Commit Graph

18685 Commits

Author SHA1 Message Date
KN4CK3R
136408307c
Add Swift login endpoint (#32693)
Fix #32683

This PR adds the login endpoint and fixes the documentation links.
2024-12-03 16:24:16 +00:00
Lunny Xiao
829c34129c
Quick fix for license file name (#32696) 2024-12-03 07:59:07 -08:00
Kerwin Bryant
576e31ae3b
Add "View all branches/tags" entry to Branch Selector (#32653)
![image](https://github.com/user-attachments/assets/7b62a38f-36d5-452a-8a97-204842c68b2e)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-02 20:19:27 +00:00
wxiaoguang
13fbab5cf4
Remove all "floated" CSS styles (#32691)
flex but don't float

diff with ignoring spaces :
https://github.com/go-gitea/gitea/pull/32691/files?diff=split&w=1

related pages:

### admin users

![image](https://github.com/user-attachments/assets/40dd4c46-3f5b-4a68-89b0-d0a9a806f1fc)

### milestone

![image](https://github.com/user-attachments/assets/e3efb630-f07c-4c9d-b877-71e28cddcdce)

### user account setting

![image](https://github.com/user-attachments/assets/d15609ee-016d-4aee-999a-b5455fe6185c)
2024-12-03 03:54:33 +08:00
Kerwin Bryant
9a494af125
Optimize the styling of icon buttons within file-header-right (#32675)
Optimize partial layout and styling to achieve uniformity and
consistency.

Some buttons's structure is `<a><span><svg/></span></a>`, while others
buttons's structure is `<a><svg/></a>`. Additionally, some buttons have
icons that are **14** in size, while others have icons that are **16**.
Now, the layout has been unified to structure `<a><svg/></a>`, and the
icon size for all buttons has been standardized to the default size of
**16**.

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-02 22:36:16 +08:00
metiftikci
2824ae2128
fix: show tag name on branch/tag selector if repo shown from tag ref (#32689) 2024-12-02 13:34:16 +00:00
wxiaoguang
e3e32605a1
Refactor RepoBranchTagSelector (#32681) 2024-12-02 01:41:32 +00:00
wxiaoguang
def13ece7c
Allow to disable the password-based login (sign-in) form (#32687)
Usually enterprise/organization users would like to only allow OAuth2
login.

This PR adds a new config option to disable the password-based login
form. It is a simple and clear approach and won't block the future
login-system refactoring works.

Fix a TODO in #24821

Replace  #21851

Close #7633 , close #13606
2024-12-02 02:03:15 +08:00
wxiaoguang
1bb1a51f47
Fix JS error when reply comment on Conversation page (#32685)
Fix #32684, regression of #32596 (side-effect of jQuery removal: jQuery could tolerate non-existing elements)
And fix another regression bug from #30453 (initCompReactionSelector double-init)
2024-12-02 00:13:58 +08:00
Simon Pistache
2abef971dc
fix(#32667): ๐Ÿ› Fixe a keystring misuse and refactor duplicates keystrings (#32668)
- Fixes a translation keystring misuse where the string 'open
milestones' is used in place of 'closed milestones'.
- De-duplicates the use of 'open milesones' and 'closed milestones'
keystrings on the sidebar of an issue, reusing the ones on the issues
filter and action bars.
- Closes #32667

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-12-01 10:14:56 +08:00
Lunny Xiao
79d593a9be
Split mail sender sub package from mailer service package (#32618)
Move all mail sender related codes into a sub package of
services/mailer. Just move, no code change.
Then we just have dependencies on go-mail package in the new sub
package. We can use other package to replace it because it's
unmaintainable. ref #18664
2024-11-30 01:15:41 +00:00
Zettat123
fd3aa5bedb
Fix a bug in actions artifact test (#32672)
This bug exists in `TestActionsArtifactDownload`.


a1f56f83bf/tests/integration/api_actions_artifact_test.go (L123-L134)

We assert that `listResp.Count` is `2`, so `artifactIdx` could be `0` or `1`.

a1f56f83bf/tests/integration/api_actions_artifact_test.go (L144-L147)

Then we assert that the length of `downloadResp.Value` is `1`. If
`artifactIdx` is `1` at this point, the assertion on Line 147 will throw
an `index out of range` error.
2024-11-29 20:32:10 +00:00
Lunny Xiao
1ed5f379b9
Move GetFeeds to service layer (#32526)
Move GetFeeds from models to service layer, no code change.
2024-11-29 17:53:49 +00:00
wxiaoguang
93640993e3
Refactor render system (orgmode) (#32671)
Close  #29100
2024-11-29 16:08:29 +08:00
silverwind
a1f56f83bf
Improve diff file tree (#32658)
- Unfolded directories now show a "open" icon
- Prevent accidential text selection while toggling directories
- Increase vertical item padding from 3px to 6px

<img width="257" alt="image"
src="https://github.com/user-attachments/assets/d5372306-a666-4732-827e-3ddeee3c711e">
2024-11-28 12:25:21 +00:00
Lunny Xiao
00f8090de4
Don't create action when syncing mirror pull refs (#32659)
Fix #27961
2024-11-28 07:43:38 +00:00
Pedro Nishiyama
1b296ed1a4
Allow users with write permission to run actions (#32644)
---
I have a use case where I need a team to be able to run actions without
admin access.
2024-11-28 07:18:23 +00:00
Rowan Bohde
16a7d343d7
Validate OAuth Redirect URIs (#32643)
This fixes a TODO in the code to validate the RedirectURIs when adding
or editing an OAuth application in user settings.

This also includes a refactor of the user settings tests to only create
the DB once per top-level test to avoid reloading fixtures.
2024-11-28 10:50:27 +08:00
Kerwin Bryant
68d9f36543
Allow cropping an avatar before setting it (#32565)
Provide a cropping tool on the avatar editing page, allowing users to
select the cropping area themselves. This way, users can decide the
displayed area of the image, rather than us deciding for them.

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-11-28 02:15:59 +00:00
silverwind
f1bea3c3b8
Add webpack EnvironmentPlugin (#32661)
Fixes: https://github.com/go-gitea/gitea/issues/32660

Environment vars in Webpack need to be declared in the config, otherwise
they will not be elimininated during compilation.
2024-11-28 01:50:54 +00:00
Lunny Xiao
f62f68cbdd
Move team related functions to service layer (#32537)
There are still some functions under `models` after last big refactor
about `models`. This change will move all team related functions to
service layer with no code change.
2024-11-27 21:12:26 +00:00
wxiaoguang
5a50b271e7
Make frontend unit test code could know it is in testing (#32656)
See the comment of isInFrontendUnitTest
2024-11-28 01:40:32 +08:00
6543
846f618716
Add priority to protected branch (#32286)
## Solves

Currently for rules to re-order them you have to alter the creation
date. so you basicly have to delete and recreate them in the right
order. This is more than just inconvinient ...

## Solution

Add a new col for prioritization

## Demo WebUI Video

https://github.com/user-attachments/assets/92182a31-9705-4ac5-b6e3-9bb74108cbd1


---
*Sponsored by Kithara Software GmbH*
2024-11-27 05:41:06 +01:00
silverwind
3fc1bbe971
Regenerate fomantic package-lock.json (#32650)
Fixes: https://github.com/go-gitea/gitea/security/dependabot/83
Fixes: https://github.com/go-gitea/gitea/security/dependabot/84

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-27 04:04:12 +00:00
wxiaoguang
6e507c45ed
Fix global form submit event (#32652) 2024-11-27 11:54:50 +08:00
Lunny Xiao
f49d82309b
Introduce OrgList and add LoadTeams, optimaze Load teams for orgs (#32543) 2024-11-26 21:55:06 +00:00
wxiaoguang
b6ce2d6dc9
Refactor markup render system (#32645)
This PR mainly removes some global variables, moves some code and
renames some functions to make code clearer.

This PR also removes a testing-only option ForceHardLineBreak during
refactoring since the behavior is clear now.
2024-11-26 16:46:02 +00:00
hiifong
87bb5ed0bc
Fix: passkey login not working anymore (#32623)
Quick fix #32595, use authenticator auth flags to login

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-26 16:04:17 +00:00
wxiaoguang
0f4b0cf892
Refactor some frontend problems (#32646)
1. correct the modal usage on "admin email list" page (then
`web_src/js/features/admin/emails.ts` is removed)
2. use `addDelegatedEventListener` instead of `jQuery().on`
3. more jQuery related changes and remove jQuery from
`web_src/js/features/common-button.ts`
4. improve `confirmModal` to make it support header, and remove
incorrect double-escaping
5. fix more typescript related types
6. fine tune devtest pages and add more tests
2024-11-26 15:36:55 +00:00
wxiaoguang
722e703c6b
Bypass vitest bug (#32647) 2024-11-26 23:10:45 +08:00
william-allspice
88f5d33ab2
Fix race condition in mermaid observer (#32599)
This Pull Request addresses a race condition in the updateIframeHeight
function where it is sometimes called when the iframe is not fully
loaded or accessible resulting in an alarming error message for the
user.

To address this we:
1. Add defensive programming within the updateIframeHeight function
2. Delay instantiating the intersection observer until the iframe has
loaded

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-26 06:37:24 +00:00
wxiaoguang
9ed768adc4
Improve oauth2 scope token handling (#32633) 2024-11-26 02:03:02 +00:00
Kerwin Bryant
25cacaf0aa
Fixed Issue of Review Menu Shown Behind (#32631)
Fixed #31144 

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-26 09:24:56 +08:00
Lunny Xiao
703be6bf30
Add github compatible tarball download API endpoints (#32572)
Fix #29654 
Fix #32481
2024-11-25 19:35:49 +00:00
wxiaoguang
44909f6e2c
Fix markup render regression and fix some tests (#32640)
Fix #32639,
https://github.com/go-gitea/gitea/issues/32608#issuecomment-2497918210

By the way, fix some incorrect SQLs (use single quote but not double
quote)
2024-11-26 03:04:55 +08:00
wxiaoguang
5d57c287fb
Fix sqlite3 test (#32622) 2024-11-25 06:10:11 +00:00
Lunny Xiao
c363bd06e9
Strict pagination check (#32548) 2024-11-25 09:56:50 +08:00
wxiaoguang
633785a5f3
Refactor markup render system (#32612)
This PR removes (almost) all path tricks, and introduces "renderhelper"
package.

Now we can clearly see the rendering behaviors for comment/file/wiki,
more details are in "renderhelper" tests.

Fix #31411 , fix #18592, fix #25632 and maybe more problems. (ps: fix
#32608 by the way)
2024-11-24 16:18:57 +08:00
silverwind
fa175c1694
Add vue-tsc (#32601)
As per https://vuejs.org/guide/typescript/overview#overview,
typescript's `tsc` does not support importing `.vue` files from `.ts`
files, so we need to use `vue-tsc` which patches in that support. Added
a convenience alias `make tsc` to run it.
2024-11-23 23:02:37 +00:00
Michael Owoc
713364fc71
Support optional/configurable IAMEndpoint for Minio Client (#32581) (#32581)
Targeting issue #32271

This modification allows native Kubernetes + AWS (EKS) authentication
with the Minio client, to Amazon S3 using the IRSA role assigned to a
Service account by replacing the hard coded reference to the
`DefaultIAMRoleEndpoint` with an optional configurable endpoint.

Internally, Minio's `credentials.IAM` provider implements a discovery
flow for IAM Endpoints if it is not set.

For backwards compatibility: 
- We have added a configuration mechanism for an `IamEndpoint` to retain
the unit test safety in `minio_test.go`.
- We believe existing clients will continue to function the same without
needing to provide a new config property since the internals of Minio
client also often resolve to the `http://169.254.169.254` default
endpoint that was being hard coded before

To test, we were able to build a docker image from source and, observe
it choosing the expected IAM endpoint, and see files uploaded via the
client.
2024-11-22 20:12:06 +00:00
Yarden Shoham
f2a9951741
Update the list of watchers and stargazers when clicking watch/unwatch or star/unstar (#32570)
We make sure the user cards are updated

- Fixes https://github.com/go-gitea/gitea/issues/32561

I also removed `ctx.Data["PageIsWatchers"] = true` and
`ctx.Data["PageIsStargazers"] = true` as they are not used anywhere.

# Before

![before](https://github.com/user-attachments/assets/e3bc3235-35eb-4eda-862d-bdf2510282ea)

# After

![after](https://github.com/user-attachments/assets/bc0488a5-8399-4cf6-95c9-17328a9702eb)

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2024-11-22 18:51:51 +00:00
hiifong
ae90b21db0
Apply to became a maintainer (#32614)
[PRs
list](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+author%3Ahiifong+is%3Aclosed+is%3Amerged)
2024-11-22 18:26:05 +00:00
Lunny Xiao
fe49cb0243
Fix get reviewers' bug (#32415)
This PR rewrites `GetReviewer` function and move it to service layer.

Reviewers should not be watchers, so that this PR removed all watchers
from reviewers. When the repository is under an organization, the pull
request unit read permission will be checked to resolve the bug of
#32394

Fix #32394
2024-11-22 10:44:48 -05:00
Kerwin Bryant
bc7d599030
Fix issues with inconsistent spacing in areas (#32607)
Fix issues with inconsistent spacing in areas where the branch_dropdown
component is used.
before:

![1732238359257](https://github.com/user-attachments/assets/38edda1f-ec4e-419e-9264-68009375d177)

![1732238334410](https://github.com/user-attachments/assets/c4770aea-bc83-477c-9b6a-632f984c0d7d)

after:

![1732238273317](https://github.com/user-attachments/assets/4d05068e-db97-45af-86c4-29442dff1bdf)

![1732238723881](https://github.com/user-attachments/assets/69acd286-f79b-44fe-ad73-2d5fc6dfc98c)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-22 06:12:50 +00:00
wxiaoguang
c4e27cb27b
Refactor markup render system (#32589)
This PR mainly moves some code and introduces `RenderContext.WithXxx`
functions
2024-11-22 05:48:09 +00:00
Kerwin Bryant
81ac8d914c
Style unification for the issue_management area (#32605)
Style unification for the issue_management area (consistent across the
layout

before:

![1732237277916](https://github.com/user-attachments/assets/52a20b2d-d6a4-4118-9cdf-9b377115b7f7)

![1732237288802](https://github.com/user-attachments/assets/05592fe8-cab2-412b-99bc-f0a201c08413)

![1732237299849](https://github.com/user-attachments/assets/8be4a891-c514-4983-bad4-fcc5a7a9d838)

after:

![1732237471086](https://github.com/user-attachments/assets/0bd19ef6-79c1-490a-8ffa-6a42208befd9)

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-22 04:33:31 +00:00
Marcell Mars
a3881ffa3d
Enhancing Gitea OAuth2 Provider with Granular Scopes for Resource Access (#32573)
Resolve #31609

This PR was initiated following my personal research to find the
lightest possible Single Sign-On solution for self-hosted setups. The
existing solutions often seemed too enterprise-oriented, involving many
moving parts and services, demanding significant resources while
promising planetary-scale capabilities. Others were adequate in
supporting basic OAuth2 flows but lacked proper user management
features, such as a change password UI.

Gitea hits the sweet spot for me, provided it supports more granular
access permissions for resources under users who accept the OAuth2
application.

This PR aims to introduce granularity in handling user resources as
nonintrusively and simply as possible. It allows third parties to inform
users about their intent to not ask for the full access and instead
request a specific, reduced scope. If the provided scopes are **only**
the typical ones for OIDC/OAuth2โ€”`openid`, `profile`, `email`, and
`groups`โ€”everything remains unchanged (currently full access to user's
resources). Additionally, this PR supports processing scopes already
introduced with [personal
tokens](https://docs.gitea.com/development/oauth2-provider#scopes) (e.g.
`read:user`, `write:issue`, `read:group`, `write:repository`...)

Personal tokens define scopes around specific resources: user info,
repositories, issues, packages, organizations, notifications,
miscellaneous, admin, and activitypub, with access delineated by read
and/or write permissions.

The initial case I wanted to address was to have Gitea act as an OAuth2
Identity Provider. To achieve that, with this PR, I would only add
`openid public-only` to provide access token to the third party to
authenticate the Gitea's user but no further access to the API and users
resources.

Another example: if a third party wanted to interact solely with Issues,
it would need to add `read:user` (for authorization) and
`read:issue`/`write:issue` to manage Issues.

My approach is based on my understanding of how scopes can be utilized,
supported by examples like [Sample Use Cases: Scopes and
Claims](https://auth0.com/docs/get-started/apis/scopes/sample-use-cases-scopes-and-claims)
on auth0.com.

I renamed `CheckOAuthAccessToken` to `GetOAuthAccessTokenScopeAndUserID`
so now it returns AccessTokenScope and user's ID. In the case of
additional scopes in `userIDFromToken` the default `all` would be
reduced to whatever was asked via those scopes. The main difference is
the opportunity to reduce the permissions from `all`, as is currently
the case, to what is provided by the additional scopes described above.

Screenshots:

![Screenshot_20241121_121405](https://github.com/user-attachments/assets/29deaed7-4333-4b02-8898-b822e6f2463e)

![Screenshot_20241121_120211](https://github.com/user-attachments/assets/7a4a4ef7-409c-4116-9d5f-2fe00eb37167)

![Screenshot_20241121_120119](https://github.com/user-attachments/assets/aa52c1a2-212d-4e64-bcdf-7122cee49eb6)

![Screenshot_20241121_120018](https://github.com/user-attachments/assets/9eac318c-e381-4ea9-9e2c-3a3f60319e47)
---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-22 12:06:41 +08:00
Lunny Xiao
a175f9805c
Add line-through for deleted branch on pull request view page (#32500)
Base branch deleted

![ๅ›พ็‰‡](https://github.com/user-attachments/assets/bc45aa33-d514-47c8-885a-de9732f2f3d5)

branch deleted comment

![ๅ›พ็‰‡](https://github.com/user-attachments/assets/83729bbb-2ee8-4bd3-b6f1-780d2daad3d4)

Head branch deleted

![ๅ›พ็‰‡](https://github.com/user-attachments/assets/90120b22-34a9-4387-aae9-5c882e8d421a)
2024-11-21 17:04:18 +00:00
wxiaoguang
a32cfb2a8d
Fix issue sidebar regression (#32598) 2024-11-22 00:38:34 +08:00
wxiaoguang
e90753a712
Fix PR diff review form submit (#32596)
Fix #31622, there is a longstanding bug in #19612, 
it doesn't handle submit event, correctly.
2024-11-21 14:09:16 +00:00