Commit Graph

18280 Commits

Author SHA1 Message Date
Shivaram Lingamneni
2f1cb1d289
fix OIDC introspection authentication (#31632)
See discussion on #31561 for some background.

The introspect endpoint was using the OIDC token itself for
authentication. This fixes it to use basic authentication with the
client ID and secret instead:

* Applications with a valid client ID and secret should be able to
  successfully introspect an invalid token, receiving a 200 response
  with JSON data that indicates the token is invalid
* Requests with an invalid client ID and secret should not be able
  to introspect, even if the token itself is valid

Unlike #31561 (which just future-proofed the current behavior against
future changes to `DISABLE_QUERY_AUTH_TOKEN`), this is a potential
compatibility break (some introspection requests without valid client
IDs that would previously succeed will now fail). Affected deployments
must begin sending a valid HTTP basic authentication header with their
introspection requests, with the username set to a valid client ID and
the password set to the corresponding client secret.
2024-07-23 12:43:03 +00:00
techknowlogick
24f9390f34
Enable direnv (#31672)
This lets developers who have direnv enabled to load our nix flake
automatically when entering it
2024-07-23 12:07:41 +00:00
GiteaBot
ad91a59c18 [skip ci] Updated translations via Crowdin 2024-07-23 00:27:23 +00:00
GiteaBot
d919df4f09 [skip ci] Updated translations via Crowdin 2024-07-21 00:30:14 +00:00
techknowlogick
ba9589a92d
fix redis dep (#31662)
fix https://github.com/go-gitea/gitea/issues/31658
2024-07-19 20:10:31 +00:00
Denys Konovalov
a8d0c879c3
add skip secondary authorization option for public oauth2 clients (#31454) 2024-07-19 14:28:30 -04:00
Zettat123
e9aa39bda4
Fix a branch divergence cache bug (#31659)
Fix #31599

A branch divergence is counted based on the default branch. If the
default branch is updated, all divergence caches of the repo need to be
deleted.
2024-07-19 17:52:49 +02:00
GiteaBot
03c8c2683c [skip ci] Updated translations via Crowdin 2024-07-18 00:27:07 +00:00
silverwind
0c1127a2fb
Remove unneccessary uses of word-break: break-all (#31637)
Fixes: https://github.com/go-gitea/gitea/issues/31636

1. Issue sidebar topic is disussed in
https://github.com/go-gitea/gitea/issues/31636
2. Org description already has `overflow-wrap: anywhere` to ensure no
overflow.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-17 12:04:28 +02:00
GiteaBot
de1a5506d1 [skip ci] Updated translations via Crowdin 2024-07-17 00:27:54 +00:00
Carsten Klein
3571b7e3dd
Allow searching issues by ID (#31479)
When you are entering a number in the issue search, you likely want the
issue with the given ID (code internal concept: issue index).
As such, when a number is detected, the issue with the corresponding ID
will now be added to the results.

Fixes #4479

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-07-17 00:49:05 +02:00
Rowan Bohde
416c36f303
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

### Notes on updating permissions
Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-16 20:33:16 +02:00
silverwind
3a7454df7a
Enable no-jquery/no-class-state (#31639)
Just 4 validations and I specifically tested this by
selecting/unselecting issue labels.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-16 12:14:27 +02:00
Bartlomiej Komendarczuk
e8d4b7a8b1
Added default sorting milestones by name (#27084)
#26996 
Added default sorting for milestones by name.
Additional, name for sorting closestduedate and furthestduedate was
broken, so I fixed it.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-07-16 10:08:54 +02:00
silverwind
0bb4c1cde2
Code editor theme enhancements (#31629)
1. Fixed border-radius
2. Monaco ignores the alpha channel on the shadow color, introduce
`color-shadow-opaque`
3. Remove scrollbar color which follows
https://github.com/go-gitea/gitea/pull/29800

Before:

<img width="34" alt="Screenshot 2024-07-13 at 15 38 18"
src="https://github.com/user-attachments/assets/042d9bde-6db9-4467-a2a4-8f61ecc773eb">
<img width="35" alt="Screenshot 2024-07-13 at 15 38 31"
src="https://github.com/user-attachments/assets/04146ee0-551c-4ff2-9636-bd119b33595a">


After:

<img width="45" alt="Screenshot 2024-07-13 at 15 38 06"
src="https://github.com/user-attachments/assets/1f58fa5a-1289-4e45-83c9-18ca82a5e266">
<img width="39" alt="Screenshot 2024-07-13 at 21 16 56"
src="https://github.com/user-attachments/assets/e12ebe22-b29b-4798-9f0d-4c100f311562">
2024-07-14 23:22:48 +00:00
6543
0f53324182
Add option to change mail from user display name (#31528)
Make it posible to let mails show e.g.:

`Max Musternam (via gitea.kithara.com) <gitea@kithara.com>`

Docs: https://gitea.com/gitea/docs/pulls/23

---
*Sponsored by Kithara Software GmbH*
2024-07-14 23:27:00 +02:00
Lunny Xiao
0d08bb6112
Upgrade xorm to v1.3.9 and improve some migrations Sync (#29899)
Co-authored-by: 6543 <6543@obermui.de>
2024-07-14 17:15:59 -04:00
6543
1064e817c4
Issue Templates: add option to have dropdown printed list (#31577)
Issue template dropdown can have many entries, and it could be better to
have them rendered as list later on if multi-select is enabled.

so this adds an option to the issue template engine to do so.

DOCS: https://gitea.com/gitea/docs/pulls/19

---

## demo:

```yaml
name: Name
title: Title
about: About
labels: ["label1", "label2"]
ref: Ref
body:
  - type: dropdown
    id: id6
    attributes:
      label: Label of dropdown (list)
      description: Description of dropdown
      multiple: true
      list: true
      options:
        - Option 1 of dropdown
        - Option 2 of dropdown
        - Option 3 of dropdown
        - Option 4 of dropdown
        - Option 5 of dropdown
        - Option 6 of dropdown
        - Option 7 of dropdown
        - Option 8 of dropdown
        - Option 9 of dropdown
```


![image](https://github.com/user-attachments/assets/102ed0f4-89da-420b-ab2a-1788b59676f9)

![image](https://github.com/user-attachments/assets/a2bdb14e-43ff-4cc6-9bbe-20244830453c)


---
*Sponsored by Kithara Software GmbH*
2024-07-14 16:38:45 +02:00
6543
957c75bfd2
Fix update flake (#31626) 2024-07-12 16:25:54 +00:00
GiteaBot
d73623d526 [skip ci] Updated translations via Crowdin 2024-07-12 00:27:07 +00:00
Sunny Wan
4913edaa70
Display app name in the registration email title (#31562)
I changed the title of the registation email from "Welcome to Gitea" to
"Welcome to (appname)". I did this by substituting 'Gitea' in
register_notify to %s and formating the registration title in mail.go. I
changed this for all the languages I could, but I struggled to changed
the translation file for Farsi. I have attached the screenshots of
before and after and the related issue below.

Related issue:
https://github.com/go-gitea/gitea/issues/31108

Before change:
![Screenshot from 2024-07-04
22-32-17](https://github.com/go-gitea/gitea/assets/94445569/4178b51c-1acc-45f4-9750-dff41564a709)

After:
![Screenshot from 2024-07-04
22-32-01](https://github.com/go-gitea/gitea/assets/94445569/9cd7a58d-c0f5-4a3c-a66c-805c55411eaa)

---------

Signed-off-by: Sunny Wan <Sunnywan2020@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2024-07-11 23:23:31 +00:00
techknowlogick
fa160b915d
typo on date in security document (#31617) 2024-07-11 21:51:08 +00:00
silverwind
a06bbcf0b6
Update JS dependencies (#31616)
Result of `make update-js`. Tested all dependencies. Lockfile diff is
because of https://github.com/npm/cli/pull/7475.
2024-07-11 14:36:02 -04:00
silverwind
228c354b16
Add types for js globals (#31586)
Adds types for `window.config` and jQuery/htmx globals, eliminating 48
`tsc` errors.
2024-07-11 10:20:51 +00:00
Lunny Xiao
1b0ccf4bea
Upgrade security public key (#31594)
Fix #31591
2024-07-10 16:28:22 +00:00
Lunny Xiao
436af472a9
Fix wrong merge on removing docs (#31605) 2024-07-10 15:47:32 +00:00
wxiaoguang
72b6bc8caf
Refactor webhook (#31587)
A more complete fix for #31588

1. Make "generic" code more readable
2. Clarify HTML or Markdown for the payload content
2024-07-10 11:37:16 +00:00
Tobias Balle-Petersen
4ea2a6de81
Fix: Allow org team names of length 255 in create team form (#31564)
Gitea 1.22.1 was supposed to allow for team names of length 255 (up from
30) after the following PR was merged in:
https://github.com/go-gitea/gitea/pull/31410. However, the length of
team names was still limited to 30 as described in this issue:
https://github.com/go-gitea/gitea/issues/31554.

One more change to _gitea_ needs to be made to allow for the longer team
names, as there is a 30 character limit here:
2c92c7c522/services/forms/org.go (L65)

This PR changes that value to 255.
2024-07-10 02:15:17 +00:00
Lunny Xiao
af1f0dfcc6
Remove docs sub folder since docs has been moved to https://gitea.com/gitea/docs (#31536) 2024-07-10 01:46:08 +00:00
Kyle D
d6f8a60b65
Add bohde as maintainer (#31601)
[4 merged
PRs](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+author%3Abohde+is%3Aclosed)
2024-07-10 08:18:35 +08:00
delvh
7bb3835811
Add YEAR, MONTH, MONTH_ENGLISH, DAY variables for template repos (#31584)
Fixes #31583
2024-07-09 18:05:12 +00:00
Rowan Bohde
1ee59f0fa3
Allow disabling authentication related user features (#31535)
We have some instances that only allow using an external authentication
source for authentication. In this case, users changing their email,
password, or linked OpenID connections will not have any effect, and
we'd like to prevent showing that to them to prevent confusion.

Included in this are several changes to support this:
* A new setting to disable user managed authentication credentials
(email, password & OpenID connections)
* A new setting to disable user managed MFA (2FA codes & WebAuthn)
* Fix an issue where some templates had separate logic for determining
if a feature was disabled since it didn't check the globally disabled
features
* Hide more user setting pages in the navbar when their settings aren't
enabled

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-09 17:36:31 +00:00
silverwind
13015bba5a
Add back esbuild-loader for .js files (#31585)
The build currently seems to work fine without this, but in theory it
should fail because Fomantic is JavaScript. I feel more comfortable
having this loader declared.

Note: I did try using the [combined loader
config](https://github.com/privatenumber/esbuild-loader#-quick-setup)
but when I did that, vue files could not load, so I think this is the
best option.
2024-07-09 09:28:43 +00:00
6543
4696bcb3f7
Use FullName in Emails to address the recipient if possible (#31527)
Before we had just the plain mail address as recipient. But now we
provide additional Information for the Mail clients.

---
*Sponsored by Kithara Software GmbH*
2024-07-08 08:38:45 +00:00
6543
d7c7a78994
Don't show hidden labels when filling out an issue template (#31576)
Related to #31574


---
*Sponsored by Kithara Software GmbH*
2024-07-08 04:31:12 +00:00
GiteaBot
017ea19e5d [skip ci] Updated translations via Crowdin 2024-07-08 00:28:11 +00:00
silverwind
5791a73e75
Convert frontend code to typescript (#31559)
None of the frontend js/ts files was touched besides these two commands
(edit: no longer true, I touched one file in
61105d0618
because of a deprecation that was not showing before the rename).

`tsc` currently reports 778 errors, so I have disabled it in CI as
planned.

Everything appears to work fine.
2024-07-07 15:32:30 +00:00
GiteaBot
5115c278ff [skip ci] Updated translations via Crowdin 2024-07-07 00:29:37 +00:00
GiteaBot
264f74c02a [skip ci] Updated translations via Crowdin 2024-07-06 00:26:24 +00:00
Henry Goodman
12cb1d2998
Allow force push to protected branches (#28086)
Fixes #22722 

### Problem
Currently, it is not possible to force push to a branch with branch
protection rules in place. There are often times where this is necessary
(CI workflows/administrative tasks etc).

The current workaround is to rename/remove the branch protection,
perform the force push, and then reinstate the protections.

### Solution
Provide an additional section in the branch protection rules to allow
users to specify which users with push access can also force push to the
branch. The default value of the rule will be set to `Disabled`, and the
UI is intuitive and very similar to the `Push` section.

It is worth noting in this implementation that allowing force push does
not override regular push access, and both will need to be enabled for a
user to force push.

This applies to manual force push to a remote, and also in Gitea UI
updating a PR by rebase (which requires force push)

This modifies the `BranchProtection` API structs to add:
- `enable_force_push bool`
- `enable_force_push_whitelist bool`
- `force_push_whitelist_usernames string[]`
- `force_push_whitelist_teams string[]`
- `force_push_whitelist_deploy_keys bool`

### Updated Branch Protection UI:

<img width="943" alt="image"
src="https://github.com/go-gitea/gitea/assets/79623665/7491899c-d816-45d5-be84-8512abd156bf">

### Pull Request `Update branch by Rebase` option enabled with source
branch `test` being a protected branch:


![image](https://github.com/go-gitea/gitea/assets/79623665/e018e6e9-b7b2-4bd3-808e-4947d7da35cc)
<img width="1038" alt="image"
src="https://github.com/go-gitea/gitea/assets/79623665/57ead13e-9006-459f-b83c-7079e6f4c654">

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-07-05 18:21:56 +00:00
Anbraten
9c00dda33a
Refactor login page (#31530)
As requested in
https://github.com/go-gitea/gitea/pull/31504#issuecomment-2196196646.
This PR refactor the login page:

![Screenshot from 2024-07-04
19-23-10](https://github.com/go-gitea/gitea/assets/6918444/c45700f4-6747-473c-bdee-2156718a7953)

![Screenshot from 2024-07-04
19-23-21](https://github.com/go-gitea/gitea/assets/6918444/b1bf71cf-85f9-4517-a409-cc6d72e6af8f)

![Screenshot from 2024-06-30
09-35-20](https://github.com/go-gitea/gitea/assets/6918444/728cc37e-0cca-4883-afec-a43663d2c666)


# Changes
- [x] use separate box for passkey login and go to registration
- [x] move forgot passoword next to password label
- [x] fix password required label `*` and padding 
- [x] remove tabs from login page

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-07-05 20:10:09 +03:00
Brecht Van Lommel
b88e5fc72d
Fix slow patch checking with commits that add or remove many files (#31548)
Running git update-index for every individual file is slow, so add and
remove everything with a single git command.

When such a big commit lands in the default branch, it could cause PR
creation and patch checking for all open PRs to be slow, or time out
entirely. For example, a commit that removes 1383 files was measured to
take more than 60 seconds and timed out. With this change checking took
about a second.

This is related to #27967, though this will not help with commits that
change many lines in few files.
2024-07-04 18:57:11 +00:00
silverwind
2c92c7c522
Add typescript guideline and typescript-specific eslint plugins and fix issues (#31521)
1. Add some general guidelines how to write our typescript code
2. Add `@typescript-eslint/eslint-plugin`, general typescript rules
3. Add `eslint-plugin-deprecation` to detect deprecated code
4. Fix all new lint issues that came up
2024-07-03 17:48:14 +02:00
silverwind
b270b30aeb
Update golang.org/x/image to v0.18.0 (#31541)
Result of `go get -u  golang.org/x/image && make tidy`

Fixes: https://github.com/go-gitea/gitea/security/dependabot/67
2024-07-02 15:41:14 -04:00
GiteaBot
3bd87fb170 [skip ci] Updated translations via Crowdin 2024-07-01 00:30:50 +00:00
charles
f0033051d5
Fix markdown preview $$ support (#31514)
close #31481

currently `$$A + B$$ test` will ignore text after $$ block

test text

![圖片](https://github.com/go-gitea/gitea/assets/30816317/39b2974b-c0b6-48a0-87d0-5f4a13615eed)

before fix

![圖片](https://github.com/go-gitea/gitea/assets/30816317/15469e4c-474d-4128-b46f-d6cadaafbd68)

after fix

![圖片](https://github.com/go-gitea/gitea/assets/30816317/c1025eef-177f-4ade-988f-510e7039f3f9)

github display

![圖片](https://github.com/go-gitea/gitea/assets/30816317/97cd1e10-ac94-4899-86d8-8e359ef1d694)
2024-06-29 23:23:47 +00:00
Anbraten
91745ae46f
Add Passkey login support (#31504)
closes #22015

After adding a passkey, you can now simply login with it directly by
clicking `Sign in with a passkey`.

![Screenshot from 2024-06-26
12-18-17](https://github.com/go-gitea/gitea/assets/6918444/079013c0-ed70-481c-8497-4427344bcdfc)

Note for testing. You need to run gitea using `https` to get the full
passkeys experience.

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-06-29 22:50:03 +00:00
silverwind
5821d22891
Use stable version of fabric (#31526)
Fabric 6 is [now
stable](https://github.com/fabricjs/fabric.js/releases/tag/v6.0.0-rc5),
use it.
2024-06-29 18:37:18 +03:00
silverwind
e82f3caa6b
Always use HTML attributes for avatar size (#31509)
Many avatars were rendered in HTML with certain width/height but then
resized again in CSS. This was pointless so I removed all these cases
and made the HTML size match the previous render size.

Also did a few CSS cleanups in the tribute rendering:

<img width="648" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/cb2fafb3-5e20-46e9-814f-07df20038beb">
2024-06-28 21:29:15 +00:00
silverwind
08579d6cbb
Add initial typescript config and use it for eslint,vitest,playwright (#31186)
This enables eslint to use the typescript parser and resolver which
brings some benefits that eslint rules now have type information
available and a tsconfig.json is required for the upcoming typescript
migration as well. Notable changes done:

- Add typescript parser and resolver
- Move the vue-specific config into the root file
- Enable `vue-scoped-css/enforce-style-type` rule, there was only one
violation and I added a inline disable there.
- Fix new lint errors that were detected because of the parser change
- Update `i/no-unresolved` to remove now-unnecessary workaround for the
resolver
- Disable `i/no-named-as-default` as it seems to raise bogus issues in
the webpack config
- Change vitest config to typescript
- Change playwright config to typescript
- Add `eslint-plugin-playwright` and fix issues
- Add `tsc` linting to `make lint-js`
2024-06-28 16:15:51 +00:00