Commit graph

22 commits

Author SHA1 Message Date
Kemal Zebari
e388822e9d
Don't only list code-enabled repositories when using repository API (#30817)
We should be listing all repositories by default.

Fixes #28483.

(cherry picked from commit 9f0ef3621a3b63ccbe93f302a446b67dc54ad725)

Conflict:
   -		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.UnitAccessMode(unit_model.TypeCode) >= perm.AccessModeRead {
   +		if ctx.IsSigned && ctx.Doer.IsAdmin || permission.HasAccess() {
   because of https://codeberg.org/forgejo/forgejo/pulls/2001
2024-05-05 12:15:40 +01:00
6543
51b8d964c8
Get repo assignees and reviewers should ignore deactivated users (#30770) (#30782)
Backport  #30770

If an user is deactivated, it should not be in the list of users who are
suggested to be assigned or review-requested.

old assignees or reviewers are not affected.

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit f2d8ccc5bb2df25557cc0d4d23f2cdd029358274)

Conflicts:
	models/repo/user_repo_test.go
	because there is one less fixture user compared to Gitea
2024-05-05 08:53:27 +01:00
Gergely Nagy
2385f3c9db
services/convert: Convert a Repository's ObjectFormatName too
When converting a `repo_model.Repository` to `api.Repository`, copy the
`ObjectFormatName` field too.

Fixes #3458.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-04-26 09:25:30 +02:00
Zettat123
77c56e29de
Allow non-admin users to delete review requests (#29057)
Fix #14459

The following users can add/remove review requests of a PR
- the poster of the PR
- the owner or collaborators of the repository
- members with read permission on the pull requests unit

(cherry picked from commit c42083a33950be6ee9f822c6d0de3c3a79d1f51b)

Conflicts:
	models/repo/repo_list_test.go
	tests/integration/api_nodeinfo_test.go
	tests/integration/api_repo_test.go
	shared fixture counts
2024-02-26 22:30:27 +01:00
Gusted
23d32eb493
[GITEA] Improve HTML title on repositories
- The `<title>` element that lives inside the `<head>` element is an important element that gives browsers and search engine crawlers the title of the webpage, hence the element name. It's therefor important that this title is accurate.
- Currently there are three issues with titles on repositories. It doesn't use the `FullName` and instead only uses the repository name, this doesn't distinguish which user or organisation the repository is on. It doesn't show the full treepath in the title when visiting an file inside a directory and instead only uses the latest path in treepath. It can show the repository name twice if the `.Title` variable also included the repository name such as on the repository homepage.
- Use the repository's fullname (which include which user the repository is on) instead of just their name.
- Display the repository's fullname if it isn't already in `.Title`.
- Use the full treepath in the repository code view instead of just the
last path.
- Adds integration tests.
- Adds a new repository (`repo59`) that has 3 depths for folders, which
wasn't in any other fixture repository yet, so the full treepath for
could be properly tested.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1276

(cherry picked from commit ff9a6a2cda34cf2b2e392cc47125ed0f619b287b)
(cherry picked from commit 76dffc862103eb23d51445ef9d611296308c8413)
(cherry picked from commit ff0615b9d0f3ea4bd86a28c4ac5b0c4740230c81)
(cherry picked from commit 8712eaa394053a8c8f1f4cb17307e094c65c7059)
(cherry picked from commit 0c11587582b8837778ee85f4e3b04241e5d71760)
(cherry picked from commit 3cbd9fb7922177106b309f010dd34a68751873dc)

Conflicts:
	tests/integration/repo_test.go
	https://codeberg.org/forgejo/forgejo/pulls/1512
(cherry picked from commit fbfdba8ae9e7cb9811452b30d5424fca41231a1f)

Conflicts:
	models/fixtures/release.yml
	https://codeberg.org/forgejo/forgejo/pulls/1550
(cherry picked from commit 8b2bf0534ca6a2241c2a10cbecd7c96fb96558a6)
(cherry picked from commit d706d9e222469c689eb069ec609968296657dfdc)
(cherry picked from commit 6d46261a3f81d3642b313e76ad93c5f72fbd6bf8)
(cherry picked from commit f864d18ad30760bd1e2fb1925b87b19e3208ad97)
(cherry picked from commit 80f8620d0d746c7ce5e88eeef3ec62431c399ec8)

[GITEA] Improve HTML title on repositories (squash) do not double escape

(cherry picked from commit 22882fe25cde57837a31738a10c71c9478e16662)
(cherry picked from commit 63e99df3d1ecb50da3b723848ca85d56b831a8d7)
(cherry picked from commit b65d777bc78fabf7e3d1bf8c50aff4eb5395d783)
(cherry picked from commit 2961f4f6320b4b38c33f33e7133e7f3d3f86bd0f)
(cherry picked from commit f7f723628c76c5c2a0678139fbc4264feea352ea)
(cherry picked from commit 9ed79158268160f62dc1b32183c9a487cd521ef7)
(cherry picked from commit 8b9ead46085b8a7f1a9c63f561bce4795ccca31d)
(cherry picked from commit 50eeaf1fbcf01d8616d8ea792a3b3cd736137f89)
(cherry picked from commit ee6f32820e5e0e4ea2ae61fc6a72c475e805b5ac)
(cherry picked from commit bf337bed3507a6554bbdd738e6ca1aa80d00df20)
(cherry picked from commit 6be9501ec0c6eceda8faa48a4d1dc875da702880)
(cherry picked from commit b39860570df95a860c151122a259becb6a221c0e)
(cherry picked from commit 3f30f486d516cac043dbdcd780b2277b6a3278d7)
(cherry picked from commit 5680ecdbe9b668ce69e5a55b2dd7fb7c0eb7087b)
(cherry picked from commit da6a19ad16bd9014ac37e02f10095880baeac65c)
(cherry picked from commit 5462493a77dc6f2bf8a0e07e6fbfbe9cce157bcd)
(cherry picked from commit 530fe57ddea58aab0d4bfb3b8373a8f4e1632514)
(cherry picked from commit f174f35644b2405567a97f6720a55f6cc5fe4f61)

Conflicts:
	models/fixtures/repository.yml
	https://codeberg.org/forgejo/forgejo/pulls/2214
(cherry picked from commit 75212b3a59b853df59f6fafab2542f9a2dd82ca3)
(cherry picked from commit 6e3c0be5555076b1f8ef645b809b7d89deb4e1ad)
2024-02-05 16:05:50 +01:00
KN4CK3R
838db2f891
Convert to url auth to header auth in tests (#28484)
Related #28390
2023-12-21 23:59:59 +00:00
Lunny Xiao
9852c92e9a
Remove unnecessary parameter (#27671) 2023-10-18 15:03:10 +00:00
Nanguan Lin
dc04044716
Replace assert.Fail with assert.FailNow (#27578)
assert.Fail() will continue to execute the code while assert.FailNow()
not. I thought those uses of assert.Fail() should exit immediately.
PS: perhaps it's a good idea to use
[require](https://pkg.go.dev/github.com/stretchr/testify/require)
somewhere because the assert package's default behavior does not exit
when an error occurs, which makes it difficult to find the root error
reason.
2023-10-11 11:02:24 +00:00
Nanguan Lin
da50be7360
Replace 'userxx' with 'orgxx' in all test files when the user type is org (#27052)
Currently 'userxx' and 'orgxx' are both used as username in test files
when the user type is org, which is confusing. This PR replaces all
'userxx' with 'orgxx' when the user type is org(`user.type==1`).
Some non-trivial changes
1. Rename `user3` dir to `org3` in `tests/git-repositories-meta` 
2. Change `end` in `issue reference` because 'org3' is one char shorter
than 'user3'

![ksnip_20230913-112819](https://github.com/go-gitea/gitea/assets/70063547/442988c5-4cf4-49b8-aa01-4dd6bf0ca954)
3. Change the search result number of `user/repo2` because
`user3/repo21` can't be searched now

![ksnip_20230913-112931](https://github.com/go-gitea/gitea/assets/70063547/d9ebeba4-479f-4110-9a85-825efbc981fd)
4. Change the first org name getting from API because the result is
ordered by alphabet asc and now `org 17` is before `org25`
![JW8U7NIO(J$H
_YCRB36H)T](https://github.com/go-gitea/gitea/assets/70063547/f55a685c-cf24-40e5-a87f-3a2327319548)
![)KFD411O4I8RB5ZOH7E0
Z3](https://github.com/go-gitea/gitea/assets/70063547/a0dc3299-249c-46f6-91cb-d15d4ee88dd5)

Other modifications are just find all and replace all.
Unit tests with SQLite are all passed.

---------

Co-authored-by: caicandong <1290147055@qq.com>
2023-09-14 02:59:53 +00:00
Lunny Xiao
4f32abaf94
move repository deletion to service layer (#26948)
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2023-09-08 04:51:15 +00:00
sebastian-sauer
55532061c8
Add commits dropdown in PR files view and allow commit by commit review (#25528)
This PR adds a new dropdown to select a commit or a commit range
(shift-click like github) of a Pull Request.
After selection of a commit only the changes of this commit will be shown.
When selecting a range of commits the diff of this range is shown.

This allows to review a PR commit by commit or by viewing only commit ranges.
The "Show changes since your last review" mechanism github uses is implemented, too.
When reviewing a single commit or a commit range the "Viewed" functionality is disabled.

## Screenshots

### The commit dropdown

![image](https://github.com/go-gitea/gitea/assets/51889757/0db3ae62-1272-436c-be64-4730c5d611e3)

### Selecting a commit range

![image](https://github.com/go-gitea/gitea/assets/51889757/ad81eedb-8437-42b0-8073-2d940c25fe8f)

### Show changes of a single commit only

![image](https://github.com/go-gitea/gitea/assets/51889757/6b1a113b-73ef-4ecc-adf6-bc2340bb8f97)

### Show changes of a commit range

![image](https://github.com/go-gitea/gitea/assets/51889757/6401b358-cd66-4c09-8baa-6cf6177f23a7)


Fixes https://github.com/go-gitea/gitea/issues/20989
Fixes https://github.com/go-gitea/gitea/issues/19263

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
2023-07-28 21:18:12 +02:00
caicandong
491cc06ffe
Fix the error message when the token is incorrect (#25701)
we refactored `userIDFromToken` for the token parsing part into a new
function `parseToken`. `parseToken` returns the string `token` from
request, and a boolean `ok` representing whether the token exists or
not. So we can distinguish between token non-existence and token
inconsistency in the `verfity` function, thus solving the problem of no
proper error message when the token is inconsistent.
close #24439  
related #22119

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-07-11 10:04:28 +08:00
Jack Hay
18de83b2a3
Redesign Scoped Access Tokens (#24767)
## Changes
- Adds the following high level access scopes, each with `read` and
`write` levels:
    - `activitypub`
    - `admin` (hidden if user is not a site admin)
    - `misc`
    - `notification`
    - `organization`
    - `package`
    - `issue`
    - `repository`
    - `user`
- Adds new middleware function `tokenRequiresScopes()` in addition to
`reqToken()`
  -  `tokenRequiresScopes()` is used for each high-level api section
- _if_ a scoped token is present, checks that the required scope is
included based on the section and HTTP method
  - `reqToken()` is used for individual routes
- checks that required authentication is present (but does not check
scope levels as this will already have been handled by
`tokenRequiresScopes()`
- Adds migration to convert old scoped access tokens to the new set of
scopes
- Updates the user interface for scope selection

### User interface example
<img width="903" alt="Screen Shot 2023-05-31 at 1 56 55 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/654766ec-2143-4f59-9037-3b51600e32f3">
<img width="917" alt="Screen Shot 2023-05-31 at 1 56 43 PM"
src="https://github.com/go-gitea/gitea/assets/23248839/1ad64081-012c-4a73-b393-66b30352654c">

## tokenRequiresScopes  Design Decision
- `tokenRequiresScopes()` was added to more reliably cover api routes.
For an incoming request, this function uses the given scope category
(say `AccessTokenScopeCategoryOrganization`) and the HTTP method (say
`DELETE`) and verifies that any scoped tokens in use include
`delete:organization`.
- `reqToken()` is used to enforce auth for individual routes that
require it. If a scoped token is not present for a request,
`tokenRequiresScopes()` will not return an error

## TODO
- [x] Alphabetize scope categories
- [x] Change 'public repos only' to a radio button (private vs public).
Also expand this to organizations
- [X] Disable token creation if no scopes selected. Alternatively, show
warning
- [x] `reqToken()` is missing from many `POST/DELETE` routes in the api.
`tokenRequiresScopes()` only checks that a given token has the correct
scope, `reqToken()` must be used to check that a token (or some other
auth) is present.
   -  _This should be addressed in this PR_
- [x] The migration should be reviewed very carefully in order to
minimize access changes to existing user tokens.
   - _This should be addressed in this PR_
- [x] Link to api to swagger documentation, clarify what
read/write/delete levels correspond to
- [x] Review cases where more than one scope is needed as this directly
deviates from the api definition.
   - _This should be addressed in this PR_
   - For example: 
   ```go
	m.Group("/users/{username}/orgs", func() {
		m.Get("", reqToken(), org.ListUserOrgs)
		m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions)
}, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser,
auth_model.AccessTokenScopeCategoryOrganization),
context_service.UserAssignmentAPI())
   ```

## Future improvements
- [ ] Add required scopes to swagger documentation
- [ ] Redesign `reqToken()` to be opt-out rather than opt-in
- [ ] Subdivide scopes like `repository`
- [ ] Once a token is created, if it has no scopes, we should display
text instead of an empty bullet point
- [ ] If the 'public repos only' option is selected, should read
categories be selected by default

Closes #24501
Closes #24799

Co-authored-by: Jonathan Tran <jon@allspice.io>
Co-authored-by: Kyle D <kdumontnu@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2023-06-04 20:57:16 +02:00
KN4CK3R
f1173d6879
Use more specific test methods (#24265)
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Giteabot <teabot@gitea.io>
2023-04-22 17:56:27 -04:00
silverwind
8dc6eabbc0
Update go tool dependencies, restructure lint targets (#24239)
- Update all tool dependencies to latest tag
- Remove unused errcheck, it is part of golangci-lint
- Include main.go in air
- Enable wastedassign again now that it's
[generics-compatible](https://github.com/golangci/golangci-lint/pull/3689)
- Restructured lint targets to new `lint-*` namespace
2023-04-22 14:53:00 -04:00
oliverpool
bb2783860b
fix calReleaseNumCommitsBehind (#24148)
`repoCtx.CommitsCount` is not reliably the commit count of the default
branch (Repository.GetCommitsCount depends on what is currently
displayed).

For instance on the releases page the commit count is correct:
https://codeberg.org/Codeberg/pages-server/releases


![2023-04-15-215027](https://user-images.githubusercontent.com/3864879/232250500-6c05dc00-7030-4ec9-87f1-18c7797d36bf.png)

However it is not on the single page:
https://codeberg.org/Codeberg/pages-server/releases/tag/v4.6.2


![2023-04-15-215036](https://user-images.githubusercontent.com/3864879/232250503-620c8038-7c2c-45a1-b99d-cb994ef955a6.png)

This PR fixes this by removing a "fast branch" which was using this
field (I think this field should be removed, since it is a bit
unpredictable - but this would mean a larger refactoring PR).

_contributed in the context of @forgejo_

---------

Co-authored-by: Giteabot <teabot@gitea.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2023-04-18 21:11:17 +02:00
Chongyi Zheng
de484e86bc
Support scoped access tokens (#20908)
This PR adds the support for scopes of access tokens, mimicking the
design of GitHub OAuth scopes.

The changes of the core logic are in `models/auth` that `AccessToken`
struct will have a `Scope` field. The normalized (no duplication of
scope), comma-separated scope string will be stored in `access_token`
table in the database.
In `services/auth`, the scope will be stored in context, which will be
used by `reqToken` middleware in API calls. Only OAuth2 tokens will have
granular token scopes, while others like BasicAuth will default to scope
`all`.
A large amount of work happens in `routers/api/v1/api.go` and the
corresponding `tests/integration` tests, that is adding necessary scopes
to each of the API calls as they fit.


- [x] Add `Scope` field to `AccessToken`
- [x] Add access control to all API endpoints
- [x] Update frontend & backend for when creating tokens
- [x] Add a database migration for `scope` column (enable 'all' access
to past tokens)

I'm aiming to complete it before Gitea 1.19 release.

Fixes #4300
2023-01-17 15:46:03 -06:00
Lunny Xiao
36a2d2f919
Add a simple test for external renderer (#20033)
Fix #16402
2022-12-12 20:45:21 +08:00
Lunny Xiao
df676a47d0
Remove session in api tests (#21984)
It's no meaning to request an API route with session.
2022-12-01 22:39:42 -05:00
flynnnnnnnnnn
e81ccc406b
Implement FSFE REUSE for golang files (#21840)
Change all license headers to comply with REUSE specification.

Fix #16132

Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-27 18:20:29 +00:00
Eng Zer Jun
8b0aaa5f86
test: use T.TempDir to create temporary test directory (#21043)
A testing cleanup. 

This pull request replaces `os.MkdirTemp` with `t.TempDir`. We can use the `T.TempDir` function from the `testing` package to create temporary directory. The directory created by `T.TempDir` is automatically removed when the test and all its subtests complete. 

This saves us at least 2 lines (error check, and cleanup) on every instance, or in some cases adds cleanup that we forgot.

Reference: https://pkg.go.dev/testing#T.TempDir

```go
func TestFoo(t *testing.T) {
	// before
	tmpDir, err := os.MkdirTemp("", "")
	require.NoError(t, err)
	defer os.RemoveAll(tmpDir)

	// now
	tmpDir := t.TempDir()
}
```

Signed-off-by: Eng Zer Jun <engzerjun@gmail.com>
2022-09-04 16:14:53 +01:00
Kyle D
c8ded77680
Kd/ci playwright go test (#20123)
* Add initial playwright config

* Simplify Makefile

* Simplify Makefile

* Use correct config files

* Update playwright settings

* Fix package-lock file

* Don't use test logger for e2e tests

* fix frontend lint

* Allow passing TEST_LOGGER variable

* Init postgres database

* use standard gitea env variables

* Update playwright

* update drone

* Move empty env var to commands

* Cleanup

* Move integrations to subfolder

* tests integrations to tests integraton

* Run e2e tests with go test

* Fix linting

* install CI deps

* Add files to ESlint

* Fix drone typo

* Don't log to console in CI

* Use go test http server

* Add build step before tests

* Move shared init function to common package

* fix drone

* Clean up tests

* Fix linting

* Better mocking for page + version string

* Cleanup test generation

* Remove dependency on gitea binary

* Fix linting

* add initial support for running specific tests

* Add ACCEPT_VISUAL variable

* don't require git-lfs

* Add initial documentation

* Review feedback

* Add logged in session test

* Attempt fixing drone race

* Cleanup and bump version

* Bump deps

* Review feedback

* simplify installation

* Fix ci

* Update install docs
2022-09-02 15:18:23 -04:00
Renamed from integrations/api_repo_test.go (Browse further)