Merge c7859e9eb5 into a40192dc12

@kylef pointed out on https://github.com/go-gitea/gitea/pull/31632 that
[RFC7617](https://www.rfc-editor.org/rfc/rfc7617.html#section-2)
mandates case-insensitive comparison of the scheme field `Basic`. #31632
copied a case-sensitive comparison from
https://github.com/go-gitea/gitea/pull/6293. This PR fixes both
comparisons.

The issue only affects OIDC, since the implementation for normal Gitea
endpoints is already correct:


930ca92d7c/services/auth/basic.go (L55-L58)

options/locale/locale_pt-PT.ini

@@ -2981,6 +2981,10 @@ emails.not_updated=Falhou a modificação do endereço de email solicitado: %v
 emails.duplicate_active=Este endereço de email já está a ser usado por outro utilizador.
 emails.change_email_header=Modificar propriedades do email
 emails.change_email_text=Tem a certeza que quer modificar este endereço de email?
+emails.delete=Eliminar email
+emails.delete_desc=Tem a certeza que quer eliminar este endereço de email?
+emails.deletion_success=O endereço de email foi eliminado.
+emails.delete_primary_email_error=Não pode eliminar o email principal.
 
 orgs.org_manage_panel=Gestão das organizações
 orgs.name=Nome

package-lock.json

@@ -56,7 +56,7 @@
         "uint8-to-base64": "0.2.0",
         "vanilla-colorful": "0.7.2",
         "vue": "3.4.31",
-        "vue-bar-graph": "2.0.0",
+        "vue-bar-graph": "2.1.0",
         "vue-chartjs": "5.3.1",
         "vue-loader": "17.4.2",
         "webpack": "5.92.1",
@@ -7071,12 +7071,6 @@
       "dev": true,
       "license": "MIT"
     },
-    "node_modules/gsap": {
-      "version": "3.12.5",
-      "resolved": "https://registry.npmjs.org/gsap/-/gsap-3.12.5.tgz",
-      "integrity": "sha512-srBfnk4n+Oe/ZnMIOXt3gT605BX9x5+rh/prT2F1SsNJsU1XuMiP0E2aptW481OnonOGACZWBqseH5Z7csHxhQ==",
-      "license": "Standard 'no charge' license: https://gsap.com/standard-license. Club GSAP members get more: https://gsap.com/licensing/. Why GreenSock doesn't employ an MIT license: https://gsap.com/why-license/"
-    },
     "node_modules/hammerjs": {
       "version": "2.0.8",
       "resolved": "https://registry.npmjs.org/hammerjs/-/hammerjs-2.0.8.tgz",
@@ -12322,13 +12316,130 @@
       }
     },
     "node_modules/vue-bar-graph": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/vue-bar-graph/-/vue-bar-graph-2.0.0.tgz",
-      "integrity": "sha512-IoYP+r5Ggjys6QdUNYFPh7qD41wi/uDOJj9nMawvDgvV6niOz3Dw8O2/98ZnUgjTpcgcGFDaaAaK6qa9x1jgpw==",
-      "license": "MIT",
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/vue-bar-graph/-/vue-bar-graph-2.1.0.tgz",
+      "integrity": "sha512-KcRHEgX2+wt0j9bpglmJKqMox14EMrJwWUuavAl1KdFw4Rvhlpn+/hZeOMFGscJ8W8VLRzX3NO1tGXQmHXSySQ==",
       "dependencies": {
-        "gsap": "^3.10.4",
-        "vue": "^3.2.37"
+        "vue": "^3.4.33"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/@vue/compiler-core": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-core/-/compiler-core-3.4.34.tgz",
+      "integrity": "sha512-Z0izUf32+wAnQewjHu+pQf1yw00EGOmevl1kE+ljjjMe7oEfpQ+BI3/JNK7yMB4IrUsqLDmPecUrpj3mCP+yJQ==",
+      "dependencies": {
+        "@babel/parser": "^7.24.7",
+        "@vue/shared": "3.4.34",
+        "entities": "^4.5.0",
+        "estree-walker": "^2.0.2",
+        "source-map-js": "^1.2.0"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/@vue/compiler-dom": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-dom/-/compiler-dom-3.4.34.tgz",
+      "integrity": "sha512-3PUOTS1h5cskdOJMExCu2TInXuM0j60DRPpSCJDqOCupCfUZCJoyQmKtRmA8EgDNZ5kcEE7vketamRZfrEuVDw==",
+      "dependencies": {
+        "@vue/compiler-core": "3.4.34",
+        "@vue/shared": "3.4.34"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/@vue/compiler-sfc": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-sfc/-/compiler-sfc-3.4.34.tgz",
+      "integrity": "sha512-x6lm0UrM03jjDXTPZgD9Ad8bIVD1ifWNit2EaWQIZB5CULr46+FbLQ5RpK7AXtDHGjx9rmvC7QRCTjsiGkAwRw==",
+      "dependencies": {
+        "@babel/parser": "^7.24.7",
+        "@vue/compiler-core": "3.4.34",
+        "@vue/compiler-dom": "3.4.34",
+        "@vue/compiler-ssr": "3.4.34",
+        "@vue/shared": "3.4.34",
+        "estree-walker": "^2.0.2",
+        "magic-string": "^0.30.10",
+        "postcss": "^8.4.39",
+        "source-map-js": "^1.2.0"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/@vue/compiler-ssr": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/@vue/compiler-ssr/-/compiler-ssr-3.4.34.tgz",
+      "integrity": "sha512-8TDBcLaTrFm5rnF+Qm4BlliaopJgqJ28Nsrc80qazynm5aJO+Emu7y0RWw34L8dNnTRdcVBpWzJxhGYzsoVu4g==",
+      "dependencies": {
+        "@vue/compiler-dom": "3.4.34",
+        "@vue/shared": "3.4.34"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/@vue/reactivity": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/@vue/reactivity/-/reactivity-3.4.34.tgz",
+      "integrity": "sha512-ua+Lo+wBRlBEX9TtgPOShE2JwIO7p6BTZ7t1KZVPoaBRfqbC7N3c8Mpzicx173fXxx5VXeU6ykiHo7WgLzJQDA==",
+      "dependencies": {
+        "@vue/shared": "3.4.34"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/@vue/runtime-core": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-core/-/runtime-core-3.4.34.tgz",
+      "integrity": "sha512-PXhkiRPwcPGJ1BnyBZFI96GfInCVskd0HPNIAZn7i3YOmLbtbTZpB7/kDTwC1W7IqdGPkTVC63IS7J2nZs4Ebg==",
+      "dependencies": {
+        "@vue/reactivity": "3.4.34",
+        "@vue/shared": "3.4.34"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/@vue/runtime-dom": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/@vue/runtime-dom/-/runtime-dom-3.4.34.tgz",
+      "integrity": "sha512-dXqIe+RqFAK2Euak4UsvbIupalrhc67OuQKpD7HJ3W2fv8jlqvI7szfBCsAEcE8o/wyNpkloxB6J8viuF/E3gw==",
+      "dependencies": {
+        "@vue/reactivity": "3.4.34",
+        "@vue/runtime-core": "3.4.34",
+        "@vue/shared": "3.4.34",
+        "csstype": "^3.1.3"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/@vue/server-renderer": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/@vue/server-renderer/-/server-renderer-3.4.34.tgz",
+      "integrity": "sha512-GeyEUfMVRZMD/mZcNONEqg7MiU10QQ1DB3O/Qr6+8uXpbwdlmVgQ5Qs1/ZUAFX1X2UUtqMoGrDRbxdWfOJFT7Q==",
+      "dependencies": {
+        "@vue/compiler-ssr": "3.4.34",
+        "@vue/shared": "3.4.34"
+      },
+      "peerDependencies": {
+        "vue": "3.4.34"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/@vue/shared": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/@vue/shared/-/shared-3.4.34.tgz",
+      "integrity": "sha512-x5LmiRLpRsd9KTjAB8MPKf0CDPMcuItjP0gbNqFCIgL1I8iYp4zglhj9w9FPCdIbHG2M91RVeIbArFfFTz9I3A=="
+    },
+    "node_modules/vue-bar-graph/node_modules/magic-string": {
+      "version": "0.30.10",
+      "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.10.tgz",
+      "integrity": "sha512-iIRwTIf0QKV3UAnYK4PU8uiEc4SRh5jX0mwpIwETPpHdhVM4f53RSwS/vXvN1JhGX+Cs7B8qIq3d6AH49O5fAQ==",
+      "dependencies": {
+        "@jridgewell/sourcemap-codec": "^1.4.15"
+      }
+    },
+    "node_modules/vue-bar-graph/node_modules/vue": {
+      "version": "3.4.34",
+      "resolved": "https://registry.npmjs.org/vue/-/vue-3.4.34.tgz",
+      "integrity": "sha512-VZze05HWlA3ItreQ/ka7Sx7PoD0/3St8FEiSlSTVgb6l4hL+RjtP2/8g5WQBzZgyf8WG2f+g1bXzC7zggLhAJA==",
+      "dependencies": {
+        "@vue/compiler-dom": "3.4.34",
+        "@vue/compiler-sfc": "3.4.34",
+        "@vue/runtime-dom": "3.4.34",
+        "@vue/server-renderer": "3.4.34",
+        "@vue/shared": "3.4.34"
+      },
+      "peerDependencies": {
+        "typescript": "*"
+      },
+      "peerDependenciesMeta": {
+        "typescript": {
+          "optional": true
+        }
       }
     },
     "node_modules/vue-chartjs": {

package.json

@@ -55,7 +55,7 @@
     "uint8-to-base64": "0.2.0",
     "vanilla-colorful": "0.7.2",
     "vue": "3.4.31",
-    "vue-bar-graph": "2.0.0",
+    "vue-bar-graph": "2.1.0",
     "vue-chartjs": "5.3.1",
     "vue-loader": "17.4.2",
     "webpack": "5.92.1",

routers/web/auth/oauth.go

@@ -327,7 +327,7 @@ func getOAuthGroupsForUser(ctx go_context.Context, user *user_model.User) ([]str
 
 func parseBasicAuth(ctx *context.Context) (username, password string, err error) {
 	authHeader := ctx.Req.Header.Get("Authorization")
-	if authType, authData, ok := strings.Cut(authHeader, " "); ok && authType == "Basic" {
+	if authType, authData, ok := strings.Cut(authHeader, " "); ok && strings.EqualFold(authType, "Basic") {
 		return base.BasicAuthDecode(authData)
 	}
 	return "", "", errors.New("invalid basic authentication")
@@ -661,7 +661,7 @@ func AccessTokenOAuth(ctx *context.Context) {
 	// if there is no ClientID or ClientSecret in the request body, fill these fields by the Authorization header and ensure the provided field matches the Authorization header
 	if form.ClientID == "" || form.ClientSecret == "" {
 		authHeader := ctx.Req.Header.Get("Authorization")
-		if authType, authData, ok := strings.Cut(authHeader, " "); ok && authType == "Basic" {
+		if authType, authData, ok := strings.Cut(authHeader, " "); ok && strings.EqualFold(authType, "Basic") {
 			clientID, clientSecret, err := base.BasicAuthDecode(authData)
 			if err != nil {
 				handleAccessTokenError(ctx, AccessTokenError{

web_src/js/components/RepoActivityTopAuthors.vue

@@ -1,5 +1,5 @@
 <script lang="ts">
-import VueBarGraph from 'vue-bar-graph';
+import {VueBarGraph} from 'vue-bar-graph';
 import {createApp} from 'vue';
 
 const sfc = {