From 19869d1c11462294c828bc126bf006103239e397 Mon Sep 17 00:00:00 2001 From: morphelinho Date: Fri, 22 Dec 2023 13:23:24 +0100 Subject: [PATCH 01/11] Fix 405 method not allowed CORS / OIDC (#28583) Follow #28184 Follow #28515 Fix problem with 405 method not allowed for CORS wrt OIDC --- routers/web/web.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/routers/web/web.go b/routers/web/web.go index db0588056b531..359b608c71e72 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -532,9 +532,11 @@ func registerRoutes(m *web.Route) { // TODO manage redirection m.Post("/authorize", web.Bind(forms.AuthorizationForm{}), auth.AuthorizeOAuth) }, ignSignInAndCsrf, reqSignIn) + m.Options("/login/oauth/userinfo", CorsHandler(), misc.DummyBadRequest) m.Get("/login/oauth/userinfo", ignSignInAndCsrf, auth.InfoOAuth) m.Options("/login/oauth/access_token", CorsHandler(), misc.DummyBadRequest) m.Post("/login/oauth/access_token", CorsHandler(), web.Bind(forms.AccessTokenForm{}), ignSignInAndCsrf, auth.AccessTokenOAuth) + m.Options("/login/oauth/keys", CorsHandler(), misc.DummyBadRequest) m.Get("/login/oauth/keys", ignSignInAndCsrf, auth.OIDCKeys) m.Options("/login/oauth/introspect", CorsHandler(), misc.DummyBadRequest) m.Post("/login/oauth/introspect", CorsHandler(), web.Bind(forms.IntrospectTokenForm{}), ignSignInAndCsrf, auth.IntrospectOAuth) From 907c97aabbe6fdfa5669ef2b2978f2d217cf0210 Mon Sep 17 00:00:00 2001 From: Zettat123 Date: Fri, 22 Dec 2023 21:29:50 +0800 Subject: [PATCH 02/11] Fix `status_check_contexts` matching bug (#28582) Fix #28570 Follow #24633 --- Copied from https://github.com/go-gitea/gitea/issues/28570#issuecomment-1867327999 The feature introduced in #24633 should be compatible with `status_check_contexts`. However, if one or more of `status_check_contexts` is not a legal glob expressions, `glob.Compile` will fail and the contexts cannot match. https://github.com/go-gitea/gitea/blob/21229ed2c8ed00f57100adf9ebc5f4a08da9a66e/routers/web/repo/pull.go#L653-L663 --- routers/web/repo/pull.go | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go index ec109ed665c4e..39f9cefa5c669 100644 --- a/routers/web/repo/pull.go +++ b/routers/web/repo/pull.go @@ -653,7 +653,15 @@ func PrepareViewPullInfo(ctx *context.Context, issue *issues_model.Issue) *git.C if pb != nil && pb.EnableStatusCheck { ctx.Data["is_context_required"] = func(context string) bool { for _, c := range pb.StatusCheckContexts { - if gp, err := glob.Compile(c); err == nil && gp.Match(context) { + if c == context { + return true + } + if gp, err := glob.Compile(c); err != nil { + // All newly created status_check_contexts are checked to ensure they are valid glob expressions before being stored in the database. + // But some old status_check_context created before glob was introduced may be invalid glob expressions. + // So log the error here for debugging. + log.Error("compile glob %q: %v", c, err) + } else if gp.Match(context) { return true } } From d9ed931c4d7ad3649a84913daf81ec252bbbaba1 Mon Sep 17 00:00:00 2001 From: Yarden Shoham Date: Fri, 22 Dec 2023 18:53:12 +0200 Subject: [PATCH 03/11] Fix wrong due date rendering in issue list page (#28588) It included the hours, minutes, and seconds. By removing these, the date renders correctly. Signed-off-by: Yarden Shoham --- templates/shared/issuelist.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/shared/issuelist.tmpl b/templates/shared/issuelist.tmpl index 7fd1f4e0f8d07..4fea93be3c627 100644 --- a/templates/shared/issuelist.tmpl +++ b/templates/shared/issuelist.tmpl @@ -114,7 +114,7 @@ {{svg "octicon-calendar" 14}} - {{DateTime "short" .DeadlineUnix}} + {{DateTime "short" (.DeadlineUnix.Format "2006-01-02")}} {{end}} From 33439b733a4f69640350b9cda370963ebe9d1e0a Mon Sep 17 00:00:00 2001 From: Kyle D Date: Fri, 22 Dec 2023 22:29:51 -0500 Subject: [PATCH 04/11] Disable query token param in integration tests (#28592) Follow up to https://github.com/go-gitea/gitea/pull/28484, this PR enables the setting for integration tests and migrates a few additional test queries. --- tests/integration/api_issue_test.go | 55 +++++++++++----------- tests/integration/api_releases_test.go | 3 +- tests/integration/api_repo_archive_test.go | 12 ++--- tests/integration/api_repo_branch_test.go | 23 ++++----- tests/mssql.ini.tmpl | 1 + tests/mysql.ini.tmpl | 1 + tests/pgsql.ini.tmpl | 1 + tests/sqlite.ini.tmpl | 1 + 8 files changed, 45 insertions(+), 52 deletions(-) diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go index dcccafb0f29b3..f02580686867b 100644 --- a/tests/integration/api_issue_test.go +++ b/tests/integration/api_issue_test.go @@ -216,8 +216,6 @@ func TestAPIEditIssue(t *testing.T) { func TestAPISearchIssues(t *testing.T) { defer tests.PrepareTestEnv(t)() - token := getUserToken(t, "user2", auth_model.AccessTokenScopeReadIssue) - // as this API was used in the frontend, it uses UI page size expectedIssueCount := 18 // from the fixtures if expectedIssueCount > setting.UI.IssuePagingNum { @@ -225,11 +223,12 @@ func TestAPISearchIssues(t *testing.T) { } link, _ := url.Parse("/api/v1/repos/issues/search") - query := url.Values{"token": {getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue)}} + token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue) + query := url.Values{} var apiIssues []*api.Issue link.RawQuery = query.Encode() - req := NewRequest(t, "GET", link.String()) + req := NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp := MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, expectedIssueCount) @@ -238,9 +237,8 @@ func TestAPISearchIssues(t *testing.T) { before := time.Unix(999307200, 0).Format(time.RFC3339) query.Add("since", since) query.Add("before", before) - query.Add("token", token) link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 11) @@ -249,14 +247,14 @@ func TestAPISearchIssues(t *testing.T) { query.Add("state", "closed") link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 2) query.Set("state", "all") link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.EqualValues(t, "20", resp.Header().Get("X-Total-Count")) @@ -264,50 +262,50 @@ func TestAPISearchIssues(t *testing.T) { query.Add("limit", "10") link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.EqualValues(t, "20", resp.Header().Get("X-Total-Count")) assert.Len(t, apiIssues, 10) - query = url.Values{"assigned": {"true"}, "state": {"all"}, "token": {token}} + query = url.Values{"assigned": {"true"}, "state": {"all"}} link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 2) - query = url.Values{"milestones": {"milestone1"}, "state": {"all"}, "token": {token}} + query = url.Values{"milestones": {"milestone1"}, "state": {"all"}} link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 1) - query = url.Values{"milestones": {"milestone1,milestone3"}, "state": {"all"}, "token": {token}} + query = url.Values{"milestones": {"milestone1,milestone3"}, "state": {"all"}} link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 2) - query = url.Values{"owner": {"user2"}, "token": {token}} // user + query = url.Values{"owner": {"user2"}} // user link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 8) - query = url.Values{"owner": {"org3"}, "token": {token}} // organization + query = url.Values{"owner": {"org3"}} // organization link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 5) - query = url.Values{"owner": {"org3"}, "team": {"team1"}, "token": {token}} // organization + team + query = url.Values{"owner": {"org3"}, "team": {"team1"}} // organization + team link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 2) @@ -323,18 +321,19 @@ func TestAPISearchIssuesWithLabels(t *testing.T) { } link, _ := url.Parse("/api/v1/repos/issues/search") - query := url.Values{"token": {getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue)}} + token := getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue) + query := url.Values{} var apiIssues []*api.Issue link.RawQuery = query.Encode() - req := NewRequest(t, "GET", link.String()) + req := NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp := MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, expectedIssueCount) query.Add("labels", "label1") link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 2) @@ -342,7 +341,7 @@ func TestAPISearchIssuesWithLabels(t *testing.T) { // multiple labels query.Set("labels", "label1,label2") link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 2) @@ -350,7 +349,7 @@ func TestAPISearchIssuesWithLabels(t *testing.T) { // an org label query.Set("labels", "orglabel4") link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 1) @@ -359,7 +358,7 @@ func TestAPISearchIssuesWithLabels(t *testing.T) { query.Set("labels", "label2,orglabel4") query.Add("state", "all") link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 2) @@ -367,7 +366,7 @@ func TestAPISearchIssuesWithLabels(t *testing.T) { // org and repo label which share the same issue query.Set("labels", "label1,orglabel4") link.RawQuery = query.Encode() - req = NewRequest(t, "GET", link.String()) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, 2) diff --git a/tests/integration/api_releases_test.go b/tests/integration/api_releases_test.go index 6ec3fcc4b8b11..e070bd05b5a42 100644 --- a/tests/integration/api_releases_test.go +++ b/tests/integration/api_releases_test.go @@ -32,8 +32,7 @@ func TestAPIListReleases(t *testing.T) { token := getUserToken(t, user2.LowerName, auth_model.AccessTokenScopeReadRepository) link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/releases", user2.Name, repo.Name)) - link.RawQuery = url.Values{"token": {token}}.Encode() - resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK) + resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK) var apiReleases []*api.Release DecodeJSON(t, resp, &apiReleases) if assert.Len(t, apiReleases, 3) { diff --git a/tests/integration/api_repo_archive_test.go b/tests/integration/api_repo_archive_test.go index 5d1db1b09b785..57d3abfe8404d 100644 --- a/tests/integration/api_repo_archive_test.go +++ b/tests/integration/api_repo_archive_test.go @@ -28,27 +28,23 @@ func TestAPIDownloadArchive(t *testing.T) { token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadRepository) link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master.zip", user2.Name, repo.Name)) - link.RawQuery = url.Values{"token": {token}}.Encode() - resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK) + resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK) bs, err := io.ReadAll(resp.Body) assert.NoError(t, err) assert.Len(t, bs, 320) link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master.tar.gz", user2.Name, repo.Name)) - link.RawQuery = url.Values{"token": {token}}.Encode() - resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK) + resp = MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK) bs, err = io.ReadAll(resp.Body) assert.NoError(t, err) assert.Len(t, bs, 266) link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master.bundle", user2.Name, repo.Name)) - link.RawQuery = url.Values{"token": {token}}.Encode() - resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK) + resp = MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK) bs, err = io.ReadAll(resp.Body) assert.NoError(t, err) assert.Len(t, bs, 382) link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/archive/master", user2.Name, repo.Name)) - link.RawQuery = url.Values{"token": {token}}.Encode() - MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusBadRequest) + MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusBadRequest) } diff --git a/tests/integration/api_repo_branch_test.go b/tests/integration/api_repo_branch_test.go index 852c666c34cad..b0ac2286c9426 100644 --- a/tests/integration/api_repo_branch_test.go +++ b/tests/integration/api_repo_branch_test.go @@ -31,8 +31,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) { token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository) link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches", repo3.Name)) // a plain repo - link.RawQuery = url.Values{"token": {token}}.Encode() - resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK) + resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK) bs, err := io.ReadAll(resp.Body) assert.NoError(t, err) @@ -43,15 +42,14 @@ func TestAPIRepoBranchesPlain(t *testing.T) { assert.EqualValues(t, "master", branches[1].Name) link2, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch", repo3.Name)) - link2.RawQuery = url.Values{"token": {token}}.Encode() - resp = MakeRequest(t, NewRequest(t, "GET", link2.String()), http.StatusOK) + resp = MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(token), http.StatusOK) bs, err = io.ReadAll(resp.Body) assert.NoError(t, err) var branch api.Branch assert.NoError(t, json.Unmarshal(bs, &branch)) assert.EqualValues(t, "test_branch", branch.Name) - req := NewRequest(t, "POST", link.String()) + req := NewRequest(t, "POST", link.String()).AddTokenAuth(token) req.Header.Add("Content-Type", "application/json") req.Body = io.NopCloser(bytes.NewBufferString(`{"new_branch_name":"test_branch2", "old_branch_name": "test_branch", "old_ref_name":"refs/heads/test_branch"}`)) resp = MakeRequest(t, req, http.StatusCreated) @@ -62,7 +60,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) { assert.EqualValues(t, "test_branch2", branch2.Name) assert.EqualValues(t, branch.Commit.ID, branch2.Commit.ID) - resp = MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK) + resp = MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK) bs, err = io.ReadAll(resp.Body) assert.NoError(t, err) @@ -76,8 +74,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) { link3, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch2", repo3.Name)) MakeRequest(t, NewRequest(t, "DELETE", link3.String()), http.StatusNotFound) - link3.RawQuery = url.Values{"token": {token}}.Encode() - MakeRequest(t, NewRequest(t, "DELETE", link3.String()), http.StatusNoContent) + MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(token), http.StatusNoContent) assert.NoError(t, err) }) } @@ -91,8 +88,7 @@ func TestAPIRepoBranchesMirror(t *testing.T) { token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository) link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches", repo5.Name)) // a mirror repo - link.RawQuery = url.Values{"token": {token}}.Encode() - resp := MakeRequest(t, NewRequest(t, "GET", link.String()), http.StatusOK) + resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK) bs, err := io.ReadAll(resp.Body) assert.NoError(t, err) @@ -103,15 +99,14 @@ func TestAPIRepoBranchesMirror(t *testing.T) { assert.EqualValues(t, "master", branches[1].Name) link2, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch", repo5.Name)) - link2.RawQuery = url.Values{"token": {token}}.Encode() - resp = MakeRequest(t, NewRequest(t, "GET", link2.String()), http.StatusOK) + resp = MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(token), http.StatusOK) bs, err = io.ReadAll(resp.Body) assert.NoError(t, err) var branch api.Branch assert.NoError(t, json.Unmarshal(bs, &branch)) assert.EqualValues(t, "test_branch", branch.Name) - req := NewRequest(t, "POST", link.String()) + req := NewRequest(t, "POST", link.String()).AddTokenAuth(token) req.Header.Add("Content-Type", "application/json") req.Body = io.NopCloser(bytes.NewBufferString(`{"new_branch_name":"test_branch2", "old_branch_name": "test_branch", "old_ref_name":"refs/heads/test_branch"}`)) resp = MakeRequest(t, req, http.StatusForbidden) @@ -119,7 +114,7 @@ func TestAPIRepoBranchesMirror(t *testing.T) { assert.NoError(t, err) assert.EqualValues(t, "{\"message\":\"Git Repository is a mirror.\",\"url\":\""+setting.AppURL+"api/swagger\"}\n", string(bs)) - resp = MakeRequest(t, NewRequest(t, "DELETE", link2.String()), http.StatusForbidden) + resp = MakeRequest(t, NewRequest(t, "DELETE", link2.String()).AddTokenAuth(token), http.StatusForbidden) bs, err = io.ReadAll(resp.Body) assert.NoError(t, err) assert.EqualValues(t, "{\"message\":\"Git Repository is a mirror.\",\"url\":\""+setting.AppURL+"api/swagger\"}\n", string(bs)) diff --git a/tests/mssql.ini.tmpl b/tests/mssql.ini.tmpl index 3cd64ec5cb8ca..07997f62edfed 100644 --- a/tests/mssql.ini.tmpl +++ b/tests/mssql.ini.tmpl @@ -100,6 +100,7 @@ DISABLE_GIT_HOOKS = false INSTALL_LOCK = true SECRET_KEY = 9pCviYTWSb INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTU1NTE2MTh9.hhSVGOANkaKk3vfCd2jDOIww4pUk0xtg9JRde5UogyQ +DISABLE_QUERY_AUTH_TOKEN = true [lfs] PATH = tests/{{TEST_TYPE}}/gitea-{{TEST_TYPE}}-mssql/data/lfs diff --git a/tests/mysql.ini.tmpl b/tests/mysql.ini.tmpl index 2f890e67eb926..0fddde46de69e 100644 --- a/tests/mysql.ini.tmpl +++ b/tests/mysql.ini.tmpl @@ -98,6 +98,7 @@ DISABLE_GIT_HOOKS = false INSTALL_LOCK = true SECRET_KEY = 9pCviYTWSb INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTU1NTE2MTh9.hhSVGOANkaKk3vfCd2jDOIww4pUk0xtg9JRde5UogyQ +DISABLE_QUERY_AUTH_TOKEN = true [lfs] PATH = tests/{{TEST_TYPE}}/gitea-{{TEST_TYPE}}-mysql/data/lfs diff --git a/tests/pgsql.ini.tmpl b/tests/pgsql.ini.tmpl index a1679cad6a6e9..486cfc945c1aa 100644 --- a/tests/pgsql.ini.tmpl +++ b/tests/pgsql.ini.tmpl @@ -101,6 +101,7 @@ DISABLE_GIT_HOOKS = false INSTALL_LOCK = true SECRET_KEY = 9pCviYTWSb INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTU1NTE2MTh9.hhSVGOANkaKk3vfCd2jDOIww4pUk0xtg9JRde5UogyQ +DISABLE_QUERY_AUTH_TOKEN = true [lfs] MINIO_BASE_PATH = lfs/ diff --git a/tests/sqlite.ini.tmpl b/tests/sqlite.ini.tmpl index 74e1957113150..1cbcd8b2e591a 100644 --- a/tests/sqlite.ini.tmpl +++ b/tests/sqlite.ini.tmpl @@ -97,6 +97,7 @@ DISABLE_GIT_HOOKS = false INSTALL_LOCK = true SECRET_KEY = 9pCviYTWSb INTERNAL_TOKEN = eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJuYmYiOjE0OTI3OTU5ODN9.OQkH5UmzID2XBdwQ9TAI6Jj2t1X-wElVTjbE7aoN4I8 +DISABLE_QUERY_AUTH_TOKEN = true [oauth2] JWT_SECRET = KZb_QLUd4fYVyxetjxC4eZkrBgWM2SndOOWDNtgUUko From 330aab47b3e4d777a6e5a3f05351ceab92ee5562 Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sun, 24 Dec 2023 03:06:02 +0800 Subject: [PATCH 05/11] Include heap pprof in diagnosis report to help debugging memory leaks (#28596) --- routers/web/admin/diagnosis.go | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/routers/web/admin/diagnosis.go b/routers/web/admin/diagnosis.go index 5637894e6de25..2d550125d550c 100644 --- a/routers/web/admin/diagnosis.go +++ b/routers/web/admin/diagnosis.go @@ -58,4 +58,11 @@ func MonitorDiagnosis(ctx *context.Context) { return } _ = pprof.Lookup("goroutine").WriteTo(f, 1) + + f, err = zipWriter.CreateHeader(&zip.FileHeader{Name: "heap.dat", Method: zip.Deflate, Modified: time.Now()}) + if err != nil { + ctx.ServerError("Failed to create zip file", err) + return + } + _ = pprof.Lookup("heap").WriteTo(f, 0) } From a1d2a152f832e76db7d08803c7e0236289f7ade0 Mon Sep 17 00:00:00 2001 From: techknowlogick Date: Sat, 23 Dec 2023 16:04:58 -0500 Subject: [PATCH 06/11] bump to use alpine3.19 (#28594) --- Dockerfile | 4 ++-- Dockerfile.rootless | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 5fe8df91268b8..325b0255dfcf8 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # Build stage -FROM docker.io/library/golang:1.21-alpine3.18 AS build-env +FROM docker.io/library/golang:1.21-alpine3.19 AS build-env ARG GOPROXY ENV GOPROXY ${GOPROXY:-direct} @@ -41,7 +41,7 @@ RUN chmod 755 /tmp/local/usr/bin/entrypoint \ /go/src/code.gitea.io/gitea/environment-to-ini RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete -FROM docker.io/library/alpine:3.18 +FROM docker.io/library/alpine:3.19 LABEL maintainer="maintainers@gitea.io" EXPOSE 22 3000 diff --git a/Dockerfile.rootless b/Dockerfile.rootless index 5ea4d2fc75190..6f27c698aceae 100644 --- a/Dockerfile.rootless +++ b/Dockerfile.rootless @@ -1,5 +1,5 @@ # Build stage -FROM docker.io/library/golang:1.21-alpine3.18 AS build-env +FROM docker.io/library/golang:1.21-alpine3.19 AS build-env ARG GOPROXY ENV GOPROXY ${GOPROXY:-direct} @@ -39,7 +39,7 @@ RUN chmod 755 /tmp/local/usr/local/bin/docker-entrypoint.sh \ /go/src/code.gitea.io/gitea/environment-to-ini RUN chmod 644 /go/src/code.gitea.io/gitea/contrib/autocompletion/bash_autocomplete -FROM docker.io/library/alpine:3.18 +FROM docker.io/library/alpine:3.19 LABEL maintainer="maintainers@gitea.io" EXPOSE 2222 3000 From 8a71f7280a1136b19e5390716d7f8c43bed460cc Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sun, 24 Dec 2023 13:08:41 +0800 Subject: [PATCH 07/11] Fix the scroll behavior for emoji/mention list (#28597) Fix #28595 by https://github.com/github/combobox-nav/pull/79 (combobox-nav v2.3.1) --- package-lock.json | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/package-lock.json b/package-lock.json index 5a49efee23e8c..5b62bd13a8105 100644 --- a/package-lock.json +++ b/package-lock.json @@ -996,9 +996,9 @@ } }, "node_modules/@github/combobox-nav": { - "version": "2.3.0", - "resolved": "https://registry.npmjs.org/@github/combobox-nav/-/combobox-nav-2.3.0.tgz", - "integrity": "sha512-5CX03DbsLZ41dX5hKHyQKtg133U6lruX4TD9G0Zs4W8BpWy7lN8DJ6TYaeZN/V7x8K34coaqNYk/Y5ic7stfkg==" + "version": "2.3.1", + "resolved": "https://registry.npmjs.org/@github/combobox-nav/-/combobox-nav-2.3.1.tgz", + "integrity": "sha512-gwxPzLw8XKecy1nP63i9lOBritS3bWmxl02UX6G0TwMQZbMem1BCS1tEZgYd3mkrkiDrUMWaX+DbFCuDFo3K+A==" }, "node_modules/@github/markdown-toolbar-element": { "version": "2.2.1", From 8989d466ed4e3ebf60aaf6fe0e237699a93b70ee Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Sun, 24 Dec 2023 22:39:02 +0800 Subject: [PATCH 08/11] Fix flex container width (#28603) Fix #28489 --- web_src/css/modules/flexcontainer.css | 1 + 1 file changed, 1 insertion(+) diff --git a/web_src/css/modules/flexcontainer.css b/web_src/css/modules/flexcontainer.css index 1721f14b2cafb..0b559f1e7d32e 100644 --- a/web_src/css/modules/flexcontainer.css +++ b/web_src/css/modules/flexcontainer.css @@ -11,6 +11,7 @@ .flex-container-main { flex: 1; + min-width: 0; /* make the "text truncate" work, otherwise the flex axis is not limited and the text just overflows */ } @media (max-width: 767.98px) { From 7396e3618d61bfd68853fce6edd74200efe23d9b Mon Sep 17 00:00:00 2001 From: GiteaBot Date: Mon, 25 Dec 2023 00:25:23 +0000 Subject: [PATCH 09/11] [skip ci] Updated licenses and gitignores --- options/license/FSFAP-no-warranty-disclaimer | 5 +++++ options/license/HPND-Kevlin-Henney | 10 ++++++++++ 2 files changed, 15 insertions(+) create mode 100644 options/license/FSFAP-no-warranty-disclaimer create mode 100644 options/license/HPND-Kevlin-Henney diff --git a/options/license/FSFAP-no-warranty-disclaimer b/options/license/FSFAP-no-warranty-disclaimer new file mode 100644 index 0000000000000..2cc8a93320183 --- /dev/null +++ b/options/license/FSFAP-no-warranty-disclaimer @@ -0,0 +1,5 @@ +Copyright (C) 2008 Micah J. Cowan + +Copying and distribution of this file, with or without modification, +are permitted in any medium without royalty provided the copyright +notice and this notice are preserved. diff --git a/options/license/HPND-Kevlin-Henney b/options/license/HPND-Kevlin-Henney new file mode 100644 index 0000000000000..ddf9bd6dca07b --- /dev/null +++ b/options/license/HPND-Kevlin-Henney @@ -0,0 +1,10 @@ +Copyright Kevlin Henney, 1997, 2003, 2012. All rights reserved. + +Permission to use, copy, modify, and distribute this software and its +documentation for any purpose is hereby granted without fee, provided +that this copyright and permissions notice appear in all copies and +derivatives. + +This software is supplied "as is" without express or implied warranty. + +But that said, if there are any problems please get in touch. From 0407a402bb29a3643e2b4a8992f1d7687a88b40c Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Mon, 25 Dec 2023 14:52:17 +0800 Subject: [PATCH 10/11] Revert "improve possible performance bottleneck (#28547)" (#28593) This reverts commit b35d3fddfac389a7be401a63b4e1283dd74af681. This is totally wrong. I think `Update join` hasn't been supported well by xorm. I just revert the PR and will try to send another one. --- models/issues/comment.go | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/models/issues/comment.go b/models/issues/comment.go index ce5cf5902d776..ba5aed9c652e9 100644 --- a/models/issues/comment.go +++ b/models/issues/comment.go @@ -1161,9 +1161,14 @@ func DeleteComment(ctx context.Context, comment *Comment) error { // UpdateCommentsMigrationsByType updates comments' migrations information via given git service type and original id and poster id func UpdateCommentsMigrationsByType(ctx context.Context, tp structs.GitServiceType, originalAuthorID string, posterID int64) error { _, err := db.GetEngine(ctx).Table("comment"). - Join("INNER", "issue", "issue.id = comment.issue_id"). - Join("INNER", "repository", "issue.repo_id = repository.id"). - Where("repository.original_service_type = ?", tp). + Where(builder.In("issue_id", + builder.Select("issue.id"). + From("issue"). + InnerJoin("repository", "issue.repo_id = repository.id"). + Where(builder.Eq{ + "repository.original_service_type": tp, + }), + )). And("comment.original_author_id = ?", originalAuthorID). Update(map[string]any{ "poster_id": posterID, From d0f24ff4cad05c1145afeca791e7d02fe146d46a Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Gomond Date: Mon, 25 Dec 2023 08:28:59 +0100 Subject: [PATCH 11/11] Added instance-level variables (#28115) This PR adds instance-level variables, and so closes #27726 ![gitea_instance_variables_1](https://github.com/go-gitea/gitea/assets/8344487/ad409cd4-ce36-4c84-a764-34451b0fb63a) ![gitea_instance_variables_2](https://github.com/go-gitea/gitea/assets/8344487/426f0965-dec6-4560-948c-067cdeddd720) ![gitea_instance_variables_3](https://github.com/go-gitea/gitea/assets/8344487/cf1d7776-4938-4825-922e-cbbbf28a5f33) --- models/actions/variable.go | 12 ++++-------- routers/api/actions/runner/utils.go | 10 ++++++++-- routers/web/repo/setting/variables.go | 21 ++++++++++++++++++--- routers/web/web.go | 9 +++++---- templates/admin/actions.tmpl | 3 +++ templates/admin/navbar.tmpl | 5 ++++- 6 files changed, 42 insertions(+), 18 deletions(-) diff --git a/models/actions/variable.go b/models/actions/variable.go index 030b7bae92aed..12717e0ae4614 100644 --- a/models/actions/variable.go +++ b/models/actions/variable.go @@ -31,8 +31,8 @@ func init() { } func (v *ActionVariable) Validate() error { - if v.OwnerID == 0 && v.RepoID == 0 { - return errors.New("the variable is not bound to any scope") + if v.OwnerID != 0 && v.RepoID != 0 { + return errors.New("a variable should not be bound to an owner and a repository at the same time") } return nil } @@ -58,12 +58,8 @@ type FindVariablesOpts struct { func (opts FindVariablesOpts) ToConds() builder.Cond { cond := builder.NewCond() - if opts.OwnerID > 0 { - cond = cond.And(builder.Eq{"owner_id": opts.OwnerID}) - } - if opts.RepoID > 0 { - cond = cond.And(builder.Eq{"repo_id": opts.RepoID}) - } + cond = cond.And(builder.Eq{"owner_id": opts.OwnerID}) + cond = cond.And(builder.Eq{"repo_id": opts.RepoID}) return cond } diff --git a/routers/api/actions/runner/utils.go b/routers/api/actions/runner/utils.go index bf913f2c05783..2555f86c80d80 100644 --- a/routers/api/actions/runner/utils.go +++ b/routers/api/actions/runner/utils.go @@ -94,6 +94,12 @@ func getSecretsOfTask(ctx context.Context, task *actions_model.ActionTask) map[s func getVariablesOfTask(ctx context.Context, task *actions_model.ActionTask) map[string]string { variables := map[string]string{} + // Global + globalVariables, err := db.Find[actions_model.ActionVariable](ctx, actions_model.FindVariablesOpts{}) + if err != nil { + log.Error("find global variables: %v", err) + } + // Org / User level ownerVariables, err := db.Find[actions_model.ActionVariable](ctx, actions_model.FindVariablesOpts{OwnerID: task.Job.Run.Repo.OwnerID}) if err != nil { @@ -106,8 +112,8 @@ func getVariablesOfTask(ctx context.Context, task *actions_model.ActionTask) map log.Error("find variables of repo: %d, error: %v", task.Job.Run.RepoID, err) } - // Level precedence: Repo > Org / User - for _, v := range append(ownerVariables, repoVariables...) { + // Level precedence: Repo > Org / User > Global + for _, v := range append(globalVariables, append(ownerVariables, repoVariables...)...) { variables[v.Name] = v.Data } diff --git a/routers/web/repo/setting/variables.go b/routers/web/repo/setting/variables.go index a697a5d8d857f..428aa0bd5c4fe 100644 --- a/routers/web/repo/setting/variables.go +++ b/routers/web/repo/setting/variables.go @@ -15,9 +15,10 @@ import ( ) const ( - tplRepoVariables base.TplName = "repo/settings/actions" - tplOrgVariables base.TplName = "org/settings/actions" - tplUserVariables base.TplName = "user/settings/actions" + tplRepoVariables base.TplName = "repo/settings/actions" + tplOrgVariables base.TplName = "org/settings/actions" + tplUserVariables base.TplName = "user/settings/actions" + tplAdminVariables base.TplName = "admin/actions" ) type variablesCtx struct { @@ -26,6 +27,7 @@ type variablesCtx struct { IsRepo bool IsOrg bool IsUser bool + IsGlobal bool VariablesTemplate base.TplName RedirectLink string } @@ -33,6 +35,7 @@ type variablesCtx struct { func getVariablesCtx(ctx *context.Context) (*variablesCtx, error) { if ctx.Data["PageIsRepoSettings"] == true { return &variablesCtx{ + OwnerID: 0, RepoID: ctx.Repo.Repository.ID, IsRepo: true, VariablesTemplate: tplRepoVariables, @@ -48,6 +51,7 @@ func getVariablesCtx(ctx *context.Context) (*variablesCtx, error) { } return &variablesCtx{ OwnerID: ctx.ContextUser.ID, + RepoID: 0, IsOrg: true, VariablesTemplate: tplOrgVariables, RedirectLink: ctx.Org.OrgLink + "/settings/actions/variables", @@ -57,12 +61,23 @@ func getVariablesCtx(ctx *context.Context) (*variablesCtx, error) { if ctx.Data["PageIsUserSettings"] == true { return &variablesCtx{ OwnerID: ctx.Doer.ID, + RepoID: 0, IsUser: true, VariablesTemplate: tplUserVariables, RedirectLink: setting.AppSubURL + "/user/settings/actions/variables", }, nil } + if ctx.Data["PageIsAdmin"] == true { + return &variablesCtx{ + OwnerID: 0, + RepoID: 0, + IsGlobal: true, + VariablesTemplate: tplAdminVariables, + RedirectLink: setting.AppSubURL + "/admin/actions/variables", + }, nil + } + return nil, errors.New("unable to set Variables context") } diff --git a/routers/web/web.go b/routers/web/web.go index 359b608c71e72..02fb11b1f516e 100644 --- a/routers/web/web.go +++ b/routers/web/web.go @@ -417,7 +417,7 @@ func registerRoutes(m *web.Route) { m.Post("/packagist/{id}", web.Bind(forms.NewPackagistHookForm{}), repo_setting.PackagistHooksEditPost) } - addSettingVariablesRoutes := func() { + addSettingsVariablesRoutes := func() { m.Group("/variables", func() { m.Get("", repo_setting.Variables) m.Post("/new", web.Bind(forms.EditVariableForm{}), repo_setting.VariableCreate) @@ -618,7 +618,7 @@ func registerRoutes(m *web.Route) { m.Get("", user_setting.RedirectToDefaultSetting) addSettingsRunnersRoutes() addSettingsSecretsRoutes() - addSettingVariablesRoutes() + addSettingsVariablesRoutes() }, actions.MustEnableActions) m.Get("/organization", user_setting.Organization) @@ -763,6 +763,7 @@ func registerRoutes(m *web.Route) { m.Group("/actions", func() { m.Get("", admin.RedirectToDefaultSetting) addSettingsRunnersRoutes() + addSettingsVariablesRoutes() }) }, adminReq, ctxDataSet("EnableOAuth2", setting.OAuth2.Enable, "EnablePackages", setting.Packages.Enabled)) // ***** END: Admin ***** @@ -905,7 +906,7 @@ func registerRoutes(m *web.Route) { m.Get("", org_setting.RedirectToDefaultSetting) addSettingsRunnersRoutes() addSettingsSecretsRoutes() - addSettingVariablesRoutes() + addSettingsVariablesRoutes() }, actions.MustEnableActions) m.Methods("GET,POST", "/delete", org.SettingsDelete) @@ -1084,7 +1085,7 @@ func registerRoutes(m *web.Route) { m.Get("", repo_setting.RedirectToDefaultSetting) addSettingsRunnersRoutes() addSettingsSecretsRoutes() - addSettingVariablesRoutes() + addSettingsVariablesRoutes() }, actions.MustEnableActions) // the follow handler must be under "settings", otherwise this incomplete repo can't be accessed m.Group("/migrate", func() { diff --git a/templates/admin/actions.tmpl b/templates/admin/actions.tmpl index 9640e0fd1f4c9..597863d73b15e 100644 --- a/templates/admin/actions.tmpl +++ b/templates/admin/actions.tmpl @@ -3,5 +3,8 @@ {{if eq .PageType "runners"}} {{template "shared/actions/runner_list" .}} {{end}} + {{if eq .PageType "variables"}} + {{template "shared/variables/variable_list" .}} + {{end}} {{template "admin/layout_footer" .}} diff --git a/templates/admin/navbar.tmpl b/templates/admin/navbar.tmpl index 8ece95239c1ff..b22db1d1fc8f4 100644 --- a/templates/admin/navbar.tmpl +++ b/templates/admin/navbar.tmpl @@ -60,12 +60,15 @@ {{end}} {{end}} {{if .EnableActions}} -
+
{{ctx.Locale.Tr "actions.actions"}}
{{ctx.Locale.Tr "actions.runners"}} + + {{ctx.Locale.Tr "actions.variables"}} +
{{end}}