Commit graph

452 commits

Author SHA1 Message Date
Gusted
fb2795b5bb
[BUG] Correct changed files for codeowners
- The CODEOWNER feature relies on the changed files to determine which
reviewers should be added according to the `CODEOWNER` file.
- The current approach was to 'diff' between the base and head branch,
which seems logical but fail in practice when the pull request is out of
date with the base branch. Therefore it should instead diff between the
head branch and the merge base of the head and base branch, so only the
actual affected files by the pull requests are used, the same approach
is used by the diff of an unmerged pull request.
- Add integration testing (for the feature as well).
- Resolves #2458
2024-02-27 23:16:00 +01:00
Gergely Nagy
aef0b024b7 Fix the Fork button in repo headers
In #2445, I lifted out the fork button into its own template, but did
not update it properly. This resulted in the fork button's counter not
displaying, and pointing to the wrong place too.

This patch updates the template to account for it moving to a separate
file, and also adds test cases to verify the button is display as it
should be.

Fixes #2494.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-27 18:36:37 +00:00
0ko
2e76e4fb33 [I18N] Improve English strings & consistency 2024-02-27 17:42:59 +00:00
Gergely Nagy
c9b410fb35
Highlight the correct small menu item when viewing a tag
When viewing a tag that isn't associated with a release, highlight the
"N Tags" sub-menu item, rather than the "M releases" one.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-27 13:32:55 +01:00
Gergely Nagy
fc635f1014
Restore the ability to view tags without a release
The `repo.SingleRelease` handler was broken by gitea#29149, as the
switch to `getReleaseInfos` stopped returning tags without an associated
release. This resulted in the web UI showing a 404 when trying to view a
tag without a release.

This restores the functionality by explicitly including tags in the
search, and also adds tests to exercise the fix.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-27 13:32:55 +01:00
Earl Warren
3fa4962a88 Merge pull request '[gitea] cherry-pick' (#2478) from earl-warren/forgejo:wip-gitea-cherry-pick into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2478
2024-02-27 10:39:41 +00:00
Earl Warren
d9ae3717b5 Merge pull request '[BUG] Remember topic only in repo search' (#2489) from gusted/forgejo-topic-explore into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2489
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-26 22:40:34 +00:00
Zettat123
77c56e29de
Allow non-admin users to delete review requests (#29057)
Fix #14459

The following users can add/remove review requests of a PR
- the poster of the PR
- the owner or collaborators of the repository
- members with read permission on the pull requests unit

(cherry picked from commit c42083a33950be6ee9f822c6d0de3c3a79d1f51b)

Conflicts:
	models/repo/repo_list_test.go
	tests/integration/api_nodeinfo_test.go
	tests/integration/api_repo_test.go
	shared fixture counts
2024-02-26 22:30:27 +01:00
KN4CK3R
5f79550a0d
Prevent double use of git cat-file session. (#29298)
Fixes the reason why #29101 is hard to replicate.
Related #29297

Create a repo with a file with minimum size 4097 bytes (I use 10000) and
execute the following code:
```go
gitRepo, err := gitrepo.OpenRepository(db.DefaultContext, <repo>)
assert.NoError(t, err)

commit, err := gitRepo.GetCommit(<sha>)
assert.NoError(t, err)

entry, err := commit.GetTreeEntryByPath(<file>)
assert.NoError(t, err)

b := entry.Blob()

// Create a reader
r, err := b.DataAsync()
assert.NoError(t, err)
defer r.Close()

// Create a second reader
r2, err := b.DataAsync()
assert.NoError(t, err) // Should be no error but is ErrNotExist
defer r2.Close()
```

The problem is the check in `CatFileBatch`:

79217ea63c/modules/git/repo_base_nogogit.go (L81-L87)
`Buffered() > 0` is used to check if there is a "operation" in progress
at the moment. This is a problem because we can't control the internal
buffer in the `bufio.Reader`. The code above demonstrates a sequence
which initiates an operation for which the code thinks there is no
active processing. The second call to `DataAsync()` therefore reuses the
existing instances instead of creating a new batch reader.

(cherry picked from commit f74c869221624092999097af38b6f7fae4701420)
2024-02-26 22:30:25 +01:00
6543
f796548225
Workaround to clean up old reviews on creating a new one (#28554)
close  #28542

blocks  #28544

---
*Sponsored by Kithara Software GmbH*

(cherry picked from commit 217d71c48a10265e08b95cc961656b921f61f9ff)

Conflicts:
	tests/integration/api_pull_review_test.go
	context
2024-02-26 21:42:14 +01:00
Gusted
b4360d504c
[BUG] Remember topic only in repo search
- If the user is searching repositories with an specific topic, adding
any other filter option, such as showing unrelevant repositories or
using another sort Forgejo should remember that 'topic only' was set.
- Adds integration test.
- Resolves #2461
2024-02-26 16:25:01 +01:00
Earl Warren
775956cc68 Merge pull request '[BUG] Don't overwrite protected branch accidentally' (#2473) from gusted/forgejo-error-duplicate into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2473
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-26 14:55:09 +00:00
Earl Warren
f91702dd74 Merge pull request 'Split up repo.Action in routers/web into smaller functions.' (#2476) from algernon/forgejo:refactor/routes/web/repo-action into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2476
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-26 14:54:35 +00:00
Gergely Nagy
ae0635fd61
Correctly support linguist-documentation=false
If a documentation file is marked with a `linguist-documentation=false`
attribute, include it in language stats.

However, make sure that we do *not* include documentation languages as
fallback.

Added a new test case to exercise the formerly buggy behaviour.

Problem discovered while reviewing @KN4CK3R's tests from gitea#29267.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-26 14:18:33 +01:00
Gergely Nagy
7e6fe41389
Add tests for the star/unstar & watch/unwatch UI
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-26 09:14:11 +01:00
qwerty287
feb189554e
Add API to get PR by base/head (#29242)
Closes https://github.com/go-gitea/gitea/issues/16289

Add a new API `/repos/{owner}/{repo}/pulls/{base}/{head}` to get a PR by
its base and head branch.
2024-02-26 03:41:42 +01:00
Gusted
1bab4358ac
[BUG] Don't overwrite protected branch accidentally
- If a user tries to create another protected branching rule that
specifies a set of branches already used by another rule, do not allow
it.
- Update the translation accordingly.
- Adds integration test.
- Resolves #2455
2024-02-25 20:09:18 +01:00
Earl Warren
f991f107da Merge pull request 'Improve display of 404/500 error pages' (#2466) from 0ko/forgejo:errorcodes into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2466
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-25 15:53:09 +00:00
Earl Warren
649ca2b230 Merge pull request 'Allow instance-wide disabling of forking' (#2445) from algernon/forgejo:f/disable-forks into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2445
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 15:13:15 +00:00
Earl Warren
bc2a105cbb Merge pull request '[FEAT] Check if commit is already present in target branch' (#2450) from gusted/forgejo-agit-contain-commit into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2450
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 15:05:33 +00:00
Earl Warren
ef1d579c41 Merge pull request '[UI] Agit: Add AGit label to AGit-created PRs' (#2444) from n0toose/agit-indicator into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2444
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-25 14:48:09 +00:00
0ko
a748ba70a8 10-year old images are gone 2024-02-25 18:13:59 +05:00
Gergely Nagy
0ea021c8c9
Allow instance-wide disabling of forking
For small, personal self-hosted instances with no user signups, the fork
button is just a noise. This patch allows disabling them like stars can
be disabled too.

Disabling forks does not only remove the buttons from the web UI, it
also disables the routes that could be used to create forks.

Fixes #2441.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-25 12:00:17 +01:00
Earl Warren
3471adb14a Merge pull request '[FEAT] Enable ambiguous character detection in configured contexts' (#2427) from gusted/forgejo-ambigious-characters into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2427
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
2024-02-24 12:25:31 +00:00
Earl Warren
bc8d61d12e Merge pull request '[FEAT] Restrict file size of blame operation' (#2395) from gusted/forgejo-blame-restrict into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2395
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-23 23:17:02 +00:00
Gusted
f0ed6de89d
[FEAT] Check if commit is already present in target branch
- Check if someone is (accidentally) trying to create a pull request via
AGit with changes already in the target branch and fail if that is the
case.
- Added integration test.
2024-02-23 21:42:15 +01:00
Panagiotis "Ivory" Vasilopoulos
bf7fb89178 [UI] Agit: Add AGit label to AGit-created PRs
Adds a label to Pull Requests that were created using AGit-Flow,
in order to prevent situations where a contributor uses AGit-Flow
to push new changes - only to realize that they did not use AGit-Flow
in the first place, and that they just opened a new PR accidentally
(that was me).

Also intended to raise general awareness about the feature. Some
additional work, such as adding a tooltip, still needs to be
done.

A small typo fix for a comment and (exclusively) formatting fixes
in the copyright header are also included.

Refs: https://codeberg.org/forgejo/forgejo/issues/2433
2024-02-23 21:09:08 +01:00
Gusted
5b3a82d621
[FEAT] Enable ambiguous character detection in configured contexts
- The ambiguous character detection is an important security feature to
combat against sourcebase attacks (https://trojansource.codes/).
- However there are a few problems with the feature as it stands
today (i) it's apparantly an big performance hitter, it's twice as slow
as syntax highlighting (ii) it contains false positives, because it's
reporting valid problems but not valid within the context of a
programming language (ambiguous charachters in code comments being a
prime example) that can lead to security issues (iii) charachters from
certain languages always being marked as ambiguous. It's a lot of effort
to fix the aforementioned issues.
- Therefore, make it configurable in which context the ambiguous
character detection should be run, this avoids running detection in all
contexts such as file views, but still enable it in commits and pull
requests diffs where it matters the most. Ideally this also becomes an
per-repository setting, but the code architecture doesn't allow for a
clean implementation of that.
- Adds unit test.
- Adds integration tests to ensure that the contexts and instance-wide
is respected (and that ambigious charachter detection actually work in
different places).
- Ref: https://codeberg.org/forgejo/forgejo/pulls/2395#issuecomment-1575547
- Ref: https://codeberg.org/forgejo/forgejo/issues/564
2024-02-23 13:12:17 +01:00
Gergely Nagy
98943fdb43
tests: Add a basic test for artifact deletion
Adds a very bare-bones test for artifact deletion. It does not exercise
the functionality itself, just the presence of the functionality.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-23 09:24:43 +01:00
Earl Warren
c47e6ceb82 Merge pull request '[FEAT] repo search using git grep' (#1594) from snematoda/forgejo:forgejo into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1594
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-22 22:21:44 +00:00
Gusted
ca798e4cc2
[SECURITY] Test XSS in dismissed review
It's possible for reviews to not be assiocated with users, when they
were migrated from another forge instance. In the migration code,
there's no sanitization check for author names, so they could contain
HTML tags and thus needs to be properely escaped.
2024-02-22 15:33:20 +01:00
Gusted
565e331238
[SECURITY] Test XSS in wiki last commit information
On the wiki and revisions page, information is shown about the last
commit that modified that wiki page. This includes the time it was last
edited and by whom. Verify it is sanitized.
2024-02-22 15:03:15 +01:00
Malte Jürgens
5c67c34ce8
Add e2e debug server
This adds the ability to run `make test-e2e-debugserver` to start a
forgejo server pupulated with the test data from `models/fixtures`. This
is particularly useful for debugging the e2e tests with a external tool,
such as the Playwright extension for VSCode [1].

[1] https://open-vsx.org/extension/ms-playwright/playwright
2024-02-21 20:47:57 +01:00
Shiny Nematoda
51fb6f3983 [FEAT] add fallback repo search using git grep 2024-02-20 13:00:34 +00:00
Gusted
cfd6420a0e Merge pull request '[REFACTOR] Refactor the AGit code' (#2386) from gusted/fix-agit into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2386
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-19 15:59:10 +00:00
Gusted
d8a267d3ab
[FEAT] Restrict file size of blame operation
- Currently there exists a restriction to not render and show files that
are larger than what's configured in `[UI].MAX_DISPLAY_FILE_SIZE`.
- Apply the same restriction to the blame operation as well, as the
blame operation can be seen as displaying a file.
- Add integration test.
- Ref: #2394
2024-02-19 16:39:39 +01:00
Earl Warren
6c9c0aca76 Merge pull request '[gitea] cherry-pick' (#2375) from earl-warren/forgejo:wip-gitea-cherry-pick into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2375
Reviewed-by: Otto <otto@codeberg.org>
2024-02-19 14:42:41 +00:00
Gusted
c58ad87513
[REFACTOR] Refactor the AGit code
TLDR: Less code, better maintainability and more comments.

- Add code comments to explain what the code does, it's quite a big
function so it definitely deserved some of that.
- Simplify some logic.
- Load the `pusher` in a single place.
- Update the error messages to be more correct, not capitlized, include
more debug info and remove 'Error:' As it's no need to indicate that,
errors are concenated with `:` seperators.
- Improve the message that a change was rejected, because a force push
was detected and the `force-push` option wasn't set.
- Avoid a second time loading `gitRepo.GetObjectFormat` and handle the
error gracefully for the other occurence.
- Adds integration test for force push detection.
2024-02-19 13:18:50 +01:00
Earl Warren
5240e27266 Merge pull request 'GitHub-style alert blocks in Markdown (gitea#29121)' (#2348) from algernon/forgejo:f/markdown/alert-blocks-port into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2348
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-02-18 11:21:36 +00:00
Yarden Shoham
2685be9f95
Fix labels referencing the wrong ID in the user profile settings (#29199)
2 instances of `for` with a wrong value and 1 `for` that had a reference
to a `name` instead of `id`.

---------

Signed-off-by: Yarden Shoham <git@yardenshoham.com>
(cherry picked from commit 1d275c1748a75a01c270f5c306c5248808016aba)
2024-02-17 23:24:32 +01:00
Gergely Nagy
cc47808b84
tests: Markdown alert block test cases
This adds a few test cases to exercise the alert block feature of the
markdown renderer, both the legacy GitHub style, and the modern one.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-17 18:35:45 +01:00
Gusted
f779aa79f2
[BUG] Fix pull request reopen conditions
- Move the conditions code around, such that the existence of the head
and base is first checked (so a clear error can be given, instead of a
possible server error). This makes it easier to read this code. As the
logic is now grouped together.
- Adds integration testing that simulates the deletion of the base and
head branch and ensures the pull request cannot be opened. The 'normal'
testcase also 'informally' ensures that the previous incorrect condition
is not there, because the branch `base-branch` doesn't exist on the head
repository.
- Resolves #2321
2024-02-17 15:38:16 +01:00
Gusted
7bf93e5d1a Merge pull request 'A new test to exercise linguist-language=' (#2368) from algernon/tests/linguist/view-guess into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2368
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-02-17 13:46:43 +00:00
Gusted
0c0b87ec1a Merge pull request 'Add rel="nofollow" to issue filter links' (#2367) from algernon/forgejo:b/issues/nofollow into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2367
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-02-17 10:56:47 +00:00
Gergely Nagy
ae95db12a1
A new test to exercise linguist-language=
Rename `repo_lang_stats_test.go` to `linguist_test.go`, and add a new
tests that exercises parts of the web UI to ensure that language
overrides in `.gitattributes` work when viewing a file source, and in
the blame view too.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-17 11:24:16 +01:00
Gergely Nagy
5143ebb507
Add rel="nofollow" to issue filter links
The issue filter links should not be crawled by search engines, because
they they only filter results, and contain nothing new, yet, they put a
considerable load on the server.

To stop - well behaving - search engines from following these links, add
a `rel="nofollow"` property to them. The same property is already
present on the archive download links, and plenty of other places.

Fixes #2361.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-17 10:42:47 +01:00
wxiaoguang
65248945c9
Refactor locale&string&template related code (#29165)
Clarify when "string" should be used (and be escaped), and when
"template.HTML" should be used (no need to escape)

And help PRs like  #29059 , to render the error messages correctly.

(cherry picked from commit f3eb835886031df7a562abc123c3f6011c81eca8)

Conflicts:
	modules/web/middleware/binding.go
	routers/web/feed/convert.go
	tests/integration/branches_test.go
	tests/integration/repo_branch_test.go
	trivial context conflicts
2024-02-16 15:20:52 +01:00
oliverpool
0fc61c8836 [BUG] split code conversations in diff tab (#2306)
Follow-up of #2282 and #2296 (which tried to address #2278)

One of the issue with the previous PR is that when a conversation on the Files tab was marked as "resolved", it would fetch all the comments for that line (even the outdated ones, which should not be shown on this page - except when explicitly activated).

To properly fix this, I have changed `FetchCodeCommentsByLine` to `FetchCodeConversation`. Its role is to fetch all comments related to a given (review, path, line) and reverted my changes in the template (which were based on a misunderstanding).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2306
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: oliverpool <git@olivier.pfad.fr>
Co-committed-by: oliverpool <git@olivier.pfad.fr>
2024-02-16 12:16:11 +00:00
Earl Warren
41cc9784f9 Merge pull request 'agit: Automatically fill in the description' (#2344) from algernon/f/agit/description-autofill into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/2344
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-02-14 20:46:00 +00:00
Gergely Nagy
259ad5d614
agit: Automatically fill in the description
If no `-o description=` is provided, fill it in automatically from the
first commit, just like title. Also allow filling in either, and
specifying them independently.

This means that `git push origin HEAD:refs/for/main/my-local-branch`
will fill in the PR title, *and* the description, without having to
specify additional parameters.

The description is the first commit's message without the first two
lines (the title and a newline, as customary).

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-02-14 21:17:55 +01:00