Commit Graph

2760 Commits

Author SHA1 Message Date
Marcell Mars
a3881ffa3d
Enhancing Gitea OAuth2 Provider with Granular Scopes for Resource Access (#32573)
Resolve #31609

This PR was initiated following my personal research to find the
lightest possible Single Sign-On solution for self-hosted setups. The
existing solutions often seemed too enterprise-oriented, involving many
moving parts and services, demanding significant resources while
promising planetary-scale capabilities. Others were adequate in
supporting basic OAuth2 flows but lacked proper user management
features, such as a change password UI.

Gitea hits the sweet spot for me, provided it supports more granular
access permissions for resources under users who accept the OAuth2
application.

This PR aims to introduce granularity in handling user resources as
nonintrusively and simply as possible. It allows third parties to inform
users about their intent to not ask for the full access and instead
request a specific, reduced scope. If the provided scopes are **only**
the typical ones for OIDC/OAuth2—`openid`, `profile`, `email`, and
`groups`—everything remains unchanged (currently full access to user's
resources). Additionally, this PR supports processing scopes already
introduced with [personal
tokens](https://docs.gitea.com/development/oauth2-provider#scopes) (e.g.
`read:user`, `write:issue`, `read:group`, `write:repository`...)

Personal tokens define scopes around specific resources: user info,
repositories, issues, packages, organizations, notifications,
miscellaneous, admin, and activitypub, with access delineated by read
and/or write permissions.

The initial case I wanted to address was to have Gitea act as an OAuth2
Identity Provider. To achieve that, with this PR, I would only add
`openid public-only` to provide access token to the third party to
authenticate the Gitea's user but no further access to the API and users
resources.

Another example: if a third party wanted to interact solely with Issues,
it would need to add `read:user` (for authorization) and
`read:issue`/`write:issue` to manage Issues.

My approach is based on my understanding of how scopes can be utilized,
supported by examples like [Sample Use Cases: Scopes and
Claims](https://auth0.com/docs/get-started/apis/scopes/sample-use-cases-scopes-and-claims)
on auth0.com.

I renamed `CheckOAuthAccessToken` to `GetOAuthAccessTokenScopeAndUserID`
so now it returns AccessTokenScope and user's ID. In the case of
additional scopes in `userIDFromToken` the default `all` would be
reduced to whatever was asked via those scopes. The main difference is
the opportunity to reduce the permissions from `all`, as is currently
the case, to what is provided by the additional scopes described above.

Screenshots:

![Screenshot_20241121_121405](https://github.com/user-attachments/assets/29deaed7-4333-4b02-8898-b822e6f2463e)

![Screenshot_20241121_120211](https://github.com/user-attachments/assets/7a4a4ef7-409c-4116-9d5f-2fe00eb37167)

![Screenshot_20241121_120119](https://github.com/user-attachments/assets/aa52c1a2-212d-4e64-bcdf-7122cee49eb6)

![Screenshot_20241121_120018](https://github.com/user-attachments/assets/9eac318c-e381-4ea9-9e2c-3a3f60319e47)
---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-22 12:06:41 +08:00
silverwind
d11f8d24b0
Add 'Copy path' button to file view (#32584)
Also adds a tooltip which is replicated to the same button in the diff
box. Fixes: https://github.com/go-gitea/gitea/issues/32583
2024-11-21 04:03:17 +00:00
Kerwin Bryant
efb55cd8ef
Supplement and Improvement for #32558 (#32585)
Thank you for @wxiaoguang's reminders and suggestions:
https://github.com/go-gitea/gitea/pull/32558#discussion_r1849972913
2024-11-21 02:42:37 +00:00
Kerwin Bryant
69268ee19f
Optimize installation-page experience (#32558)
![3000-gogitea-gitea-kiagpwhqbx1 ws-us116 gitpod io_
(1)](https://github.com/user-attachments/assets/7f9ff835-7122-420e-83a9-218a1b9c7030)
Highlight the path of the configuration file with a label-style emphasis
and provide a quick copy button.
2024-11-20 00:39:57 +00:00
Calvin K
18aeca5320
Add reviewers selection to new pull request (#32403)
Users could add reviewers when creating new PRs.

---------

Co-authored-by: splitt3r <splitt3r@users.noreply.github.com>
Co-authored-by: Sebastian Sauer <sauer.sebastian@gmail.com>
Co-authored-by: bb-ben <70356237+bboerben@users.noreply.github.com>
Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
2024-11-09 04:48:31 +00:00
wxiaoguang
af28ce59b8
Add some handy markdown editor features (#32400)
There were some missing features from EasyMDE:

1. H1 - H3 style
2. Auto add task list
3. Insert a table

And added some tests
2024-11-04 10:14:36 +00:00
Tim
de2ad2e1b1
Make admins adhere to branch protection rules (#32248)
This introduces a new flag `BlockAdminMergeOverride` on the branch
protection rules that prevents admins/repo owners from bypassing branch
protection rules and merging without approvals or failing status checks.

Fixes #17131

---------

Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
Co-authored-by: Giteabot <teabot@gitea.io>
2024-10-23 12:39:43 +08:00
GiteaBot
368b0881f5 [skip ci] Updated translations via Crowdin 2024-10-10 00:30:33 +00:00
GiteaBot
f9a9b08896 [skip ci] Updated translations via Crowdin 2024-10-09 00:31:01 +00:00
GiteaBot
d3ada91ea4 [skip ci] Updated translations via Crowdin 2024-10-08 00:30:42 +00:00
GiteaBot
6551847aa8 [skip ci] Updated licenses and gitignores 2024-10-07 00:32:39 +00:00
GiteaBot
e530568666 [skip ci] Updated translations via Crowdin 2024-10-06 00:34:29 +00:00
Zisu Zhang
66923e02d2
Enhance USER_DISABLED_FEATURES to allow disabling change username or full name (#31959)
Fix #31958
Enhanced `USER_DISABLED_FEATURES`(also `EXTERNAL_USER_DISABLE_FEATURES`)
option in `[admin]` section.
Added following values:
- `change_username`: Disable change username
- `change_full_name`: Disable change full name
---

Progress:
- [x] Update code
- [x] Update translations
2024-10-05 20:41:38 +00:00
GiteaBot
6a4eb126bd [skip ci] Updated translations via Crowdin 2024-10-05 00:30:40 +00:00
GiteaBot
0bd75390f5 [skip ci] Updated translations via Crowdin 2024-10-04 00:30:54 +00:00
GiteaBot
4416a4199b [skip ci] Updated translations via Crowdin 2024-10-03 00:30:51 +00:00
yp05327
70b7df0e5e
Support repo license (#24872)
Close #278
Close #24076

## Solutions:
- Use
[google/licenseclassifier](https://github.com/google/licenseclassifier/)
Test result between
[google/licensecheck](https://github.com/google/licensecheck) and
[go-license-detector](https://github.com/go-enry/go-license-detector):
https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167
Test result between
[google/licensecheck](https://github.com/google/licensecheck) and
[google/licenseclassifier](https://github.com/google/licenseclassifier/):
https://github.com/go-gitea/gitea/pull/24872#issuecomment-1576092178
- Generate License Convert Name List to avoid import license templates
with same contents
Gitea automatically get latest license data from[
spdx/license-list-data](https://github.com/spdx/license-list-data).
But unfortunately, some license templates have same contents. #20915
[click here to see the
list](https://github.com/go-gitea/gitea/pull/24872#issuecomment-1584141684)
So we will generate a list of these license templates with same contents
and create a new file to save the result when using `make
generate-license`. (Need to decide the save path)
- Save License info into a new table `repo_license`
Can easily support searching repo by license in the future.

## Screen shot
Single License:

![image](https://github.com/go-gitea/gitea/assets/18380374/41260bd7-0b4c-4038-8592-508706cffa9f)

Multiple Licenses:

![image](https://github.com/go-gitea/gitea/assets/18380374/34ce2f73-7e18-446b-9b96-ecc4fb61bd70)

Triggers:
- [x] Push commit to default branch
- [x] Create repo
- [x] Mirror repo
- [x] When Default Branch is changed, licenses should be updated

Todo:
- [x] Save Licenses info in to DB when there's a change to license file
in the commit
- [x] DB Migration
- [x] A nominal test?
- [x] Select which library to
use(https://github.com/go-gitea/gitea/pull/24872#issuecomment-1560361167)
- [x] API Support
- [x] Add repo license table
- ~Select license in settings if there are several licenses(Not
recommended)~
- License board(later, not in this PR)

![image](https://github.com/go-gitea/gitea/assets/18380374/2c3c3bf8-bcc2-4c6d-8ce0-81d1a9733878)

---------

Co-authored-by: silverwind <me@silverwind.io>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Co-authored-by: Denys Konovalov <kontakt@denyskon.de>
Co-authored-by: delvh <dev.lh@web.de>
Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
Co-authored-by: 6543 <6543@obermui.de>
Co-authored-by: 6543 <m.huber@kithara.com>
Co-authored-by: a1012112796 <1012112796@qq.com>
Co-authored-by: techknowlogick <techknowlogick@gitea.com>
2024-10-01 15:25:08 -04:00
GiteaBot
ad749fbf25 [skip ci] Updated translations via Crowdin 2024-09-28 00:30:56 +00:00
GiteaBot
fdb1df9eca [skip ci] Updated translations via Crowdin 2024-09-27 00:31:00 +00:00
Lunny Xiao
e2f365b55c
Display head branch more comfortable on pull request view (#32000)
This PR do some minor improvements for head branch display on pull
request view UI.

- [x] Remove the link if the head branch has been deleted with a
tooltip, so that users will not result in a 404 page
- [x] Display a label if this pull request is an agit based one.

![图片](https://github.com/user-attachments/assets/872f26b6-f1cf-4427-9e41-e3a5b176dfa4)
2024-09-24 04:14:57 +00:00
GiteaBot
6afb22448b [skip ci] Updated translations via Crowdin 2024-09-24 00:30:57 +00:00
GiteaBot
48cdde98bb [skip ci] Updated licenses and gitignores 2024-09-23 00:31:34 +00:00
GiteaBot
74f2ee3124 [skip ci] Updated translations via Crowdin 2024-09-22 00:33:39 +00:00
GiteaBot
55d5a74bb3 [skip ci] Updated translations via Crowdin 2024-09-20 00:29:58 +00:00
GiteaBot
2fc347bcb3 [skip ci] Updated translations via Crowdin 2024-09-19 00:30:35 +00:00
Kemal Zebari
adea500aa0
Resolve duplicate local string key related to PR comments (#32073)
A regression in #31924 caused there to be two `issues.review.comment`
keys in the English language locale file, leading to a problem when
reading PR review histories that contain comments.

This snapshot addresses this by making the newer key unique.
2024-09-18 19:46:41 +00:00
wxiaoguang
1fede04b83
Refactor CSRF protector (#32057)
Remove unused CSRF options, decouple "new csrf protector" and "prepare"
logic, do not redirect to home page if CSRF validation falis (it
shouldn't happen in daily usage, if it happens, redirecting to home
doesn't help either but just makes the problem more complex for "fetch")
2024-09-18 15:17:25 +08:00
Bruno Sofiato
7dde3e6489
Included tag search capabilities (#32045)
Resolves #31998

The first screenshot shows the tag page without any filter being
applied:


![image](https://github.com/user-attachments/assets/eac0e51c-9e48-42b2-bb1c-a25896ca40cb)

The second one, shows the page when the given filter returns no tag:


![image](https://github.com/user-attachments/assets/98df191e-1a7b-4947-b0ef-4987a0293c3e)

The last one shows a single tag being filtered:


![image](https://github.com/user-attachments/assets/79c7e05e-8c86-4f06-b17e-15818b7b9291)

Signed-off-by: Bruno Sofiato <bruno.sofiato@gmail.com>
2024-09-18 02:33:11 +08:00
GiteaBot
74550a9b94 [skip ci] Updated translations via Crowdin 2024-09-16 00:31:40 +00:00
GiteaBot
6f989fc506 [skip ci] Updated translations via Crowdin 2024-09-15 00:34:01 +00:00
Lunny Xiao
3febcaa53b
Use a common message template instead of a special one (#31878) 2024-09-14 17:17:49 +00:00
GiteaBot
20d7707124 [skip ci] Updated translations via Crowdin 2024-09-12 00:30:02 +00:00
Zettat123
def1c9670b
Support migration from AWS CodeCommit (#31981)
This PR adds support for migrating repos from [AWS
CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/welcome.html).

The access key ID and secret access key are required to get repository
information and pull requests. And [HTTPS Git
credentials](https://docs.aws.amazon.com/codecommit/latest/userguide/setting-up-gc.html)
are required to clone the repository.

<img
src="https://github.com/user-attachments/assets/82ecb2d0-8d43-42b0-b5af-f5347a13b9d0"
width="680" />

The AWS CodeCommit icon is from [AWS Architecture
Icons](https://aws.amazon.com/architecture/icons/).

<img
src="https://github.com/user-attachments/assets/3c44d21f-d753-40f5-9eae-5d3589e0d50d"
width="320" />
2024-09-11 07:49:42 +08:00
GiteaBot
972eae358d [skip ci] Updated licenses and gitignores 2024-09-09 00:31:04 +00:00
GiteaBot
df96088bc4 [skip ci] Updated translations via Crowdin 2024-09-08 00:32:28 +00:00
GiteaBot
e8b801ff02 [skip ci] Updated translations via Crowdin 2024-09-07 00:29:09 +00:00
william-allspice
e9c64f41a6
Distinguish official vs non-official reviews, add tool tips, and upgr… (#31924)
This Pull Request is a follow up to
https://github.com/go-gitea/gitea/pull/31886:

1. Adds a UI indicator between official (green) and unofficial (grey)
approved pull requests on the Pull Request page (as suggested by
@kdumontnu )
2. Adds tooltips adding clarity to the type and status of a review on
the Pull Request page (as suggested by @kdumontnu)
3. Updates text adding more clarity to required approvals (as suggested
by @kdumontnu)
4. Updates text on the branch settings page explaining what branch
approval limitations (as suggested by @yp05327)

Official approval:
<img width="376" alt="Screenshot 2024-08-26 at 1 03 52 PM"
src="https://github.com/user-attachments/assets/500f083d-bfc0-45c5-82b7-b98e20495696">

Unofficial approval:
<img width="442" alt="Screenshot 2024-08-26 at 12 53 15 PM"
src="https://github.com/user-attachments/assets/e8c565ff-5886-4ce1-8b79-a0fa26c282f7">

Rejected approval:
<img width="452" alt="Screenshot 2024-08-26 at 12 53 06 PM"
src="https://github.com/user-attachments/assets/aebc0e2f-7052-4dea-8098-7caa0db86617">

Stale approval:
<img width="546" alt="Screenshot 2024-08-26 at 1 07 59 PM"
src="https://github.com/user-attachments/assets/da599ff3-e35c-4fa3-8141-ed80b738dd77">

Requested review tooltip:
<img width="434" alt="Screenshot 2024-08-26 at 12 53 22 PM"
src="https://github.com/user-attachments/assets/460d163e-8724-43b6-8760-34b285da8fe2">

Updated text for approvals:
<img width="991" alt="Screenshot 2024-08-26 at 12 54 00 PM"
src="https://github.com/user-attachments/assets/ab3ff012-9742-4c1b-933d-21addcb89f2c">

Updated text for allowlisted/whitelisted approvals:
<img width="990" alt="Screenshot 2024-08-26 at 1 01 40 PM"
src="https://github.com/user-attachments/assets/1a5bae61-d9e0-4d96-b86f-92610b0940d1">

Protected branch settings text:
<img width="1022" alt="Screenshot 2024-08-26 at 1 01 14 PM"
src="https://github.com/user-attachments/assets/892ce208-e1c2-41f7-8fec-46d5a0e7e776">

Comments list:
<img width="1048" alt="Screenshot 2024-08-28 at 9 25 31 AM"
src="https://github.com/user-attachments/assets/9c5c00c5-06cf-43b3-b413-4f7f673609b2">

---------

Co-authored-by: Kyle D. <kdumontnu@gmail.com>
2024-09-06 06:40:02 +00:00
GiteaBot
74b1c589c6 [skip ci] Updated translations via Crowdin 2024-09-04 06:28:39 +00:00
GiteaBot
30da734f37 [skip ci] Updated translations via Crowdin 2024-09-04 05:30:04 +00:00
Lunny Xiao
a366af4b7a
Remove html tags from create tag and branch translation (#31973)
Follow #31950 and Fix the display bug of #31966 .

This will only fix the English version. I will update all these
translation files in crowdin after this merged so that all the languages
can be fixed.

And all these files should be backported together.

This PR remove the bold effect around the name when creating a new tag
or branch.
2024-09-04 12:53:55 +08:00
GiteaBot
d5f35cc54e [skip ci] Updated translations via Crowdin 2024-09-04 00:29:09 +00:00
GiteaBot
cf52cc985a [skip ci] Updated translations via Crowdin 2024-09-03 00:29:33 +00:00
Denys Konovalov
83f37f6302
Remove urls from translations (#31950)
Part of #27700

Removes all URLs from translation strings to easy up changing them in
the future and to exclude people injecting malicious URLs through
translations. First measure as long as #24402 is out of scope.
2024-09-02 18:36:24 +00:00
GiteaBot
052a8fe6cc [skip ci] Updated translations via Crowdin 2024-09-02 00:30:20 +00:00
GiteaBot
80fa8d7740 [skip ci] Updated translations via Crowdin 2024-09-01 00:35:09 +00:00
GiteaBot
1f924d845e [skip ci] Updated translations via Crowdin 2024-08-30 00:29:03 +00:00
GiteaBot
521d91944e [skip ci] Updated translations via Crowdin 2024-08-27 00:28:30 +00:00
GiteaBot
d477dd5e88 [skip ci] Updated licenses and gitignores 2024-08-26 00:28:33 +00:00
GiteaBot
41d9eaa9c0 [skip ci] Updated translations via Crowdin 2024-08-25 00:30:57 +00:00
GiteaBot
e0c27e5996 [skip ci] Updated translations via Crowdin 2024-08-22 00:27:44 +00:00