Revert "fix orphan check for deleted branch () ()" ()
Because branch table is created until 1.21
Fix 
2023-10-24 05:58:11 +00:00
Giteabot
63512cd15d
Fix label render containing invalid HTML () ()
Backport  by @earl-warren

- The label HTML contained a quote that wasn't being closed.

Refs: https://codeberg.org/forgejo/forgejo/pulls/1651

(cherry picked from commit e2bc2c9a1f)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-10-24 09:39:17 +08:00
Giteabot
ca4418eff1
Support allowed hosts for webhook to work with proxy () ()
Backport  by @wolfogre

When `webhook.PROXY_URL` has been set, the old code will check if the
proxy host is in `ALLOWED_HOST_LIST` or reject requests through the
proxy. It requires users to add the proxy host to `ALLOWED_HOST_LIST`.
However, it actually allows all requests to any port on the host, when
the proxy host is probably an internal address.

But things may be even worse. `ALLOWED_HOST_LIST` doesn't really work
when requests are sent to the allowed proxy, and the proxy could forward
them to any hosts.

This PR fixes it by:

- If the proxy has been set, always allow connectioins to the host and
port.
- Check `ALLOWED_HOST_LIST` before forwarding.

Co-authored-by: Jason Song <i@wolfogre.com>
2023-10-18 15:07:20 +02:00
Giteabot
acedf0f702
Fix git 2.11 error when checking IsEmpty () ()
Backport  by @wxiaoguang

Fix 

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-10-02 23:30:04 +08:00
Giteabot
2138661dae
fix orphan check for deleted branch () ()
Backport  by @earl-warren

- Modify the deleted branch orphan check to check for the new table
instead.
- Regression from 6e19484f4d
- Resolves https://codeberg.org/forgejo/forgejo/issues/1522

(cherry picked from commit c1d888686f)

Co-authored-by: Earl Warren <109468362+earl-warren@users.noreply.github.com>
Co-authored-by: Gusted <postmaster@gusted.xyz>
2023-09-28 11:16:05 +08:00
Giteabot
4b37eb2c23
Fix PushEvent NullPointerException jenkinsci/github-plugin () ()
Backport  by @Nabapadma-sarker

Fixes 

Co-authored-by: Nabapadma-sarker <nabapadmacse1991@gmail.com>
2023-09-25 07:02:08 +00:00
KN4CK3R
eae6985b63
Quote table release in sql queries () ()
Backport of 

Fixes 

`release` is a reserved keyword in MySql. I can't reproduce the issue on
my setup and we have a test for that code but it seems there can be
setups where it fails.
2023-09-24 01:48:50 +03:00
sebastian-sauer
d8b39324d7
Load reviewer before sending notification () ()
Fixes 
2023-09-13 15:32:58 -05:00
Lunny Xiao
9df573bddc
Fix context cache bug & enable context cache for dashabord commits' authors() ()
backport  

Unfortunately, when a system setting hasn't been stored in the database,
it cannot be cached.
Meanwhile, this PR also uses context cache for push email avatar display
which should avoid to read user table via email address again and again.

According to my local test, this should reduce dashboard elapsed time
from 150ms -> 80ms .
2023-09-13 15:15:00 +08:00
wxiaoguang
b0a405c5fa
Use secure cookie for HTTPS sites () ()
Backport 

If the AppURL(ROOT_URL) is an HTTPS URL, then the COOKIE_SECURE's
default value should be true.

And, if a user visits an "http" site with "https" AppURL, they won't be
able to login, and they should have been warned. The only problem is
that the "language" can't be set either in such case, while I think it
is not a serious problem, and it could be fixed easily if needed.
2023-09-11 09:59:00 +00:00
Giteabot
da7d7e60d8
Fix INI parsing for value with trailing slash () ()
Backport  by @wxiaoguang

Fix  (a temp fix)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-10 20:52:25 +02:00
wxiaoguang
e8da63c24e
Avoid double-unescaping of form value () ()
Backport 

The old `prepareQueryArg` did double-unescaping of form value.
2023-09-01 21:15:00 +08:00
Giteabot
41bae29f84
check blocklist for emails when adding them to account () ()
Backport  by @techknowlogick

Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2023-08-31 00:52:19 +00:00
Giteabot
c3d323fd85
Add fix incorrect can_create_org_repo for org owner team () ()
Backport  by @yp05327

Related to:  

In migration v109, we only added a new column `CanCreateOrgRepo` in Team
table, but not initial the value of it.
This may cause bug like .

Co-authored-by: yp05327 <576951401@qq.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-29 21:26:40 +00:00
Giteabot
4013f3f600
Fix some slice append usages () ()
Backport  by @harryzcy

Co-authored-by: Chongyi Zheng <git@zcy.dev>
Co-authored-by: delvh <dev.lh@web.de>
2023-08-29 16:13:24 +00:00
Lunny Xiao
b159ebbab7
Use docs.gitea.com instead of docs.gitea.io ()
backport 
2023-08-28 19:58:16 +08:00
Giteabot
a4b14638b5
Use correct minio error () ()
Backport  by @delvh

Previously, `err` was defined above, checked for `err == nil` and used
nowhere else.
Hence, the result of `convertMinioErr` would always be `nil`.
This leads to a NPE further down the line.
That is not intentional, it should convert the error of the most recent
operation, not one of its predecessors.

Found through
https://discord.com/channels/322538954119184384/322538954119184384/1143185780206993550.

Co-authored-by: delvh <dev.lh@web.de>
2023-08-21 16:51:30 +00:00
Giteabot
fe78aabc67
Add branch_filter to hooks API endpoints () ()
Backport  by @yardenshoham

We now include the branch filler in the response.

- Closes  

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: Yarden Shoham <git@yardenshoham.com>
2023-08-21 12:17:19 +00:00
Giteabot
7da85fa0c3
Sync repo's IsEmpty status correctly () ()
Backport  by @wxiaoguang

Close 

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-17 05:12:14 +00:00
Giteabot
4bdb8dd9cc
Detect ogg mime-type as audio or video () ()
Backport  by @wxiaoguang

"ogg" is just a "container" format for audio and video.

Golang's `DetectContentType` only reports "application/ogg" for
potential ogg files.

Actually it could do more "guess" to see whether it is a audio file or a
video file.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-15 11:15:26 +08:00
Giteabot
f1c5d33d3e
Fix storage path logic especially for relative paths () ()
Backport  by @lunny

This PR rewrites the function `getStorage` and make it more clear.

Include tests from , thanks @earl-warren

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Earl Warren <contact@earl-warren.org>
2023-08-13 22:38:18 -04:00
Giteabot
fe1b11b639
Close stdout correctly for "git blame" () ()
Backport  by @wxiaoguang

Close stdout correctly for "git blame", otherwise the failed "git blame"
would cause the request hanging forever.

And "os.Stderr" should never (seldom) be used as git command's stderr
(there seems some similar problems in code, they could be fixed later).

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-13 16:00:28 +08:00
Giteabot
80d7288ea4
Remove last newline from config file () ()
Backport  by @wxiaoguang

When users put the secrets into a file (GITEA__sec__KEY__FILE), the
newline sometimes is different to avoid (eg: echo/vim/...)

So the last newline could be removed when reading, it makes the users
easier to maintain the secret files.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-13 00:19:33 +08:00
Giteabot
2d1202b32c
Check first if minio bucket exists before trying to create it () ()
Backport  by @lunny

For some reason, the permission of the client_id and secret may cannot
create bucket, so now we will check whether bucket does exist first and
then try to create a bucket if it doesn't exist.

Try to fix 

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-08-12 09:00:51 +00:00
Giteabot
981ab48503
minio: add missing region on client initialization () ()
Backport  by @nekrondev

The MinIO client isn't redirecting to the correct AWS endpoint if a
non-default data center is used.

In my use case I created an AWS bucket at `eu-central-1` region. Because
of the missing region initialization of the client the default
`us-east-1` API endpoint is used returning a `301 Moved Permanently`
response that's not handled properly by MinIO client. This in return
aborts using S3 storage on AWS as the `BucketExists()` call will fail
with the http moved error.

MinIO client trace shows the issue:

```text
---------START-HTTP---------
HEAD / HTTP/1.1
Host: xxxxxxxxxxx-prod-gitea-data.s3.dualstack.us-east-1.amazonaws.com
User-Agent: MinIO (windows; amd64) minio-go/v7.0.61
Authorization: AWS4-HMAC-SHA256 Credential=**REDACTED**/20230809/accesspoint.eu-central-1/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=**REDACTED**
X-Amz-Content-Sha256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
X-Amz-Date: 20230809T141143Z

HTTP/1.1 301 Moved Permanently
Connection: close
Content-Type: application/xml
Date: Wed, 09 Aug 2023 14:11:43 GMT
Server: AmazonS3
X-Amz-Bucket-Region: eu-central-1
X-Amz-Id-2: UK7wfeYi0HcTcytNvQ3wTAZ5ZP1mOSMnvRZ9Fz4xXzeNsS47NB/KfFx2unFxo3L7XckHpMNPPVo=
X-Amz-Request-Id: S1V2MJV8SZ11GEVN
---------END-HTTP---------
```

Co-authored-by: nekrondev <heiko@noordsee.de>
Co-authored-by: Heiko Besemann <heiko.besemann@qbeyond.de>
2023-08-10 14:11:22 +00:00
wxiaoguang
8ad331c9d2
Fix admin queue page title and fix CI failures () ()
Backport 

* Fix 
* Bypass the data race issue in "ssh" package
2023-08-10 11:04:48 +02:00
Giteabot
2d1a7e1cd4
Introduce ctx.PathParamRaw to avoid incorrect unescaping () ()
Backport  by @wxiaoguang

Fix 

And complete an old TODO: `ctx.Params does un-escaping,..., which is
incorrect.`

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-09 07:31:44 +00:00
wxiaoguang
fa431b377d
Fix incorrect CLI exit code and duplicate error message () ()
Backport 

Follow the CLI refactoring, and add tests.
2023-08-05 23:37:04 +08:00
Giteabot
3e9475b3b2
Prevent newline errors with Debian packages () ()
Backport  by @KN4CK3R

Fixes 

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-08-05 11:41:30 +02:00
Giteabot
9451781ebe
Make git batch operations use parent context timeout instead of default timeout () ()
Backport  by @wxiaoguang

Fix 

Some git commands should use parent context, otherwise it would exit too
early (by the default timeout, 10m), and the "cmd.Wait" waits till the
pipes are closed.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-04 15:44:25 +02:00
Giteabot
88f6f7579c
Fix the wrong derive path () ()
Backport  by @lunny

This PR will fix , caused by .

The package configuration derive is totally wrong when storage type is
local in that PR.

This PR fixed the inherit logic when storage type is local with some
unit tests.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-04 06:24:13 +00:00
Giteabot
a57568bad7
Support getting changed files when commit ID is EmptySHA () ()
Backport  by @Zettat123

Fixes .

Co-Author: @wxiaoguang 

Thanks @lunny for providing this solution

As
https://github.com/go-gitea/gitea/issues/26270#issuecomment-1661695151
said, at present we cannot get the names of changed files correctly when
the `OldCommitID` is `EmptySHA`. In this PR, the `GetCommitFilesChanged`
method is added and will be used to get the changed files by commit ID.

References:
- https://stackoverflow.com/a/424142

Co-authored-by: Zettat123 <zettat123@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-04 03:27:45 +00:00
Giteabot
a758337046
Clarify the logger's MODE config option () ()
Backport  by @wxiaoguang

1. Fix the wrong document (add the missing `MODE=`)
2. Add a more friendly log message to tell users to add `MODE=` in their
config

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-08-02 01:08:28 +02:00
Giteabot
499c5594c3
Fix allowed user types setting problem () ()
Backport  by @lunny

Fix 

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-07-29 14:42:40 +08:00
Giteabot
892e24aaf1
Calculate MAX_WORKERS default value by CPU number () () 2023-07-27 19:24:07 +08:00
Lunny Xiao
c598741f01
Display deprecated warning in admin panel pages as well as in the log file () ()
backport  
Temporily resolve 
Related 

This PR includes  's changes but have a UI to prompt administrator
about the deprecated settings as well as the log or console warning.
Then users will have enough time to notice the problem and don't have
surprise like before.

<img width="1293" alt="图片"
src="https://github.com/go-gitea/gitea/assets/81045/c33355f0-1ea7-4fb3-ad43-cd23cd15391d">
2023-07-26 09:22:39 +00:00
Giteabot
782b137682
Fix incorrect router logger () ()
Backport  by @wxiaoguang

A low-level mistake:

* `log.Info` is global `Info` function, which calls "default" logger
* `logger.Info` is the for router's logger

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-26 08:37:43 +08:00
Giteabot
e2596b0a99
Avoid writing config file if not installed () ()
Backport  by @wxiaoguang

Just like others (oauth2 secret, internal token, etc), do not generate
if no install lock

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-25 13:31:50 +08:00
Giteabot
a424f6d4f8
Fix handling of Debian files with trailing slash () ()
Backport  by @KN4CK3R

Fixes 

- Fix handling of files with trailing slash
- Fix handling of duplicate package file errors
- Added test for both

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-07-24 14:56:13 +00:00
Giteabot
8d9193680d
Use stderr as fallback if the log file can't be opened () ()
Backport  by @wxiaoguang

If the log file can't be opened, what should it do? panic/exit? ignore
logs? fallback to stderr?

It seems that "fallback to stderr" is slightly better than others ....
2023-07-24 05:58:16 +00:00
Giteabot
8b002b429d
Adding remaining enum for migration repo model type. () ()
Backport  by @puni9869

Fixes: https://github.com/go-gitea/gitea/issues/26010

Adding remaining enum for migration repo model type.

Co-authored-by: puni9869 <80308335+puni9869@users.noreply.github.com>
2023-07-21 08:54:43 +02:00
Giteabot
4d5e3b9372
Fix env config parsing for "GITEA____APP_NAME" () ()
Backport  by @wxiaoguang

Regression of  

Fix the bug and add a test for it

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-20 11:56:36 +02:00
Giteabot
ee47face12
Update path related documents () ()
Backport  by @wxiaoguang

Update WorkPath/WORK_PATH related documents, remove out-dated
information.

Remove "StaticRootPath" on the admin config display page, because few
end user really need it, it only causes misconfiguration.


![image](https://github.com/go-gitea/gitea/assets/2114189/8095afa4-da76-436b-9e89-2a92c229c01d)

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-19 09:48:54 +00:00
wxiaoguang
5c3662b902
Avoid creating directories when loading config () ()
Backport 

The "creating dir/file during load config" is a longstanding and complex
problem.

This PR only does a quick patch, it still needs more refactorings in the
future.

Fix 
2023-07-18 20:24:07 +00:00
KN4CK3R
ab54310731
Disallow dangerous URL schemes () ()
Regression: https://github.com/go-gitea/gitea/pull/24805
Closes: 

- Disallow `javascript`, `vbscript` and `data` (data uri images still
work) url schemes even if all other schemes are allowed
- Fixed older `cbthunderlink` tests

---------

Co-authored-by: delvh <dev.lh@web.de>
2023-07-18 19:48:52 +00:00
Giteabot
9369b38315
Skip unuseful error message in dev mode when watching local filesystem () ()
Backport  by @wxiaoguang

Before, in dev mode, there might be some error logs like:

```
2023/07/17 13:54:51 ...s/assetfs/layered.go:221:WatchLocalChanges() [E] Unable to watch directory .: lstat /data/work/gitea/custom/templates: no such file or directory

```

Because there is no "custom/templates" directory.

After: ignore such error, no such error message anymore.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-07-17 10:26:29 +00:00
Giteabot
6e82d0bb7c
Add shutting down notice () ()
Backport  by @KN4CK3R

Got the same problem as  when updating an instance. The
`log.Fatal` should have been marked as breaking in .

This PR adds a notice that the system is shutting down because of the
deprecated setting.

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-07-17 09:44:10 +00:00
Giteabot
45b1f4dd3b
Add support for different Maven POM encoding () ()
Backport  by @KN4CK3R

Fixes 

- Maven POM files aren't always UTF-8 encoded.
- Reject the upload of unparsable POM files

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2023-07-14 10:27:15 +00:00