Template
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo synced 2024-11-24 18:56:11 +01:00
Commit graph

1137 commits

Author SHA1 Message Date
Gusted 618eb8e72a security: add permission check to 'delete branch after merge'
- Add a permission check that the doer has write permissions to the head
repository if the the 'delete branch after merge' is enabled when
merging a pull request.
- Unify the checks in the web and API router to `DeleteBranchAfterMerge`.
- Added integration tests.

(cherry picked from commit 266e0b2ce9)
2024-10-28 06:04:45 +00:00
jutty c2f99a5a1f Fix typo in English locale file
Key settings.wiki_rename_branch_main_notices_2 had a duplicated 'the'.

(cherry picked from commit 5443bca39a)
2024-10-14 21:07:04 +00:00
0ko 932801ae18 i18n(en): fix typo (#5554)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5554
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
(cherry picked from commit 5a21ff8e95)
2024-10-14 05:21:04 +00:00
Otto Richter 1667fece88 i18n: Improve translation strings for webhook events (#5537)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5537
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>
(cherry picked from commit 86bac2c54e)
2024-10-12 15:19:53 +00:00
Otto Richter d2ee58fb2a i18n: Fine tune language for units (#5523)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5523
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Otto Richter <git@otto.splvs.net>
Co-committed-by: Otto Richter <git@otto.splvs.net>
(cherry picked from commit 79a3fe6cc6)
2024-10-11 18:28:59 +00:00
Otto d8c8fa9bae Merge pull request '[v9.0/forgejo] feat: "Assign to me" button on PR and Issues #5215' (#5524) from bp-v9.0/forgejo-2feb3d0 into v9.0/forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5524
Reviewed-by: Otto <otto@codeberg.org>
2024-10-11 12:33:50 +00:00
TimedIn 6d2c29ae85 feat: "assign to me" button on PRs and issues
includes:
Tests for assignees on issues
Move assignees selector of new Issue to assignees.tmpl

(cherry picked from commit 2feb3d03d7)
2024-10-11 01:39:54 +00:00
Kidsan 2c0c6f408e fix: add length limit to discord webhook icon_url
(cherry picked from commit cf3ebab4ba)
2024-10-09 16:07:34 +00:00
voltagex 946a10a8d5 i18n: improve 'Verify' error message, stopgap for #2809 (#5479)
Signed-off-by: Adam Baxter <codeberg@voltagex.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5479
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: voltagex <voltagex@noreply.codeberg.org>
Co-committed-by: voltagex <voltagex@noreply.codeberg.org>
(cherry picked from commit d17db93fbf)
2024-10-07 16:22:06 +00:00
wxiaoguang d26b7902ec Refactor CSRF protector (#32057)
Remove unused CSRF options, decouple "new csrf protector" and "prepare"
logic, do not redirect to home page if CSRF validation falis (it
shouldn't happen in daily usage, if it happens, redirecting to home
doesn't help either but just makes the problem more complex for "fetch")

(cherry picked from commit 1fede04b83288d8a91304a83b7601699bb5cba04)

Conflicts:
	options/locale/locale_en-US.ini
	tests/integration/repo_branch_test.go
  trivial context conflicts
(cherry picked from commit 1ae3b127fc)
2024-09-27 08:13:29 +00:00
Otto Richter dc9a268d3c i18n: UX improvements: Team permissions and issue closing
Change word order for issue comment actions
-  An attempt to address https://codeberg.org/forgejo/forgejo/issues/2650

Org team permissions improvements

- consistency: added missing dot
- clarity: explain what external units mean
- use dedicated keys to explain the permissions.
- split in read/write permissions
- use explicit labels for accessibility
- ext_wiki.desc and ext_issues.desc are no longer in use.
2024-09-24 19:03:30 +02:00
0ko 6c448ae37e fix(email): add missing string for password reset email (#5305)
Fixes https://codeberg.org/forgejo/forgejo/issues/5293.

`mail.reset_password.text` has been deleted unintentionally in 4383da91bd (diff-05e7a0ff464b6cb2ab45b456433c872221d1f06a), however, it is still used in email template: fbbaecf25a/templates/mail/auth/reset_passwd.tmpl (L11)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5305
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
2024-09-12 15:13:15 +00:00
0ko 3f48625560 i18n(*): fix placeholders in dashboard.new_version_hint 2024-09-12 17:52:46 +05:00
Denys Konovalov 8857da871e Remove urls from translations (#31950)
Part of #27700

Removes all URLs from translation strings to easy up changing them in
the future and to exclude people injecting malicious URLs through
translations. First measure as long as #24402 is out of scope.

(cherry picked from commit 83f37f630246e381eefd650fc2d4b1f3976ea882)
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>

Conflicts:
	- options/locale/locale_en-US.ini
	  Resolved by manually applying the URL->%s changes to our translations.
	- routers/web/admin/hooks.go
	  templates/repo/settings/protected_branch.tmpl
	  templates/status/500.tmpl
	  Manually resolved.
	- templates/repo/settings/webhook/settings.tmpl
	  Applied the change to templates/webhook/shared-settings.tmpl
	  instead

Additional changes: Gitea-specific URLs have been replaced by their
Forgejo counterparts, lifted from the original translation text.
2024-09-12 17:28:58 +05:00
Lunny Xiao 32320bbf32 Remove html tags from create tag and branch translation (#31973)
Follow #31950 and Fix the display bug of #31966 .

This will only fix the English version. I will update all these
translation files in crowdin after this merged so that all the languages
can be fixed.

And all these files should be backported together.

This PR remove the bold effect around the name when creating a new tag
or branch.

(cherry picked from commit a366af4b7a067227386184067e203091923b5b10)
2024-09-12 17:28:58 +05:00
0ko 3c00c60b84 i18n(en): remove 15 unused strings 2024-08-27 10:31:35 +05:00
Gusted 1a68d14cf8
[FIX] Don't allow SSH authentication without ssh executable
- Follow up of #4819
- When no `ssh` executable is present, disable the UI and backend bits
that allow the creation of push mirrors that use SSH authentication. As
this feature requires the usage of the `ssh` binary.
- Integration test added.
2024-08-26 08:58:35 +02:00
Gusted 5c2445d643
[SKIP CI] Don't duplicate key
- Follow up #4819.
- It introduces a duplicate key, which is wrong. Move to a unique
translation key to avoid conflicts.
2024-08-25 18:07:22 +02:00
Gusted 5dbacb70f4 Merge pull request 'Allow pushmirror to use publickey authentication' (#4819) from ironmagma/forgejo:publickey-auth-push-mirror into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4819
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-24 16:53:56 +00:00
Otto Richter 00276dfc30 feat(i18n): Branch protection improvements
- adds a header to indicate creating a new rule
  - test that header is different between new and edit form
- consistently avoids colons in the form
- excludes some accessibility checks that require a global solution for
  forms
2024-08-22 22:05:12 +02:00
Philip Peterson 03508b33a8
[FEAT] Allow pushmirror to use publickey authentication
- Continuation of https://github.com/go-gitea/gitea/pull/18835 (by
@Gusted, so it's fine to change copyright holder to Forgejo).
- Add the option to use SSH for push mirrors, this would allow for the
deploy keys feature to be used and not require tokens to be used which
cannot be limited to a specific repository. The private key is stored
encrypted (via the `keying` module) on the database and NEVER given to
the user, to avoid accidental exposure and misuse.
- CAVEAT: This does require the `ssh` binary to be present, which may
not be available in containerized environments, this could be solved by
adding a SSH client into forgejo itself and use the forgejo binary as
SSH command, but should be done in another PR.
- CAVEAT: Mirroring of LFS content is not supported, this would require
the previous stated problem to be solved due to LFS authentication (an
attempt was made at forgejo/forgejo#2544).
- Integration test added.
- Resolves #4416
2024-08-22 17:05:07 +02:00
Gusted a054201e20 Merge pull request 'Fix naming consistency and remove unused strings in teams' (#5052) from 0ko/forgejo:i18n-admin into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5052
Reviewed-by: Otto <otto@codeberg.org>
2024-08-21 14:57:11 +00:00
0ko b65a1312b3 i18n(en): remove unused strings related to team permissions
Added in 72aa5a20ec.
Dropped in cb41f5cae1.
2024-08-21 18:41:07 +05:00
0ko a1c87db46f i18n(en): fix administrator access naming consistency 2024-08-21 18:39:51 +05:00
Otto Richter 83d2b3b7fa Implement CSS-only input toggling, refactor related forms
UX/Translation changes:

- new teams: remove redundant tooltips that don't add meaningful information
  - move general information to table fieldset
- new teams: rename "general" to "custom" access for clarity
- new teams: show labels beside options on mobile

Accessibility:

- semantic form elements allow easier navigation (fieldset, mostly)
- improve better labelling of new teams table
- fix accessibility scan issues
- TODO: the parts that "disable" form elements were not yet touched and
  are not really accessible to screenreaders

Technical:

- replace two JavaScript solutions with one CSS standard
- implement a simpler grid (.simple-grid)
- simplify markup
- remove some webhook settings specific CSS

Testing:

- check more form content for accessibility issues
- but exclude tooltips from the scan :(
- reuse existing form tests from previous PR
2024-08-21 15:03:19 +02:00
Otto Richter 2e9f4cece4 i18n: Improve clarity of confirmation email messages
Fixes https://codeberg.org/forgejo/forgejo/issues/4399
2024-08-16 16:11:18 +02:00
a1012112796 e5f8d144f2
[PORT] Add warning message in merge instructions when AutodetectManualMerge was not enabled (gitea#31805)
---

Conflict resolution: trivial
Things done differently: Improve localization message, use the paragraph
element instead of the div element, fix passing this variable to the
template and add a integration test

(cherry picked from commit 9633f336c87947dc7d2a5e76077a10699ba5e50d)
2024-08-11 19:15:37 +02:00
Panagiotis "Ivory" Vasilopoulos 57a2b99b3c feat(i18n): make the test string more fun :D 2024-08-09 21:51:07 +02:00
0ko bad3b32037 feat(i18n): allow different translations of creation links and titles (#4829)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4829
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-07 16:54:05 +00:00
Gusted 7faea490fc Merge pull request '[UI] Do not include trailing EOL character when counting lines' (#4835) from gusted/forgejo-num-lines into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4835
Reviewed-by: Caesar Schinas <caesar@caesarschinas.com>
Reviewed-by: Otto <otto@codeberg.org>
2024-08-06 12:23:24 +00:00
Earl Warren 517637137c Merge pull request '[gitea] week 2024-32 cherry pick (gitea/main -> forgejo)' (#4801) from earl-warren/wcp/2024-32 into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4801
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-08-06 05:47:20 +00:00
Gusted 5cf976739c
[UI] Do not include trailing EOL character when counting lines
- Adjust the counting of the number of lines of a file to match the
amount of rendered lines. This simply means that a file with the content
of `a\n` will be shown as having `1 line` rather than `2 lines`. This
matches with the amount of lines that are being rendered (the last empty
line is never rendered) and matches more with the expecation of the
user (a trailing EOL is a technical detail).
- In the case there's no EOL, the reason why it was counting
'incorrectly' was to show if there was a trailing EOL or not, but now
text is shown to tell the user this.
- Integration test added.
- Resolves Codeberg/Community#1612
2024-08-06 04:36:57 +02:00
0ko 7c74def6ff i18n(en): remove unused strings (#4805)
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4805
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-08-05 05:54:29 +00:00
Jason Song 0c40cff9a4
Clear up old Actions logs (#31735)
Part of #24256.

Clear up old action logs to free up storage space.

Users will see a message indicating that the log has been cleared if
they view old tasks.

<img width="1361" alt="image"
src="https://github.com/user-attachments/assets/9f0f3a3a-bc5a-402f-90ca-49282d196c22">

Docs: https://gitea.com/gitea/docs/pulls/40

---------

Co-authored-by: silverwind <me@silverwind.io>
(cherry picked from commit 687c1182482ad9443a5911c068b317a91c91d586)

Conflicts:
	custom/conf/app.example.ini
	routers/web/repo/actions/view.go
  trivial context conflict
2024-08-04 18:24:10 +02:00
Jason Song 51f414d466
Improve names of cron jobs for Actions (#31736)
Before:

<img width="1641" alt="image"
src="https://github.com/user-attachments/assets/60fa3f3e-cf19-4903-b080-616aef28057b">

After:

<img width="1674" alt="image"
src="https://github.com/user-attachments/assets/b04fd01e-838d-45c3-9655-cb39a2f7d1f2">

(cherry picked from commit 9ac57c957f9dc88b1394008d6efb79f29a4c3396)

Conflicts:
	options/locale/locale_en-US.ini
  trivial context conflict
2024-08-04 18:23:54 +02:00
yp05327 c784a58740
Fix the display of project type for deleted projects (#31732)
Fix: #31727
After:

![image](https://github.com/user-attachments/assets/1dfb4b31-3bd6-47f7-b126-650f33f453e2)

(cherry picked from commit 75d0b61546e00390afdd850149de525dd64336a5)

Conflicts:
	options/locale/locale_en-US.ini
  trivial conflict & fix excessive uppercase to unify with the other translations
2024-08-04 10:14:34 +02:00
Exploding Dragon f17194ca91 Arch packages implementation (#4785)
This PR is from https://github.com/go-gitea/gitea/pull/31037

This PR was originally created by @d1nch8g , and the original source code comes from https://ion.lc/core/gitea.

This PR adds a package registry for [Arch Linux](https://archlinux.org/) packages with support for package files, [signatures](https://wiki.archlinux.org/title/Pacman/Package_signing), and automatic [pacman-database](https://archlinux.org/pacman/repo-add.8.html) management.

Features:

1. Push any ` tar.zst ` package and Gitea sign it.
2. Delete endpoint for specific package version and all related files
3. Supports trust levels with `SigLevel = Required`.
4. Package UI with instructions to connect to the new pacman database and visualised package metadata

![](/attachments/810ca6df-bd20-44c2-bdf7-95e94886d750)

You can follow [this tutorial](https://wiki.archlinux.org/title/Creating_packages) to build a *.pkg.tar.zst package for testing

docs pr: https://codeberg.org/forgejo/docs/pulls/791

Co-authored-by: d1nch8g@ion.lc
Co-authored-by: @KN4CK3R
Co-authored-by: @mahlzahn
Co-authored-by: @silverwind
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4785
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Exploding Dragon <explodingfkl@gmail.com>
Co-committed-by: Exploding Dragon <explodingfkl@gmail.com>
2024-08-04 06:16:29 +00:00
0ko 22d3659803 i18n(en): remove unused string admin.auths.enable_auto_register (#4797)
Introduced in d2aff9a46a.
Removed in cd37fccdfb.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4797
Reviewed-by: Otto <otto@codeberg.org>
2024-08-04 03:09:02 +00:00
Gergely Nagy 67fa52dedb
feat(quota): Quota enforcement
The previous commit laid out the foundation of the quota engine, this
one builds on top of it, and implements the actual enforcement.

Enforcement happens at the route decoration level, whenever possible. In
case of the API, when over quota, a 413 error is returned, with an
appropriate JSON payload. In case of web routes, a 413 HTML page is
rendered with similar information.

This implementation is for a **soft quota**: quota usage is checked
before an operation is to be performed, and the operation is *only*
denied if the user is already over quota. This makes it possible to go
over quota, but has the significant advantage of being practically
implementable within the current Forgejo architecture.

The goal of enforcement is to deny actions that can make the user go
over quota, and allow the rest. As such, deleting things should - in
almost all cases - be possible. A prime exemption is deleting files via
the web ui: that creates a new commit, which in turn increases repo
size, thus, is denied if the user is over quota.

Limitations
-----------

Because we generally work at a route decorator level, and rarely
look *into* the operation itself, `size:repos:public` and
`size:repos:private` are not enforced at this level, the engine enforces
against `size:repos:all`. This will be improved in the future.

AGit does not play very well with this system, because AGit PRs count
toward the repo they're opened against, while in the GitHub-style fork +
pull model, it counts against the fork. This too, can be improved in the
future.

There's very little done on the UI side to guard against going over
quota. What this patch implements, is enforcement, not prevention. The
UI will still let you *try* operations that *will* result in a denial.

Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-08-02 11:10:34 +02:00
Robert Wolff 2795f5bc0e feat(UI): fix links, add labels for releases on repo activity page 2024-08-02 07:56:03 +02:00
Earl Warren 94933470cd Merge pull request 'Implement external release assets' (#1445) from maltejur/forgejo:forgejo-external-attachments into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/1445
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
2024-07-30 15:50:57 +00:00
Malte Jürgens a61e7c7a39
Implement external assets 2024-07-29 20:35:55 +02:00
yp05327 d0e52fd641
Support delete user email in admin panel (#31690)
![QQ_1721784609320](https://github.com/user-attachments/assets/23f08bf3-93f4-44d7-963d-10380ef8c1f1)

![QQ_1721784616403](https://github.com/user-attachments/assets/667cbd1e-5e21-4489-8d18-2a7be85190db)

![QQ_1721784626722](https://github.com/user-attachments/assets/495beb94-dfa2-481c-aa60-d5115cad1ae1)

---------

Co-authored-by: Jason Song <i@wolfogre.com>
(cherry picked from commit cc044818c33ff066c4e5869c9e75de9707def6ed)
2024-07-28 09:00:29 +02:00
Gusted 4c40bf5d29 Merge pull request '[SEC] Notify owner about TOTP enrollment' (#4704) from gusted/sec-more-totp into forgejo
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4704
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
2024-07-27 20:53:47 +00:00
0ko dac78913aa i18n(en): new repo form: remove full stops from placeholders, clarify labels (#4709)
Just a small PR fixing some lines.

* removed full stop from placeholders, they were placed inconsistent and it doesn't really makes sense to have them in placeholders. It's usually either no full stop or ellipsis.
* s/Issue labels/Labels - obviously labels aren't used just for issues

That's about it. I may or may not send other improvements for this page later, this is just a simple PR that doesn't need testing.

Preview: https://codeberg.org/attachments/f7040bb4-9749-4cd2-9953-289e1103ea3e

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4709
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2024-07-27 13:18:40 +00:00
Gusted a7e96aae66
[SEC] Notify owner about TOTP enrollment
- In the spirit of #4635
- Notify the owner when their account is getting enrolled into TOTP. The
message is changed according if they have security keys or not.
- Integration test added.
2024-07-26 19:49:22 +02:00
Gusted 76759715d2
[I18N] Remove unneeded translation
- This key isn't used, I added this on accident (likely bad copy-paste).
- Regression of #4635
2024-07-25 17:04:23 +02:00
Robert Wolff 0a74c95b2a fix(ui): use right placeholder string in milestones search (#4628)
This PR fixes a wrong placeholder for the search for milestones. I tested it locally (see attachments, below).

Before: https://codeberg.org/attachments/ba845ce1-1f20-4131-a74d-7220986a4acf
After: https://codeberg.org/attachments/0c4e32ee-b1a8-4472-837d-daa2a2a50121

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/4628
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Robert Wolff <mahlzahn@posteo.de>
Co-committed-by: Robert Wolff <mahlzahn@posteo.de>
2024-07-25 03:33:44 +00:00
Gusted 4383da91bd
[SECURITY] Notify users about account security changes
- Currently if the password, primary mail, TOTP or security keys are
changed, no notification is made of that and makes compromising an
account a bit easier as it's essentially undetectable until the original
person tries to log in. Although other changes should be made as
well (re-authing before allowing a password change), this should go a
long way of improving the account security in Forgejo.
- Adds a mail notification for password and primary mail changes. For
the primary mail change, a mail notification is sent to the old primary
mail.
- Add a mail notification when TOTP or a security keys is removed, if no
other 2FA method is configured the mail will also contain that 2FA is
no longer needed to log into their account.
- `MakeEmailAddressPrimary` is refactored to the user service package,
as it now involves calling the mailer service.
- Unit tests added.
- Integration tests added.
2024-07-23 18:31:47 +02:00
Bartlomiej Komendarczuk 5e8a830505
[PORT] Added default sorting milestones by name (gitea#27084)
Resolves https://github.com/go-gitea/gitea/issues/26996
Added default sorting for milestones by name.

Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>

---

Conflict resolution: trivial, was due to the improvement made to 'the due
date sorting' strings.

(cherry picked from commit e8d4b7a8b198eca3b0bd117efb422d7d7cac93fe)
2024-07-22 14:55:58 +02:00