Commit graph

3639 commits

Author SHA1 Message Date
zeripath
6e22605793
Ensure that plain files are rendered correctly even when containing ambiguous characters (#22017)
As recognised in #21841 the rendering of plain text files is somewhat
incorrect when there are ambiguous characters as the html code is double
escaped. In fact there are several more problems here.

We have a residual isRenderedHTML which is actually simply escaping the
file - not rendering it. This is badly named and gives the wrong
impression.

There is also unusual behaviour whether the file is called a Readme or
not and there is no way to get to the source code if the file is called
README.

In reality what should happen is different depending on whether the file
is being rendered a README at the bottom of the directory view or not.

1. If it is rendered as a README on a directory - it should simply be
escaped and rendered as `<pre>` text.
2. If it is rendered as a file then it should be rendered as source
code.

This PR therefore does:
1. Rename IsRenderedHTML to IsPlainText
2. Readme files rendered at the bottom of the directory are rendered
without line numbers
3. Otherwise plain text files are rendered as source code.

Replace #21841

Signed-off-by: Andrew Thornton <art27@cantab.net>

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-17 22:22:25 +02:00
silverwind
c4c4151f7d
Fix margin and alignment in dashboard repolist (#22120)
Seems this has recently regressed, previously, there was a significant
whitespace between icon and text, but it seems to be gone, so I added
the margin and also vertically aligned the icon because it was slightly
misaligned.

Before:
<img width="419" alt="Screenshot 2022-12-13 at 20 03 51"
src="https://user-images.githubusercontent.com/115237/207422938-7c45110c-f73e-4344-afc8-c072266d1f95.png">

After:
<img width="419" alt="image"
src="https://user-images.githubusercontent.com/115237/207447579-95525405-574d-4ca8-84ba-d8a9af50015a.png">

Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2022-12-17 09:58:57 +08:00
Lunny Xiao
003b4e209c
Allow disable code tab (#20805)
I know some users created a repository in an organization but just use
issues and projects to handle the whole organizations issues. So that
`Code` could be disabled per repository.

<img width="1148" alt="image"
src="https://user-images.githubusercontent.com/81045/184792075-346cb508-b620-4adb-bc9a-cba76fdcb294.png">

It could also become a wiki repository.

<img width="1173" alt="image"
src="https://user-images.githubusercontent.com/81045/184792324-e15c6f68-35c0-4105-ab77-83585ce53672.png">

Co-authored-by: delvh <dev.lh@web.de>
2022-12-12 13:29:27 +08:00
aceArt-GmbH
352a50d65f
Fix sorting admin user list by last login (#22081)
Admin User Account list sort

`updated_unix` is not the same as "Last Sign-In"
2022-12-11 18:00:17 -06:00
Restray
112e425f90
fix(config): remove context on config template (#22096)
👋 Hey
I'm new around here, so I may have done some mistakes, sorry! 

---

## Context
On a fresh Gitea install, when I go to the [config admin
page](http://localhost:3000/admin/config) I had a 500 error page.
The logs:
```
2022/12/10 20:08:47 ...s/context/context.go:232:HTML() [E] [6394d93f] Render failed: template: admin/config:180:22: executing "admin/config" at <.Service.DefaultAllowOnlyContributorsToTrackTime>: DefaultAllowOnlyContributorsToTrackTime has arguments but cannot be invoked as function
2022/12/10 20:08:47 [6394d93f] router: completed GET /admin/config for [::1]:43800, 500 Internal Server Error in 5.1ms @ admin/config.go:99(admin.Config)
```

## The fix

I removed the `$.Context` on the
`.Service.DefaultAllowOnlyContributorsToTrackTime` to fix the 500 error
page happening. It could be a mistake, and I don't fully understand what
I've done!

Signed-off-by: Restray <contact@restray.org>
2022-12-11 12:06:12 +08:00
Lunny Xiao
68704532c2
Rename almost all Ctx functions (#22071) 2022-12-10 10:46:31 +08:00
Felipe Leopoldo Sologuren Gutiérrez
097d4e30b1
Change ID pattern of raw content container for issue (#21966)
Implement differentiation to html id for issue raw content container.

Fixes #21965
2022-12-10 00:25:32 +08:00
Jason Song
2779d47ad3
Optimize html templates (#22080)
Replace `active{{end}} item` with `active{{end}} item`.
2022-12-09 21:34:51 +08:00
KN4CK3R
3c59d31bc6
Add API management for issue/pull and comment attachments (#21783)
Close #14601
Fix #3690

Revive of #14601.
Updated to current code, cleanup and added more read/write checks.

Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andre Bruch <ab@andrebruch.com>
Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: Norwin <git@nroo.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-09 14:35:56 +08:00
Jason Song
8fb1e53ca2
Rename actions to operations on UI (#22067)
Use "operations" to indicate "some something can be done", to prevent
users from confusing it with CICD.

Releated to: #13539.

Snapshots:

<img width="389" alt="image"
src="https://user-images.githubusercontent.com/9418365/206409797-a99bac25-2d38-4066-b9ab-27a4f6fe67e7.png">
<img width="398" alt="image"
src="https://user-images.githubusercontent.com/9418365/206410099-bbd258a9-54d9-4664-8d95-31d29cb35209.png">
<img width="442" alt="image"
src="https://user-images.githubusercontent.com/9418365/206410218-009a3103-a9b9-4d0c-86b6-540dda5bce89.png">

I'm not a native English speaker, but I think "operations" may be good
enough, and Gitea already uses this word:

<img width="1440" alt="image"
src="https://user-images.githubusercontent.com/9418365/206410671-4a718b14-0603-40cb-bdcb-f6f84d1f5e24.png">
2022-12-08 21:14:09 +08:00
silverwind
e2fa84fddc
Release and Tag List tweaks (#21712)
- Reduce font size on tag list and add muted links
- Move Release tag to right side on release list
- Move Release edit button to far-right and make it icon-only
- Add styles for error dropdowns, seen on release edit page
- Make the release page slightly more mobile-friendly

<img width="468" alt="Screen Shot 2022-11-07 at 22 10 44"
src="https://user-images.githubusercontent.com/115237/200417500-149f40f5-2376-42b4-92a7-d7eba3ac359d.png">

<img width="1015" alt="Screen Shot 2022-11-07 at 22 27 14"
src="https://user-images.githubusercontent.com/115237/200419201-b28f39d6-fe9e-4049-8023-b301c9bae528.png">
<img width="1019" alt="Screen Shot 2022-11-07 at 22 27 27"
src="https://user-images.githubusercontent.com/115237/200419206-3f07d988-42f6-421d-8ba9-303a0d59e711.png">

<img width="709" alt="Screen Shot 2022-11-07 at 22 42 10"
src="https://user-images.githubusercontent.com/115237/200421671-f0393cde-2d8f-4e1f-a788-f1f51fc4807c.png">
<img width="713" alt="Screen Shot 2022-11-07 at 22 42 27"
src="https://user-images.githubusercontent.com/115237/200421676-5797f8cf-dfe8-4dd6-85d4-dc69e31a9912.png">


<img width="406" alt="image"
src="https://user-images.githubusercontent.com/115237/200418220-8c3f7549-61b4-4661-935e-39e1352f7851.png">
<img width="416" alt="Screen Shot 2022-11-07 at 22 21 36"
src="https://user-images.githubusercontent.com/115237/200418107-cdb0eb6f-1292-469c-b89a-2cb13f24173c.png">

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-06 21:15:46 +08:00
Yarden Shoham
77f50356f4
Remove useless "Cancel" buttons (#21872)
* Continues #21381

These buttons have no real use. To cancel, one would simply navigate
away.

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
2022-12-05 20:38:34 +08:00
zeripath
0e46499258
Do not emit ambiguous character warning on rendered pages (#22016)
The real sensitivity of ambiguous characters is in source code -
therefore warning about them in rendered pages causes too many warnings.
Therefore simply remove the warning on rendered pages.

The escape button will remain available and it is present on the view
source page.

Fix #20999

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-12-03 23:47:00 +08:00
Mark Ormesher
665d02efaf
Remove duplicate "Actions" label in mobile view (#21974)
Closes #21973.

The "Actions" button on the commit view page is labelled twice in mobile
view. No other buttons on the page have a `mobile-only` extra label, so
this PR removes it.

Before:


![before](https://user-images.githubusercontent.com/6496999/204540002-75baa08a-6c06-4b39-847b-34272e09d71e.PNG)

After:


![after](https://user-images.githubusercontent.com/6496999/204539991-a0607765-d5e2-4b1a-84c9-a3e16cbc674e.PNG)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-12-01 22:39:19 -05:00
花墨
7020c4afb7
Fix leaving organization bug on user settings -> orgs (#21983)
Fix #21772

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-11-30 17:00:00 +08:00
Meisam
abecf632d2
add rel="me" to org.website link (#21941)
This lets organizations verify their link on 3rd party websites.
2022-11-25 09:33:37 -06:00
Percy Ma
b91167b772
fix(web): keep the pages of the navigation in the center (#21867)
Keep the pages of the navigation in the center

<table>
  <tr>
    <th>Before</th>
    <th>After</th>
  </tr>

  <tr>
    <td>
<img width="200" alt="image"
src="https://user-images.githubusercontent.com/45708948/202838756-d6d57b3f-8144-4a43-a33b-ea7c8ab3a495.png">
</td>
    <td>
<img width="192" alt="image"
src="https://user-images.githubusercontent.com/45708948/202838740-bbae1e86-b14c-421d-92d4-d0e53d5952a2.png">
</td>
  </tr>
</table>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-25 14:37:02 +08:00
Xinyu Zhou
26f941fbda
Fix button in branch list, avoid unexpected page jump before restore branch actually done (#21562)
This patch:
- Use `<button>` replace anchor link `<a>` in **_Delete/Restore
Branch_** button to avoid unexpected page jump before restore branch
actually done.
- Also replace right side buttons with `<button>` in branch list, let
some screen readers know they are buttons.


## Before
click restore branch -> restore triggered -> page refreshed, but branch
status not update -> manually refresh page

<details>


https://user-images.githubusercontent.com/76462613/197389108-5a0bd259-0455-40b2-92ac-4326900276f8.mp4

</details>

## After
waiting restore done -> page refresh -> branch status update

<details>


https://user-images.githubusercontent.com/76462613/197428683-616fcbd2-70f9-4572-bf76-e0b7f77b6dd7.mp4

</details>

Signed-off-by: baronbunny <its@baronbunny.cn>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-11-24 20:29:43 +08:00
silverwind
b97548a2ee
Fix table misalignments and tweak webhook and githook lists (#21917)
- Fix regression from #21893 which had misaligned a few tables like repo
lists and e-mails
- Bring githooks list in line with webhooks list for styling
- Change webhook list icons to just colored dots, like githook list
- Increase size of dot in webhook and githook list from 16 to 22px
2022-11-24 00:43:07 -06:00
Xinyu Zhou
09b7d8198c
Fix flex layout for repo list icons (#21896)
#20241 Added a tooltip, which does not satisfy the flex layout, and the
icons are not aligned

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
2022-11-23 22:01:30 -06:00
kolaente
13746f070d
feat: add button to quickly clear merge message (#21548)
This PR adds a button to allow quickly clearing the merge message of a
PR. The button will remove everything but the git trailers.

I found myself often pruning the commit message before merging,
especially for PRs generated by renovate - renovate puts a very long and
detailed comment with the full changelog in each PR it opens. This
clutters the commit message. However, I want to explicitly preserve the
git commit trailers. Doing this manually works, but having a button is a
lot easier.

Screenshot:

![image](https://user-images.githubusercontent.com/13721712/197337525-d456d0f8-1f7c-43a9-815d-ca93b1e7a90a.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: delvh <dev.lh@web.de>
2022-11-23 18:24:03 +08:00
Xinyu Zhou
68e934ab5d
Add option to enable CAPTCHA validation for login (#21638)
Enable this to require captcha validation for user login. You also must
enable `ENABLE_CAPTCHA`.

Summary:
- Consolidate CAPTCHA template
- add CAPTCHA handle and context
- add `REQUIRE_CAPTCHA_FOR_LOGIN` config and docs
- Consolidate CAPTCHA set-up and verification code 

Partially resolved #6049 

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Andrew Thornton <art27@cantab.net>
2022-11-22 21:13:18 +00:00
silverwind
1c7496c7a7
Webhook list enhancements (#21893) 2022-11-22 07:10:42 +08:00
silverwind
2e5ac53bdc
Embed Matrix icon as SVG (#21890)
Embed the SVG icon directly, making further invertion unnecessary
because the icon color can now follow text color.

<img width="240" alt="Screenshot 2022-11-21 at 20 16 32"
src="https://user-images.githubusercontent.com/115237/203142189-89f20de9-c0bd-4d05-92c0-44dadf20d78f.png">
<img width="245" alt="Screenshot 2022-11-21 at 20 16 46"
src="https://user-images.githubusercontent.com/115237/203142191-658239ba-1859-49c6-91ad-10ddf14780d0.png">
2022-11-21 20:25:26 +00:00
Percy Ma
2836382f34
fix(web): add alt for logo in home page (#21887)
add `alt` for logo in home page
2022-11-21 15:09:55 -05:00
silverwind
c2fb27beb4
Improvements for Content Copy (#21842)
It now supports copying Markdown, SVG and Images (not in Firefox
currently because of lacking
[`ClipboardItem`](https://developer.mozilla.org/en-US/docs/Web/API/ClipboardItem)
support, but can be enabled in `about:config` and works). It will fetch
the data if in a rendered view or when it's an image.

Followup to https://github.com/go-gitea/gitea/pull/21629.
2022-11-21 17:59:42 +08:00
Xinyu Zhou
b4802b9b2e
Allow disable RSS/Atom feed (#21622)
This patch provide a mechanism to disable RSS/Atom feed.

Signed-off-by: Xinyu Zhou <i@sourcehut.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-11-21 13:14:58 +08:00
KN4CK3R
32db62515f
Add package registry cleanup rules (#21658)
Fixes #20514
Fixes #20766
Fixes #20631

This PR adds Cleanup Rules for the package registry. This allows to
delete unneeded packages automatically. Cleanup rules can be set up from
the user or org settings.
Please have a look at the documentation because I'm not a native english
speaker.

Rule Form

![grafik](https://user-images.githubusercontent.com/1666336/199330792-c13918a6-e196-4e71-9f53-18554515edca.png)

Rule List

![grafik](https://user-images.githubusercontent.com/1666336/199331261-5f6878e8-a80c-4985-800d-ebb3524b1a8d.png)

Rule Preview

![grafik](https://user-images.githubusercontent.com/1666336/199330917-c95e4017-cf64-4142-a3e4-af18c4f127c3.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-20 16:08:38 +02:00
Jason Song
d3f850cc0e
Support comma-delimited string as labels in issue template (#21831)
The [labels in issue YAML
templates](https://docs.github.com/en/communities/using-templates-to-encourage-useful-issues-and-pull-requests/syntax-for-issue-forms#top-level-syntax)
can be a string array or a comma-delimited string, so a single string
should be valid labels.

The old codes committed in #20987 ignore this, that's why the warning is
displayed:

<img width="618" alt="image"
src="https://user-images.githubusercontent.com/9418365/202112642-93dc72d0-71c3-40a2-9720-30fc2d48c97c.png">

Fixes #17877.
2022-11-19 15:22:15 +00:00
silverwind
eec1c71880
Show syntax lexer name in file view/blame (#21814)
Show which Chroma Lexer is used to highlight the file in the file
header. It's useful for development to see what was detected, and I
think it's not bad info to have for the user:

<img width="233" alt="Screenshot 2022-11-14 at 22 31 16"
src="https://user-images.githubusercontent.com/115237/201770854-44933dfc-70a4-487c-8457-1bb3cc43ea62.png">
<img width="226" alt="Screenshot 2022-11-14 at 22 36 06"
src="https://user-images.githubusercontent.com/115237/201770856-9260ce6f-6c0f-442c-92b5-201e5b113188.png">
<img width="194" alt="Screenshot 2022-11-14 at 22 36 26"
src="https://user-images.githubusercontent.com/115237/201770857-6f56591b-80ea-42cc-8ea5-21b9156c018b.png">

Also, I improved the way this header overflows on small screens:

<img width="354" alt="Screenshot 2022-11-14 at 22 44 36"
src="https://user-images.githubusercontent.com/115237/201774828-2ddbcde1-da15-403f-bf7a-6248449fa2c5.png">

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-19 13:08:06 +02:00
KN4CK3R
044c754ea5
Add context.Context to more methods (#21546)
This PR adds a context parameter to a bunch of methods. Some helper
`xxxCtx()` methods got replaced with the normal name now.

Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-19 16:12:33 +08:00
silverwind
fefdb7ffd1
Timeline and color tweaks (#21799)
Followup to https://github.com/go-gitea/gitea/pull/21784.

- Restore muted effect on timeline author and issuelist comment icon
- Remove whitespace inside shared user templates, fixing link hover
underline
- Use shared author link template more
- Use `bold` class instead of CSS
- Fix grey-light color being too dark on arc-green
- Add missing black-light color
- Fix issuelist progress bar color
- Fix various other cases of missing `.muted`

<img width="416" alt="Screenshot 2022-11-13 at 12 15 22"
src="https://user-images.githubusercontent.com/115237/201519497-1d4725c6-bc8b-47b5-9f68-1278ac9a8c92.png">
<img width="324" alt="Screenshot 2022-11-13 at 12 16 52"
src="https://user-images.githubusercontent.com/115237/201519501-c0d03700-f9af-4316-ab46-482f2c7c738b.png">
<img width="79" alt="Screenshot 2022-11-13 at 12 30 55"
src="https://user-images.githubusercontent.com/115237/201519502-46dc2d73-bbdf-4a2e-84d3-d2976f793163.png">
<img width="440" alt="Screenshot 2022-11-13 at 12 41 03"
src="https://user-images.githubusercontent.com/115237/201519876-ada33948-f84a-4aeb-a40d-5c873f9a49e9.png">
<img width="213" alt="Screenshot 2022-11-13 at 12 52 54"
src="https://user-images.githubusercontent.com/115237/201520291-a4d7238e-aeca-46c7-9008-8b644b1b676e.png">
<img width="208" alt="Screenshot 2022-11-13 at 12 56 16"
src="https://user-images.githubusercontent.com/115237/201520436-aa8ba109-b959-42fb-831a-021e806c7082.png">

Co-authored-by: Lauris BH <lauris@nix.lv>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-11-19 12:02:30 +08:00
May
f311d15a0b
Added space between avatar and username (#21825)
Added space between avatar and username which is missing on verified
commit message and avatar is too close to username which is don't look
nice.

Current state

![image](https://user-images.githubusercontent.com/3164256/202007728-d7d6ecac-f754-454c-a67f-e422f4aac5a5.png)


This is how it looks after change

![image](https://user-images.githubusercontent.com/3164256/202007984-d4a38a1c-7c24-4278-aa0f-9aa51c10f772.png)

Co-authored-by: zeripath <art27@cantab.net>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: techknowlogick <techknowlogick@gitea.io>
2022-11-15 16:36:53 -05:00
Yarden Shoham
6c8ff32511
Add updated_at field to PullReview API object (#21812)
* Closes #19997

Adds an `updated_at` time field to the `PullReview` API object to
specify when the pull request review's state changed.

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-11-15 11:33:52 +02:00
Yarden Shoham
de6dfb7141
Remove href="javascript:;" in "save topics (Done)" button (#21813)
To use an anchor tag as a button and have it be accessible I added
`role="button" tabindex="0"`,
[reference](https://stackoverflow.com/a/10510353/7414734).

* Closes #19912
2022-11-15 10:10:50 +08:00
Yarden Shoham
6f3efdfe11
Render number of commits in repo page in a user friendly way (#21786)
Use `JsPrettyNumber` to render the number of commits

* Closes #12637

### Before

![1094](https://user-images.githubusercontent.com/20454870/201484428-eaa80d27-eeed-444e-9dc5-ae046424de2f.png)

### After

![1,094](https://user-images.githubusercontent.com/20454870/201484385-b5bdc290-86fd-493b-a87c-c987012b18ad.png)

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2022-11-13 00:55:19 -05:00
Nolann
9f8e778918
Copy citation file content, in APA and BibTex format, on repo home page (#19999)
Add feature to easily copy CITATION.cff content in APA and BibTex format.
2022-11-11 18:02:50 +01:00
Yarden Shoham
e3a7f15791
Add "Copy" button to file view of raw text (#21629)
If a raw text file is displayed, a copy button of the text is enabled.

* Closes #12866

### Before

![image](https://user-images.githubusercontent.com/20454870/198898628-df1bcb0c-79d7-4ffb-95e4-441d77430827.png)

### After

![image](https://user-images.githubusercontent.com/20454870/199988152-ea1099ad-29e1-4765-a9ca-4c03c1737453.png)

#### Rendered files and binaries have their button disabled

![image](https://user-images.githubusercontent.com/20454870/199988408-73de6327-5e9e-462b-b2b6-8c3f5b878386.png)

![image](https://user-images.githubusercontent.com/20454870/199988563-844f8656-f48d-4929-880e-b6558c1c054a.png)

Signed-off-by: Yarden Shoham <hrsi88@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2022-11-04 15:33:50 -04:00
zeripath
3e8618949e
Clean up formatting on install page (#21668)
The install page has been somewhat inconsistently styled for a while.
This PR simplifies and standardises the styling of these fields makes
things line up better across widths.

Replace #21660

Signed-off-by: Andrew Thornton <art27@cantab.net>

Old:
![Screenshot from 2022-11-02
23-07-05](https://user-images.githubusercontent.com/1824502/199619007-4a6b66c5-e19c-4d29-b71b-9aa73f2789ca.png)


New:
![Screenshot from 2022-11-02
23-04-28](https://user-images.githubusercontent.com/1824502/199618779-370f88e7-b590-4abd-afb9-b66cc3194a5d.png)

Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-11-03 20:41:01 +00:00
oliverpool
b6e81357bd
Add Webhook authorization header (#20926)
_This is a different approach to #20267, I took the liberty of adapting
some parts, see below_

## Context

In some cases, a weebhook endpoint requires some kind of authentication.
The usual way is by sending a static `Authorization` header, with a
given token. For instance:

- Matrix expects a `Bearer <token>` (already implemented, by storing the
header cleartext in the metadata - which is buggy on retry #19872)
- TeamCity #18667
- Gitea instances #20267
- SourceHut https://man.sr.ht/graphql.md#authentication-strategies (this
is my actual personal need :)

## Proposed solution

Add a dedicated encrypt column to the webhook table (instead of storing
it as meta as proposed in #20267), so that it gets available for all
present and future hook types (especially the custom ones #19307).

This would also solve the buggy matrix retry #19872.

As a first step, I would recommend focusing on the backend logic and
improve the frontend at a later stage. For now the UI is a simple
`Authorization` field (which could be later customized with `Bearer` and
`Basic` switches):


![2022-08-23-142911](https://user-images.githubusercontent.com/3864879/186162483-5b721504-eef5-4932-812e-eb96a68494cc.png)

The header name is hard-coded, since I couldn't fine any usecase
justifying otherwise.

## Questions

- What do you think of this approach? @justusbunsi @Gusted @silverwind 
- ~~How are the migrations generated? Do I have to manually create a new
file, or is there a command for that?~~
- ~~I started adding it to the API: should I complete it or should I
drop it? (I don't know how much the API is actually used)~~

## Done as well:

- add a migration for the existing matrix webhooks and remove the
`Authorization` logic there


_Closes #19872_

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Gusted <williamzijl7@hotmail.com>
Co-authored-by: delvh <dev.lh@web.de>
2022-11-03 20:23:20 +02:00
Gusted
c2d2323fc8
Configure update checker on installation page (#21655)
- I recently became aware that this was enabled by-default, I don't
necessary agree with that and this should rather be configured by the
user(this patch does that on the installation page) as it connects to a
homeserver, which I'd prefer to avoid on my instance.


![image](https://user-images.githubusercontent.com/25481501/199260613-a77a1b10-347a-4542-8982-9b9b24dad28c.png)
2022-11-01 19:23:56 +00:00
kolaente
cd5c067abe
fix: PR status layout on mobile (#21547)
This PR fixes the layout of PR status layouts on mobile. For longer
status context names or on very small screens the text would overflow
and push the "Details" and "Required" badges out of the container.

Before:

![Screen Shot 2022-10-22 at 12 27
46](https://user-images.githubusercontent.com/13721712/197335454-e4decf09-4778-43e8-be88-9188fabbec23.png)

After:

![Screen Shot 2022-10-22 at 12 53
24](https://user-images.githubusercontent.com/13721712/197335449-2c731a6c-7fd6-4b97-be0e-704a99fd3d32.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-28 09:49:42 -04:00
Xinyu Zhou
830f5c3736
Fix UI column width, button overflow Fomantic's grid (#21559)
resolved #21310 

Before:

![](https://user-images.githubusercontent.com/76462613/197395358-78698f7f-776a-4ed1-954e-e6c09a648f2b.png)


After:

![](https://user-images.githubusercontent.com/76462613/197395356-63289761-a0d4-47a7-a103-a6e6f4ad2eed.png)

Signed-off-by: baronbunny <its@baronbunny.cn>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-28 09:48:48 -04:00
KN4CK3R
5c2089a01d
Change commits-table column width (#21564)
Fixes #21561

Before

![image](https://user-images.githubusercontent.com/20903656/197388658-0ea1d941-8bc7-4f10-b5db-4ece8602b13a.png)

After

![image](https://user-images.githubusercontent.com/20903656/197388665-78fb8421-105d-408d-84cf-a86b1cc61e2e.png)
2022-10-25 18:00:37 +01:00
Gusted
29c00eb1ed
Improve code comment review on mobile (#21461)
- Fix placement of avatar image, this was not placed in the
`comment-header-left` and add CSS to cover the limiting of width+height
of avatar for code-review comment on "Files changed" page. This fixes
the big noticeable avatar issue.
- Apply `margin-bottom` to the "next" button, so it's consistent with
the "previous" button.
- Make sure the "next"/"previous" start at `flex-start` on mobile and
not off-screen at `flex-end`. As well force them to have `flex: 1` so
they won't overflow on x-asis. This also requires the `width: 100%` for
the `.ui.buttons` div.
- Resolves #20074


### Before
<details><img width="512"
src="https://user-images.githubusercontent.com/25481501/195952930-09560cad-419f-43a3-a8a4-a4166c117994.jpg"></details>

### After
<details><img width="512"
src="https://user-images.githubusercontent.com/25481501/197340081-0365dfa8-4344-46b4-8702-a40c778c073f.jpg"></details>

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: silverwind <me@silverwind.io>
2022-10-25 19:11:49 +08:00
Vladimir Yakovlev
0218fa7cf1
Added missing headers on user packages page (#21172)
User packages page had missing tabs.


![packages-2](https://user-images.githubusercontent.com/183965/190411160-c8138a8c-dbc4-4cf1-af2c-52497a10cee8.png)

![packages-1](https://user-images.githubusercontent.com/183965/190411155-af2cb398-c9a0-4fcc-adcd-1711aaa28345.png)

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Lauris BH <lauris@nix.lv>
2022-10-24 20:01:05 +08:00
M Hickford
191a74d622
Record OAuth client type at registration (#21316)
The OAuth spec [defines two types of
client](https://datatracker.ietf.org/doc/html/rfc6749#section-2.1),
confidential and public. Previously Gitea assumed all clients to be
confidential.

> OAuth defines two client types, based on their ability to authenticate
securely with the authorization server (i.e., ability to
>   maintain the confidentiality of their client credentials):
>
>   confidential
> Clients capable of maintaining the confidentiality of their
credentials (e.g., client implemented on a secure server with
> restricted access to the client credentials), or capable of secure
client authentication using other means.
>
>   **public
> Clients incapable of maintaining the confidentiality of their
credentials (e.g., clients executing on the device used by the resource
owner, such as an installed native application or a web browser-based
application), and incapable of secure client authentication via any
other means.**
>
> The client type designation is based on the authorization server's
definition of secure authentication and its acceptable exposure levels
of client credentials. The authorization server SHOULD NOT make
assumptions about the client type.

 https://datatracker.ietf.org/doc/html/rfc8252#section-8.4

> Authorization servers MUST record the client type in the client
registration details in order to identify and process requests
accordingly.

Require PKCE for public clients:
https://datatracker.ietf.org/doc/html/rfc8252#section-8.1

> Authorization servers SHOULD reject authorization requests from native
apps that don't use PKCE by returning an error message

Fixes #21299

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2022-10-24 15:59:24 +08:00
silverwind
bf2a72d126
Expand "Go to File" button again, fix 'Add File' margin (#21543)
With https://github.com/go-gitea/gitea/pull/21428 we gained some space
so we are again able to show the "Go to File" button as text instead of
icon-only (the old icon was not particularily fitting anyways).

Before:
<img width="328" alt="image"
src="https://user-images.githubusercontent.com/115237/197334423-07731d9d-bf26-4aeb-95fa-490d9d0bf2a2.png">

After:
<img width="339" alt="Screen Shot 2022-10-22 at 12 28 01"
src="https://user-images.githubusercontent.com/115237/197334383-467c4107-09c9-4881-b75f-7f403eab7f3a.png">
<img width="413" alt="Screen Shot 2022-10-22 at 12 28 16"
src="https://user-images.githubusercontent.com/115237/197334384-f7d1fdda-a011-4138-ad1e-b52fc987501f.png">
2022-10-24 02:23:04 +01:00
KN4CK3R
876ee8c3cd
Allow package version sorting (#21453) 2022-10-23 09:18:15 +08:00
rock2dust
cd33979f5a
Added check for disabled Packages (#21540)
At the moment, If admin disable Packages, still show the Packages on the
admin dashboard

This patch added a check to hide the Packages entry

Signed-off-by: baronbunny <its@baronbunny.cn>

Signed-off-by: baronbunny <its@baronbunny.cn>
2022-10-22 11:24:09 +08:00