Commit graph

4243 commits

Author SHA1 Message Date
JakobDev
a610e93cc9 Add fix and migration 2024-04-08 12:54:43 +02:00
JakobDev
613e5387c5 Count downloads for tag archives 2024-04-08 12:51:27 +02:00
KN4CK3R
63904e2f97
Fix missing 0 prefix of GPG key id (#30245)
Fixes #30235

If the key id "front" byte has a single digit, `%X` is missing the 0
prefix.
` 38D1A3EADDBEA9C` instead of
`038D1A3EADDBEA9C`
When using the `IssuerFingerprint` slice `%X` is enough but I changed it
to `%016X` too to be consistent.

(cherry picked from commit eb505b128c7b9b2459f2a5d20b5740017125178b)

Conflicts:
	- models/asymkey/gpg_key_commit_verification.go
          Ported the change to models/asymkey/gpg_key_object_verification.go
2024-04-07 15:40:31 +02:00
KN4CK3R
5a674dd02e
Fix GPG subkey verify (#30193)
Fixes #30189

Can't verify subkeys if they are not loaded.

(cherry picked from commit 82ffd91607ba03907ebad31ec9a38555b153a331)
2024-04-07 15:40:31 +02:00
Lunny Xiao
f0004760f6
[PORT] gitea#30190: Add unique index for project_issue to prevent duplicate data
Fix #27639

---

Remove MSSQL specific code per https://codeberg.org/forgejo/discussions/issues/122

(cherry picked from commit b4825670596fe745cebdcc63a8ead4388602d42c)
2024-04-07 14:51:50 +02:00
Jack Hay
e08f05b069
Add setting to disable user features when user login type is not plain (#29615)
- Adds setting `EXTERNAL_USER_DISABLE_FEATURES` to disable any supported
user features when login type is not plain
- In general, this is necessary for SSO implementations to avoid
inconsistencies between the external account management and the linked
account
- Adds helper functions to encourage correct use

(cherry picked from commit 59d4aadba5c15d02f3b9f0e61abb7476870c20a5)

Conflicts:
	- docs/content/administration/config-cheat-sheet.en-us.md
          Removed.
	- modules/setting/admin.go
          Trivial resolution: pick the newly added struct member.
2024-04-07 11:09:21 +02:00
sillyguodong
16696a42f5
Add API for Variables (#29520)
close #27801

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 62b073e6f31645e446c7e8d6b5a506f61b47924e)

Conflicts:
	- modules/util/util.go
          Trivial resolution, only picking the newly introduced function
	- routers/api/v1/swagger/options.go
          Trivial resolution. We don't have UserBadges, don't pick that part.
	- templates/swagger/v1_json.tmpl
          Regenerated.
2024-04-07 10:57:53 +02:00
Gusted
0a51ae26bc Merge pull request 'Sort BuiltinApplicationsClientIDs() in test' (#3075) from gusted/forgejo-sort into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3075
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-04-06 12:43:42 +00:00
Gusted
d8eebe7698 Merge pull request 'Add optional pronoun field in user settings' (#1518) from hazy/forgejo:feat/pronoun-field into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1518
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Gergely Nagy <algernon@noreply.codeberg.org>
2024-04-06 12:23:54 +00:00
Gusted
eea259055e
Sort BuiltinApplicationsClientIDs() in test
- Ref https://codeberg.org/forgejo/forgejo/pulls/3069#issuecomment-1736290
2024-04-06 11:30:02 +02:00
Earl Warren
668edc1948 Merge pull request 'Refactor LFS GC functions' (#3056) from gusted/forgejo-lfs into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3056
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-06 07:27:22 +00:00
Earl Warren
a015ada29a Merge pull request '[BUG] fix webhook creation payload ref' (#3055) from oliverpool/forgejo:webhook_fix_create_payload_ref into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3055
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-06 07:25:20 +00:00
Earl Warren
8595e251a2 Merge pull request '[BUG] Don't remove builtin OAuth2 applications' (#3067) from gusted/forgejo-db-consistency-oauth2 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/3067
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-06 07:02:07 +00:00
Gusted
6af8f3a3f2
[BUG] Don't remove builtin OAuth2 applications
- When the database consistency is being run it would check for any
OAuth2 applications that don't have an existing user. However there are
few special OAuth2 applications that don't have an user set, because
they are global applications.
- This was not taken into account by the database consistency checker
and were removed if the database consistency check was being run with
autofix enabled.
- Take into account to ignore these global OAuth2 applications when
running the database consistency check.
- Add unit tests.
- Ref: https://codeberg.org/Codeberg/Community/issues/1530
2024-04-06 01:07:45 +02:00
Gusted
2d9afd0c21
[CHORE] Remove Microsoft SQL Server Support
- Per https://codeberg.org/forgejo/discussions/issues/122
2024-04-05 23:37:36 +02:00
Gusted
7ffa7f5bce
Refactor LFS GC functions
- Remove options that currently aren't set
on `GarbageCollectLFSMetaObjectsOptions` and
`IterateLFSMetaObjectsForRepoOptions`.
- Simplify `IterateRepositoryIDsWithLFSMetaObjects` and
`IterateLFSMetaObjectsForRepo`.
- `IterateLFSMetaObjectsForRepo` was previously able to get in a
loop (`gc-lfs` doctor check was able to reproduce this) because the code
expected that the records would be updated to not match the SQL query,
but that wasn't the case. Simply enforce that only records higher than
the latest `id` from the previous iteration are allowed.
- For `gc-lfs` doctor check this was because `UpdatedLessRecentlyThan`
option was not set, which caused that records just marked as active in
the iteration weren't being filtered.
- Add unit tests
- Most likely a regression from 2cc3a6381c.
- The bug with `gc-lfs` was found on Codeberg.
2024-04-05 16:49:15 +02:00
Gusted
32134e3a43
[CHORE] Remove u2f dependency
- It was only used to parse old U2F data to webauthn credentials. We
only used the public key and keyhandle. This functiontionality was
reworked to `parseU2FRegistration`.
- Tests are already present, `Test_RemigrateU2FCredentials`.
2024-04-05 16:23:10 +02:00
oliverpool
9d2919248b [TEST] webhook creation payload ref 2024-04-05 16:21:41 +02:00
hazycora
8cbacf850a
Add back ID field to pronouns migration
looks unnecessary, but not doing this seems to cause failed tests. Other previous migrations follow this pattern as well.
2024-04-03 15:16:38 -05:00
hazycora
204dd9e300
Add migration for pronouns 2024-04-03 15:15:53 -05:00
hazycora
f8e48e066a
add pronoun field to user profiles 2024-04-03 15:11:17 -05:00
Earl Warren
efd0f0f224 Merge pull request 'Port archived labels visual filter' (#2887) from 0ko/forgejo:lable-archive-bw into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2887
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-03 20:06:39 +00:00
Earl Warren
4b8d06b0a7 Merge pull request 'Allow custom repo size format' (#2974) from 0ko/forgejo:percent_s into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2974
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-02 15:08:41 +00:00
0ko
2f38c2220f [I18N] Allow custom repo size format
Following https://codeberg.org/forgejo/forgejo/pulls/2528#issuecomment-1721846

- simplify the code
- allow to have custom format in translations
- provide proper Russian translation because test depends on it
2024-04-02 18:43:12 +05:00
Gusted
2dabd202ce
[FEAT] Mark database errors in tests as failure
- If the database returns a error in integration tests, it should be
marked as a failure of the test.
- Ref: https://codeberg.org/forgejo/forgejo/issues/2962 (this should
help with logging the SQL that is resulting in the error).
2024-04-02 14:40:31 +02:00
Earl Warren
385bcca788 Merge pull request 'Data size unit localization' (#2528) from 0ko/forgejo:sizelocalize into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2528
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-04-01 19:31:26 +00:00
Earl Warren
ec091b59af Merge pull request '[FEAT] Configure if protected branch rule should apply to admins' (#2867) from gusted/forgejo-protectedbranch-admins into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2867
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-04-01 19:28:29 +00:00
Earl Warren
b9a1d5c2be Merge pull request 'Highlight signed tags like signed commits' (#2534) from algernon/forgejo:message-in-a-bottle-ctrl-w-tag into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2534
2024-04-01 13:38:55 +00:00
0ko
4b09dd11ec [GITEA] Apply changes to archived labels
This is a squashed result of conflict resolution for the following commits from Gitea:
- 36de5b299b
- 9a93b1816e
- 712e19fa6f
- 83850cc479

It is lacking CSS rule for archived labels, though.

Changes in this commit are authored by:
- 6543
- delvh
- silverwind
2024-04-01 17:46:02 +05:00
oliverpool
6b857193ff [TESTS] pull review deleted from gitea#29888
Instead of db.TruncateBeans(db.DefaultContext, &issues_model.Review{}), reviews are deleted using issue.DeleteReview
2024-03-31 13:53:47 +02:00
0ko
29cc80d849 Provide a way to translate data units 2024-03-30 21:10:47 +05:00
Gergely Nagy
cd19564acc
models/asymkey: Implement Tag verification
This is, in large part, a refactoring: we rename `CommitVerification` to
`ObjectVerification`, and adjust `ParseObjectWithSignature` (previously
`ParseCommitWithSignature`) to work on an object, rather than a commit.

This in turn, lets us implement `ParseTagWithSignature` on top of it, so
commit & tag signature verification will share most of the code.

Work sponsored by @glts.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-30 16:22:05 +01:00
Lunny Xiao
459b1b20fe
Fix migration v292 (#30153)
Fix https://github.com/go-gitea/gitea/pull/29874#discussion_r1542227686

- The migration of v292 will miss many projects. These projects will
have no default board. This PR introduced a new migration number and
removed v292 migration.

- This PR also added the missed transactions on project-related
operations.

- Only `SetDefaultBoard` will remove duplicated defaults but not in
`GetDefaultBoard`

(cherry picked from commit 40cdc84b368cce8328b4b49ea5ecf1c5fa040300)
2024-03-30 07:17:32 +01:00
Kemal Zebari
23676bfea7
Prevent re-review and dismiss review actions on closed and merged PRs (#30065)
Resolves #29965.

---
Manually tested this by:
- Following the
[installation](https://docs.gitea.com/next/installation/install-with-docker#basics)
guide (but built a local Docker image instead)
- Creating 2 users, one who is the `Owner` of a newly-created repository
and the other a `Collaborator`
- Had the `Collaborator` create a PR that the `Owner` reviews
- `Collaborator` resolves conversation and `Owner` merges PR

And with this change we see that we can no longer see re-request review
button for the `Owner`:

<img width="1351" alt="Screenshot 2024-03-25 at 12 39 18 AM"
src="https://github.com/go-gitea/gitea/assets/60799661/bcd9c579-3cf7-474f-a51e-b436fe1a39a4">

(cherry picked from commit 242b331260925e604150346e61329097d5731e77)
2024-03-30 07:17:32 +01:00
YR Chen
2813425488
Move from max( id ) to max( index ) for latest commit statuses (#30076)
This PR replaces the use of `max( id )`, and instead using ``max(
`index` )`` for determining the latest commit status. Building business
logic over an `auto_increment` primary key like `id` is risky and
there’re already plenty of discussions on the Internet.

There‘s no guarantee for `auto_increment` values to be monotonic,
especially upon failures or with a cluster. In the specific case, we met
the problem of commit statuses being outdated when using TiDB as the
database. As [being
documented](https://docs.pingcap.com/tidb/stable/auto-increment),
`auto_increment` values assigned to an `insert` statement will only be
monotonic on a per server (node) basis.

Closes #30074.

(cherry picked from commit 7443a10fc3d722d3326a0cb7b15b208f907c72d7)
2024-03-30 07:17:31 +01:00
Denys Konovalov
8ffb9c6fb1
Add default board to new projects, remove uncategorized pseudo-board (#29874)
On creation of an empty project (no template) a default board will be
created instead of falling back to the uneditable pseudo-board.

Every project now has to have exactly one default boards. As a
consequence, you cannot unset a board as default, instead you have to
set another board as default. Existing projects will be modified using a
cron job, additionally this check will run every midnight by default.

Deleting the default board is not allowed, you have to set another board
as default to do it.

Fixes #29873
Fixes #14679 along the way
Fixes #29853

Co-authored-by: delvh <dev.lh@web.de>
(cherry picked from commit e5160185ed65fd1c2bcb2fc7dc7e0b5514ddb299)

Conflicts:
	options/locale/locale_en-US.ini
	trivial conflict because Forgejo strings do not have
	surrounding double quotes
2024-03-30 07:17:31 +01:00
Lunny Xiao
b019ecce89
Do some performance optimize for issues list and view issue/pull (#29515) (migration only)
Refs: https://codeberg.org/forgejo/forgejo/pulls/2679#issuecomment-1720941
2024-03-30 07:17:31 +01:00
yp05327
fa87a57b59
Load attachments for code comments (#30124)
Fix #30103

ps: comments has `LoadAttributes`, but maybe considering performance
problem, we don't call it.

(cherry picked from commit ce3c3512265df3b4940672be40065c4fb415ef95)
2024-03-30 07:17:31 +01:00
Jason Song
2c4e85421e
Fix misuse of TxContext (#30061)
Help #29999, or its tests cannot pass.

Also, add some comments to clarify the usage of `TxContext`.

I don't check all usages of `TxContext` because there are too many
(almost 140+). It's a better idea to replace them with `WithTx` instead
of checking them one by one. However, that may be another refactoring
PR.

(cherry picked from commit c6c4d66004c70b24abc8048b39b660b8361a0395)
2024-03-30 07:17:29 +01:00
Lunny Xiao
9ca245ad96
Use db.ListOptions directly instead of Paginator interface to make it easier to use and fix performance of /pulls and /issues (#29990)
This PR uses `db.ListOptions` instead of `Paginor` to make the code
simpler.
And it also fixed the performance problem when viewing /pulls or
/issues. Before the counting in fact will also do the search.

---------

Co-authored-by: Jason Song <i@wolfogre.com>
Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 3f26fe2fa2c7141c9e622297e50a70f3e0003e4d)
2024-03-30 07:17:29 +01:00
Gusted
190383dbf8
[BUG] Don't delete inactive emails explicitly
- `user_model.DeleteInactiveEmailAddresses` related code was added in
Gogs as part to delete inactive users, however since then the related
code to delete users has changed and this code now already delete email
addresses of the user, it's therefore not needed anymore to
`DeleteInactiveEmailAddresses`.
- The call to `DeleteInactiveEmailAddresses` can actually cause issues.
As the associated user might not have been deleted, because it
was not older than the specified `olderThan` argument. Therefore causing
a database inconsistency and lead to internal server errors if the user
tries to activate their account.
- Adds unit test to verify correct behavior (fails without this patch).
2024-03-29 15:14:09 +01:00
Gusted
79b7089360
[FEAT] Configure if protected branch rule should apply to admins
- Currently protected branch rules do not apply to admins, however in
some cases (like in the case of Forgejo project) you might also want to
apply these rules to admins to avoid accidental merges.
- Add new option to configure this on a per-rule basis.
- Adds integration tests.
- Resolves #65
2024-03-29 00:21:49 +01:00
Earl Warren
340aa1960e Merge pull request '[Port] gitea#29842: Notify reviewers added via CODEOWNERS' (#2855) from gusted/forgejo-port-29842 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2855
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-28 16:40:17 +00:00
Jimmy Praet
003881b06d
[Port] gitea#29842: Notify reviewers added via CODEOWNERS
Fixes https://github.com/go-gitea/gitea/issues/28297

This PR also fixed a problem that it needs a database transaction when
removing the WIP title.

---

Resolves #2771
Also partially ports gitea#29783

(cherry picked from commit 17d7ab5ad4ce3d0fbc1251572c22687c237a30b1)
2024-03-28 14:58:39 +01:00
Lunny Xiao
6b49276f97
[Port] gitea#29930: Move notifications to a standalone file
There is no code change. Just move notification list related
structs/functions from one file to another.

---

Resolves #2772

Simply move the moderation code to the new function (which wasn't
changed).

(cherry picked from commit b25eec41eb4d7058be808daefd6fd47eed61c7d3)
2024-03-28 14:21:42 +01:00
Gusted
42b97fd836 Merge pull request '[COSMETIC] unify the wording of the Forgejo migration comments' (#2849) from earl-warren/forgejo:wip-migration-comments into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2849
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-03-28 12:36:57 +00:00
Earl Warren
ba458530aa
[COSMETIC] unify the wording of the Forgejo migration comments 2024-03-28 12:08:43 +01:00
Earl Warren
ceea9c4334
Revert "avoid superfluous synchronized pull_request run when opening a PR"
The fix against the race incorrectly assumes the sha of the commit being
pushed belongs to the base repository. It finds the highest possible
pull request ID from the head repository instead of looking it up in
the base repository.

Figuring out if a PR was created in the future based on the highest
index of the base repository would require collecting all of them
because there is no way to know in advance which repository may be
involved in the race.

Fixing this race can be done either by:

* Introducing a new field in the pull_request table https://codeberg.org/forgejo/forgejo/pulls/2842
  which feels more like a hack than a real solution
* Refactoring the logic
  which would be a significant undertaking

The race has been in the codebase for a very long time and manifests
itself in the CI, when events happen in quick succession. The only
concrete manifestation was however fixed by https://codeberg.org/forgejo/forgejo/issues/2009

Since this race now only exists in theory and not in practice, let's
revert this bugous commit until a proper solution is implemented.

Fixes: https://codeberg.org/forgejo/forgejo/issues/2817

This reverts commit 036f1eddc5.

Conflicts:
	services/pull/pull.go
2024-03-28 07:08:17 +01:00
Earl Warren
e41e18f87e Merge pull request '[REFACTOR] webhook.Handler interface' (#2758) from oliverpool/forgejo:webhook_2_interface into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2758
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-27 13:45:04 +00:00
Earl Warren
d6eab2b586
models/forgejo_migrations: Gitea tables migration ID
Sync() will act on the given struct and the ID field should be exactly
as it is in the Gitea migration when a Gitea table is modified.
2024-03-27 09:27:32 +01:00
Earl Warren
ac672fc3ff Merge pull request '[ACTIONS] port scheduled actions from Gitea' (#2826) from earl-warren/forgejo:wip-gitea-schedule into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2826
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-03-27 06:23:56 +00:00
DrMaxNix
a9a2f5200b
Respect DEFAULT_ORG_MEMBER_VISIBLE setting when adding creator to org (#30013)
This PR adds `setting.Service.DefaultOrgMemberVisible` value to dataset
of user when the initial org creator is being added to the created org.

Fixes #30012.

(cherry picked from commit e3e08dcc5184cdbdac5023fabaafba123a995c3e)
2024-03-26 19:04:28 +01:00
silverwind
2befd9a3cf
Replace 10 more gt- classes with tw- (#29945)
Likely the biggest change of the tailwind refactors. Only thing of note
is that `tw-flex-1` resolves to `flex: 1 1 0%` while our `gt-f1` was
`flex: 1 1 0`, I don't think it will make any difference. Commands I've
ran:

```sh
perl -p -i -e 's#gt-vm#tw-align-middle#g' web_src/js/**/* templates/**/* models/**/*
perl -p -i -e 's#gt-fw#tw-flex-wrap#g' web_src/js/**/* templates/**/* models/**/*
perl -p -i -e 's#gt-f1#tw-flex-1#g' web_src/js/**/* templates/**/* models/**/*
perl -p -i -e 's#gt-fc#tw-flex-col#g' web_src/js/**/* templates/**/* models/**/*
perl -p -i -e 's#gt-sb#tw-justify-between#g' web_src/js/**/* templates/**/* models/**/*
perl -p -i -e 's#gt-je#tw-justify-end#g' web_src/js/**/* templates/**/* models/**/*
perl -p -i -e 's#gt-jc#tw-justify-center#g' web_src/js/**/* templates/**/* models/**/*
perl -p -i -e 's#gt-ac#tw-content-center#g' web_src/js/**/* templates/**/* models/**/* tests/**/*
perl -p -i -e 's#gt-df#tw-flex#g' web_src/js/**/* templates/**/* models/**/* tests/**/*
perl -p -i -e 's#gt-dib#tw-inline-block#g' web_src/js/**/* templates/**/* models/**/* tests/**/*

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
(cherry picked from commit f88ad5424f381bf2a45fd863b551c5a72891bb68)

Conflicts:
	templates/repo/diff/conversation.tmpl
	templates/repo/header.tmpl
	templates/repo/issue/filter_actions.tmpl
	templates/repo/issue/filter_list.tmpl
	templates/repo/issue/view_content/conversation.tmpl
	templates/repo/release/list.tmpl
	templates/repo/wiki/view.tmpl
	web_src/js/components/DashboardRepoList.vue
	discard the proposed changes and prefer Forgejo. A followup
	commit will apply the same commands.
2024-03-26 19:04:27 +01:00
wxiaoguang
d4ea1c2559
Fix some pending problems (#29985)
These changes are quite independent and trivial, so I don't want to open
too many PRs.

* https://github.com/go-gitea/gitea/pull/29882#discussion_r1529607091
    * the `f.Close` should be called properly
* the error message could be more meaningful
(https://github.com/go-gitea/gitea/pull/29882#pullrequestreview-1942557935)
*
https://github.com/go-gitea/gitea/pull/29859#pullrequestreview-1942324716
    * the new translation strings don't take arguments
* https://github.com/go-gitea/gitea/pull/28710#discussion_r1443778807
    * stale for long time
*  #28140
    * a form was forgotten to be changed to work with backend code

(cherry picked from commit 226231ea27d4f2b0f09fa4efb39501507613b284)

Conflicts:
	templates/repo/issue/view_content/pull.tmpl
	discarded because unexplained
	templates/status/404.tmpl
	implemented differently in Forgejo
2024-03-26 19:04:26 +01:00
wxiaoguang
e5920b4a62
Refactor StringsToInt64s (#29967)
And close #27176

(cherry picked from commit cdb4d1a8db096d60dba04728924dab85def45b19)
2024-03-26 19:04:26 +01:00
Lunny Xiao
d92c2048b3
Performance improvements for pull request list page (#29900)
This PR will avoid load pullrequest.Issue twice in pull request list
page. It will reduce x times database queries for those WIP pull
requests.

Partially fix #29585

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 62f8174aa2fae1481c7e17a6afcb731a5b178cd0)

Conflicts:
	models/activities/notification_list.go
	moved to models/activities/notification.go
2024-03-26 19:04:26 +01:00
coldWater
664052fb0b
Fix missing error check of bufio.Scanner (#29882)
maybe more

(cherry picked from commit 0e183d81fc5283f9d2047472de580e4f04a046c1)
2024-03-26 19:04:25 +01:00
Nanguan Lin
32380ffa57
Fix user id column case (#29863)
Sometimes the column name is case-sensitive and it may cause 500.

(cherry picked from commit df05c558da704f0c9c9f11d32bba2a9c1cb2f8a8)
2024-03-26 19:04:25 +01:00
Jason Song
547d32c492
Cancel previous runs of the same PR automatically (#29961)
Follow #25716. Also cancel previous runs for `pull_request_sync`.

It's not a bug since it original PR said "if the event is push".

The main change is
https://github.com/go-gitea/gitea/pull/29961/files#diff-08adda3f8ae0360937f46abb1f4418603bd3518522baa356be11c6c7ac4abcc3.

And also rename `CancelRunningJobs` to `CancelPreviousJobs` to make it
more clear.

(cherry picked from commit b150ff0bab3fc6c419edf1569a0271ebcb9734fa)
2024-03-26 16:51:56 +01:00
Gergely Nagy
40c357bbc5 Rename CommitGPGSignature to ObjectSignature
`CommitGPGSignature` was originally made to store information about a
commit's GPG signature. Nowadays, it is used to store information about
SSH signatures too, and not just commit signatures, but tag signatures
too.

As such, rename it to `ObjectSignature`, because that describes what it
does a whole lot better.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-26 08:09:36 +00:00
Gergely Nagy
8fdffc94ca Add a migration to remove SSH signatures from release notes
Because the `git` module did not recognize SSH signed tags, those
signatures ended up in the `notes` column of the `release` table. While
future signatures will not end up there, Forgejo should clean up the old
ones.

This migration does just that: finds all releases that have an SSH
signature, and removes those signatures, preserving the rest of the
note (if any).

While this may seem like an expensive operation, it's only done once,
and even on the largest known Forgejo instance as of this
writing (Codeberg), the number of affected rows are just over a hundred,
a tiny amount all things considered.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-26 08:09:36 +00:00
Lunny Xiao
3b3747ffe8
Fix schedule tasks bugs (#28691)
Fix #28157

This PR fix the possible bugs about actions schedule.

- Move `UpdateRepositoryUnit` and `SetRepoDefaultBranch` from models to
service layer
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when actions unit has been disabled
or global disabled.
- Remove schedules plan from database and cancel waiting & running
schedules tasks in this repository when default branch changed.

(cherry picked from commit 97292da960)

Conflicts:
	modules/actions/github.go
	routers/web/repo/setting/default_branch.go
	routers/web/repo/setting/setting.go
	services/repository/branch.go
	services/repository/setting.go
	tests/integration/actions_trigger_test.go
2024-03-25 16:25:02 +01:00
oliverpool
702152bfde [REFACTOR] webhook.Handler interface 2024-03-24 10:35:06 +01:00
Earl Warren
5a18b74632 Merge pull request '[TESTS] fail when log.Error is called' (#2657) from oliverpool/forgejo:fail_test_on_log_error into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2657
2024-03-24 07:28:31 +00:00
oliverpool
c0fb62cb5a fix action fixtures 2024-03-24 07:12:31 +01:00
oliverpool
25daa267bb migration v1_11/v111.go: Unknown columns in 'field list' 2024-03-24 07:12:31 +01:00
oliverpool
b990e07af0 old migrations: warning instead of error 2024-03-24 07:11:19 +01:00
oliverpool
3b7b899afa fix commit_status 2024-03-24 07:11:19 +01:00
oliverpool
2536c2db89 fix webhook fixtures 2024-03-24 07:11:19 +01:00
oliverpool
036b98884c fix action_run fixtures 2024-03-24 07:11:18 +01:00
oliverpool
e43c6cd9df fail test when log.Error is called
except for some specific messages (to make the test pass for now)
2024-03-24 07:11:18 +01:00
Earl Warren
0bfd4ca532 Merge pull request 'Allow users to hide all "Add more units..." hints' (#2533) from algernon/forgejo:less-is-more into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2533
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-24 05:42:37 +00:00
oliverpool
33a3ee1955 [TESTS] webhook forms creation and edition 2024-03-23 23:02:06 +01:00
Gergely Nagy
36147f580c
Allow users to hide all "Add more units..." hints
Repositories displaying an "Add more..." tab on the header is a neat way
to let people discover they can enable more units. However, displaying
it all the time for repository owners, even when they deliberately do
not want to enable more units gets noisy very fast.

As such, this patch introduces a new setting which lets people disable
this hint under the appearance settings.

Fixes #2378.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-21 08:15:51 +01:00
Lunny Xiao
926367fe1d
Add more stats tables (#29730)
Add `Tags`, `Branches` and `CommitStatus` to monitor/stats

(cherry picked from commit e5e2b2fcd7e8446f99e8eb61eef9efe2790220c8)
2024-03-20 08:46:28 +01:00
Lunny Xiao
d996c5d517
Some performance optimization on dashboard and issues page (#29010)
This PR do some loading speed optimization for feeds user interface
pages.
- Load action users batchly but not one by one.
- Load action repositories batchly but not one by one.
- Load action's Repo Owners batchly but not one by one.
- Load action's possible issues batchly but not one by one.
- Load action's possible comments batchly but not one by one.

(cherry picked from commit aed3b53abdd02a3ffbf9e8eb90272ff567333073)
2024-03-20 08:46:28 +01:00
pengqiseven
e825d007b1
remove repetitive words (#29695)
Signed-off-by: pengqiseven <912170095@qq.com>
(cherry picked from commit 7f856d5d742dcb6febdb8a3f22cd9a8fecc69a4d)
2024-03-20 08:46:28 +01:00
Zettat123
2559c80bec
Add a warning for disallowed email domains (#29658)
Resolve #29660

Follow #29522 and #29609

Add a warning for disallowed email domains when admins manually add/edit
users.

Thanks @yp05327 for the
[comment](https://github.com/go-gitea/gitea/pull/29605#issuecomment-1980105119)

![image](https://github.com/go-gitea/gitea/assets/15528715/6737b221-a3a2-4180-9ef8-b846c10f96e0)

(cherry picked from commit 4129e0e79bbf30e4297efd33feb2602c40322d10)
2024-03-20 08:46:28 +01:00
Gusted
17ef8145a8 Merge pull request '[PORT] Refactor code_indexer to use an SearchOptions struct for PerformSearch (gitea#29724)' (#2686) from snematoda/port-29724 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2686
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-03-19 17:42:50 +00:00
Jason Song
286d09203f Sync branches to DB immediately when handle git hook calling (gitea#29493)
Unlike other async processing in the queue, we should sync branches to
the DB immediately when handling git hook calling. If it fails, users
can see the error message in the output of the git command.

It can avoid potential inconsistency issues, and help #29494.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-03-18 17:38:01 +01:00
6543
d5319feb85 Refactor code_indexer to use an SearchOptions struct for PerformSearch (#29724)
similar to how it's already done for the issue_indexer

---
*Sponsored by Kithara Software GmbH*

Conflicts:
	routers/web/repo/search.go
2024-03-18 12:25:05 +00:00
Gusted
65f9319c8f Merge pull request '[Windows] prevent ? in testdata path' (#2668) from oliverpool/forgejo:prevent_windows_incompatibles_paths into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2668
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-03-15 14:40:53 +00:00
oliverpool
a3cdb5f2d3 [Windows] prevent ? in testdata path 2024-03-15 13:15:46 +01:00
Gusted
a4cc37b46a
[BUG] Use correct headcommitid
Regression of #2507, which switched the HEAD from `pr.GetGitRefName()`
to `pr.HeadCommitID` but it had to be `prInfo.HeadCommitID`. Resolves #2656
I was able to reproduce this locally with _some_ pull requests, haven't
been able to get a reproducer trough integration testing.
2024-03-14 16:15:56 +01:00
oliverpool
12e317c198
add test for webhook migration 2024-03-11 23:37:00 +07:00
Lunny Xiao
3d9afe8813
Move get/set default branch from git package to gitrepo package to hide repopath (#29126)
(cherry picked from commit 25b842df261452a29570ba89ffc3a4842d73f68c)

Conflicts:
	routers/web/repo/wiki.go
	services/repository/branch.go
	services/repository/migrate.go
	services/wiki/wiki.go
	also apply to Forgejo specific usage of the refactored functions
2024-03-11 23:36:59 +07:00
sillyguodong
6cb9e8d869
Make runs-on support variable expression (#29468)
As title.
Close issue: https://gitea.com/gitea/act_runner/issues/445
Follow: https://gitea.com/gitea/act/pulls/91

Move `getSecretsOfTask` and `getVariablesOfTask` under `models` because
of circular dependency issues.

(cherry picked from commit a1f5dd767729e30d07ab42fda80c19f30a72679f)
2024-03-11 23:36:59 +07:00
wxiaoguang
abb0294996
Partially enable MSSQL case-sensitive collation support (#29238)
Follow #28662

(cherry picked from commit 29a8c8de779924694fadad80b31cc855dd62c0f2)
2024-03-11 23:36:59 +07:00
oliverpool
53f6f62ad4
Store webhook event in database (#29145)
Refactor the webhook logic, to have the type-dependent processing happen
only in one place.

---

1. An event happens
2. It is pre-processed (depending on the webhook type) and its body is
added to a task queue
3. When the task is processed, some more logic (depending on the webhook
type as well) is applied to make an HTTP request

This means that webhook-type dependant logic is needed in step 2 and 3.
This is cumbersome and brittle to maintain.

Updated webhook flow with this PR:
1. An event happens
2. It is stored as-is and added to a task queue
3. When the task is processed, the event is processed (depending on the
webhook type) to make an HTTP request

So the only webhook-type dependent logic happens in one place (step 3)
which should be much more robust.

- the raw event must be stored in the hooktask (until now, the
pre-processed body was stored)
- to ensure that previous hooktasks are correctly sent, a
`payload_version` is added (version 1: the body has already been
pre-process / version 2: the body is the raw event)

So future webhook additions will only have to deal with creating an
http.Request based on the raw event (no need to adjust the code in
multiple places, like currently).

Moreover since this processing happens when fetching from the task
queue, it ensures that the queuing of new events (upon a `git push` for
instance) does not get slowed down by a slow webhook.

As a concrete example, the PR #19307 for custom webhooks, should be
substantially smaller:
- no need to change `services/webhook/deliver.go`
- minimal change in `services/webhook/webhook.go` (add the new webhook
to the map)
- no need to change all the individual webhook files (since with this
refactor the `*webhook_model.Webhook` is provided as argument)

(cherry picked from commit 26653b196bd1d15c532af41f60351596dd4330bd)

Conflicts:
	services/webhook/deliver_test.go
	trivial context conflict
2024-03-11 23:36:59 +07:00
wxiaoguang
7ea8993a0e
Make wiki default branch name changable (#29603) (database migration ony)
Fix #29000
Fix #28685
Fix #18568

Related: #27497

And by the way fix #24036, add a Cancel button there (one line)

(cherry picked from commit 5cddab4f74bbb307ddf13e458c7ac22f93b9283a)
2024-03-11 23:36:59 +07:00
KN4CK3R
8bf280a686
Add user blocking (#29028) (database migration ony)
Fixes #17453

This PR adds the abbility to block a user from a personal account or
organization to restrict how the blocked user can interact with the
blocker. The docs explain what's the consequence of blocking a user.

Screenshots:

![grafik](https://github.com/go-gitea/gitea/assets/1666336/4ed884f3-e06a-4862-afd3-3b8aa2488dc6)

![grafik](https://github.com/go-gitea/gitea/assets/1666336/ae6d4981-f252-4f50-a429-04f0f9f1cdf1)

![grafik](https://github.com/go-gitea/gitea/assets/1666336/ca153599-5b0f-4b4a-90fe-18bdfd6f0b6b)

---------

Co-authored-by: Lauris BH <lauris@nix.lv>
(cherry picked from commit c337ff0ec70618ef2ead7850f90ab2a8458db192)
2024-03-11 23:36:59 +07:00
Lunny Xiao
97c8dbf332
Fix bug hidden on CI and make ci failed if tests failure (#29254)
The tests on migration tests failed but CI reports successfully

https://github.com/go-gitea/gitea/actions/runs/7364373807/job/20044685969#step:8:141

This PR will fix the bug on migration v283 and also the CI hidden
behaviour.

The reason is on the Makefile

`GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GO) test
$(GOTESTFLAGS) -tags='$(TEST_TAGS)' $(MIGRATE_TEST_PACKAGES)` will
return the error exit code.

But

`for pkg in $(shell $(GO) list
code.gitea.io/gitea/models/migrations/...); do \
GITEA_ROOT="$(CURDIR)" GITEA_CONF=tests/mysql.ini $(GO) test
$(GOTESTFLAGS) -tags '$(TEST_TAGS)' $$pkg; \
	done`

will not work.

This also fix #29602

(cherry picked from commit 45277486c2c6213b7766b1da708a991cdb1f3565)

Conflicts:
	.github/workflows/pull-db-tests.yml
	Makefile
	models/migrations/v1_22/v283.go
	models/migrations/v1_22/v286_test.go
	models/migrations/v1_22/v287_test.go
	already in Forgejo for the Makefile & CI logic but Gitea changes
	otherwise rule
2024-03-11 23:36:59 +07:00
techknowlogick
82b7de1360
Add admin API route for managing user's badges (#23106) (database migration ony)
Fix #22785

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
(cherry picked from commit cb52b17f92e2d2293f7c003649743464492bca48)

Conflicts:
	discard everything except the database migration
2024-03-11 23:36:59 +07:00
wxiaoguang
a7830e8d87
Avoid issue info panic (#29625)
Fix #29624

(cherry picked from commit 1d2548949adf6046f330d27084efce6e63330e04)
2024-03-11 23:36:58 +07:00
Zettat123
e7afba21ce
Skip email domain check when admins edit user emails (#29609)
Follow #29522

Administrators should be able to set a user's email address even if the
email address is not in `EMAIL_DOMAIN_ALLOWLIST`

(cherry picked from commit 136dd99e86eea9c8bfe61b972a12b395655171e8)
2024-03-11 23:36:58 +07:00
Zettat123
b6057a34db
Skip email domain check when admin users adds user manually (#29522)
Fix #27457

Administrators should be able to manually create any user even if the
user's email address is not in `EMAIL_DOMAIN_ALLOWLIST`.

(cherry picked from commit 4fd9c56ed09b31e2f6164a5f534a31c6624d0478)
2024-03-11 23:36:58 +07:00
Gusted
b9e27b64e6 Merge pull request '[BUG] Disable CODEOWNERS for forked repositories' (#2537) from gusted/forgejo-codeowner-forked into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2537
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-03-06 18:18:58 +00:00
wxiaoguang
12441d7c5c
Fix incorrect relative/absolute URL usages (#29531)
Add two "HTMLURL" methods for PackageDescriptor.
And rename "FullWebLink" to "VersionWebLink"

(cherry picked from commit bf6502a8f7a2e9a2b64b43b7733316d863c9a768)
2024-03-06 12:10:46 +08:00
6543
e2371743d5
remove util.OptionalBool and related functions (#29513)
and migrate affected code

_last refactoring bits to replace **util.OptionalBool** with
**optional.Option[bool]**_

(cherry picked from commit a3f05d0d98408bb47333b19f505b21afcefa9e7c)

Conflicts:
	services/repository/branch.go
	trivial context conflict
2024-03-06 12:10:46 +08:00
wxiaoguang
be9189eddc
Rename Action.GetDisplayName to GetActDisplayName (#29540)
To avoid conflicting with User.GetDisplayName, because there is no data
type in template.

And it matches other methods like GetActFullName / GetActUserName

(cherry picked from commit 3f081d4b54261c1b4ee4f1df40c610fdd9581ef2)
2024-03-06 12:10:46 +08:00
ChristopherHX
66632c4958
Actions Artifacts v4 backend (#28965)
Fixes #28853

Needs both https://gitea.com/gitea/act_runner/pulls/473 and
https://gitea.com/gitea/act_runner/pulls/471 on the runner side and
patched `actions/upload-artifact@v4` / `actions/download-artifact@v4`,
like `christopherhx/gitea-upload-artifact@v4` and
`christopherhx/gitea-download-artifact@v4`, to not return errors due to
GHES not beeing supported yet.

(cherry picked from commit a53d268aca87a281aadc2246541f8749eddcebed)
2024-03-06 12:10:45 +08:00
wxiaoguang
68099f2f00
Refactor some Str2html code (#29397)
This PR touches the most interesting part of the "template refactoring".

1. Unclear variable type. Especially for "web/feed/convert.go":
sometimes it uses text, sometimes it uses HTML.
2. Assign text content to "RenderedContent" field, for example: `
project.RenderedContent = project.Description` in web/org/projects.go
3. Assign rendered content to text field, for example: `r.Note =
rendered content` in web/repo/release.go
4. (possible) Incorrectly calling `{{Str2html
.PackageDescriptor.Metadata.ReleaseNotes}}` in
package/content/nuget.tmpl, I guess the name Str2html misleads
developers to use it to "render string to html", but it only sanitizes.
if ReleaseNotes really contains HTML, then this is not a problem.

(cherry picked from commit e71eb8930a5d0f60874b038c223498b41ad65592)

Conflicts:
	modules/templates/util_string.go
	trivial context conflict
2024-03-06 12:10:44 +08:00
6543
d3d70198b0
migrate some more "OptionalBool" to "Option[bool]" (#29479)
just some refactoring bits towards replacing **util.OptionalBool** with
**optional.Option[bool]**

---------

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
(cherry picked from commit f6656181e4a07d6c415927220efa2077d509f7c6)

Conflicts:
	models/repo/repo_list_test.go
	trivial shared fixture count conflicts
2024-03-06 12:10:44 +08:00
6543
7b23949f29
Let ctx.FormOptionalBool() return optional.Option[bool] (#29461)
just some refactoring bits towards replacing **util.OptionalBool** with
**optional.Option[bool]**

(cherry picked from commit 274c0aea2e88db9bc41690c90e13e8aedf6193d4)
2024-03-06 12:10:43 +08:00
wxiaoguang
459ee98136
Only use supported sort order for "explore/users" page (#29430)
Thanks to inferenceus : some sort orders on the "explore/users" page
could list users by their lastlogintime/updatetime.

It leaks user's activity unintentionally. This PR makes that page only
use "supported" sort orders.

Removing the "sort orders" could also be a good solution, while IMO at
the moment keeping the "create time" and "name" orders is also fine, in
case some users would like to find a target user in the search result,
the "sort order" might help.

![image](https://github.com/go-gitea/gitea/assets/2114189/ce5c39c1-1e86-484a-80c3-33cac6419af8)

(cherry picked from commit eedb8f41297c343d6073a7bab46e4df6ee297a90)
2024-03-06 12:10:43 +08:00
Gusted
2658d4361e
[BUG] Disable CODEOWNERS for forked repositories
- Disable the CODEOWNERS feature for forked repositories, as it would
otherwise inadvertently request reviewers when for example a pull
request is opened against a forked repository to propose changes to an
existant pull request in the original repository.
- Adds integration test.
- Resolves #2525
2024-03-01 23:19:18 +01:00
Gusted
331fa44956
[BUG] Ensure HasIssueContentHistory takes into account comment_id
- The content history table contains the content history of issues and
comments. For issues they are saved with an comment id of zero.
- If you want to check if the issue has an content history, it should
take into account that SQL has `comment_id = 0`, as it otherwise could
return incorrect results when for example the issue already has an
comment that has an content history.
- Fix the code of `HasIssueContentHistory` to take this into account, it
relied on XORM to generate the SQL from the non-default values of the
struct, this wouldn't generate the `comment_id = 0` SQL as `0` is the
default value of an integer.
- Remove an unncessary log (it's not the responsibility of `models`
code to do logging).
- Adds unit test.
- Resolves #2513
2024-02-29 18:23:06 +01:00
Gusted
fb2795b5bb
[BUG] Correct changed files for codeowners
- The CODEOWNER feature relies on the changed files to determine which
reviewers should be added according to the `CODEOWNER` file.
- The current approach was to 'diff' between the base and head branch,
which seems logical but fail in practice when the pull request is out of
date with the base branch. Therefore it should instead diff between the
head branch and the merge base of the head and base branch, so only the
actual affected files by the pull requests are used, the same approach
is used by the diff of an unmerged pull request.
- Add integration testing (for the feature as well).
- Resolves #2458
2024-02-27 23:16:00 +01:00
Jimmy Praet
f95fb8cc44 Add attachment support for code review comments (#29220)
Fixes #27960, #24411, #12183

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-02-27 18:35:43 +00:00
Lunny Xiao
003a358949
Users with read permission of pull requests can be assigned too (#27263)
This PR will also keep the consistent between list assigned users and
check assigned users.

(cherry picked from commit 98ab9445d1020c515c3c789f0b27d952903a2978)
2024-02-26 22:30:27 +01:00
Zettat123
77c56e29de
Allow non-admin users to delete review requests (#29057)
Fix #14459

The following users can add/remove review requests of a PR
- the poster of the PR
- the owner or collaborators of the repository
- members with read permission on the pull requests unit

(cherry picked from commit c42083a33950be6ee9f822c6d0de3c3a79d1f51b)

Conflicts:
	models/repo/repo_list_test.go
	tests/integration/api_nodeinfo_test.go
	tests/integration/api_repo_test.go
	shared fixture counts
2024-02-26 22:30:27 +01:00
qwerty287
1608ef0ce9
Add API to get merged PR of a commit (#29243)
Adds a new API `/repos/{owner}/{repo}/commits/{sha}/pull` that allows
you to get the merged PR associated to a commit.

---------

Co-authored-by: 6543 <6543@obermui.de>
(cherry picked from commit 0a426cc575734e5eff410d6a790f40473117f753)
2024-02-26 22:30:26 +01:00
6543
8ff858b94b
Start to migrate from util.OptionalBool to optional.Option[bool] (#29329)
just create transition helper and migrate two structs

(cherry picked from commit 7fbdb60fc1152acc9a040dc04b1b0f5a3475b081)
2024-02-26 22:30:26 +01:00
6543
f796548225
Workaround to clean up old reviews on creating a new one (#28554)
close  #28542

blocks  #28544

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 217d71c48a10265e08b95cc961656b921f61f9ff)

Conflicts:
	tests/integration/api_pull_review_test.go
	context
2024-02-26 21:42:14 +01:00
qwerty287
feb189554e
Add API to get PR by base/head (#29242)
Closes https://github.com/go-gitea/gitea/issues/16289

Add a new API `/repos/{owner}/{repo}/pulls/{base}/{head}` to get a PR by
its base and head branch.
2024-02-26 03:41:42 +01:00
FuXiaoHei
c551d3f3ab
Artifact deletion in actions ui (#27172)
Add deletion link in runs view page.
Fix #26315

![image](https://github.com/go-gitea/gitea/assets/2142787/aa65a4ab-f434-4deb-b953-21e63c212033)

When click deletion button. It marks this artifact `need-delete`.

This artifact would be deleted when actions cleanup cron task.
2024-02-23 09:06:14 +01:00
Earl Warren
726ce5e3f9 Merge pull request '[BUG] Load AllUnitsEnabled when necessary' (#2420) from gusted/forgejo-add-more into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2420
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-21 13:25:38 +00:00
Michael Kriese
849de07064 feat(xorm): add max idle time setting for db connections (#2418)
Add a new optional `CONN_MAX_IDLETIME`[^1]

This allows to set the `SetConnMaxIdleTime` on `database/sql`.
It's useful to allow to close more idle connections to reduce database connections, especially on postgresql.
For me i would like to use it to set a higher max idle connections but they will all be closed after being idle.
So also the last idle connection will be closed when there is no load on forgejo.
I also use it with max connection lifetime, because currently `database/sql` doesn't detect a postgresql master change[^2] and i'll get `[E] can't update runner status: pq: cannot execute UPDATE in a read-only transaction`[^3] on forgejo until the connection is closed.

[^1]: https://pkg.go.dev/database/sql#DB.SetConnMaxIdleTime
[^2]: https://stackoverflow.com/questions/51858659/how-to-safely-discard-golang-database-sql-pooled-connections-for-example-when-t
[^3]: https://matrix.to/#/!zpNKWqkiEOyljSMQDK:matrix.org/$_AJft_amsGn5hXGOYw75JoBJQnW3aKJEpb-Iw53L_TU?via=schinas.net&via=matrix.org&via=nitro.chat

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2418
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Michael Kriese <michael.kriese@visualon.de>
Co-committed-by: Michael Kriese <michael.kriese@visualon.de>
2024-02-21 12:17:16 +00:00
Gusted
6fbfe441de
[BUG] Load AllUnitsEnabled when necessary
- In order to determine if the "Add more..." tab should be shown, the
template has to know if the repository has all units enabled, this is
done in the repository header which can be shown for quite a lot of
pages (code, issues, projects, actions etc.)
- This was previously set in the `RepoRefByType` function, which would
be called by pages such as code, issues and releases, but it was not
being called for all pages such as actions, packages and wiki. Which
would in turn incorrectly show the "Add more..." button when it
shouldn't.
- Now call it from the template itself, so the value is 'always' loaded
when necessary.
2024-02-21 12:48:26 +01:00
yp05327
78f6b29248
Fix gitea-action user avatar broken on edited menu (#29190)
Fix #29178

(cherry picked from commit 8e2831611c06e84dd8fedf7a0b2cce9f98d4188f)
2024-02-17 23:24:31 +01:00
wxiaoguang
65248945c9
Refactor locale&string&template related code (#29165)
Clarify when "string" should be used (and be escaped), and when
"template.HTML" should be used (no need to escape)

And help PRs like  #29059 , to render the error messages correctly.

(cherry picked from commit f3eb835886031df7a562abc123c3f6011c81eca8)

Conflicts:
	modules/web/middleware/binding.go
	routers/web/feed/convert.go
	tests/integration/branches_test.go
	tests/integration/repo_branch_test.go
	trivial context conflicts
2024-02-16 15:20:52 +01:00
KN4CK3R
52ef33b931
Remove unused KeyID. (#29167)
`KeyID` is never set.

(cherry picked from commit 155269fa586c41a268530c3bb56349e68e6761d7)

Conflicts:
	models/user/email_address.go
	trivial context conflict
2024-02-16 15:20:52 +01:00
KN4CK3R
6eaabb1a9d
Use ghost user if user was not found (#29161)
Fixes #29159

(cherry picked from commit 37061e8266806c0b2b66ac64138e725632b295db)
2024-02-16 15:20:52 +01:00
oliverpool
0fc61c8836 [BUG] split code conversations in diff tab (#2306)
Follow-up of #2282 and #2296 (which tried to address #2278)

One of the issue with the previous PR is that when a conversation on the Files tab was marked as "resolved", it would fetch all the comments for that line (even the outdated ones, which should not be shown on this page - except when explicitly activated).

To properly fix this, I have changed `FetchCodeCommentsByLine` to `FetchCodeConversation`. Its role is to fetch all comments related to a given (review, path, line) and reverted my changes in the template (which were based on a misunderstanding).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2306
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-02-16 12:16:11 +00:00
Earl Warren
c8b177713a
[CLEANUP] make golangci-lint@v1.56.1 happy 2024-02-15 16:19:36 +01:00
6543
e9e6c6152e
Dont load Review if Comment is CommentTypeReviewRequest (#28551)
RequestReview get deleted on review.
So we don't have to try to load them on comments.

broken out #28544

(cherry picked from commit 6fad2c874438275d3f69bb1cc223708bd2d27ff6)
2024-02-14 21:44:25 +01:00
Chris Copeland
83123b493f
Add merge style fast-forward-only (#28954)
With this option, it is possible to require a linear commit history with
the following benefits over the next best option `Rebase+fast-forward`:
The original commits continue existing, with the original signatures
continuing to stay valid instead of being rewritten, there is no merge
commit, and reverting commits becomes easier.

Closes #24906
2024-02-14 17:19:19 +01:00
Earl Warren
05eaf1cf3e Merge pull request 'Repository settings refactor' (#2221) from algernon/forgejo:repo-units/ui-refactor into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2221
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-02-14 13:29:04 +00:00
Gergely Nagy
e07b0e75ff
Add a direct link from repo header to unit settings
If a repository administrator is viewing a repository, and there are
units that can be enabled, display an "Add more..." link that leads to
the repository unit settings page.

The goal here is to allow instances to configure a small set of repo
units to be enabled by default, but also highlight for repo admins that
they can add more.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-13 22:42:09 +01:00
Gusted
cbbcfdd400
[FEAT] Don't log context cancelled SQL errors
- I found this while doing some unrelated testing in Forgejo. It wasn't
my intention to log failed SQL queries if they were cancelled (which can
happen quite frequently for larger instances) as in those cases it's not
interesting to know which SQL query was run. My intentation was only to
log an SQL query if there was an error reported by the database.
- Ref #2140
2024-02-12 23:11:50 +01:00
Gwyneth Morgan
9a1d5c549c
[gitea] Drop "@" from email sender to avoid spam filters (#29109)
Commit 360b3fd17c (Include username in email headers (#28981),
2024-02-03) adds usernames to the From field of notification emails in
the form of `Display Name (@username)`, to prevent spoofing. However,
some email filtering software flags "@" in the display name part of the
From field as potential spoofing, as you could set the display name part
to another email address than the one you are sending from (e.g.
`From: "apparent@email-address" <actual@email-address>`). To avoid
being flagged, instead send emails from `Display Name (username)`.

Closes: #29107

---------

Co-authored-by: Giteabot <teabot@gitea.io>
(cherry picked from commit 5b2fd0fc19a2a77414c8e2989b4794b6617221f5)
2024-02-11 13:47:44 +01:00
Lunny Xiao
1fdd8341d6
[gitea] Remove unnecessary parameter (#29092)
The parameter extraConfigs has never been used anywhere. This PR just
removed it. It can be taken back once it's needed.

(cherry picked from commit 8c6ffdac378654f9d2171ebdbc46becf1571f7fe)
2024-02-10 10:53:43 +01:00
Earl Warren
094c84ed6d
Merge branch 'rebase-forgejo-dependency' into wip-forgejo 2024-02-05 18:58:23 +01:00
Earl Warren
d7e1854884
Merge branch 'rebase-forgejo-branding' into wip-forgejo 2024-02-05 18:58:18 +01:00
Earl Warren
030cdd6ae2
[GITEA] Allow changing the email address before activation (squash)
See https://codeberg.org/forgejo/forgejo/pulls/2300
2024-02-05 16:57:58 +01:00
Earl Warren
036f1eddc5
[GITEA] avoid superfluous synchronized pull_request run when opening a PR (#2236)
* Split TestPullRequest out of AddTestPullRequestTask
* Before scheduling the task, AddTestPullRequestTask stores the max
  index of the repository
* When the task runs, it does not take into account pull requests that
  have an index higher than the recorded max index

When AddTestPullRequestTask is called with isSync == true, it is the
direct consequence of a new commit being pushed. Forgejo knows nothing
of this new commit yet. If a PR is created later and its head
references the new commit, it will have an index that is higher and
must not be taken into account. It would be acting and triggering a
notification for a PR based on an event that happened before it
existed.

Refs: https://codeberg.org/forgejo/forgejo/issues/2009
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2236
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Earl Warren <contact@earl-warren.org>
Co-committed-by: Earl Warren <contact@earl-warren.org>
(cherry picked from commit b3be895a30b32bfae4acfa32db54406e1dd1dc21)
2024-02-05 16:57:58 +01:00
Gergely Nagy
2ca4862f8b
[GITEA] Allow changing the repo Wiki branch to main
Previously, the repo wiki was hardcoded to use `master` as its branch,
this change makes it possible to use `main` (or something else, governed
by `[repository].DEFAULT_BRANCH`, a setting that already exists and
defaults to `main`).

The way it is done is that a new column is added to the `repository`
table: `wiki_branch`. The migration will make existing repositories
default to `master`, for compatibility's sake, even if they don't have a
Wiki (because it's easier to do that). Newly created repositories will
default to `[repository].DEFAULT_BRANCH` instead.

The Wiki service was updated to use the branch name stored in the
database, and fall back to the default if it is empty.

Old repositories with Wikis using the older `master` branch will have
the option to do a one-time transition to `main`, available via the
repository settings in the "Danger Zone". This option will only be
available for repositories that have the internal wiki enabled, it is
not empty, and the wiki branch is not `[repository].DEFAULT_BRANCH`.

When migrating a repository with a Wiki, Forgejo will use the same
branch name for the wiki as the source repository did. If that's not the
same as the default, the option to normalize it will be available after
the migration's done.

Additionally, the `/api/v1/{owner}/{repo}` endpoint was updated: it will
now include the wiki branch name in `GET` requests, and allow changing
the wiki branch via `PATCH`.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit d87c526d2a313fa45093ab49b78bb30322b33298)
2024-02-05 16:57:47 +01:00
Earl Warren
209610075a
[TESTS] add log.Level to test.NewLogChecker
So the caller can check log events at the desired level instead of
being limited to the default level log.INFO

(cherry picked from commit 2fbf5f9555641a1244576df92cb518f8ad76c162)
(cherry picked from commit e2137a3147389114475db787522d5c22ff249d2c)
2024-02-05 16:54:44 +01:00
Gusted
6fb55e9c08
[GITEA] Add slow SQL query warning (squash) Fix setting typo
- Fix typo in the slow query threshold setting, add a deprecation warning.
- Resolves #2203

(cherry picked from commit 02f6608e5fc21a0a00da5fc4c99152d43ee2ea4d)
(cherry picked from commit 4e8f6b2ffdb25e0257933ee0a1bd21e3f4e86740)
2024-02-05 16:54:44 +01:00
Earl Warren
fe8622dae3
Revert "Fix schedule tasks bugs (#28691)"
This reverts commit 97292da960.

(cherry picked from commit 83e5eba0311dc601518fb1a07a7e8538e573a837)
(cherry picked from commit f6ef8f3819b5990858b0997cac72af000a3f3e3a)

Conflicts:
	services/repository/setting.go
2024-02-05 16:54:42 +01:00
Gergely Nagy
bc7e448d49
[GITEA] Rework when recently pushed branches are displayed
With this change, the "You pushed on branch xyz" banner will be
displayed when either the viewed repository or its base repo (if the
current one's a fork) has pull requests enabled. Previously it only
displayed if the viewed repo had PRs enabled.

Furthermore, if the viewed repository is an original repository that the
viewing user has a fork of, if the forked repository has recently pushed
branches, then the banner will appear for the original repository too.
In this case, the notification will include branches from the viewing
user's fork, and branches they pushed to the base repo, too.

Refs: https://codeberg.org/forgejo/forgejo/pulls/2195

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit a29f10661d59f6c33c5cfbee723f03f981aa6b72)
(cherry picked from commit 70c5e2021d7c385b9285622f0b2d878d3807d33c)
(cherry picked from commit 48b25be67a94f739601fbfea951ade6cdfe30691)
2024-02-05 16:09:43 +01:00
Gergely Nagy
3bdfb7a7aa
[GITEA] Fix the topic search paging
When searching for repository topics, either via the API, or via
Explore, paging did not work correctly, because it only applied when the
`page` parameter was non-zero. Paging should have applied when the page
size is greater than zero, which is what this patch does.

As a result, both the API, and the Explore endpoint will return paged
results (30 by default). As such, when managing topics on the frontend,
the offered completions will also be limited to a pageful of results,
based on what the user has already typed.

This drastically reduces the amount of traffic, and also the number of
the topics to choose from, and thus, the rendering time too.

The topics will be returned by popularity, with most used topics first.
A single page will contain `[api].DEFAULT_PAGING_NUM` (30 by default)
items that match the query. That's plenty to choose from.

Fixes #132.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 64d4ff41dbab7b3b84571b595158c3b451f53af7)
(cherry picked from commit 06b808fa2c0ddd52ca4569157892a0c7fc154b1f)
(cherry picked from commit 9205c9266a7d2b058100d03f5f3272f670f35866)
(cherry picked from commit 47863d4f724e7d2465acd6fca91e98157c60a29b)
2024-02-05 16:09:43 +01:00
Gusted
d1cb590c78
[GITEA] Log SQL queries when the database return error
- When the database returns an error about the SQL query, the error is
logged but not the SQL query and arguments, which is just as valuable as
the vague deeply hidden documented error that the database returns.
It's possible to log the SQL query by logging **all** SQL queries. For
bigger instances such as Codeberg, this is not a viable option.
- Adds a new hook, enabled by default, to log SQL queries with their
arguments and the error returned by the database when the database
returns an error.
- This likely needs some fine tuning in the future to decide when to
enable this, as the error is already logged and if people have the
`[database].LOG_SQL` option enabled, the SQL would be logged twice. But
given that it's an rare occurence for SQL queries to error, it's fine to
leave that as-is.
- Ref: https://codeberg.org/forgejo/forgejo/issues/1998

(cherry picked from commit 866229bc323619bc8686bad99951f95d5d46fe19)
(cherry picked from commit 96dd3e87cf5f75ac33bfad647e44852667c307d0)
(cherry picked from commit e165510317b3fe3be4fe49ad3ff0a055e7a92124)
(cherry picked from commit 1638e2b3f56a508dbf218207bf0c3c4d16493255)
2024-02-05 16:09:43 +01:00
Gergely Nagy
36f7c162e2
[FEAT] Repository flags
This implements "repository flags", a way for instance administrators to
assign custom flags to repositories. The idea is that custom templates
can look at these flags, and display banners based on them, Forgejo does
not provide anything built on top of it, just the foundation. The
feature is optional, and disabled by default. To enable it, set
`[repository].ENABLE_FLAGS = true`.

On the UI side, instance administrators will see a new "Manage flags"
tab on repositories, and a list of enabled tags (if any) on the
repository home page. The "Manage flags" page allows them to remove
existing flags, or add any new ones that are listed in
`[repository].SETTABLE_FLAGS`.

The model does not enforce that only the `SETTABLE_FLAGS` are present.
If the setting is changed, old flags may remain present in the database,
and anything that uses them, will still work. The repository flag
management page will allow an instance administrator to remove them, but
not set them, once removed.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit ba735ce2228f8dd7ca105e94b9baa1be058ebe37)
(cherry picked from commit f09f6e029b4fb2714b86cd32dc19255078ecc0ee)
(cherry picked from commit 2f8b0414892f6099f519bda63a9e0fbc8ba6cfc7)
(cherry picked from commit d3186ee5f41fac896c7d2341402fcd39dd250bf1)
2024-02-05 16:09:42 +01:00
Earl Warren
2e172b3c9c
[GITEA] add option for banning dots in usernames (squash) set in test
(cherry picked from commit b005b586c354119d2b6aaf6e4c18eb3f1ddfb615)
(cherry picked from commit 0077b2661e7e5be7b2e3772113abeb401f4085d5)
(cherry picked from commit c4589d1fce5eac383dd8530427140183a7aeff46)
(cherry picked from commit a7f9ff982c0c14e9484561e194d4fa7c5d80a76b)
2024-02-05 16:09:42 +01:00
Gergely Nagy
f90b802634
[GITEA] Add support for shields.io-based badges
Adds a new `/{username}/{repo}/badges` family of routes, which redirect
to various shields.io badges. The goal is to not reimplement badge
generation, and delegate it to shields.io (or a similar service), which
are already used by many. This way, we get all the goodies that come
with it: different styles, colors, logos, you name it.

So these routes are just thin wrappers around shields.io that make it
easier to display the information we want. The URL is configurable via
`app.ini`, and is templatable, allowing to use alternative badge
generator services with slightly different URL patterns.

Additionally, for compatibility with GitHub, there's an
`/{username}/{repo}/actions/workflows/{workflow_file}/badge.svg` route
that works much the same way as on GitHub. Change the hostname in the
URL, and done.

Fixes gitea#5633, gitea#23688, and also fixes #126.

Work sponsored by Codeberg e.V.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit fcd0f61212d8febd4bdfc27e61a4e13cbdd16d49)
(cherry picked from commit 20d14f784490a880c51ca0f0a6a5988a01887635)
(cherry picked from commit 4359741431bb39de4cf24de8b0cfb513f5233f55)
(cherry picked from commit 35cff45eb86177e750cd22e82a201880a5efe045)
(cherry picked from commit 2fc0d0b8a302d24177a00ab48b42ce083b52e506)
2024-02-05 16:09:42 +01:00
Gusted
5c0894a588
[GITEA] Avoid WHERE IN for comment migration query
- Rewrite `UpdateCommentsMigrationsByType` to not use `WHERE IN` as
that's a performance diaster for MariaDB, it now use batching to query
the the relevant comment IDs via JOINs (which is not possible in a
UPDATE query for SQLite) and then update them in a seperate query.
- Add unit test.
- Resolves https://codeberg.org/forgejo/forgejo/issues/1856

(cherry picked from commit 8098ca9d2e391b17e5e3da5cfa5af042221bfe36)

Conflicts:
	models/issues/comment.go
	https://codeberg.org/forgejo/forgejo/pulls/2075
(cherry picked from commit ca65deba1cc183ce1643ee6a1f698c5ecb2ac571)
(cherry picked from commit 0e1e09e77dd1bc82b1eae02147fddca1d9954469)
(cherry picked from commit 19013ba5eac756044e6307abee6fb5d6709c855d)
(cherry picked from commit 23c887f97eeb08ee2a318b28878edb488428f98d)
(cherry picked from commit b3321d1a847373acba5b1f620191edc38a69ccbe)
2024-02-05 16:09:42 +01:00
Gergely Nagy
5eeccecafc
[GITEA] Optionally allow anyone to edit Wikis
This is largely based on gitea#6312 by @ashimokawa, with updates and
fixes by myself, and incorporates the review feedback given in that pull
request, and more.

What this patch does is add a new "default_permissions" column to the
`repo_units` table (defaulting to read permission), adjusts the
permission checking code to take this into consideration, and then
exposes a setting that lets a repo administrator enable any user on a
Forgejo instance to edit the repo's wiki (effectively giving the wiki
unit of the repo "write" permissions by default).

By default, wikis will remain restricted to collaborators, but with the
new setting exposed, they can be turned into globally editable wikis.

Fixes Codeberg/Community#28.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit 4b744399229f255eb124c22e3969715046043209)
(cherry picked from commit 337cf62c1094273ab61fbaab8e7fb41eb6e2e979)
(cherry picked from commit b6786fdb3246a3a455b59149943807c1f13a028a)
(cherry picked from commit a5d2829a1027afd593fd855a8e2d7d7cd38234b8)

[GITEA] Optionally allow anyone to edit Wikis (squash) AddTokenAuth

(cherry picked from commit fed50cf72eaaa00ef1f4730f9b12a64a10b66113)
(cherry picked from commit 42c55e494e1018a210e54d405c15eec24a0b37c7)
(cherry picked from commit e3463bda47ffee4ab57efadfe5094f9401541cfd)
2024-02-05 16:09:42 +01:00
Gusted
f3f888ed13
[GITEA] Fix session generation for database
- If the session doesn't exist, it shouldn't be expected that the
variable is non-nil. Define the session variable instead and insert that.
- Add unit tests to test the behavior of the database sessions code .
- Regression caused by dd30d9d5c0.
- Resolves https://codeberg.org/forgejo/forgejo/issues/2042

(cherry picked from commit 90307ad2004a9a9ddda30af4038224fedf0e6ca3)
(cherry picked from commit 874ef1978d7db5e8ba1482d4c8190b914fa110b3)
(cherry picked from commit 27d5f035fc744d932d1e4c95c55d98479fccf368)
(cherry picked from commit 65dbc4303ba8afdef70c573aaf782b76aaf0bbad)

[GITEA] Fix session generation for database (squash) timeutil.Mock

because of e743570f65 * Refactor timeutil package (#28623)

(cherry picked from commit acc6b51be2b6d676129f653a8949b2c06aa2ad94)
(cherry picked from commit 02b74317f2d8120a705599d6ae908634a1fa2b44)
(cherry picked from commit 63b9b624bd203b7b5eff7439dbc09eeb9bc52ade)
(cherry picked from commit 7752ff8baa525918e00193606048e3c2dd5a4999)
(cherry picked from commit c0af4d943854ce3a77eaa75c06b04394301f45c4)
2024-02-05 16:09:41 +01:00
Gergely Nagy
d4fc0d2c5a
[GITEA] Allow changing the email address before activation
During registration, one may be required to give their email address, to
be verified and activated later. However, if one makes a mistake, a
typo, they may end up with an account that cannot be activated due to
having a wrong email address.

They can still log in, but not change the email address, thus, no way to
activate it without help from an administrator.

To remedy this issue, lets allow changing the email address for logged
in, but not activated users.

This fixes gitea#17785.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit aaaece28e4c6a8980cef932e224e84933d7c9262)
(cherry picked from commit 639dafabec0a5c1f943b44ca02f72c5ba2fc5e10)
(cherry picked from commit d699c12cebea7dbbda950ae257a46d53c39f22ea)

[GITEA] Allow changing the email address before activation (squash) cache is always active

This needs to be revisited because the MailResendLimit is not enforced
and turns out to not be tested.

See e7cb8da2a8 * Always enable caches (#28527)

(cherry picked from commit 43ded8ee30ab5c7a40a456600cdaa8a0fbdccec2)

Rate limit pre-activation email change separately

Changing the email address before any email address is activated should
be subject to a different rate limit than the normal activation email
resending. If there's only one rate limit for both, then if a newly
signed up quickly discovers they gave a wrong email address, they'd have
to wait three minutes to change it.

With the two separate limits, they don't - but they'll have to wait
three minutes before they can change the email address again.

The downside of this setup is that a malicious actor can alternate
between resending and changing the email address (to something like
`user+$idx@domain`, delivered to the same inbox) to effectively halving
the rate limit. I do not think there's a better solution, and this feels
like such a small attack surface that I'd deem it acceptable.

The way the code works after this change is that `ActivatePost` will now
check the `MailChangeLimit_user` key rather than `MailResendLimit_user`,
and if we're within the limit, it will set `MailChangedJustNow_user`. The
`Activate` method - which sends the activation email, whether it is a
normal resend, or one following an email change - will check
`MailChangedJustNow_user`, and if it is set, it will check the rate
limit against `MailChangedLimit_user`, otherwise against
`MailResendLimit_user`, and then will delete the
`MailChangedJustNow_user` key from the cache.

Fixes #2040.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
(cherry picked from commit e35d2af2e56f4ecb3a4f6d1109d02c8aa1a6d182)
(cherry picked from commit 03989418a70d3445e0edada7fbe5a4151d7836b1)
(cherry picked from commit f50e0dfe5e90d6a31c5b59e687580e8b2725c22b)
(cherry picked from commit cad9184a3653e6c80de2e006a0d699b816980987)
(cherry picked from commit e2da5d7fe13a685606913a131687a94f9f5fcfeb)
(cherry picked from commit 3a80534d4db523efe56b368489f81dc1cb2c99f7)
2024-02-05 16:09:41 +01:00