From 790a27f38ae7acd693829aee7015f60dab7681c9 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Fri, 23 Feb 2024 00:42:14 +0800 Subject: [PATCH 1/9] Fix SSPI user creation (#28948) (#29323) Fixes #28945 Backport #28948 Setting the avatar is wrong and creating a random password is equal to leave it empty. Co-authored-by: KN4CK3R (cherry picked from commit 7ea2ffaf166780b7786291f7ff022e3f5b49e8c2) --- services/auth/sspi.go | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/services/auth/sspi.go b/services/auth/sspi.go index d4f7e3ec60..0ec1bc2998 100644 --- a/services/auth/sspi.go +++ b/services/auth/sspi.go @@ -11,7 +11,6 @@ import ( "sync" "code.gitea.io/gitea/models/auth" - "code.gitea.io/gitea/models/avatars" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/base" gitea_context "code.gitea.io/gitea/modules/context" @@ -163,12 +162,9 @@ func (s *SSPI) shouldAuthenticate(req *http.Request) (shouldAuth bool) { func (s *SSPI) newUser(ctx context.Context, username string, cfg *sspi.Source) (*user_model.User, error) { email := gouuid.New().String() + "@localhost.localdomain" user := &user_model.User{ - Name: username, - Email: email, - Passwd: gouuid.New().String(), - Language: cfg.DefaultLanguage, - UseCustomAvatar: true, - Avatar: avatars.DefaultAvatarLink(), + Name: username, + Email: email, + Language: cfg.DefaultLanguage, } emailNotificationPreference := user_model.EmailNotificationsDisabled overwriteDefault := &user_model.CreateUserOverwriteOptions{ From c4ac72e6a0c1e77e5ab0a12c4f9e244a6f10ceda Mon Sep 17 00:00:00 2001 From: Giteabot Date: Fri, 23 Feb 2024 03:52:54 +0800 Subject: [PATCH 2/9] Only log error when tag sync fails (#29295) (#29327) Backport #29295 by @lunny Fix #28843 This PR will bypass the pushUpdateTag to database failure when syncAllTags. An error log will be recorded. Co-authored-by: Lunny Xiao Co-authored-by: wxiaoguang (cherry picked from commit b78f5fc60f510a58d58535af77c5b424a8b5a660) --- modules/repository/repo.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/modules/repository/repo.go b/modules/repository/repo.go index d06d75fa9c..1387cee66d 100644 --- a/modules/repository/repo.go +++ b/modules/repository/repo.go @@ -334,7 +334,9 @@ func SyncReleasesWithTags(ctx context.Context, repo *repo_model.Repository, gitR } if err := PushUpdateAddTag(ctx, repo, gitRepo, tagName, sha1, refname); err != nil { - return fmt.Errorf("unable to PushUpdateAddTag: %q to Repo[%d:%s/%s]: %w", tagName, repo.ID, repo.OwnerName, repo.Name, err) + // sometimes, some tags will be sync failed. i.e. https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tag/?h=v2.6.11 + // this is a tree object, not a tag object which created before git + log.Error("unable to PushUpdateAddTag: %q to Repo[%d:%s/%s]: %v", tagName, repo.ID, repo.OwnerName, repo.Name, err) } return nil From 9da608abad3ea8a409e208c3e907fc0d2d821c01 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Fri, 23 Feb 2024 05:49:07 +0800 Subject: [PATCH 3/9] Don't show third-party JS errors in production builds (#29303) (#29333) Backport #29303 by @silverwind So we don't get issues like https://github.com/go-gitea/gitea/issues/29080 and https://github.com/go-gitea/gitea/issues/29273 any more. Only active in [production builds](https://webpack.js.org/guides/production/#specify-the-mode), in non-production the errors will still show. Co-authored-by: silverwind (cherry picked from commit 6ca8cb590d510c98610031675e0a316f95efaf61) --- web_src/js/bootstrap.js | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/web_src/js/bootstrap.js b/web_src/js/bootstrap.js index f8d0c0cac0..e46c91e5e6 100644 --- a/web_src/js/bootstrap.js +++ b/web_src/js/bootstrap.js @@ -29,17 +29,26 @@ export function showGlobalErrorMessage(msg) { * @param {ErrorEvent} e */ function processWindowErrorEvent(e) { + const err = e.error ?? e.reason; + const assetBaseUrl = String(new URL(__webpack_public_path__, window.location.origin)); + + // error is likely from browser extension or inline script. Do not show these in production builds. + if (!err.stack?.includes(assetBaseUrl) && window.config?.runModeIsProd) return; + + let message; if (e.type === 'unhandledrejection') { - showGlobalErrorMessage(`JavaScript promise rejection: ${e.reason}. Open browser console to see more details.`); - return; + message = `JavaScript promise rejection: ${err.message}.`; + } else { + message = `JavaScript error: ${e.message} (${e.filename} @ ${e.lineno}:${e.colno}).`; } + if (!e.error && e.lineno === 0 && e.colno === 0 && e.filename === '' && window.navigator.userAgent.includes('FxiOS/')) { // At the moment, Firefox (iOS) (10x) has an engine bug. See https://github.com/go-gitea/gitea/issues/20240 // If a script inserts a newly created (and content changed) element into DOM, there will be a nonsense error event reporting: Script error: line 0, col 0. return; // ignore such nonsense error event } - showGlobalErrorMessage(`JavaScript error: ${e.message} (${e.filename} @ ${e.lineno}:${e.colno}). Open browser console to see more details.`); + showGlobalErrorMessage(`${message} Open browser console to see more details.`); } function initGlobalErrorHandler() { From 8e2c991b35de8c94899ad053e89339cea4538589 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Sat, 24 Feb 2024 06:47:11 +0800 Subject: [PATCH 4/9] Fix tarball/zipball download bug (#29342) (#29352) Backport #29342 by @Zettat123 Fix #29249 ~~Use the `/repos/{owner}/{repo}/archive/{archive}` API to download.~~ Apply #26430 to archive download URLs. Co-authored-by: Zettat123 (cherry picked from commit 829b807a91f9895e3f4b262f688a8d0d9a44caf6) --- services/auth/auth.go | 5 +++++ services/auth/oauth2.go | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/services/auth/auth.go b/services/auth/auth.go index 4adf549204..6dc0327531 100644 --- a/services/auth/auth.go +++ b/services/auth/auth.go @@ -38,6 +38,7 @@ func isContainerPath(req *http.Request) bool { var ( gitRawOrAttachPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/(?:(?:git-(?:(?:upload)|(?:receive))-pack$)|(?:info/refs$)|(?:HEAD$)|(?:objects/)|(?:raw/)|(?:releases/download/)|(?:attachments/))`) lfsPathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/info/lfs/`) + archivePathRe = regexp.MustCompile(`^/[a-zA-Z0-9_.-]+/[a-zA-Z0-9_.-]+/archive/`) ) func isGitRawOrAttachPath(req *http.Request) bool { @@ -54,6 +55,10 @@ func isGitRawOrAttachOrLFSPath(req *http.Request) bool { return false } +func isArchivePath(req *http.Request) bool { + return archivePathRe.MatchString(req.URL.Path) +} + // handleSignIn clears existing session variables and stores new ones for the specified user object func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore, user *user_model.User) { // We need to regenerate the session... diff --git a/services/auth/oauth2.go b/services/auth/oauth2.go index 08a2a05539..3b9b7def37 100644 --- a/services/auth/oauth2.go +++ b/services/auth/oauth2.go @@ -127,7 +127,7 @@ func (o *OAuth2) userIDFromToken(ctx context.Context, tokenSHA string, store Dat func (o *OAuth2) Verify(req *http.Request, w http.ResponseWriter, store DataStore, sess SessionStore) (*user_model.User, error) { // These paths are not API paths, but we still want to check for tokens because they maybe in the API returned URLs if !middleware.IsAPIPath(req) && !isAttachmentDownload(req) && !isAuthenticatedTokenRequest(req) && - !isGitRawOrAttachPath(req) { + !isGitRawOrAttachPath(req) && !isArchivePath(req) { return nil, nil } From e4d30671387157c71b7157451a87e1836c9a40af Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Sat, 24 Feb 2024 15:58:43 +0800 Subject: [PATCH 5/9] Fix project counter in organization/individual profile (#28068) (#29361) Fix #28052 Backport #28068 Before: ![image](https://github.com/go-gitea/gitea/assets/18380374/5f299983-4b38-4d68-ac0e-4be3c62c0558) ![image](https://github.com/go-gitea/gitea/assets/18380374/f0e12afd-483b-4882-80e9-0261beb3fe0c) After: ![image](https://github.com/go-gitea/gitea/assets/18380374/47cccb7b-bb35-4a7d-9c5b-83133be0323a) ![image](https://github.com/go-gitea/gitea/assets/18380374/77825c0c-4bf2-4762-83a2-1a5a173cc22d) Co-authored-by: yp05327 <576951401@qq.com> (cherry picked from commit 5043ad54c7a0d1dc6bf5f1caf21b4646ec9344d3) --- routers/web/shared/user/header.go | 17 +++++++++++++++++ templates/org/menu.tmpl | 3 +++ templates/user/overview/header.tmpl | 3 +++ 3 files changed, 23 insertions(+) diff --git a/routers/web/shared/user/header.go b/routers/web/shared/user/header.go index 24f8f88976..1d4ef4d649 100644 --- a/routers/web/shared/user/header.go +++ b/routers/web/shared/user/header.go @@ -6,6 +6,7 @@ package user import ( "code.gitea.io/gitea/models/db" "code.gitea.io/gitea/models/organization" + project_model "code.gitea.io/gitea/models/project" repo_model "code.gitea.io/gitea/models/repo" user_model "code.gitea.io/gitea/models/user" "code.gitea.io/gitea/modules/context" @@ -126,5 +127,21 @@ func LoadHeaderCount(ctx *context.Context) error { } ctx.Data["RepoCount"] = repoCount + var projectType project_model.Type + if ctx.ContextUser.IsOrganization() { + projectType = project_model.TypeOrganization + } else { + projectType = project_model.TypeIndividual + } + projectCount, err := project_model.CountProjects(ctx, project_model.SearchOptions{ + OwnerID: ctx.ContextUser.ID, + IsClosed: util.OptionalBoolOf(false), + Type: projectType, + }) + if err != nil { + return err + } + ctx.Data["ProjectCount"] = projectCount + return nil } diff --git a/templates/org/menu.tmpl b/templates/org/menu.tmpl index c3ec142e9c..8a97711ce2 100644 --- a/templates/org/menu.tmpl +++ b/templates/org/menu.tmpl @@ -9,6 +9,9 @@ {{if .CanReadProjects}} {{svg "octicon-project-symlink"}} {{ctx.Locale.Tr "user.projects"}} + {{if .ProjectCount}} +
{{.ProjectCount}}
+ {{end}}
{{end}} {{if and .IsPackageEnabled .CanReadPackages}} diff --git a/templates/user/overview/header.tmpl b/templates/user/overview/header.tmpl index 69a4e9a856..e27c9a981e 100644 --- a/templates/user/overview/header.tmpl +++ b/templates/user/overview/header.tmpl @@ -13,6 +13,9 @@ {{if or .ContextUser.IsIndividual (and .ContextUser.IsOrganization .CanReadProjects)}} {{svg "octicon-project-symlink"}} {{ctx.Locale.Tr "user.projects"}} + {{if .ProjectCount}} +
{{.ProjectCount}}
+ {{end}}
{{end}} {{if and .IsPackageEnabled (or .ContextUser.IsIndividual (and .ContextUser.IsOrganization .CanReadPackages))}} From a28d6686faab354b5478ab523afcdfd962e1fb77 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Sat, 24 Feb 2024 16:23:21 +0800 Subject: [PATCH 6/9] Fix validity of the FROM email address not being checked (#29347) (#29360) Backport #29347 by @carlosfelgueiras Fixes #27188. Introduces a check on the installation that tries to parse the FROM address. If it fails, shows a new error message to the user. Co-authored-by: Carlos Felgueiras Co-authored-by: KN4CK3R (cherry picked from commit 35db5a373babd9af157fd63eeb20d6da53320b73) --- options/locales/gitea_en-US.ini | 1 + routers/install/install.go | 6 ++++++ 2 files changed, 7 insertions(+) diff --git a/options/locales/gitea_en-US.ini b/options/locales/gitea_en-US.ini index 0116fa08df..562d409016 100644 --- a/options/locales/gitea_en-US.ini +++ b/options/locales/gitea_en-US.ini @@ -246,6 +246,7 @@ email_title = Email Settings smtp_addr = SMTP Host smtp_port = SMTP Port smtp_from = Send Email As +smtp_from_invalid = The "Send Email As" address is invalid smtp_from_helper = Email address Gitea will use. Enter a plain email address or use the "Name" format. mailer_user = SMTP Username mailer_password = SMTP Password diff --git a/routers/install/install.go b/routers/install/install.go index 648425df3b..ec0f4fd80a 100644 --- a/routers/install/install.go +++ b/routers/install/install.go @@ -7,6 +7,7 @@ package install import ( "fmt" "net/http" + "net/mail" "os" "os/exec" "path/filepath" @@ -423,6 +424,11 @@ func SubmitInstall(ctx *context.Context) { } if len(strings.TrimSpace(form.SMTPAddr)) > 0 { + if _, err := mail.ParseAddress(form.SMTPFrom); err != nil { + ctx.RenderWithErr(ctx.Tr("install.smtp_from_invalid"), tplInstall, &form) + return + } + cfg.Section("mailer").Key("ENABLED").SetValue("true") cfg.Section("mailer").Key("SMTP_ADDR").SetValue(form.SMTPAddr) cfg.Section("mailer").Key("SMTP_PORT").SetValue(form.SMTPPort) From 2c802fc8f090e60ed446d4979c9d9527d6ebefb1 Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Sat, 24 Feb 2024 19:01:18 +0800 Subject: [PATCH 7/9] Display friendly error message (#29105) (#29363) Backport #29105 `ctx.Error` only displays the text but `ctx.ServerError` renders the usual error page. Co-authored-by: KN4CK3R (cherry picked from commit a1c0b3a02e54e5fe879dabccb71fba9498b64051) --- routers/web/repo/actions/actions.go | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/routers/web/repo/actions/actions.go b/routers/web/repo/actions/actions.go index 9f787f5125..6e635ab43d 100644 --- a/routers/web/repo/actions/actions.go +++ b/routers/web/repo/actions/actions.go @@ -61,17 +61,17 @@ func List(ctx *context.Context) { var workflows []Workflow if empty, err := ctx.Repo.GitRepo.IsEmpty(); err != nil { - ctx.Error(http.StatusInternalServerError, err.Error()) + ctx.ServerError("IsEmpty", err) return } else if !empty { commit, err := ctx.Repo.GitRepo.GetBranchCommit(ctx.Repo.Repository.DefaultBranch) if err != nil { - ctx.Error(http.StatusInternalServerError, err.Error()) + ctx.ServerError("GetBranchCommit", err) return } entries, err := actions.ListWorkflows(commit) if err != nil { - ctx.Error(http.StatusInternalServerError, err.Error()) + ctx.ServerError("ListWorkflows", err) return } @@ -96,7 +96,7 @@ func List(ctx *context.Context) { workflow := Workflow{Entry: *entry} content, err := actions.GetContentFromEntry(entry) if err != nil { - ctx.Error(http.StatusInternalServerError, err.Error()) + ctx.ServerError("GetContentFromEntry", err) return } wf, err := model.ReadWorkflow(bytes.NewReader(content)) @@ -173,7 +173,7 @@ func List(ctx *context.Context) { runs, total, err := actions_model.FindRuns(ctx, opts) if err != nil { - ctx.Error(http.StatusInternalServerError, err.Error()) + ctx.ServerError("FindAndCount", err) return } @@ -182,7 +182,7 @@ func List(ctx *context.Context) { } if err := runs.LoadTriggerUser(ctx); err != nil { - ctx.Error(http.StatusInternalServerError, err.Error()) + ctx.ServerError("LoadTriggerUser", err) return } @@ -190,7 +190,7 @@ func List(ctx *context.Context) { actors, err := actions_model.GetActors(ctx, ctx.Repo.Repository.ID) if err != nil { - ctx.Error(http.StatusInternalServerError, err.Error()) + ctx.ServerError("GetActors", err) return } ctx.Data["Actors"] = repo.MakeSelfOnTop(ctx.Doer, actors) From 40c3a1d2ea6dc15ad11f35fdd0c170fbf9cf66cd Mon Sep 17 00:00:00 2001 From: Giteabot Date: Sun, 25 Feb 2024 22:56:44 +0800 Subject: [PATCH 8/9] enforce maxlength in frontend (#29389) (#29396) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Backport #29389 by @zokkis Set maxlength attribute in frontend to long file-name ![image](https://github.com/go-gitea/gitea/assets/72873130/15111614-55ab-4583-acb2-15c25997601d) ![image](https://github.com/go-gitea/gitea/assets/72873130/4105ddd8-4973-4da8-b3ab-4cfae1b45554) (same for branch-name and commit-summary) Co-authored-by: Tim-Niclas Oelschläger <72873130+zokkis@users.noreply.github.com> (cherry picked from commit 0b3d6c399c88e42e827f422dc4c8458f0d20c613) --- templates/repo/editor/commit_form.tmpl | 4 ++-- templates/repo/editor/edit.tmpl | 2 +- templates/repo/editor/patch.tmpl | 2 +- templates/repo/editor/upload.tmpl | 2 +- web_src/js/utils.js | 7 ++++--- 5 files changed, 9 insertions(+), 8 deletions(-) diff --git a/templates/repo/editor/commit_form.tmpl b/templates/repo/editor/commit_form.tmpl index 34dde576a1..c8f7befcf0 100644 --- a/templates/repo/editor/commit_form.tmpl +++ b/templates/repo/editor/commit_form.tmpl @@ -9,7 +9,7 @@ {{ctx.Locale.Tr "repo.editor.commit_changes"}} {{- end}}
- +
@@ -60,7 +60,7 @@
{{svg "octicon-git-branch"}} - +
diff --git a/templates/repo/editor/edit.tmpl b/templates/repo/editor/edit.tmpl index cfc266731b..a6dce81c08 100644 --- a/templates/repo/editor/edit.tmpl +++ b/templates/repo/editor/edit.tmpl @@ -15,7 +15,7 @@ {{range $i, $v := .TreeNames}} {{if eq $i $l}} - + {{svg "octicon-info"}} {{else}} {{$v}} diff --git a/templates/repo/editor/patch.tmpl b/templates/repo/editor/patch.tmpl index 44c30bd5f9..c9a78cc35f 100644 --- a/templates/repo/editor/patch.tmpl +++ b/templates/repo/editor/patch.tmpl @@ -15,7 +15,7 @@ {{.BranchName}} {{ctx.Locale.Tr "repo.editor.or"}} {{ctx.Locale.Tr "repo.editor.cancel_lower"}} - +
diff --git a/templates/repo/editor/upload.tmpl b/templates/repo/editor/upload.tmpl index d362a5602a..0a7c49dae3 100644 --- a/templates/repo/editor/upload.tmpl +++ b/templates/repo/editor/upload.tmpl @@ -13,7 +13,7 @@ {{range $i, $v := .TreeNames}} {{if eq $i $l}} - + {{svg "octicon-info"}} {{else}} {{$v}} diff --git a/web_src/js/utils.js b/web_src/js/utils.js index c82e42d349..980354d3ea 100644 --- a/web_src/js/utils.js +++ b/web_src/js/utils.js @@ -2,13 +2,14 @@ import {encode, decode} from 'uint8-to-base64'; // transform /path/to/file.ext to file.ext export function basename(path = '') { - return path ? path.replace(/^.*\//, '') : ''; + const lastSlashIndex = path.lastIndexOf('/'); + return lastSlashIndex < 0 ? path : path.substring(lastSlashIndex + 1); } // transform /path/to/file.ext to .ext export function extname(path = '') { - const [_, ext] = /.+(\.[^.]+)$/.exec(path) || []; - return ext || ''; + const lastPointIndex = path.lastIndexOf('.'); + return lastPointIndex < 0 ? '' : path.substring(lastPointIndex); } // test whether a variable is an object From 91a2d3ecc477a0e80b67a1acf2c1877c1fe41fb7 Mon Sep 17 00:00:00 2001 From: Giteabot Date: Mon, 26 Feb 2024 00:08:44 +0800 Subject: [PATCH 9/9] Add missing space (#29393) (#29399) Backport #29393 by @KN4CK3R Co-authored-by: KN4CK3R (cherry picked from commit 0f35cb5a2a9ad3b1d78f9547148b594adc4bdabf) --- templates/repo/diff/options_dropdown.tmpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/repo/diff/options_dropdown.tmpl b/templates/repo/diff/options_dropdown.tmpl index 3bcb877cc6..b7c46dd846 100644 --- a/templates/repo/diff/options_dropdown.tmpl +++ b/templates/repo/diff/options_dropdown.tmpl @@ -13,7 +13,7 @@ {{ctx.Locale.Tr "repo.diff.download_diff"}} {{end}} {{ctx.Locale.Tr "repo.pulls.expand_files"}} - {{ctx.Locale.Tr "repo.pulls.collapse_files"}} + {{ctx.Locale.Tr "repo.pulls.collapse_files"}} {{if .Issue.Index}} {{if .ShowOutdatedComments}}