Commit Graph

18319 Commits

Author SHA1 Message Date
Rowan Bohde 416c36f303
allow synchronizing user status from OAuth2 login providers (#31572)
This leverages the existing `sync_external_users` cron job to
synchronize the `IsActive` flag on users who use an OAuth2 provider set
to synchronize. This synchronization is done by checking for expired
access tokens, and using the stored refresh token to request a new
access token. If the response back from the OAuth2 provider is the
`invalid_grant` error code, the user is marked as inactive. However, the
user is able to reactivate their account by logging in the web browser
through their OAuth2 flow.

Also changed to support this is that a linked `ExternalLoginUser` is
always created upon a login or signup via OAuth2.

### Notes on updating permissions
Ideally, we would also refresh permissions from the configured OAuth
provider (e.g., admin, restricted and group mappings) to match the
implementation of LDAP. However, the OAuth library used for this `goth`,
doesn't seem to support issuing a session via refresh tokens. The
interface provides a [`RefreshToken`
method](https://github.com/markbates/goth/blob/master/provider.go#L20),
but the returned `oauth.Token` doesn't implement the `goth.Session` we
would need to call `FetchUser`. Due to specific implementations, we
would need to build a compatibility function for every provider, since
they cast to concrete types (e.g.
[Azure](https://github.com/markbates/goth/blob/master/providers/azureadv2/azureadv2.go#L132))

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-16 20:33:16 +02:00
silverwind 3a7454df7a
Enable `no-jquery/no-class-state` (#31639)
Just 4 validations and I specifically tested this by
selecting/unselecting issue labels.

Co-authored-by: Giteabot <teabot@gitea.io>
2024-07-16 12:14:27 +02:00
Bartlomiej Komendarczuk e8d4b7a8b1
Added default sorting milestones by name (#27084)
#26996 
Added default sorting for milestones by name.
Additional, name for sorting closestduedate and furthestduedate was
broken, so I fixed it.

---------

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
2024-07-16 10:08:54 +02:00
silverwind 0bb4c1cde2
Code editor theme enhancements (#31629)
1. Fixed border-radius
2. Monaco ignores the alpha channel on the shadow color, introduce
`color-shadow-opaque`
3. Remove scrollbar color which follows
https://github.com/go-gitea/gitea/pull/29800

Before:

<img width="34" alt="Screenshot 2024-07-13 at 15 38 18"
src="https://github.com/user-attachments/assets/042d9bde-6db9-4467-a2a4-8f61ecc773eb">
<img width="35" alt="Screenshot 2024-07-13 at 15 38 31"
src="https://github.com/user-attachments/assets/04146ee0-551c-4ff2-9636-bd119b33595a">


After:

<img width="45" alt="Screenshot 2024-07-13 at 15 38 06"
src="https://github.com/user-attachments/assets/1f58fa5a-1289-4e45-83c9-18ca82a5e266">
<img width="39" alt="Screenshot 2024-07-13 at 21 16 56"
src="https://github.com/user-attachments/assets/e12ebe22-b29b-4798-9f0d-4c100f311562">
2024-07-14 23:22:48 +00:00
6543 0f53324182
Add option to change mail from user display name (#31528)
Make it posible to let mails show e.g.:

`Max Musternam (via gitea.kithara.com) <gitea@kithara.com>`

Docs: https://gitea.com/gitea/docs/pulls/23

---
*Sponsored by Kithara Software GmbH*
2024-07-14 23:27:00 +02:00
Lunny Xiao 0d08bb6112
Upgrade xorm to v1.3.9 and improve some migrations Sync (#29899)
Co-authored-by: 6543 <6543@obermui.de>
2024-07-14 17:15:59 -04:00
6543 1064e817c4
Issue Templates: add option to have dropdown printed list (#31577)
Issue template dropdown can have many entries, and it could be better to
have them rendered as list later on if multi-select is enabled.

so this adds an option to the issue template engine to do so.

DOCS: https://gitea.com/gitea/docs/pulls/19

---

## demo:

```yaml
name: Name
title: Title
about: About
labels: ["label1", "label2"]
ref: Ref
body:
  - type: dropdown
    id: id6
    attributes:
      label: Label of dropdown (list)
      description: Description of dropdown
      multiple: true
      list: true
      options:
        - Option 1 of dropdown
        - Option 2 of dropdown
        - Option 3 of dropdown
        - Option 4 of dropdown
        - Option 5 of dropdown
        - Option 6 of dropdown
        - Option 7 of dropdown
        - Option 8 of dropdown
        - Option 9 of dropdown
```


![image](https://github.com/user-attachments/assets/102ed0f4-89da-420b-ab2a-1788b59676f9)

![image](https://github.com/user-attachments/assets/a2bdb14e-43ff-4cc6-9bbe-20244830453c)


---
*Sponsored by Kithara Software GmbH*
2024-07-14 16:38:45 +02:00
6543 957c75bfd2
Fix update flake (#31626) 2024-07-12 16:25:54 +00:00
GiteaBot d73623d526 [skip ci] Updated translations via Crowdin 2024-07-12 00:27:07 +00:00
Sunny Wan 4913edaa70
Display app name in the registration email title (#31562)
I changed the title of the registation email from "Welcome to Gitea" to
"Welcome to (appname)". I did this by substituting 'Gitea' in
register_notify to %s and formating the registration title in mail.go. I
changed this for all the languages I could, but I struggled to changed
the translation file for Farsi. I have attached the screenshots of
before and after and the related issue below.

Related issue:
https://github.com/go-gitea/gitea/issues/31108

Before change:
![Screenshot from 2024-07-04
22-32-17](https://github.com/go-gitea/gitea/assets/94445569/4178b51c-1acc-45f4-9750-dff41564a709)

After:
![Screenshot from 2024-07-04
22-32-01](https://github.com/go-gitea/gitea/assets/94445569/9cd7a58d-c0f5-4a3c-a66c-805c55411eaa)

---------

Signed-off-by: Sunny Wan <Sunnywan2020@gmail.com>
Co-authored-by: 6543 <6543@obermui.de>
2024-07-11 23:23:31 +00:00
techknowlogick fa160b915d
typo on date in security document (#31617) 2024-07-11 21:51:08 +00:00
silverwind a06bbcf0b6
Update JS dependencies (#31616)
Result of `make update-js`. Tested all dependencies. Lockfile diff is
because of https://github.com/npm/cli/pull/7475.
2024-07-11 14:36:02 -04:00
silverwind 228c354b16
Add types for js globals (#31586)
Adds types for `window.config` and jQuery/htmx globals, eliminating 48
`tsc` errors.
2024-07-11 10:20:51 +00:00
Lunny Xiao 1b0ccf4bea
Upgrade security public key (#31594)
Fix #31591
2024-07-10 16:28:22 +00:00
Lunny Xiao 436af472a9
Fix wrong merge on removing docs (#31605) 2024-07-10 15:47:32 +00:00
wxiaoguang 72b6bc8caf
Refactor webhook (#31587)
A more complete fix for #31588

1. Make "generic" code more readable
2. Clarify HTML or Markdown for the payload content
2024-07-10 11:37:16 +00:00
Tobias Balle-Petersen 4ea2a6de81
Fix: Allow org team names of length 255 in create team form (#31564)
Gitea 1.22.1 was supposed to allow for team names of length 255 (up from
30) after the following PR was merged in:
https://github.com/go-gitea/gitea/pull/31410. However, the length of
team names was still limited to 30 as described in this issue:
https://github.com/go-gitea/gitea/issues/31554.

One more change to _gitea_ needs to be made to allow for the longer team
names, as there is a 30 character limit here:
2c92c7c522/services/forms/org.go (L65)

This PR changes that value to 255.
2024-07-10 02:15:17 +00:00
Lunny Xiao af1f0dfcc6
Remove docs sub folder since docs has been moved to https://gitea.com/gitea/docs (#31536) 2024-07-10 01:46:08 +00:00
Kyle D d6f8a60b65
Add bohde as maintainer (#31601)
[4 merged
PRs](https://github.com/go-gitea/gitea/pulls?q=is%3Apr+author%3Abohde+is%3Aclosed)
2024-07-10 08:18:35 +08:00
delvh 7bb3835811
Add `YEAR`, `MONTH`, `MONTH_ENGLISH`, `DAY` variables for template repos (#31584)
Fixes #31583
2024-07-09 18:05:12 +00:00
Rowan Bohde 1ee59f0fa3
Allow disabling authentication related user features (#31535)
We have some instances that only allow using an external authentication
source for authentication. In this case, users changing their email,
password, or linked OpenID connections will not have any effect, and
we'd like to prevent showing that to them to prevent confusion.

Included in this are several changes to support this:
* A new setting to disable user managed authentication credentials
(email, password & OpenID connections)
* A new setting to disable user managed MFA (2FA codes & WebAuthn)
* Fix an issue where some templates had separate logic for determining
if a feature was disabled since it didn't check the globally disabled
features
* Hide more user setting pages in the navbar when their settings aren't
enabled

---------

Co-authored-by: Kyle D <kdumontnu@gmail.com>
2024-07-09 17:36:31 +00:00
silverwind 13015bba5a
Add back esbuild-loader for .js files (#31585)
The build currently seems to work fine without this, but in theory it
should fail because Fomantic is JavaScript. I feel more comfortable
having this loader declared.

Note: I did try using the [combined loader
config](https://github.com/privatenumber/esbuild-loader#-quick-setup)
but when I did that, vue files could not load, so I think this is the
best option.
2024-07-09 09:28:43 +00:00
6543 4696bcb3f7
Use FullName in Emails to address the recipient if possible (#31527)
Before we had just the plain mail address as recipient. But now we
provide additional Information for the Mail clients.

---
*Sponsored by Kithara Software GmbH*
2024-07-08 08:38:45 +00:00
6543 d7c7a78994
Don't show hidden labels when filling out an issue template (#31576)
Related to #31574


---
*Sponsored by Kithara Software GmbH*
2024-07-08 04:31:12 +00:00
GiteaBot 017ea19e5d [skip ci] Updated translations via Crowdin 2024-07-08 00:28:11 +00:00
silverwind 5791a73e75
Convert frontend code to typescript (#31559)
None of the frontend js/ts files was touched besides these two commands
(edit: no longer true, I touched one file in
61105d0618
because of a deprecation that was not showing before the rename).

`tsc` currently reports 778 errors, so I have disabled it in CI as
planned.

Everything appears to work fine.
2024-07-07 15:32:30 +00:00
GiteaBot 5115c278ff [skip ci] Updated translations via Crowdin 2024-07-07 00:29:37 +00:00
GiteaBot 264f74c02a [skip ci] Updated translations via Crowdin 2024-07-06 00:26:24 +00:00
Henry Goodman 12cb1d2998
Allow force push to protected branches (#28086)
Fixes #22722 

### Problem
Currently, it is not possible to force push to a branch with branch
protection rules in place. There are often times where this is necessary
(CI workflows/administrative tasks etc).

The current workaround is to rename/remove the branch protection,
perform the force push, and then reinstate the protections.

### Solution
Provide an additional section in the branch protection rules to allow
users to specify which users with push access can also force push to the
branch. The default value of the rule will be set to `Disabled`, and the
UI is intuitive and very similar to the `Push` section.

It is worth noting in this implementation that allowing force push does
not override regular push access, and both will need to be enabled for a
user to force push.

This applies to manual force push to a remote, and also in Gitea UI
updating a PR by rebase (which requires force push)

This modifies the `BranchProtection` API structs to add:
- `enable_force_push bool`
- `enable_force_push_whitelist bool`
- `force_push_whitelist_usernames string[]`
- `force_push_whitelist_teams string[]`
- `force_push_whitelist_deploy_keys bool`

### Updated Branch Protection UI:

<img width="943" alt="image"
src="https://github.com/go-gitea/gitea/assets/79623665/7491899c-d816-45d5-be84-8512abd156bf">

### Pull Request `Update branch by Rebase` option enabled with source
branch `test` being a protected branch:


![image](https://github.com/go-gitea/gitea/assets/79623665/e018e6e9-b7b2-4bd3-808e-4947d7da35cc)
<img width="1038" alt="image"
src="https://github.com/go-gitea/gitea/assets/79623665/57ead13e-9006-459f-b83c-7079e6f4c654">

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-07-05 18:21:56 +00:00
Anbraten 9c00dda33a
Refactor login page (#31530)
As requested in
https://github.com/go-gitea/gitea/pull/31504#issuecomment-2196196646.
This PR refactor the login page:

![Screenshot from 2024-07-04
19-23-10](https://github.com/go-gitea/gitea/assets/6918444/c45700f4-6747-473c-bdee-2156718a7953)

![Screenshot from 2024-07-04
19-23-21](https://github.com/go-gitea/gitea/assets/6918444/b1bf71cf-85f9-4517-a409-cc6d72e6af8f)

![Screenshot from 2024-06-30
09-35-20](https://github.com/go-gitea/gitea/assets/6918444/728cc37e-0cca-4883-afec-a43663d2c666)


# Changes
- [x] use separate box for passkey login and go to registration
- [x] move forgot passoword next to password label
- [x] fix password required label `*` and padding 
- [x] remove tabs from login page

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-07-05 20:10:09 +03:00
Brecht Van Lommel b88e5fc72d
Fix slow patch checking with commits that add or remove many files (#31548)
Running git update-index for every individual file is slow, so add and
remove everything with a single git command.

When such a big commit lands in the default branch, it could cause PR
creation and patch checking for all open PRs to be slow, or time out
entirely. For example, a commit that removes 1383 files was measured to
take more than 60 seconds and timed out. With this change checking took
about a second.

This is related to #27967, though this will not help with commits that
change many lines in few files.
2024-07-04 18:57:11 +00:00
silverwind 2c92c7c522
Add typescript guideline and typescript-specific eslint plugins and fix issues (#31521)
1. Add some general guidelines how to write our typescript code
2. Add `@typescript-eslint/eslint-plugin`, general typescript rules
3. Add `eslint-plugin-deprecation` to detect deprecated code
4. Fix all new lint issues that came up
2024-07-03 17:48:14 +02:00
silverwind b270b30aeb
Update `golang.org/x/image` to v0.18.0 (#31541)
Result of `go get -u  golang.org/x/image && make tidy`

Fixes: https://github.com/go-gitea/gitea/security/dependabot/67
2024-07-02 15:41:14 -04:00
GiteaBot 3bd87fb170 [skip ci] Updated translations via Crowdin 2024-07-01 00:30:50 +00:00
charles f0033051d5
Fix markdown preview $$ support (#31514)
close #31481

currently `$$A + B$$ test` will ignore text after $$ block

test text

![圖片](https://github.com/go-gitea/gitea/assets/30816317/39b2974b-c0b6-48a0-87d0-5f4a13615eed)

before fix

![圖片](https://github.com/go-gitea/gitea/assets/30816317/15469e4c-474d-4128-b46f-d6cadaafbd68)

after fix

![圖片](https://github.com/go-gitea/gitea/assets/30816317/c1025eef-177f-4ade-988f-510e7039f3f9)

github display

![圖片](https://github.com/go-gitea/gitea/assets/30816317/97cd1e10-ac94-4899-86d8-8e359ef1d694)
2024-06-29 23:23:47 +00:00
Anbraten 91745ae46f
Add Passkey login support (#31504)
closes #22015

After adding a passkey, you can now simply login with it directly by
clicking `Sign in with a passkey`.

![Screenshot from 2024-06-26
12-18-17](https://github.com/go-gitea/gitea/assets/6918444/079013c0-ed70-481c-8497-4427344bcdfc)

Note for testing. You need to run gitea using `https` to get the full
passkeys experience.

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-06-29 22:50:03 +00:00
silverwind 5821d22891
Use stable version of fabric (#31526)
Fabric 6 is [now
stable](https://github.com/fabricjs/fabric.js/releases/tag/v6.0.0-rc5),
use it.
2024-06-29 18:37:18 +03:00
silverwind e82f3caa6b
Always use HTML attributes for avatar size (#31509)
Many avatars were rendered in HTML with certain width/height but then
resized again in CSS. This was pointless so I removed all these cases
and made the HTML size match the previous render size.

Also did a few CSS cleanups in the tribute rendering:

<img width="648" alt="image"
src="https://github.com/go-gitea/gitea/assets/115237/cb2fafb3-5e20-46e9-814f-07df20038beb">
2024-06-28 21:29:15 +00:00
silverwind 08579d6cbb
Add initial typescript config and use it for eslint,vitest,playwright (#31186)
This enables eslint to use the typescript parser and resolver which
brings some benefits that eslint rules now have type information
available and a tsconfig.json is required for the upcoming typescript
migration as well. Notable changes done:

- Add typescript parser and resolver
- Move the vue-specific config into the root file
- Enable `vue-scoped-css/enforce-style-type` rule, there was only one
violation and I added a inline disable there.
- Fix new lint errors that were detected because of the parser change
- Update `i/no-unresolved` to remove now-unnecessary workaround for the
resolver
- Disable `i/no-named-as-default` as it seems to raise bogus issues in
the webpack config
- Change vitest config to typescript
- Change playwright config to typescript
- Add `eslint-plugin-playwright` and fix issues
- Add `tsc` linting to `make lint-js`
2024-06-28 16:15:51 +00:00
Royce Remer df805d6ed0
Support legacy _links LFS batch responses (#31513)
Support legacy _links LFS batch response.

Fixes #31512.

This is backwards-compatible change to the LFS client so that, upon
mirroring from an upstream which has a batch api, it can download
objects whether the responses contain the `_links` field or its
successor the `actions` field. When Gitea must fallback to the legacy
`_links` field a logline is emitted at INFO level which looks like this:
```
...s/lfs/http_client.go:188:performOperation() [I] <LFSPointer ee95d0a27ccdfc7c12516d4f80dcf144a5eaf10d0461d282a7206390635cdbee:160> is using a deprecated batch schema response!
```

I've only run `test-backend` with this code, but added a new test to
cover this case. Additionally I have a fork with this change deployed
which I've confirmed syncs LFS from Gitea<-Artifactory (which has legacy
`_links`) as well as from Gitea<-Gitea (which has the modern `actions`).

Signed-off-by: Royce Remer <royceremer@gmail.com>
2024-06-28 08:42:57 +00:00
silverwind 62b3738968
Fix JS error with disabled attachment and easymde (#31511)
Not sure if this is a regression from
https://github.com/go-gitea/gitea/pull/30513, but when attachments are
disabled, `this.dropzone` is null and the code had failed in
`initEasyMDEPaste` trying to access `dropzoneEl.dropzone`.
2024-06-28 13:59:22 +08:00
charles d655ff18b3
Fix avatar radius problem on the new issue page (#31506)
Close #31502

Related to #31419.

In this PR, the avatar width is set to 3em, but the height is not set,
so the image is not squared.

When object-fit is set to contain, it can't maintain the radius of the
image.

Result:

![圖片](https://github.com/go-gitea/gitea/assets/30816317/bceb98aa-b0f7-4753-bc8b-3b9c41dfd55a)
2024-06-27 14:04:05 +00:00
wxiaoguang c1fe6fbcc3
Make toast support preventDuplicates (#31501)
make preventDuplicates default to true, users get a clear UI feedback
and know that "a new message appears".

Fixes: https://github.com/go-gitea/gitea/issues/26651

---------

Co-authored-by: silverwind <me@silverwind.io>
2024-06-27 13:58:38 +00:00
Tyrone Yeh 9bc5552c11
Improve attachment upload methods (#30513)
* Use dropzone to handle file uploading for all cases, including pasting
and dragging
* Merge duplicate code, use consistent behavior for link generating

Close #20130

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-06-27 09:31:49 +00:00
wxiaoguang 00fc29aee1
Refactor issue label selection (#31497)
Follow #26460
2024-06-26 23:41:59 +00:00
wxiaoguang a88f718c10
Refactor dropzone (#31482)
Refactor the legacy code and remove some jQuery calls.
2024-06-27 01:01:20 +08:00
GiteaBot 35ce7a5e0e [skip ci] Updated translations via Crowdin 2024-06-26 00:26:17 +00:00
Chl b5326a431f
Optimization of labels handling in issue_search (#26460)
This PR enhances the labels handling in issue_search by optimizing the
SQL query and de-duplicate the IDs when generating the query string.

---------

Co-authored-by: techknowlogick <techknowlogick@gitea.com>
2024-06-25 13:09:13 -04:00
CyberFlame 72c66bd479
use correct l10n string (#31487)
Uses the correct string for searching - this is what it looks like prior
to the change:

![image](https://github.com/go-gitea/gitea/assets/24910512/38519825-c347-44d6-85d4-6fa3c71ddb7c)
(observe how the top box has "Search teams" even though collaborator
would be user
2024-06-25 14:54:18 +00:00
Brecht Van Lommel 4af97cf383
Fix overflow menu flickering on mobile (#31484)
The overflow menu button was incorrectly included in the measurement of
the width of the items. As a result, it could get stuck in a loop
alternating between different measurements as the button appears and
disappears.
2024-06-25 10:24:15 -04:00