Improves maintainability and extensibility of the captcha code and make captcha type switching more flexible.
Should ideally be upstreamed to Forgejo, but requires more test code. Keeping in Codeberg's fork for now.
When working with the captcha locally (improving accessibility information in my case), it is really hard to work with the real captcha. I've added a dummy captcha that accepts all input when in dev mode. It can be enabled by setting the captcha type to "dummy".
- Currently during external login (such as OAuth2), if the user is
enrolled into Webauthn and not enrolled into TOTP then no 2FA is being
done during external login and when account linking is set to `auto` then
also during automatic linking. This results in bypassing the 2FA of the
user.
- Create a new unified function that checks if the user is enrolled into
2FA and use this when necessary. Rename the old `HasTwoFactorByUID`
function to `HasTOTPByUID` which is a more appropiate naming.
(cherry picked from commit df5d65682737fee8e215e9f7dc6b369bba3bf313)
Conflicts:
the original commit was trimmed down to be fit for backport
**Backport:** forgejo/forgejo#7648
The only parameter that is ever used is a single directory, make it that only instead of a more complex option structure.
Remove tests.AddFixtures that was the simpler form because it is now redundant.
---
Backporting to v11.0 will help with automated backporting of bug fixes in need of custom made fixtures.
Co-authored-by: Earl Warren <[email protected]>
Reviewed-on: forgejo/forgejo#7649
Reviewed-by: Earl Warren <[email protected]>
Co-authored-by: forgejo-backport-action <[email protected]>
Co-committed-by: forgejo-backport-action <[email protected]>
**Backport:** forgejo/forgejo#7421
- When migrating a pull requests from a Gitea or Forgejo instance, check if the pull request was created via the AGit flow and transfer that bit of information to the migrated pull request.
- Expose this bit of information as the `flow` field for the pull request.
- We have to do a horrible Go hack with Gitea's [go-sdk](gitea.com/gitea/go-sdk) to list all pull requests while being able to decode it to a struct that contains the new `Flow` field. The library does not allow you to do this out of the box, so we have to use `go:linkname` to access the private method that allows us to do this. This in turn means we have to do some boilerplate code that the library otherwise would do for us. The better option would be forking, but that would be a hassle of keeping the library in sync.
- Resolves forgejo/forgejo#5848
- Unit test added.
Co-authored-by: Gusted <[email protected]>
Reviewed-on: forgejo/forgejo#7437
Reviewed-by: Gusted <[email protected]>
Co-authored-by: forgejo-backport-action <[email protected]>
Co-committed-by: forgejo-backport-action <[email protected]>
**Backport:** forgejo/forgejo#7395
- Add `binding:"In(...)"` to the `default_merge_style` and `default_update_style` fields to only accept recognized merge and update styles.
- Resolves forgejo/forgejo#7389
- Added integration test for the API (`binding` works in the exact same way for the API and web routes).
Co-authored-by: Gusted <[email protected]>
Reviewed-on: forgejo/forgejo#7401
Reviewed-by: Earl Warren <[email protected]>
Co-authored-by: forgejo-backport-action <[email protected]>
Co-committed-by: forgejo-backport-action <[email protected]>
**Backport:** forgejo/forgejo#7355
- Always initialize `RequestedReviewers` and `RequestedReviewersTeams`, this avoids the JSON encoder from encoding it to the zero value `null` and instead return a empty array.
- Resolves #4108
- Integration test added.
Co-authored-by: ThomasBoom89 <[email protected]>
Reviewed-on: forgejo/forgejo#7365
Reviewed-by: Gusted <[email protected]>
Co-authored-by: forgejo-backport-action <[email protected]>
Co-committed-by: forgejo-backport-action <[email protected]>
- The router must use the escaped path in order to ensure correct functionality (at least, that is what they say). However `req.URL.Path` shouldn't be set to the escaped path, which is fixed in this patch.
- Simplify the logic and no longer try to use `rctx.RoutePath`, this is only useful if the middleware was placed after some routing parsing was done.
- Resolves forgejo/forgejo#7294
- Resolves forgejo/forgejo#7292
- Add unit test
Reviewed-on: forgejo/forgejo#7295
Reviewed-by: Earl Warren <[email protected]>
Co-authored-by: Gusted <[email protected]>
Co-committed-by: Gusted <[email protected]>
cherry-pick from the forgefriends fork, except for the F3 API for mirroring which is a functional change that is not safe enough to introduce in Forgejo.
Refs: 3aad1f4e64
---
The motivation is to keep up-to-date with the rather large refactor of gof3. The changes are syntactic only and test is provided by the compliance suite.
Co-authored-by: limiting-factor <[email protected]>
Reviewed-on: forgejo/forgejo#7258
Reviewed-by: Michael Kriese <[email protected]>
- In the case that a deleted user modified the state of an issue or pull request, the user field in the API response for that state event will be `null`. Handle this by falling back to Forgejo's internal Ghost user.
- No testing, this bug was hit on Codeberg with a instance that is only IPv6-accessible and otherwise might be phased out. So I will do some mental gymnastics and argue, migration feature will someday be replaced by F3 and considering the logic that was added its not worth the tradeoff to add testing for this by trying to recreate the same scenario on another Gitlab instance and then use that as a testing vector. To still give some confidence in this patch, it was confirmed that this exact fix worked on Codeberg.
Reviewed-on: forgejo/forgejo#7210
Reviewed-by: Otto <[email protected]>
Co-authored-by: Gusted <[email protected]>
Co-committed-by: Gusted <[email protected]>
- When the API endpoint `/repos/{owner}/{repo}/actions/workflows/{workflowname}/dispatches` is used to launch a workflow, it currently returns no data; `/repos/{owner}/{repo}/actions/tasks` can be used to track the progress of a workflow, but you need at least that workflow's run_id and the quantity of its child jobs. Tracking workflow progress is especially important if you want to chain together multiple workflows that exist within different repositories, which is desired for forgejo/forgejo#6312.
- Make it possible to track the progress of manually triggered workflows by modifying the `/repos/{owner}/{repo}/actions/workflows/{workflowname}/dispatches` to return a JSON object containing the triggered workflow's id and a list of its child job names.
Co-authored-by: Andrii Chyrva <[email protected]>
Co-authored-by: Andrii Chyrva <[email protected]>
Reviewed-on: forgejo/forgejo#7193
Reviewed-by: Gusted <[email protected]>
Co-authored-by: markturney <[email protected]>
Co-committed-by: markturney <[email protected]>
## Dropping SSPI auth support
SSPI authentication relied on Microsoft Windows support, removal started in forgejo/forgejo#5353, because it was broken anyway. We have no knowledge of any users using SSPI authentication. However, if you somehow managed to run Forgejo on Windows, or want to upgrade from a Gitea version which does, please ensure that you do not use SSPI as an authentication mechanism for user accounts. Feel free to reach out if you need assistance.
Reviewed-on: forgejo/forgejo#7148
Reviewed-by: Gusted <[email protected]>
Reviewed-by: 0ko <[email protected]>
Co-authored-by: Otto Richter <[email protected]>
Co-committed-by: Otto Richter <[email protected]>
- Some email clients send inline attachments using the `multipart/related` Mime-Type and enmime collects these in the `Envelope.OtherParts` list; until now only Envelope.Attachments and Envelope.Inline were considered while parsing incoming mail.
- As some email clients send attachments without filename, especially in the multipart/related case, this PR implements `constructFilename`, which guesses the filename based on the ContentType.
How the issue was disovered:
I implemented an otherwise unrelated application written in go that parses emails with enmime just like Forgejo does.
I noticed that in a few occasions that system would fail to detect all attachments.
Investigating this issue led me to realize the above described issue.
After implementing a fix for that application, I looked through the Forgejo email parsing code and discovered the same problem.
Reviewed-on: forgejo/forgejo#7136
Reviewed-by: Gusted <[email protected]>
Co-authored-by: christopher-besch <[email protected]>
Co-committed-by: christopher-besch <[email protected]>
In the old `pickTask`, when getting secrets or variables failed, the
task could get stuck in the `running` status (task status is `running`
but the runner did not fetch the task). To fix this issue, these steps
should be in one transaction.
---------
Co-authored-by: wxiaoguang <[email protected]>
(cherry picked from commit 06f10656369c7e4274ae4e9f9edb21e1cac520d9)
- adds the `toml` plugin to the `eslint` linting → expect to have `options/setting/config.toml` by #6862
- fixes `make lint-codespell` commands
- related concerning `codespell`: #3270
- info: codespell check is and was not activated in the workflows (could maybe, runs only few seconds on my system)
Reviewed-on: forgejo/forgejo#7007
Reviewed-by: Earl Warren <[email protected]>
Co-authored-by: Robert Wolff <[email protected]>
Co-committed-by: Robert Wolff <[email protected]>
- Add a new function `IsPushMirrorURLAllowed` that will allow `ssh://` url and make the existing `IsMigrateURLAllowed` not allow such URLs anymore.
- Resolves forgejo/forgejo#6960
- Existing integration tests make sure that SSH urls are still allowed for the push mirror feature and added unit test to ensure that `IsMigrateURLAllowed` no longer allows SSH urls.
Reviewed-on: forgejo/forgejo#7004
Reviewed-by: 0ko <[email protected]>
Co-authored-by: Gusted <[email protected]>
Co-committed-by: Gusted <[email protected]>
- Some endpoints (`/api/v1/repos/*/*/raw`, `/api/v1/repos/*/*/media`, ...;
anything that uses both `context.ReferencesGitRepo()` and
`context.RepoRefForAPI` really) returned a 500 when the repository was
completely empty. This resulted in some confusion in
https://github.com/datalad/datalad-usage-dashboard/issues/47 because the
same request for a non-existent file in a repository could sometimes
generate a 404 and sometimes a 500, depending on if the git repository
is initialized at all or not.
Returning a 404 is more appropriate here, since this isn't an
unexpected internal error, but just another way of not finding the
requested data.
Reviewed-on: forgejo/forgejo#7003
Reviewed-by: Gusted <[email protected]>
Co-authored-by: Matthias Riße <[email protected]>
Co-committed-by: Matthias Riße <[email protected]>
Some messages had multiple links resulting in multiple previews per message. The superfluous links have been removed leaving only the most important link. All info the other links provided can be immediately accessed through the main link that is left over.
The fork and push messages still have multiple links because from the former you want to see where the fork originates from, the latter has a link per commit.
Resolves #162
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [x] in their respective `*_test.go` for unit tests.
- [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
- [ ] in `web_src/js/*.test.js` if it can be unit tested.
- [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
### Documentation
- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
Reviewed-on: forgejo/forgejo#6908
Reviewed-by: Gusted <[email protected]>
Co-authored-by: patka <[email protected]>
Co-committed-by: patka <[email protected]>
This commit contains UI changes, tests and migrations for a feature
that lets users optionally hide their pronouns from the general
public. This is useful if a person wants to disclose that
information to a smaller set of people on a local instance
belonging to a local community/association.
Co-authored-by: Gusted <[email protected]>
Co-authored-by: Beowulf <[email protected]>
Reviewed-on: forgejo/forgejo#6773
Reviewed-by: Gusted <[email protected]>
Co-authored-by: Panagiotis "Ivory" Vasilopoulos <[email protected]>
Co-committed-by: Panagiotis "Ivory" Vasilopoulos <[email protected]>
- Use a 404 error when the issue not found instead of returning an internal server error.
- Resolves #4005
- Added integration test.
Reviewed-on: forgejo/forgejo#6885
Reviewed-by: Gusted <[email protected]>
Co-authored-by: ThomasBoom89 <[email protected]>
Co-committed-by: ThomasBoom89 <[email protected]>
- The middleware that takes care of normalizing '//user2/////repo1' to
`/user2/repo1` would only set the normalized value to the Chi (Forgejo's
http router) `RoutePath` field, so Chi would correctly do the routing.
However not all components in Forgejo (like Forgejo's `context` module)
rely on Chi to get this updated path and some still rely on the value of
`(http.Request).URL.Path`, so always set the normalized value to the
http request.
- Adjusted unit test.
- Resolves forgejo/forgejo#6822
- The related issue was caused by
751a3da979/services/context/context.go (L115)
using the value of the http request on not that was set in the Chi context.
The web route to update and delete variables of runners did not check if
the ID that was given belonged to the context it was requested in, this
made it possible to update and delete every existing runner variable of
a instance for any authenticated user.
The code has been reworked to always take into account the context of
the request (owner and repository ID).
- Adds a new option `[webhook].PAYLOAD_COMMIT_LIMIT` that limits the amount of commits is sent for each webhook payload, this was previously done via `[ui].FEED_MAX_COMMIT_NUM` which feels incorrect.
- The default is 15 for this new option, purely arbitary.
- Resolves forgejo/forgejo#6780
- Added unit testing, it's quite a lot because this the notification
area is not really easy to test and rather should've been a integration test
but that ends up having more complicated than trying doing an unit test.
Reviewed-on: forgejo/forgejo#6797
Reviewed-by: Otto <[email protected]>
Reviewed-by: 0ko <[email protected]>
Co-authored-by: Gusted <[email protected]>
Co-committed-by: Gusted <[email protected]>
- Instead of getting the default branch of the 'code' repository, get the default branch of the wiki repository.
- It's a bug of forgejo/forgejo#2264, likely caused by the confusion between `gitrepo` (the package name) and `gitRepo` (the git repo for the just migrated wiki repository).
- Adjusted existing integration test.
Reviewed-on: forgejo/forgejo#6754
Reviewed-by: Earl Warren <[email protected]>
Co-authored-by: Gusted <[email protected]>
Co-committed-by: Gusted <[email protected]>
