From d6d3c96e6555fc91b3e2ef21f4d8d7475564bb3e Mon Sep 17 00:00:00 2001 From: Lunny Xiao Date: Tue, 8 Oct 2024 17:51:09 +0800 Subject: [PATCH 1/7] Fix bug when a token is given public only (#32204) --- models/user/user.go | 4 + routers/api/packages/api.go | 14 +++ routers/api/v1/api.go | 131 ++++++++++++++-------- routers/api/v1/org/org.go | 2 +- routers/api/v1/repo/issue.go | 2 +- routers/api/v1/repo/repo.go | 7 +- routers/api/v1/user/user.go | 6 + services/context/api.go | 7 +- tests/integration/api_issue_test.go | 34 ++++++ tests/integration/api_repo_branch_test.go | 11 +- tests/integration/api_user_search_test.go | 13 +++ 11 files changed, 176 insertions(+), 55 deletions(-) diff --git a/models/user/user.go b/models/user/user.go index f93fba8ae0cef..d5c4833cdefa0 100644 --- a/models/user/user.go +++ b/models/user/user.go @@ -408,6 +408,10 @@ func (u *User) IsIndividual() bool { return u.Type == UserTypeIndividual } +func (u *User) IsUser() bool { + return u.Type == UserTypeIndividual || u.Type == UserTypeBot +} + // IsBot returns whether or not the user is of type bot func (u *User) IsBot() bool { return u.Type == UserTypeBot diff --git a/routers/api/packages/api.go b/routers/api/packages/api.go index 0f42e8f59ebb7..d17e4875b13a7 100644 --- a/routers/api/packages/api.go +++ b/routers/api/packages/api.go @@ -63,6 +63,20 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.Context) { ctx.Error(http.StatusUnauthorized, "reqPackageAccess", "user should have specific permission or be a site admin") return } + + // check if scope only applies to public resources + publicOnly, err := scope.PublicOnly() + if err != nil { + ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error()) + return + } + + if publicOnly { + if ctx.Package != nil && ctx.Package.Owner.Visibility.IsPrivate() { + ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public packages") + return + } + } } } diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index 5aa8ad44e5e3d..883e694e44b75 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -235,6 +235,62 @@ func reqPackageAccess(accessMode perm.AccessMode) func(ctx *context.APIContext) } } +func checkTokenPublicOnly() func(ctx *context.APIContext) { + return func(ctx *context.APIContext) { + if !ctx.PublicOnly { + return + } + + requiredScopeCategories, ok := ctx.Data["requiredScopeCategories"].([]auth_model.AccessTokenScopeCategory) + if !ok || len(requiredScopeCategories) == 0 { + return + } + + // public Only permission check + switch { + case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryRepository): + if ctx.Repo.Repository != nil && ctx.Repo.Repository.IsPrivate { + ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public repos") + return + } + case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryIssue): + if ctx.Repo.Repository != nil && ctx.Repo.Repository.IsPrivate { + ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public issues") + return + } + case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryOrganization): + if ctx.Org.Organization != nil && ctx.Org.Organization.Visibility != api.VisibleTypePublic { + ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public orgs") + return + } + if ctx.ContextUser != nil && ctx.ContextUser.IsOrganization() && ctx.ContextUser.Visibility != api.VisibleTypePublic { + ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public orgs") + return + } + case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryUser): + if ctx.ContextUser != nil && ctx.ContextUser.IsUser() && ctx.ContextUser.Visibility != api.VisibleTypePublic { + ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public users") + return + } + case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryActivityPub): + if ctx.ContextUser != nil && ctx.ContextUser.IsUser() && ctx.ContextUser.Visibility != api.VisibleTypePublic { + ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public activitypub") + return + } + case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryNotification): + if ctx.Repo.Repository != nil && ctx.Repo.Repository.IsPrivate { + ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public notifications") + return + } + case auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryPackage): + if ctx.Package != nil && ctx.Package.Owner.Visibility.IsPrivate() { + ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public packages") + return + } + } + } +} + // if a token is being used for auth, we check that it contains the required scope // if a token is not being used, reqToken will enforce other sign in methods func tokenRequiresScopes(requiredScopeCategories ...auth_model.AccessTokenScopeCategory) func(ctx *context.APIContext) { @@ -250,9 +306,6 @@ func tokenRequiresScopes(requiredScopeCategories ...auth_model.AccessTokenScopeC return } - ctx.Data["ApiTokenScopePublicRepoOnly"] = false - ctx.Data["ApiTokenScopePublicOrgOnly"] = false - // use the http method to determine the access level requiredScopeLevel := auth_model.Read if ctx.Req.Method == "POST" || ctx.Req.Method == "PUT" || ctx.Req.Method == "PATCH" || ctx.Req.Method == "DELETE" { @@ -261,29 +314,28 @@ func tokenRequiresScopes(requiredScopeCategories ...auth_model.AccessTokenScopeC // get the required scope for the given access level and category requiredScopes := auth_model.GetRequiredScopes(requiredScopeLevel, requiredScopeCategories...) - - // check if scope only applies to public resources - publicOnly, err := scope.PublicOnly() + allow, err := scope.HasScope(requiredScopes...) if err != nil { - ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error()) + ctx.Error(http.StatusForbidden, "tokenRequiresScope", "checking scope failed: "+err.Error()) return } - // this context is used by the middleware in the specific route - ctx.Data["ApiTokenScopePublicRepoOnly"] = publicOnly && auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryRepository) - ctx.Data["ApiTokenScopePublicOrgOnly"] = publicOnly && auth_model.ContainsCategory(requiredScopeCategories, auth_model.AccessTokenScopeCategoryOrganization) - - allow, err := scope.HasScope(requiredScopes...) - if err != nil { - ctx.Error(http.StatusForbidden, "tokenRequiresScope", "checking scope failed: "+err.Error()) + if !allow { + ctx.Error(http.StatusForbidden, "tokenRequiresScope", fmt.Sprintf("token does not have at least one of required scope(s): %v", requiredScopes)) return } - if allow { + ctx.Data["requiredScopeCategories"] = requiredScopeCategories + + // check if scope only applies to public resources + publicOnly, err := scope.PublicOnly() + if err != nil { + ctx.Error(http.StatusForbidden, "tokenRequiresScope", "parsing public resource scope failed: "+err.Error()) return } - ctx.Error(http.StatusForbidden, "tokenRequiresScope", fmt.Sprintf("token does not have at least one of required scope(s): %v", requiredScopes)) + // assign to true so that those searching should only filter public repositories/users/organizations + ctx.PublicOnly = publicOnly } } @@ -295,25 +347,6 @@ func reqToken() func(ctx *context.APIContext) { return } - if true == ctx.Data["IsApiToken"] { - publicRepo, pubRepoExists := ctx.Data["ApiTokenScopePublicRepoOnly"] - publicOrg, pubOrgExists := ctx.Data["ApiTokenScopePublicOrgOnly"] - - if pubRepoExists && publicRepo.(bool) && - ctx.Repo.Repository != nil && ctx.Repo.Repository.IsPrivate { - ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public repos") - return - } - - if pubOrgExists && publicOrg.(bool) && - ctx.Org.Organization != nil && ctx.Org.Organization.Visibility != api.VisibleTypePublic { - ctx.Error(http.StatusForbidden, "reqToken", "token scope is limited to public orgs") - return - } - - return - } - if ctx.IsSigned { return } @@ -879,11 +912,11 @@ func Routes() *web.Router { m.Group("/user/{username}", func() { m.Get("", activitypub.Person) m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.PersonInbox) - }, context.UserAssignmentAPI()) + }, context.UserAssignmentAPI(), checkTokenPublicOnly()) m.Group("/user-id/{user-id}", func() { m.Get("", activitypub.Person) m.Post("/inbox", activitypub.ReqHTTPSignature(), activitypub.PersonInbox) - }, context.UserIDAssignmentAPI()) + }, context.UserIDAssignmentAPI(), checkTokenPublicOnly()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryActivityPub)) } @@ -939,7 +972,7 @@ func Routes() *web.Router { }, reqSelfOrAdmin(), reqBasicOrRevProxyAuth()) m.Get("/activities/feeds", user.ListUserActivityFeeds) - }, context.UserAssignmentAPI(), individualPermsChecker) + }, context.UserAssignmentAPI(), checkTokenPublicOnly(), individualPermsChecker) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser)) // Users (requires user scope) @@ -957,7 +990,7 @@ func Routes() *web.Router { m.Get("/starred", user.GetStarredRepos) m.Get("/subscriptions", user.GetWatchedRepos) - }, context.UserAssignmentAPI()) + }, context.UserAssignmentAPI(), checkTokenPublicOnly()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser), reqToken()) // Users (requires user scope) @@ -1044,7 +1077,7 @@ func Routes() *web.Router { m.Get("", user.IsStarring) m.Put("", user.Star) m.Delete("", user.Unstar) - }, repoAssignment()) + }, repoAssignment(), checkTokenPublicOnly()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository)) m.Get("/times", repo.ListMyTrackedTimes) m.Get("/stopwatches", repo.GetStopwatches) @@ -1069,18 +1102,20 @@ func Routes() *web.Router { m.Get("", user.CheckUserBlock) m.Put("", user.BlockUser) m.Delete("", user.UnblockUser) - }, context.UserAssignmentAPI()) + }, context.UserAssignmentAPI(), checkTokenPublicOnly()) }) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser), reqToken()) // Repositories (requires repo scope, org scope) m.Post("/org/{org}/repos", + // FIXME: we need org in context tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization, auth_model.AccessTokenScopeCategoryRepository), reqToken(), bind(api.CreateRepoOption{}), repo.CreateOrgRepoDeprecated) // requires repo scope + // FIXME: Don't expose repository id outside of the system m.Combo("/repositories/{id}", reqToken(), tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository)).Get(repo.GetByID) // Repos (requires repo scope) @@ -1334,7 +1369,7 @@ func Routes() *web.Router { m.Post("", bind(api.UpdateRepoAvatarOption{}), repo.UpdateAvatar) m.Delete("", repo.DeleteAvatar) }, reqAdmin(), reqToken()) - }, repoAssignment()) + }, repoAssignment(), checkTokenPublicOnly()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryRepository)) // Notifications (requires notifications scope) @@ -1343,7 +1378,7 @@ func Routes() *web.Router { m.Combo("/notifications", reqToken()). Get(notify.ListRepoNotifications). Put(notify.ReadRepoNotifications) - }, repoAssignment()) + }, repoAssignment(), checkTokenPublicOnly()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryNotification)) // Issue (requires issue scope) @@ -1457,7 +1492,7 @@ func Routes() *web.Router { Patch(reqToken(), reqRepoWriter(unit.TypeIssues, unit.TypePullRequests), bind(api.EditMilestoneOption{}), repo.EditMilestone). Delete(reqToken(), reqRepoWriter(unit.TypeIssues, unit.TypePullRequests), repo.DeleteMilestone) }) - }, repoAssignment()) + }, repoAssignment(), checkTokenPublicOnly()) }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryIssue)) // NOTE: these are Gitea package management API - see packages.CommonRoutes and packages.DockerContainerRoutes for endpoints that implement package manager APIs @@ -1468,14 +1503,14 @@ func Routes() *web.Router { m.Get("/files", reqToken(), packages.ListPackageFiles) }) m.Get("/", reqToken(), packages.ListPackages) - }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryPackage), context.UserAssignmentAPI(), context.PackageAssignmentAPI(), reqPackageAccess(perm.AccessModeRead)) + }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryPackage), context.UserAssignmentAPI(), context.PackageAssignmentAPI(), reqPackageAccess(perm.AccessModeRead), checkTokenPublicOnly()) // Organizations m.Get("/user/orgs", reqToken(), tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), org.ListMyOrgs) m.Group("/users/{username}/orgs", func() { m.Get("", reqToken(), org.ListUserOrgs) m.Get("/{org}/permissions", reqToken(), org.GetUserOrgsPermissions) - }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context.UserAssignmentAPI()) + }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryUser, auth_model.AccessTokenScopeCategoryOrganization), context.UserAssignmentAPI(), checkTokenPublicOnly()) m.Post("/orgs", tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), reqToken(), bind(api.CreateOrgOption{}), org.Create) m.Get("/orgs", org.GetAll, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization)) m.Group("/orgs/{org}", func() { @@ -1533,7 +1568,7 @@ func Routes() *web.Router { m.Delete("", org.UnblockUser) }) }, reqToken(), reqOrgOwnership()) - }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), orgAssignment(true)) + }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), orgAssignment(true), checkTokenPublicOnly()) m.Group("/teams/{teamid}", func() { m.Combo("").Get(reqToken(), org.GetTeam). Patch(reqToken(), reqOrgOwnership(), bind(api.EditTeamOption{}), org.EditTeam). @@ -1553,7 +1588,7 @@ func Routes() *web.Router { Get(reqToken(), org.GetTeamRepo) }) m.Get("/activities/feeds", org.ListTeamActivityFeeds) - }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), orgAssignment(false, true), reqToken(), reqTeamMembership()) + }, tokenRequiresScopes(auth_model.AccessTokenScopeCategoryOrganization), orgAssignment(false, true), reqToken(), reqTeamMembership(), checkTokenPublicOnly()) m.Group("/admin", func() { m.Group("/cron", func() { diff --git a/routers/api/v1/org/org.go b/routers/api/v1/org/org.go index e848d95181094..9e5874627298d 100644 --- a/routers/api/v1/org/org.go +++ b/routers/api/v1/org/org.go @@ -191,7 +191,7 @@ func GetAll(ctx *context.APIContext) { // "$ref": "#/responses/OrganizationList" vMode := []api.VisibleType{api.VisibleTypePublic} - if ctx.IsSigned { + if ctx.IsSigned && !ctx.PublicOnly { vMode = append(vMode, api.VisibleTypeLimited) if ctx.Doer.IsAdmin { vMode = append(vMode, api.VisibleTypePrivate) diff --git a/routers/api/v1/repo/issue.go b/routers/api/v1/repo/issue.go index c1218440e5958..d8c39b0f69bfa 100644 --- a/routers/api/v1/repo/issue.go +++ b/routers/api/v1/repo/issue.go @@ -149,7 +149,7 @@ func SearchIssues(ctx *context.APIContext) { Actor: ctx.Doer, } if ctx.IsSigned { - opts.Private = true + opts.Private = !ctx.PublicOnly opts.AllLimited = true } if ctx.FormString("owner") != "" { diff --git a/routers/api/v1/repo/repo.go b/routers/api/v1/repo/repo.go index 6c1a94ee168a9..4638e2ba5c3a7 100644 --- a/routers/api/v1/repo/repo.go +++ b/routers/api/v1/repo/repo.go @@ -129,6 +129,11 @@ func Search(ctx *context.APIContext) { // "422": // "$ref": "#/responses/validationError" + private := ctx.IsSigned && (ctx.FormString("private") == "" || ctx.FormBool("private")) + if ctx.PublicOnly { + private = false + } + opts := &repo_model.SearchRepoOptions{ ListOptions: utils.GetListOptions(ctx), Actor: ctx.Doer, @@ -138,7 +143,7 @@ func Search(ctx *context.APIContext) { TeamID: ctx.FormInt64("team_id"), TopicOnly: ctx.FormBool("topic"), Collaborate: optional.None[bool](), - Private: ctx.IsSigned && (ctx.FormString("private") == "" || ctx.FormBool("private")), + Private: private, Template: optional.None[bool](), StarredByID: ctx.FormInt64("starredBy"), IncludeDescription: ctx.FormBool("includeDesc"), diff --git a/routers/api/v1/user/user.go b/routers/api/v1/user/user.go index 2c277a18c739a..a9011427fb577 100644 --- a/routers/api/v1/user/user.go +++ b/routers/api/v1/user/user.go @@ -9,6 +9,7 @@ import ( activities_model "code.gitea.io/gitea/models/activities" user_model "code.gitea.io/gitea/models/user" + "code.gitea.io/gitea/modules/structs" "code.gitea.io/gitea/routers/api/v1/utils" "code.gitea.io/gitea/services/context" "code.gitea.io/gitea/services/convert" @@ -67,12 +68,17 @@ func Search(ctx *context.APIContext) { maxResults = 1 users = []*user_model.User{user_model.NewActionsUser()} default: + var visible []structs.VisibleType + if ctx.PublicOnly { + visible = []structs.VisibleType{structs.VisibleTypePublic} + } users, maxResults, err = user_model.SearchUsers(ctx, &user_model.SearchUserOptions{ Actor: ctx.Doer, Keyword: ctx.FormTrim("q"), UID: uid, Type: user_model.UserTypeIndividual, SearchByEmail: true, + Visible: visible, ListOptions: listOptions, }) if err != nil { diff --git a/services/context/api.go b/services/context/api.go index 84da526e748f8..00cfd6afd92dd 100644 --- a/services/context/api.go +++ b/services/context/api.go @@ -35,9 +35,10 @@ type APIContext struct { ContextUser *user_model.User // the user which is being visited, in most cases it differs from Doer - Repo *Repository - Org *APIOrganization - Package *Package + Repo *Repository + Org *APIOrganization + Package *Package + PublicOnly bool // Whether the request is for a public endpoint } func init() { diff --git a/tests/integration/api_issue_test.go b/tests/integration/api_issue_test.go index 8bfb6fabe2a49..5b9f16ef96dc7 100644 --- a/tests/integration/api_issue_test.go +++ b/tests/integration/api_issue_test.go @@ -75,6 +75,34 @@ func TestAPIListIssues(t *testing.T) { } } +func TestAPIListIssuesPublicOnly(t *testing.T) { + defer tests.PrepareTestEnv(t)() + + repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 1}) + owner1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo1.OwnerID}) + + session := loginUser(t, owner1.Name) + token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue) + link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/issues", owner1.Name, repo1.Name)) + link.RawQuery = url.Values{"state": {"all"}}.Encode() + req := NewRequest(t, "GET", link.String()).AddTokenAuth(token) + MakeRequest(t, req, http.StatusOK) + + repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 2}) + owner2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: repo2.OwnerID}) + + session = loginUser(t, owner2.Name) + token = getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue) + link, _ = url.Parse(fmt.Sprintf("/api/v1/repos/%s/%s/issues", owner2.Name, repo2.Name)) + link.RawQuery = url.Values{"state": {"all"}}.Encode() + req = NewRequest(t, "GET", link.String()).AddTokenAuth(token) + MakeRequest(t, req, http.StatusOK) + + publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadIssue, auth_model.AccessTokenScopePublicOnly) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken) + MakeRequest(t, req, http.StatusForbidden) +} + func TestAPICreateIssue(t *testing.T) { defer tests.PrepareTestEnv(t)() const body, title = "apiTestBody", "apiTestTitle" @@ -243,6 +271,12 @@ func TestAPISearchIssues(t *testing.T) { DecodeJSON(t, resp, &apiIssues) assert.Len(t, apiIssues, expectedIssueCount) + publicOnlyToken := getUserToken(t, "user1", auth_model.AccessTokenScopeReadIssue, auth_model.AccessTokenScopePublicOnly) + req = NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken) + resp = MakeRequest(t, req, http.StatusOK) + DecodeJSON(t, resp, &apiIssues) + assert.Len(t, apiIssues, 15) // 15 public issues + since := "2000-01-01T00:50:01+00:00" // 946687801 before := time.Unix(999307200, 0).Format(time.RFC3339) query.Add("since", since) diff --git a/tests/integration/api_repo_branch_test.go b/tests/integration/api_repo_branch_test.go index b0ac2286c9426..63080b308cfec 100644 --- a/tests/integration/api_repo_branch_test.go +++ b/tests/integration/api_repo_branch_test.go @@ -28,9 +28,13 @@ func TestAPIRepoBranchesPlain(t *testing.T) { repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3}) user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1}) session := loginUser(t, user1.LowerName) - token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository) + // public only token should be forbidden + publicOnlyToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteRepository) link, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches", repo3.Name)) // a plain repo + MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden) + + token := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeWriteRepository) resp := MakeRequest(t, NewRequest(t, "GET", link.String()).AddTokenAuth(token), http.StatusOK) bs, err := io.ReadAll(resp.Body) assert.NoError(t, err) @@ -42,6 +46,8 @@ func TestAPIRepoBranchesPlain(t *testing.T) { assert.EqualValues(t, "master", branches[1].Name) link2, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch", repo3.Name)) + MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden) + resp = MakeRequest(t, NewRequest(t, "GET", link2.String()).AddTokenAuth(token), http.StatusOK) bs, err = io.ReadAll(resp.Body) assert.NoError(t, err) @@ -49,6 +55,8 @@ func TestAPIRepoBranchesPlain(t *testing.T) { assert.NoError(t, json.Unmarshal(bs, &branch)) assert.EqualValues(t, "test_branch", branch.Name) + MakeRequest(t, NewRequest(t, "POST", link.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden) + req := NewRequest(t, "POST", link.String()).AddTokenAuth(token) req.Header.Add("Content-Type", "application/json") req.Body = io.NopCloser(bytes.NewBufferString(`{"new_branch_name":"test_branch2", "old_branch_name": "test_branch", "old_ref_name":"refs/heads/test_branch"}`)) @@ -73,6 +81,7 @@ func TestAPIRepoBranchesPlain(t *testing.T) { link3, _ := url.Parse(fmt.Sprintf("/api/v1/repos/org3/%s/branches/test_branch2", repo3.Name)) MakeRequest(t, NewRequest(t, "DELETE", link3.String()), http.StatusNotFound) + MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(publicOnlyToken), http.StatusForbidden) MakeRequest(t, NewRequest(t, "DELETE", link3.String()).AddTokenAuth(token), http.StatusNoContent) assert.NoError(t, err) diff --git a/tests/integration/api_user_search_test.go b/tests/integration/api_user_search_test.go index ff4671c54e94a..e9805a5139345 100644 --- a/tests/integration/api_user_search_test.go +++ b/tests/integration/api_user_search_test.go @@ -38,6 +38,19 @@ func TestAPIUserSearchLoggedIn(t *testing.T) { assert.Contains(t, user.UserName, query) assert.NotEmpty(t, user.Email) } + + publicToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopeReadUser, auth_model.AccessTokenScopePublicOnly) + req = NewRequestf(t, "GET", "/api/v1/users/search?q=%s", query). + AddTokenAuth(publicToken) + resp = MakeRequest(t, req, http.StatusOK) + results = SearchResults{} + DecodeJSON(t, resp, &results) + assert.NotEmpty(t, results.Data) + for _, user := range results.Data { + assert.Contains(t, user.UserName, query) + assert.NotEmpty(t, user.Email) + assert.True(t, user.Visibility == "public") + } } func TestAPIUserSearchNotLoggedIn(t *testing.T) { From 2e12343fc4ca96a215d6820c4467b619eaa5cbe9 Mon Sep 17 00:00:00 2001 From: cloudchamb3r Date: Wed, 9 Oct 2024 02:27:05 +0900 Subject: [PATCH 2/7] Add null check for responseData.invalidTopics (#32212) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Screenshot 2024-10-08 at 10 49 10 AM `responseData.invalidTopics` can be null but it wasn't handled. --- web_src/js/features/repo-home.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/web_src/js/features/repo-home.ts b/web_src/js/features/repo-home.ts index f3e39ddb3c1ae..ed1415d286a8d 100644 --- a/web_src/js/features/repo-home.ts +++ b/web_src/js/features/repo-home.ts @@ -60,7 +60,7 @@ export function initRepoTopicBar() { // how to test: input topic like " invalid topic " (with spaces), and select it from the list, then "Save" const responseData = await response.json(); lastErrorToast = showErrorToast(responseData.message, {duration: 5000}); - if (responseData.invalidTopics.length > 0) { + if (responseData.invalidTopics && responseData.invalidTopics.length > 0) { const {invalidTopics} = responseData; const topicLabels = queryElemChildren(topicDropdown, 'a.ui.label'); for (const [index, value] of topics.split(',').entries()) { From f9a9b08896fe6fa88331fd58a1767e3981a79a8d Mon Sep 17 00:00:00 2001 From: GiteaBot Date: Wed, 9 Oct 2024 00:31:01 +0000 Subject: [PATCH 3/7] [skip ci] Updated translations via Crowdin --- options/locale/locale_fr-FR.ini | 6 +- options/locale/locale_ga-IE.ini | 519 ++++++++++++++++++++++++++++++-- 2 files changed, 505 insertions(+), 20 deletions(-) diff --git a/options/locale/locale_fr-FR.ini b/options/locale/locale_fr-FR.ini index e64c85b7a4e50..f58ce74564abe 100644 --- a/options/locale/locale_fr-FR.ini +++ b/options/locale/locale_fr-FR.ini @@ -580,6 +580,8 @@ lang_select_error=Sélectionnez une langue dans la liste. username_been_taken=Le nom d'utilisateur est déjà pris. username_change_not_local_user=Les utilisateurs non-locaux n'ont pas le droit de modifier leur nom d'utilisateur. +change_username_disabled=Le changement de nom d’utilisateur est désactivé. +change_full_name_disabled=Le changement de nom complet est désactivé. username_has_not_been_changed=Le nom d'utilisateur n'a pas été modifié repo_name_been_taken=Ce nom de dépôt est déjà utilisé. repository_force_private=Force Private est activé : les dépôts privés ne peuvent pas être rendus publics. @@ -1039,6 +1041,7 @@ issue_labels_helper=Sélectionner un jeu de label. license=Licence license_helper=Sélectionner une licence license_helper_desc=Une licence réglemente ce que les autres peuvent ou ne peuvent pas faire avec votre code. Vous ne savez pas laquelle est la bonne pour votre projet ? Comment choisir une licence. +multiple_licenses=Licences multiples object_format=Format d'objet object_format_helper=Format d’objet pour ce dépôt. Ne peut être modifié plus tard. SHA1 est le plus compatible. readme=LISEZMOI @@ -1834,7 +1837,7 @@ pulls.is_empty=Les changements sur cette branche sont déjà sur la branche cibl pulls.required_status_check_failed=Certains contrôles requis n'ont pas réussi. pulls.required_status_check_missing=Certains contrôles requis sont manquants. pulls.required_status_check_administrator=En tant qu'administrateur, vous pouvez toujours fusionner cette requête de pull. -pulls.blocked_by_approvals=Cette demande d'ajout n’est pas suffisamment approuvée. %d approbations obtenues sur %d. +pulls.blocked_by_approvals=Cette demande d’ajout n’est pas suffisamment approuvée. %d approbations obtenues sur %d. pulls.blocked_by_approvals_whitelisted=Cette demande d’ajout n’a pas encore assez d’approbations. %d sur %d approbations de la part des utilisateurs ou équipes sur la liste autorisée. pulls.blocked_by_rejection=Cette demande d’ajout nécessite des corrections sollicitées par un évaluateur officiel. pulls.blocked_by_official_review_requests=Cette demande d’ajout a des sollicitations officielles d’évaluation. @@ -2940,6 +2943,7 @@ dashboard.start_schedule_tasks=Démarrer les tâches planifiées dashboard.sync_branch.started=Début de la synchronisation des branches dashboard.sync_tag.started=Synchronisation des étiquettes dashboard.rebuild_issue_indexer=Reconstruire l’indexeur des tickets +dashboard.sync_repo_licenses=Synchroniser les licences du dépôt users.user_manage_panel=Gestion du compte utilisateur users.new_account=Créer un compte diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini index 82209b1b11802..5ccbc4315f1c5 100644 --- a/options/locale/locale_ga-IE.ini +++ b/options/locale/locale_ga-IE.ini @@ -2890,17 +2890,167 @@ dashboard.delete_generated_repository_avatars=Scrios abhatáranna stórtha ginte dashboard.sync_repo_branches=Sync brainsí caillte ó shonraí git go bunachair sonraí dashboard.sync_repo_tags=Clibeanna sioncraigh ó shonraí git go bunachar sonraí dashboard.update_mirrors=Scátháin a nuashonrú +dashboard.repo_health_check=Seiceáil sláinte gach stóras +dashboard.check_repo_stats=Seiceáil gach staitisticí stórais +dashboard.archive_cleanup=Scrios sean-chartlanna stórais +dashboard.deleted_branches_cleanup=Brainsí scriosta a ghlanadh +dashboard.update_migration_poster_id=Nuashonraigh ID póstaer imir +dashboard.git_gc_repos=Bailíonn truflais gach stórais +dashboard.resync_all_sshkeys=Nuashonraigh an comhad '.ssh/authorized_keys' le heochracha Gitea SSH. +dashboard.resync_all_sshprincipals=Nuashonraigh an comhad '.ssh/authorized_principals' le príomhphrionsabail Gitea SSH. +dashboard.resync_all_hooks=Athshioncrónaigh crúcaí réamhfhála, nuashonraithe agus iar-fhála na stórtha go léir. +dashboard.reinit_missing_repos=Aththosaigh gach stórais Git atá in easnamh a bhfuil taifid ann dóibh +dashboard.sync_external_users=Sioncrónaigh sonraí úsáideoirí seachtracha +dashboard.cleanup_hook_task_table=Tábla hook_task glantacháin +dashboard.cleanup_packages=Pacáistí glanta in éag +dashboard.cleanup_actions=Gníomhaíochtaí glanta in éag acmhainní +dashboard.server_uptime=Aga fónaimh Freastalaí +dashboard.current_goroutine=Goroutines Reatha +dashboard.current_memory_usage=Úsáid Cuimhne Reatha +dashboard.total_memory_allocated=Cuimhne Iomlán Leithdháilte +dashboard.memory_obtained=Cuimhne Faighte +dashboard.pointer_lookup_times=Amanna Cuardaigh Pointeora +dashboard.memory_allocate_times=Leithdháiltí Cuimhne +dashboard.memory_free_times=Saorálann Cuimhne +dashboard.current_heap_usage=Úsáid Charn Reatha +dashboard.heap_memory_obtained=Cuimhne Charn Faighte +dashboard.heap_memory_idle=Díomhaoin Cuimhne Carn +dashboard.heap_memory_in_use=Cuimhne Carm In Úsáid +dashboard.heap_memory_released=Cuimhne Carn Eisithe +dashboard.heap_objects=Cuspóirí Carn +dashboard.bootstrap_stack_usage=Úsáid Staca Bootstrap +dashboard.stack_memory_obtained=Cuimhne Staca Faighte +dashboard.mspan_structures_usage=Úsáid Struchtúir MSpan +dashboard.mspan_structures_obtained=Struchtúir MSpan a Faightear +dashboard.mcache_structures_usage=Úsáid Struchtúir MCache +dashboard.mcache_structures_obtained=Struchtúir MCache a Faightear +dashboard.profiling_bucket_hash_table_obtained=Tábla Hash Buicéad Próifílithe a Faightear +dashboard.gc_metadata_obtained=Meiteashonraí GC faighte +dashboard.other_system_allocation_obtained=Leithdháileadh Córais Eile a Fuarthas +dashboard.next_gc_recycle=Athchúrsáil GC Eile +dashboard.last_gc_time=Ó Am Deiridh GC +dashboard.total_gc_time=Sos Iomlán GC +dashboard.total_gc_pause=Sos Iomlán GC +dashboard.last_gc_pause=Sos GC Deireanach +dashboard.gc_times=Amanna GC +dashboard.delete_old_actions=Scrios gach sean-ghníomhaíocht ón mbunachar +dashboard.delete_old_actions.started=Scrios na sean-ghníomhaíocht go léir ón mbunachar sonraí tosaithe. +dashboard.update_checker=Seiceoir nuashonraithe +dashboard.delete_old_system_notices=Scrios gach seanfhógra córais ón mbunachar sonraí +dashboard.gc_lfs=Bailigh truflais meta rudaí LFS +dashboard.stop_zombie_tasks=Stad gníomhartha tascanna zombie +dashboard.stop_endless_tasks=Stad gníomhartha tascanna gan deireadh +dashboard.cancel_abandoned_jobs=Cealaigh gníomhartha poist tréigthe +dashboard.start_schedule_tasks=Tosaigh tascanna sceideal gníom +dashboard.sync_branch.started=Thosaigh Brainsí Sioncronú +dashboard.sync_tag.started=Clibeanna Thosaigh Sioncronú +dashboard.rebuild_issue_indexer=Atógáil innéacsóir eisiúna dashboard.sync_repo_licenses=Sioncronaigh ceadúnais repo +users.user_manage_panel=Bainistíocht Cuntas Úsáideora +users.new_account=Cruthaigh cuntas Úsáideora +users.name=Ainm úsáideora users.full_name=Ainm Iomlán +users.activated=Gníomhachtaithe +users.admin=Riarachán +users.restricted=Srianta +users.reserved=In áirithe +users.bot=Bota +users.remote=Iargúlta +users.2fa=2FA +users.repos=Stórais +users.created=Cruthaithe +users.last_login=Sínigh Isteach Deiridh +users.never_login=Ná Sínigh Isteach riamh +users.send_register_notify=Seol Fógra um Chlárú Úsáideora +users.new_success=Tá an cuntas úsáideora "%s" cruthaithe. +users.edit=Eagar +users.auth_source=Foinse Fíordheimhnithe +users.local=Áitiúil +users.auth_login_name=Ainm Síniú Isteach Fíordheimhnithe +users.password_helper=Fág an pasfhocal folamh chun é a choinneáil gan athrú. +users.update_profile_success=Nuashonraíodh an cuntas úsáideora. +users.edit_account=Cuir Cuntas Úsáideora in Eagar +users.max_repo_creation=Uasmhéid Stóras +users.max_repo_creation_desc=(Cuir isteach -1 chun an teorainn réamhshocraithe domhanda a úsáid.) +users.is_activated=Gníomhachtaítear Cuntas Úsáideora +users.prohibit_login=Díchumasaigh Síniú Isteach +users.is_admin=Is Riarthóir +users.is_restricted=Is Srianta +users.allow_git_hook=Féadfaidh Git Hooks a Chruthú +users.allow_git_hook_tooltip=Déantar Git Hooks a fhorghníomhú mar úsáideoir OS a ritheann Gitea agus beidh an leibhéal céanna rochtana óstaigh aige. Mar thoradh air sin, is féidir le húsáideoirí a bhfuil an phribhléid speisialta Git Hook seo acu rochtain a fháil ar gach stór Gitea agus iad a mhodhnú chomh maith leis an mbunachar sonraí a úsáideann Gitea. Dá bharr sin tá siad in ann pribhléidí riarthóra Gitea a fháil freisin. +users.allow_import_local=Is féidir Stórais Áitiúla a Allmhairiú +users.allow_create_organization=Is féidir Eagraíochtaí a Chruthú +users.update_profile=Nuashonraigh Cuntas Úsáideora +users.delete_account=Scrios Cuntas Úsáide +users.cannot_delete_self=Ní féidir leat tú féin a scriosadh +users.still_own_repo=Tá stórais amháin nó níos mó fós ag an úsáideoir seo. Scrios nó aistrigh na stórais seo ar dtús. +users.still_has_org=Is ball d'eagraíocht é an t-úsáideoir seo. Bain an t-úsáideoir ó aon eagraíochtaí ar dtús. +users.purge=Úsáideoir a Ghlanadh +users.purge_help=Scrios go héigeantach úsáideoir agus aon stórais, eagraíochtaí agus pacáistí atá faoi úinéireacht an úsáideora. Scriosfar gach trácht freisin. +users.still_own_packages=Tá pacáiste amháin nó níos mó fós ag an úsáideoir seo, scrios na pacáistí seo ar dtús. +users.deletion_success=Scriosadh an cuntas úsáideora. +users.reset_2fa=Athshocraigh 2FA +users.list_status_filter.menu_text=Scagaire +users.list_status_filter.reset=Athshocraigh users.list_status_filter.is_active=Gníomhach - - +users.list_status_filter.not_active=Neamhghníomhach +users.list_status_filter.is_admin=Riarachán +users.list_status_filter.not_admin=Ní Riarachán +users.list_status_filter.is_restricted=Srianta +users.list_status_filter.not_restricted=Gan Srian +users.list_status_filter.is_prohibit_login=Cosc ar Logáil Isteach +users.list_status_filter.not_prohibit_login=Ceadaigh Logáil isteach +users.list_status_filter.is_2fa_enabled=2FA Cumasaithe +users.list_status_filter.not_2fa_enabled=2FA faoi mhíchumas +users.details=Sonraí Úsáideora + +emails.email_manage_panel=Bainistíocht Ríomhphost Úsáideoir +emails.primary=Bunscoile +emails.activated=Gníomhachtaithe +emails.filter_sort.email=Ríomhphost +emails.filter_sort.email_reverse=Ríomhphost (droim ar ais) +emails.filter_sort.name=Ainm Úsáideora +emails.filter_sort.name_reverse=Ainm Úsáideora (droim ar ais) +emails.updated=Nuashonraíodh an ríomhphost +emails.not_updated=Theip ar an seoladh ríomhphoist iarrtha a nuashonrú: %v +emails.duplicate_active=Tá an seoladh ríomhphoist seo gníomhach cheana féin d'úsáideoir difriúil. +emails.change_email_header=Nuashonraigh Airíonna Ríomhphoist +emails.change_email_text=An bhfuil tú cinnte gur mhaith leat an seoladh ríomhphoist seo a nuashonrú? +emails.delete=Scrios Ríomhphost +emails.delete_desc=An bhfuil tú cinnte gur mhaith leat an seoladh ríomhphoist seo a scriosadh? +emails.deletion_success=Tá an seoladh ríomhphoist scriosta. +emails.delete_primary_email_error=Ní féidir leat an ríomhphost príomhúil a scriosadh. + +orgs.org_manage_panel=Bainistíocht Eagraíochta +orgs.name=Ainm orgs.teams=Foirne +orgs.members=Comhaltaí +orgs.new_orga=Eagraíocht Nua +repos.repo_manage_panel=Bainistíocht Stórais +repos.unadopted=Stórais Neamhghlactha +repos.unadopted.no_more=Níor aimsíodh níos mó stórais neamhghlactha repos.owner=Úinéir - +repos.name=Ainm +repos.private=Príobháideach +repos.issues=Saincheisteanna +repos.size=Méid +repos.lfs_size=Méid LFS + +packages.package_manage_panel=Bainistíocht Pacáiste +packages.total_size=Méid Iomlán: %s +packages.unreferenced_size=Méid gan tagairt: %s +packages.cleanup=Glan suas sonraí in éag +packages.cleanup.success=Glanadh suas sonraí in éag go rathúil packages.owner=Úinéir +packages.creator=Cruthaitheoir +packages.name=Ainm +packages.version=Leagan +packages.type=Cineál +packages.repository=Stóráil +packages.size=Méid +packages.published=Foilsithe defaulthooks=Réamhshocraithe Crúcaí Gréasán defaulthooks.desc=Déanann Crúcaí Gréasán iarratais HTTP POST go huathoibríoch chuig freastalaí nuair a chuireann imeachtaí áirithe Gitea tús. Is mainneachtainí iad na cuacha gréasáin a shainítear anseo agus déanfar iad a chóipeáil isteach i ngach stórais nua. Léigh tuilleadh sa treoir chúca Crúcaí Gréasán. @@ -2912,49 +3062,375 @@ systemhooks.desc=Déanann Crúcaí Gréasán iarratais HTTP POST go huathoibrío systemhooks.add_webhook=Cuir Crúca Gréasán Córas leis systemhooks.update_webhook=Nuashonraigh Córas Crúca Gréasán +auths.auth_manage_panel=Bainistiú Foinse Fíordheimhnithe +auths.new=Cuir Foinse Fíordheimhni +auths.name=Ainm +auths.type=Cineál +auths.enabled=Cumasaithe +auths.syncenabled=Cumasaigh Sioncrónú Úsáideora auths.updated=Nuashonraithe +auths.auth_type=Cineál Fíordheimhnithe +auths.auth_name=Ainm Fíordheimhnithe +auths.security_protocol=Prótacal Slándála auths.domain=Fearann - - - - - +auths.host=Óstach +auths.port=Calafort +auths.bind_dn=Ceangail DN +auths.bind_password=Ceangail Pasfhocal +auths.user_base=Bonn Cuardaigh Úsáideora +auths.user_dn=Úsáideoir DN +auths.attribute_username=Tréith Ainm Úsáideora +auths.attribute_username_placeholder=Fág folamh chun an t-ainm úsáideora a iontráiltear i Gitea a úsáid. +auths.attribute_name=Tréith Céad Ainm +auths.attribute_surname=Tréith Sloinne +auths.attribute_mail=Tréith ríomhphoist +auths.attribute_ssh_public_key=Tréith Eochair SSH Phoiblí +auths.attribute_avatar=Tréith Avatar +auths.attributes_in_bind=Faigh tréithe i gComhthéacs Bind DN +auths.allow_deactivate_all=Lig do thoradh cuardaigh folamh gach úsáideoir a dhíghníomhachtú +auths.use_paged_search=Úsáid Cuardach Leathanaigh +auths.search_page_size=Méid an Leathanaigh +auths.filter=Scagaire Úsáideora +auths.admin_filter=Scagaire Riaracháin +auths.restricted_filter=Scagaire Srianta +auths.restricted_filter_helper=Fág folamh chun aon úsáideoirí a shocrú mar theoranta. Úsáid réiltín ('*') chun gach úsáideoir nach meaitseálann Scagaire Riaracháin a shocrú mar theoranta. +auths.verify_group_membership=Fíoraigh ballraíocht ghrúpa i LDAP (fág an scagaire folamh le scipeáil) +auths.group_search_base=Bonn Cuardaigh Grúpa DN +auths.group_attribute_list_users=Tréith Grúpa ina bhfuil Liosta Úsáideoirí +auths.user_attribute_in_group=Tréith Úsáideora atá Liostaithe i nGrúpa +auths.map_group_to_team=Léarscáil grúpaí LDAP chuig foirne na hEagraíochta (fág an réimse folamh le scipeáil) +auths.map_group_to_team_removal=Bain úsáideoirí ó fhoirne sioncronaithe mura mbaineann an t-úsáideoir leis an ngrúpa comhfhreagrach LDAP +auths.enable_ldap_groups=Cumasaigh grúpaí LDAP +auths.ms_ad_sa=MS AD Tréithe Cuardaigh +auths.smtp_auth=Cineál Fíordheimhnithe SMTP +auths.smtphost=Óstach SMTP +auths.smtpport=SMTP Calafort +auths.allowed_domains=Fearainn Ceadaithe +auths.allowed_domains_helper=Fág folamh chun gach fearann a cheadú. Déan ilfhearann a scaradh le camóg (','). +auths.skip_tls_verify=Scipeáil Fíorú TLS +auths.force_smtps=Fórsa SMTPS +auths.force_smtps_helper=Úsáidtear SMTPS i gcónaí ar chalafort 465. Socraigh é seo chun SMTPS a chur i bhfeidhm ar chalafoirt eile. (Seachas sin úsáidfear STARTTLS ar chalafoirt eile má thacaíonn an t-óstach leis.) +auths.helo_hostname=Ainm Óstach HELO +auths.helo_hostname_helper=Ainm óstach a sheoltar le HELO. Fág bán chun an t-ainm óstach reatha a sheoladh. +auths.disable_helo=Díchumasaigh HELO +auths.pam_service_name=Ainm Seirbhíse PAM +auths.pam_email_domain=Fearann Ríomhphoist PAM (roghnach) +auths.oauth2_provider=Soláthraí OAuth2 +auths.oauth2_icon_url=URL deilbhín +auths.oauth2_clientID=Aitheantas Cliant (Eochair) +auths.oauth2_clientSecret=Rúnda Cliant +auths.openIdConnectAutoDiscoveryURL=URL Fionnachtana Uathoibríoch OpenID Connect +auths.oauth2_use_custom_url=Úsáid URLanna Saincheaptha in ionad URLanna Réamhshocraithe +auths.oauth2_tokenURL=URL Comhartha +auths.oauth2_authURL=Údaraigh URL +auths.oauth2_profileURL=URL Próifíl +auths.oauth2_emailURL=URL ríomhphoist +auths.skip_local_two_fa=Scipeáil 2FA áitiúil +auths.skip_local_two_fa_helper=Ciallaíonn fágáil gan socrú go mbeidh ar úsáideoirí áitiúla a bhfuil tacar 2FA acu 2FA a rith fós chun logáil isteach +auths.oauth2_tenant=Tionónta +auths.oauth2_scopes=Scóipeanna Breise +auths.oauth2_required_claim_name=Ainm Éilimh Riachtanach +auths.oauth2_required_claim_name_helper=Socraigh an t-ainm seo chun logáil isteach ón bhfoinse seo a shrianadh d'úsáideoirí a bhfuil éileamh acu leis an ainm seo +auths.oauth2_required_claim_value=Luach Éilimh Riachtanach +auths.oauth2_required_claim_value_helper=Socraigh an luach seo chun logáil isteach ón bhfoinse seo a shrianadh chuig úsáideoirí a bhfuil éileamh acu leis an ainm agus an luach seo +auths.oauth2_group_claim_name=Ainm éileamh ag soláthar ainmneacha grúpa don fhoinse seo (Roghnach) +auths.oauth2_admin_group=Luach Éilimh Grúpa d'úsáideoirí riarthóra. (Roghnach - teastaíonn ainm éilimh thuas) +auths.oauth2_restricted_group=Luach Éilimh Grúpa d'úsáideoirí srianta. (Roghnach - teastaíonn ainm éilimh thuas) +auths.oauth2_map_group_to_team=Map mhaígh grúpaí chuig foirne Eagraíochta. (Roghnach - éilíonn ainm an éilimh thuas) +auths.oauth2_map_group_to_team_removal=Bain úsáideoirí ó fhoirne sioncronaithe mura mbaineann an t-úsáideoir leis an ngrúpa comhfhreagrach. +auths.enable_auto_register=Cumasaigh Clárú Auto +auths.sspi_auto_create_users=Cruthaigh úsáideoirí go huathoibríoch +auths.sspi_auto_create_users_helper=Lig do mhodh auth SSPI cuntais nua a chruthú go huathoibríoch d'úsáideoirí a logálann isteach den chéad uair +auths.sspi_auto_activate_users=Gníomhachtaigh úsáideoirí go huathoibríoch +auths.sspi_auto_activate_users_helper=Lig modh auth SSPI úsáideoirí nua a ghníomhachtú go huathoibríoch +auths.sspi_strip_domain_names=Bain ainmneacha fearann ó ainm úsáideora +auths.sspi_strip_domain_names_helper=Má dhéantar iad a sheiceáil, bainfear ainmneacha fearainn ó ainmneacha logála isteach (m.sh. Beidh “DOMAIN\ user” agus "user@example.org" araon ní bheidh ach “úsáideoir”). +auths.sspi_separator_replacement=Deighilteoir le húsáid in ionad\,/agus @ +auths.sspi_separator_replacement_helper=An carachtar a úsáidfear chun na deighilteoirí a chur in ionad na n-ainmneacha logála síos-leibhéil (m.sh. an \ i "DOMAIN\úsáideoir") agus ainmneacha príomhoidí úsáideora (m.sh. an @ in "user@example.org"). +auths.sspi_default_language=Teanga úsáideora réamhshocraithe +auths.sspi_default_language_helper=Teanga réamhshocraithe d'úsáideoirí cruthaithe go huathoibríoch ag modh auth SSPI. Fág folamh más fearr leat teanga a bhrath go huathoibríoch. +auths.tips=Leideanna +auths.tips.oauth2.general=OAuth2 Fíordheimhniú +auths.tips.oauth2.general.tip=Agus fíordheimhniú OAuth2 nua á chlárú agat, ba chóir go mbeadh an URL glaonna ais/atreoraithe: +auths.tip.oauth2_provider=Soláthraí OAuth2 +auths.tip.bitbucket=Cláraigh tomhaltóir OAuth nua ar %s agus cuir an cead 'Cuntas' - 'Léigh' leis +auths.tip.nextcloud=`Cláraigh tomhaltóir OAuth nua ar do chás ag baint úsáide as an roghchlár seo a leanas "Socruithe -> Slándáil -> cliant OAuth 2.0"` +auths.tip.dropbox=Cruthaigh feidhmchlár nua ag %s +auths.tip.facebook=Cláraigh feidhmchlár nua ag %s agus cuir an táirge "Facebook Login" leis +auths.tip.github=Cláraigh feidhmchlár OAuth nua ar %s +auths.tip.gitlab_new=Cláraigh feidhmchlár nua ar %s +auths.tip.google_plus=Faigh dintiúir chliaint OAuth2 ó chonsól API Google ag %s +auths.tip.openid_connect=Úsáid URL Fionnachtana OpenID Connect "https://{server}/.well-known/openid-configuration" chun na críochphointí a shonrú +auths.tip.twitter=Téigh go %s, cruthaigh feidhmchlár agus cinntigh go bhfuil an rogha "Ceadaigh úsáid a bhaint as an bhfeidhmchlár seo chun logáil isteach le Twitter" cumasaithe +auths.tip.discord=Cláraigh feidhmchlár nua ar %s +auths.tip.gitea=Cláraigh feidhmchlár OAuth2 nua. Tá treoir le fáil ag %s +auths.tip.yandex=`Cruthaigh feidhmchlár nua ag %s. Roghnaigh na ceadanna seo a leanas ón rannán "Yandex.Passport API": "Rochtain ar sheoladh ríomhphoist", "Rochtain ar avatar úsáideora" agus "Rochtain ar ainm úsáideora, céad ainm agus sloinne, inscne"` +auths.tip.mastodon=Ionchur URL sampla saincheaptha don shampla mastodon is mian leat a fhíordheimhniú leis (nó bain úsáid as an gceann réamhshocraithe) +auths.edit=Cuir Foinse Fíordheimhnithe in Eagar +auths.activated=Tá an Foinse Fíordheimhnithe seo gníomhachtaithe +auths.new_success=Tá an fíordheimhniú "%s" curtha leis. +auths.update_success=Nuashonraíodh an fhoinse fíordheimhnithe. +auths.update=Nuashonraigh Foinse Fíordheimhnithe +auths.delete=Scrios Foinse Fíordheimhnithe +auths.delete_auth_title=Scrios Foinse Fíordheimhnithe +auths.delete_auth_desc=Má scriosann tú foinse fíordheimhnithe cuirtear cosc ​​ar úsáideoirí í a úsáid chun síniú isteach. Lean ort? +auths.still_in_used=Tá an fhoinse fíordheimhnithe fós in úsáid. Tiontaigh nó scrios aon úsáideoir a úsáideann an fhoinse fíordheimhnithe seo ar dtús. +auths.deletion_success=Tá an fhoinse fíordheimhnithe scriosta. +auths.login_source_exist=Tá an fhoinse fíordheimhnithe "%s" ann cheana. +auths.login_source_of_type_exist=Tá foinse fíordheimhnithe den chineál seo ann cheana féin. +auths.unable_to_initialize_openid=Ní féidir Soláthraí Ceangail OpenID a thionscnamh: %s +auths.invalid_openIdConnectAutoDiscoveryURL=URL Neamhbhailí Fionnachtana Uathoibríoch (ní mór gur URL bailí é seo ag tosú le http:// nó https://) + +config.server_config=Cumraíocht Freastalaí +config.app_name=Teideal an Láithreáin +config.app_ver=Leagan Gitea +config.app_url=URL Bonn Gitea +config.custom_conf=Cosán Comhad Cumraíochta +config.custom_file_root_path=Cosán Fréamh Comhad Saincheaptha +config.domain=Fearann ​​Freastalaí +config.offline_mode=Mód Áitiúil +config.disable_router_log=Díchumasaigh Loga an Ródaire +config.run_user=Rith Mar Ainm úsáideora +config.run_mode=Mód Rith +config.git_version=Leagan Git +config.app_data_path=Cosán Sonraí Aip +config.repo_root_path=Cosán Fréimhe Stórála +config.lfs_root_path=Cosán Fréamh LFS +config.log_file_root_path=Cosán Logála +config.script_type=Cineál Script +config.reverse_auth_user=Úsáideoir Fíordheimhnithe Droim ar Ais + +config.ssh_config=Cumraíocht SSH +config.ssh_enabled=Cumasaithe +config.ssh_start_builtin_server=Úsáid Freastalaí Ionsuite +config.ssh_domain=Fearainn Freastalaí SSH +config.ssh_port=Calafort +config.ssh_listen_port=Éist Calafort +config.ssh_root_path=Cosán Fréimhe +config.ssh_key_test_path=Cosán Tástáil Eochair +config.ssh_keygen_path=Keygen ('ssh-keygen') Cosán +config.ssh_minimum_key_size_check=Seiceáil Íosta Méid Eochair +config.ssh_minimum_key_sizes=Méideanna Íosta Eochrach + +config.lfs_config=Cumraíocht LFS +config.lfs_enabled=Cumasaithe +config.lfs_content_path=Cosán Ábhar LFS +config.lfs_http_auth_expiry=Éag Auth LFS HTTP + +config.db_config=Cumraíocht Bunachar Sonraí +config.db_type=Cineál +config.db_host=Óstach +config.db_name=Ainm +config.db_user=Ainm úsáideora +config.db_schema=Scéim +config.db_ssl_mode=SSL +config.db_path=Cosán + +config.service_config=Cumraíocht Seirbhíse +config.register_email_confirm=Deimhniú Ríomhphost a éileamh chun Clárú +config.disable_register=Díchumasaigh Féin-Chlárú +config.allow_only_internal_registration=Ceadaigh Clárú Amháin Trí Gitea féin +config.allow_only_external_registration=Ceadaigh Clárú Trí Sheirbhísí Seachtracha amháin +config.enable_openid_signup=Cumasaigh Féinchlárú OpenID +config.enable_openid_signin=Cumasaigh Síniú isteach OpenID +config.show_registration_button=Taispeáin Cnaipe Cláraithe +config.require_sign_in_view=Teastaíonn Sínigh isteach chun Leathanaigh Amharc +config.mail_notify=Cumasaigh Fógraí Ríomhphoist +config.enable_captcha=Cumasaigh CAPTCHA +config.active_code_lives=Saol Gníomhach ag an gCód +config.reset_password_code_lives=Am Éaga Chóid Aisghabhála Cuntais +config.default_keep_email_private=Folaigh Seoltaí Ríomhphoist de réir Réamhshocrú +config.default_allow_create_organization=Ceadaigh Cruthú Eagraíochtaí de réir Réamhshocrú +config.enable_timetracking=Cumasaigh Rianú Ama +config.default_enable_timetracking=Cumasaigh Rianú Ama de réir Réamhshocrú +config.default_allow_only_contributors_to_track_time=Lig do Rannpháirtithe Amháin Rianú Am +config.no_reply_address=Fearann Ríomhphoist Folaithe +config.default_visibility_organization=Infheictheacht réamhshocraithe d'Eagraíochtaí nua +config.default_enable_dependencies=Cumasaigh Spleáchais Eisithe de réir Réamhshocrú config.webhook_config=Cumraíocht Crúca Gréasán - - - - - - - - - - +config.queue_length=Fad scuaine +config.deliver_timeout=Teorainn Ama Seachadta +config.skip_tls_verify=Scipeáil Fíorú TLS + +config.mailer_config=Cumraíocht Seoltóra +config.mailer_enabled=Cumasaithe +config.mailer_enable_helo=Cumasaigh HELO +config.mailer_name=Ainm +config.mailer_protocol=Prótacal +config.mailer_smtp_addr=Seoladh SMTP +config.mailer_smtp_port=Calafort SMTP +config.mailer_user=Úsáideoir +config.mailer_use_sendmail=Úsáid Sendmail +config.mailer_sendmail_path=Cosán Sendmail +config.mailer_sendmail_args=Argóintí Breise chuig Sendmail +config.mailer_sendmail_timeout=Teorainn Ama Sendmail +config.mailer_use_dummy=Caochadán +config.test_email_placeholder=Ríomhphost (m.sh. test@example.com) +config.send_test_mail=Seol Ríomhphost Tástála +config.send_test_mail_submit=Seol +config.test_mail_failed=Theip ar ríomhphost tástála a sheoladh chuig "%s": %v +config.test_mail_sent=Tá ríomhphost tástála seolta chuig "%s". + +config.oauth_config=Cumraíocht OAuth +config.oauth_enabled=Cumasaithe + +config.cache_config=Cumraíocht taisce +config.cache_adapter=Cuibheoir taisce +config.cache_interval=Eatramh Taisce +config.cache_conn=Ceangal Taisce +config.cache_item_ttl=Mír Taisce TTL +config.cache_test=Taisce Tástáil +config.cache_test_failed=Theip ar an taisce a thaiscéaladh: %v. +config.cache_test_slow=D'éirigh leis an tástáil taisce, ach tá an freagra mall: %s. +config.cache_test_succeeded=D'éirigh leis an tástáil taisce, fuair sé freagra i %s. + +config.session_config=Cumraíocht Seisiúin +config.session_provider=Soláthraí Seisiúin +config.provider_config=Cumraíocht Soláthraí +config.cookie_name=Ainm Fianán +config.gc_interval_time=Am Eatramh GC +config.session_life_time=Am Saoil na Seisiúin +config.https_only=HTTPS Amháin +config.cookie_life_time=Am Saoil Fianán + +config.picture_config=Cumraíocht Pictiúr agus Avatar +config.picture_service=Seirbhís Pictiúr +config.disable_gravatar=Díchumasaigh Gravatar +config.enable_federated_avatar=Cumasaigh Avatars Cónaidhme +config.open_with_editor_app_help=Na heagarthóirí "Oscailte le" don roghchlár Clón. Má fhágtar folamh é, úsáidfear an réamhshocrú. Leathnaigh chun an réamhshocrú a fheiceáil. + +config.git_config=Cumraíocht Git +config.git_disable_diff_highlight=Díchumasaigh Aibhsiú Comhréire Diff +config.git_max_diff_lines=Max Diff Lines (do chomhad amháin) +config.git_max_diff_line_characters=Carachtair Max Diff (le haghaidh líne amháin) +config.git_max_diff_files=Comhaid Max Diff (le taispeáint) +config.git_gc_args=Argóintí GC +config.git_migrate_timeout=Teorainn Ama Imirce +config.git_mirror_timeout=Teorainn Ama Nuashonraithe Scátháin +config.git_clone_timeout=Teorainn Ama Oibríochta Clón +config.git_pull_timeout=Tarraing Am Oibríochta +config.git_gc_timeout=Teorainn Ama Oibriúcháin GC + +config.log_config=Cumraíocht Logáil +config.logger_name_fmt=Logálaí: %s +config.disabled_logger=Díchumasaithe +config.access_log_mode=Mód Logáil Rochtana +config.access_log_template=Teimpléad Logáil Rochtana +config.xorm_log_sql=Logáil SQL + +config.set_setting_failed=Theip ar shocrú %s a shocrú + +monitor.stats=Staitisticí + +monitor.cron=Tascanna Cron +monitor.name=Ainm +monitor.schedule=Sceideal +monitor.next=An chéad uair eile +monitor.previous=Am Roimhe Seo +monitor.execute_times=Forghníomhaíochtaí +monitor.process=Próisis reatha +monitor.stacktrace=Rian cruachta +monitor.processes_count=Próisis %d +monitor.download_diagnosis_report=Íoslódáil tuairisc diagnóis monitor.desc=Cur síos - +monitor.start=Am Tosaigh +monitor.execute_time=Am Forghníomhaithe +monitor.last_execution_result=Toradh +monitor.process.cancel=Cealaigh próiseas +monitor.process.cancel_desc=Má chuirtear próiseas ar ceal d'fhéadfadh go gcaillfí sonraí +monitor.process.cancel_notices=Cealaigh: %s? +monitor.process.children=Leanaí + +monitor.queues=Scuaineanna +monitor.queue=Scuaine: %s +monitor.queue.name=Ainm +monitor.queue.type=Cineál +monitor.queue.exemplar=Cineál Eiseamláire +monitor.queue.numberworkers=Líon na nOibrithe +monitor.queue.activeworkers=Oibrithe Gníomhacha +monitor.queue.maxnumberworkers=Líon Uasta na nOibrithe +monitor.queue.numberinqueue=Uimhir i scuaine +monitor.queue.review_add=Athbhreithniú / Cuir Oibrithe leis +monitor.queue.settings.title=Socruithe Linn +monitor.queue.settings.desc=Fásann linnte go dinimiciúil mar fhreagra ar a gcuid scuaine oibrithe a bhlocáil. +monitor.queue.settings.maxnumberworkers=Uaslíon na n-oibrithe +monitor.queue.settings.maxnumberworkers.placeholder=Faoi láthair %[1]d +monitor.queue.settings.maxnumberworkers.error=Caithfidh uaslíon na n-oibrithe a bheith ina uimhir monitor.queue.settings.submit=Nuashonrú Socruithe +monitor.queue.settings.changed=Socruithe Nuashonraithe +monitor.queue.settings.remove_all_items=Bain gach +monitor.queue.settings.remove_all_items_done=Baineadh na míreanna go léir sa scuaine. notices.system_notice_list=Fógraí Córais +notices.view_detail_header=Féach ar Sonraí Fógra notices.operations=Oibríochtaí +notices.select_all=Roghnaigh Gach +notices.deselect_all=Díroghnaigh Gach +notices.inverse_selection=Roghnú Inbhéartha +notices.delete_selected=Scrios Roghnaithe +notices.delete_all=Scrios Gach Fógra +notices.type=Cineál +notices.type_1=Stóras +notices.type_2=Tasc notices.desc=Cur síos +notices.op=Oibríocht. +notices.delete_success=Scriosadh na fógraí córais. [action] [tool] +now=anois +future=todhchaí +1s=1 soicind +1m=1 nóiméad +1h=1 uair an chloig +1d=1 lá +1w=1 seachtain +1mon=1 mhí +1y=1 bhliain +seconds=%d soicind +minutes=%d nóiméad [dropzone] [notification] +notifications=Fógraí +unread=Gan léamh +read=Léigh +subscriptions=Síntiúis +watching=Ag féachaint +no_subscriptions=Gan síntiúis [gpg] [units] +unit=Aonad [packages] +title=Pacáistí +filter.type=Cineál +filter.type.all=Gach +filter.container.tagged=Clibeáilte +filter.container.untagged=Gan chlib +details=Sonraí +details.author=Údar +dependency.version=Leagan alpine.repository.branches=Brainsí alpine.repository.repositories=Stórais +conan.details.repository=Stóras +container.details.type=Cineál Íomhá +container.details.platform=Ardán +container.multi_arch=Córas Oibriúcháin / Ailtireacht +container.labels=Lipéid +container.labels.key=Eochair +container.labels.value=Luach +debian.repository=Eolas Stóras +debian.repository.components=Comhpháirteanna +debian.repository.architectures=Ailtireachtaí +npm.details.tag=Clib +owner.settings.cleanuprules.enabled=Cumasaithe [secrets] @@ -2962,10 +3438,15 @@ alpine.repository.repositories=Stórais +runners.name=Ainm +runners.owner_type=Cineál runners.description=Cur síos +runners.labels=Lipéid runners.task_list.run=Rith +runners.task_list.repository=Stóras runners.task_list.commit=Tiomantas runners.status.active=Gníomhach +runners.version=Leagan runners.reset_registration_token=Athshocraigh comhartha clár runners.reset_registration_token_success=D'éirigh le hathshocrú comhartha clárúcháin an dara háit From 8bee7fcf7e214ace5e4835556bfb0f96ae3d20fb Mon Sep 17 00:00:00 2001 From: Ehsan Shirvanian <72626662+eshirvana@users.noreply.github.com> Date: Wed, 9 Oct 2024 01:04:34 -0400 Subject: [PATCH 4/7] update git book link to v2 (#32221) Fix the dead link `https://git-scm.com/book/en/Git-Basics-Getting-a-Git-Repository` for empty repositories to help how to clone the repository to `https://git-scm.com/book/en/v2/Git-Basics-Getting-a-Git-Repository` which is v2 of the git book. This also updates download git links --- modules/git/git.go | 4 ++-- templates/repo/empty.tmpl | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/modules/git/git.go b/modules/git/git.go index 05ca260855535..a19dd7771ba0f 100644 --- a/modules/git/git.go +++ b/modules/git/git.go @@ -111,12 +111,12 @@ func SetExecutablePath(path string) error { func ensureGitVersion() error { if !DefaultFeatures().CheckVersionAtLeast(RequiredVersion) { - moreHint := "get git: https://git-scm.com/download/" + moreHint := "get git: https://git-scm.com/downloads" if runtime.GOOS == "linux" { // there are a lot of CentOS/RHEL users using old git, so we add a special hint for them if _, err := os.Stat("/etc/redhat-release"); err == nil { // ius.io is the recommended official(git-scm.com) method to install git - moreHint = "get git: https://git-scm.com/download/linux and https://ius.io" + moreHint = "get git: https://git-scm.com/downloads/linux and https://ius.io" } } return fmt.Errorf("installed git version %q is not supported, Gitea requires git version >= %q, %s", DefaultFeatures().gitVersion.Original(), RequiredVersion, moreHint) diff --git a/templates/repo/empty.tmpl b/templates/repo/empty.tmpl index cb2a5ba1e98e0..7613643351577 100644 --- a/templates/repo/empty.tmpl +++ b/templates/repo/empty.tmpl @@ -24,7 +24,7 @@
-

{{ctx.Locale.Tr "repo.clone_this_repo"}} {{ctx.Locale.Tr "repo.clone_helper" "http://git-scm.com/book/en/Git-Basics-Getting-a-Git-Repository"}}

+

{{ctx.Locale.Tr "repo.clone_this_repo"}} {{ctx.Locale.Tr "repo.clone_helper" "http://git-scm.com/book/en/v2/Git-Basics-Getting-a-Git-Repository"}}

{{if and .CanWriteCode (not .Repository.IsArchived)}} From 4eacc61f645bbe259e22fba6f7111c8817de0652 Mon Sep 17 00:00:00 2001 From: Zettat123 Date: Thu, 10 Oct 2024 08:25:46 +0800 Subject: [PATCH 5/7] Fix incorrect "Target branch does not exist" in PR title (#32222) --- routers/web/repo/pull.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/routers/web/repo/pull.go b/routers/web/repo/pull.go index ced0bbc15a00e..02d9b429b557b 100644 --- a/routers/web/repo/pull.go +++ b/routers/web/repo/pull.go @@ -166,7 +166,7 @@ func setMergeTarget(ctx *context.Context, pull *issues_model.PullRequest) { ctx.Data["BaseTarget"] = pull.BaseBranch headBranchLink := "" if pull.Flow == issues_model.PullRequestFlowGithub { - b, err := git_model.GetBranch(ctx, ctx.Repo.Repository.ID, pull.HeadBranch) + b, err := git_model.GetBranch(ctx, pull.HeadRepoID, pull.HeadBranch) switch { case err == nil: if !b.IsDeleted { From 368b0881f502dd36a1ae725493c85683803fd816 Mon Sep 17 00:00:00 2001 From: GiteaBot Date: Thu, 10 Oct 2024 00:30:33 +0000 Subject: [PATCH 6/7] [skip ci] Updated translations via Crowdin --- options/locale/locale_ga-IE.ini | 298 +++++++++++++++++++++++++++++++- 1 file changed, 293 insertions(+), 5 deletions(-) diff --git a/options/locale/locale_ga-IE.ini b/options/locale/locale_ga-IE.ini index 5ccbc4315f1c5..0fae28daeaebd 100644 --- a/options/locale/locale_ga-IE.ini +++ b/options/locale/locale_ga-IE.ini @@ -3377,8 +3377,47 @@ notices.desc=Cur síos notices.op=Oibríocht. notices.delete_success=Scriosadh na fógraí córais. +self_check.no_problem_found=Níor aimsíodh aon fhadhb fós. +self_check.startup_warnings=Rabhadh tosaithe: +self_check.database_collation_mismatch=Bí ag súil le comhthiomsú a úsáid sa bhunachar sonraí: %s +self_check.database_collation_case_insensitive=Tá bunachar sonraí ag baint úsáide as comparáid %s, arb é comhdhlúthú neamhíogair. Cé go bhféadfadh Gitea oibriú leis, d'fhéadfadh go mbeadh roinnt cásanna annamh ann nach n-oibríonn mar a bhíothas ag súil leis. +self_check.database_inconsistent_collation_columns=Tá comhthiomsú %s in úsáid ag an mbunachar sonraí, ach tá comhthiomsuithe mímheaitseála á n-úsáid ag na colúin seo. D'fhéadfadh sé a bheith ina chúis le roinnt fadhbanna gan choinne. +self_check.database_fix_mysql=D'úsáideoirí MySQL/MariaDB, d'fhéadfá an t-ordú "gitea doctor convert" a úsáid chun na fadhbanna comhthiomsaithe a réiteach, nó d'fhéadfá an fhadhb a réiteach trí "ALTER ... COLLATE ..." SQLs de láimh freisin. +self_check.database_fix_mssql=I gcás úsáideoirí MSSQL, ní fhéadfá an fhadhb a réiteach ach trí "ALTER ... COLLATE ..." SQLs de láimh faoi láthair. +self_check.location_origin_mismatch=Ní mheaitseálann an URL reatha (%[1]s) an URL atá le feiceáil ag Gitea (%[2]s). Má tá seachfhreastalaí droim ar ais á úsáid agat, cinntigh le do thoil go bhfuil na ceanntásca "Óstríomhaire" agus "X-Forwarded-Proto" socraithe i gceart. [action] +create_repo=stóras cruthaithe %s +rename_repo=stóras athainmnithe ó %[1]s go %[3]s +commit_repo=brú chuig %[3]s ag %[4]s +create_issue=`osclaíodh ceist %[3]s#%[2]s` +close_issue=`eagrán dúnta %[3]s#%[2]s` +reopen_issue=`athoscailt an cheist %[3]s#%[2]s` +create_pull_request=`iarratas tarraingthe cruthaithe %[3]s#%[2]s` +close_pull_request=`iarratas tarraingthe dúnta %[3]s#%[2]s` +reopen_pull_request=`iarratas tarraingthe athoscailte %[3]s#%[2]s` +comment_issue=`trácht ar cheist %[3]s#%[2]s` +comment_pull=`déan trácht ar iarratas tarraingthe %[3]s#%[2]s` +merge_pull_request=`iarratas tarraingthe cumaisc %[3]s#%[2]s` +auto_merge_pull_request=`iarratas tarraingthe cumasctha go huathoibríoch %[3]s#%[2]s` +transfer_repo=aistrithe stóras %s go %s +push_tag=brú %[3]s go %[4]s +delete_tag=scriosta clib %[2]s ó %[3]s +delete_branch=brainse scriosta %[2]s ó %[3]s +compare_branch=Déan comparáid +compare_commits=Déan comparáid idir tiomáintí %d +compare_commits_general=Déan comparáid idir tiomáintí +mirror_sync_push=geallann synced do %[3]s ag %[4]s ón scáthán +mirror_sync_create=sioncronaigh tagairt nua %[3]s do %[4]s ón scáthán +mirror_sync_delete=sioncronaithe agus scriosta an tagairt %[2]s ag %[3]s ón scáthán +approve_pull_request=`ceadaithe %[3]s#%[2]s` +reject_pull_request=`athruithe molta le haghaidh %[3]s#%[2]s` +publish_release=`scaoileadh %[4]s ag %[3]s` +review_dismissed=`léirmheas ó %[4]s le haghaidh %[3]s#%[2]s` +review_dismissed_reason=Cúis: +create_branch=brainse cruthaithe %[3]s i %[4]s +starred_repo=le %[2]s le réalta +watched_repo=thosaigh sé ag breathnú ar %[2]s [tool] now=anois @@ -3392,60 +3431,266 @@ future=todhchaí 1y=1 bhliain seconds=%d soicind minutes=%d nóiméad +hours=%d uair an chloig +days=%d laethanta +weeks=%d seachtain +months=%d míonna +years=%d bliain +raw_seconds=soicind +raw_minutes=nóiméad [dropzone] +default_message=Scaoil comhaid nó cliceáil anseo chun iad a uaslódáil. +invalid_input_type=Ní féidir leat comhaid den chineál seo a uaslódáil. +file_too_big=Sáraíonn méid comhaid ({{filesize}} MB) an t-uasmhéid de ({{maxFilesize}} MB). +remove_file=Bain an comhad [notification] notifications=Fógraí unread=Gan léamh read=Léigh +no_unread=Gan aon fhógraí neamh-léite. +no_read=Gan aon fhógraí léite. +pin=Fógra bioráin +mark_as_read=Marcáil mar léite +mark_as_unread=Marcáil mar neamh-léite +mark_all_as_read=Marcáil gach ceann mar léite subscriptions=Síntiúis watching=Ag féachaint no_subscriptions=Gan síntiúis [gpg] +default_key=Sínithe leis an eochair réamhshocraithe +error.extract_sign=Theip ar an síniú a bhaint +error.generate_hash=Theip ar hash gealltanas a ghiniúint +error.no_committer_account=Níl aon chuntas nasctha le seoladh ríomhphoist an tiomnóra +error.no_gpg_keys_found=Níor aimsíodh aon eochair aithne don síniú seo sa bhunachar +error.not_signed_commit=Ní tiomantas sínithe +error.failed_retrieval_gpg_keys=Theip ar aisghabháil eochair ar bith a bhí ceangailte le cuntas an tiomnóra +error.probable_bad_signature=RABHADH! Cé go bhfuil eochair leis an ID seo sa bhunachar sonraí ní fhíoraíonn sé an tiomantas seo! Tá an tiomantas seo AMHRASACH. +error.probable_bad_default_signature=RABHADH! Cé go bhfuil an t-aitheantas seo ag an eochair réamhshocraithe ní fíoraíonn sé an tiomantas seo! Tá an tiomantas seo AMHRASACH. [units] unit=Aonad +error.no_unit_allowed_repo=Níl cead agat rochtain a fháil ar aon chuid den tiomantas seo. +error.unit_not_allowed=Níl cead agat an rannán stóras seo a rochtain. [packages] title=Pacáistí +desc=Bainistigh pacáistí stórais. +empty=Níl aon phacáistí ann fós. +no_metadata=Gan aon mheiteashonraí. +empty.documentation=Le haghaidh tuilleadh eolais ar chlárlann na bpacáistí, féach ar na doiciméid. +empty.repo=An ndearna tú uaslódáil ar phacáiste, ach nach bhfuil sé léirithe anseo? Téigh go socruithe pacáiste agus nasc leis an stóras seo é. +registry.documentation=Le haghaidh tuilleadh eolais ar chlárlann %s, féach ar na doiciméid. filter.type=Cineál filter.type.all=Gach +filter.no_result=Níor thug do scagaire aon torthaí. filter.container.tagged=Clibeáilte filter.container.untagged=Gan chlib +published_by=Foilsithe %[1]s ag %[3]s +published_by_in=Foilsithe ag %[1]s ag %[3]s in %[5]s +installation=Suiteáil +about=Maidir leis an bpacáiste seo +requirements=Riachtanais +dependencies=Spleithiúlachtaí +keywords=Eochairfhocail details=Sonraí details.author=Údar +details.project_site=Suíomh an Tionscadail +details.repository_site=Suíomh Stóras +details.documentation_site=Suíomh Doiciméadaithe +details.license=Ceadúnas +assets=Sócmhainní +versions=Leaganacha +versions.view_all=Féach ar gach +dependency.id=ID dependency.version=Leagan +alpine.registry=Socraigh an chlár seo tríd an url a chur i do chomhad /etc/apk/repositories: +alpine.registry.key=Íoslódáil eochair RSA poiblí na clárlainne isteach san fhillteán /etc/apk/keys/ chun an síniú innéacs a fhíorú: +alpine.registry.info=Roghnaigh $branch agus $repository ón liosta thíos. +alpine.install=Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas: +alpine.repository=Eolas Stórais alpine.repository.branches=Brainsí alpine.repository.repositories=Stórais +alpine.repository.architectures=Ailtireachtaí +cargo.registry=Socraigh an clárlann seo sa chomhad cumraíochta lasta (mar shampla ~/.cargo/config.toml): +cargo.install=Chun an pacáiste a shuiteáil ag baint úsáide as Cargo, reáchtáil an t-ordú seo a leanas: +chef.registry=Socraigh an clárlann seo i do chomhad ~/.chef/config.rb: +chef.install=Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas: +composer.registry=Socraigh an chlár seo i do chomhad ~/.composer/config.json: +composer.install=Chun an pacáiste a shuiteáil ag baint úsáide as Cumadóir, reáchtáil an t-ordú seo a leanas: +composer.dependencies=Spleithiúlachtaí +composer.dependencies.development=Spleithiúlachtaí Forbartha conan.details.repository=Stóras +conan.registry=Socraigh an clárlann seo ón líne ordaithe: +conan.install=Chun an pacáiste a shuiteáil ag úsáid Conan, reáchtáil an t-ordú seo a leanas: +conda.registry=Socraigh an chlár seo mar stóras Conda i do chomhad .condarc: +conda.install=Chun an pacáiste a shuiteáil ag úsáid Conda, reáchtáil an t-ordú seo a leanas: container.details.type=Cineál Íomhá container.details.platform=Ardán +container.pull=Tarraing an íomhá ón líne ordaithe: +container.digest=Díleáigh: container.multi_arch=Córas Oibriúcháin / Ailtireacht +container.layers=Sraitheanna Íomhá container.labels=Lipéid container.labels.key=Eochair container.labels.value=Luach +cran.registry=Cumraigh an chlárlann seo i do chomhad Rprofile.site: +cran.install=Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas: +debian.registry=Socraigh an clárlann seo ón líne ordaithe: +debian.registry.info=Roghnaigh $distribution agus $component ón liosta thíos. +debian.install=Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas: debian.repository=Eolas Stóras +debian.repository.distributions=Dáiltí debian.repository.components=Comhpháirteanna debian.repository.architectures=Ailtireachtaí +generic.download=Íoslódáil pacáiste ón líne ordaithe: +go.install=Suiteáil an pacáiste ón líne ordaithe: +helm.registry=Socraigh an clárlann seo ón líne ordaithe: +helm.install=Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas: +maven.registry=Socraigh an clárlann seo i do chomhad pom.xml tionscadail: +maven.install=Chun an pacáiste a úsáid cuir na nithe seo a leanas sa bhloc spleáchais sa chomhad pom.xml: +maven.install2=Rith tríd an líne ordaithe: +maven.download=Chun an spleáchas a íoslódáil, rith tríd an líne ordaithe: +nuget.registry=Socraigh an clárlann seo ón líne ordaithe: +nuget.install=Chun an pacáiste a shuiteáil ag úsáid NuGet, reáchtáil an t-ordú seo a leanas: +nuget.dependency.framework=Spriocchreat +npm.registry=Socraigh an chlárlann seo i do chomhad .npmrc do thionscadail: +npm.install=Chun an pacáiste a shuiteáil ag úsáid npm, reáchtáil an t-ordú seo a leanas: +npm.install2=nó cuir leis an gcomhad package.json é: +npm.dependencies=Spleithiúlachtaí +npm.dependencies.development=Spleithiúlachtaí Forbartha +npm.dependencies.bundle=Spleáchais Chuachta +npm.dependencies.peer=Spleithiúlachtaí Piaraí +npm.dependencies.optional=Spleáchais Roghnacha npm.details.tag=Clib +pub.install=Chun an pacáiste a shuiteáil ag úsáid Dart, reáchtáil an t-ordú seo a leanas: +pypi.requires=Teastaíonn Python +pypi.install=Chun an pacáiste a shuiteáil ag úsáid pip, reáchtáil an t-ordú seo a leanas: +rpm.registry=Socraigh an clárlann seo ón líne ordaithe: +rpm.distros.redhat=ar dháileadh bunaithe ar RedHat +rpm.distros.suse=ar dháileadh bunaithe ar SUSE +rpm.install=Chun an pacáiste a shuiteáil, rith an t-ordú seo a leanas: +rpm.repository=Eolas Stóras +rpm.repository.architectures=Ailtireachtaí +rpm.repository.multiple_groups=Tá an pacáiste seo ar fáil i ngrúpaí éagsúla. +rubygems.install=Chun an pacáiste a shuiteáil ag baint úsáide as gem, reáchtáil an t-ordú seo a leanas: +rubygems.install2=nó cuir leis an Gemfile é: +rubygems.dependencies.runtime=Spleáchais Rith-Ama +rubygems.dependencies.development=Spleáchais Forbartha +rubygems.required.ruby=Éilíonn leagan Ruby +rubygems.required.rubygems=Éilíonn leagan RubyGem +swift.registry=Socraigh an clárlann seo ón líne ordaithe: +swift.install=Cuir an pacáiste i do chomhad Package.swift: +swift.install2=agus reáchtáil an t-ordú seo a leanas: +vagrant.install=Chun bosca Vagrant a chur leis, reáchtáil an t-ordú seo a leanas: +settings.link=Nasc an pacáiste seo le stóras +settings.link.description=Má nascann tú pacáiste le stóras, liostaítear an pacáiste i liosta pacáistí an stórais. +settings.link.select=Roghnaigh Stóras +settings.link.button=Nuashonraigh Nasc Stórais +settings.link.success=D'éirigh le nasc an stórais a nuashonrú. +settings.link.error=Theip ar an nasc stóras a nuashonrú. +settings.delete=Scrios pacáiste +settings.delete.description=Tá pacáiste a scriosadh buan agus ní féidir é a chur ar ais. +settings.delete.notice=Tá tú ar tí %s (%s) a scriosadh. Tá an oibríocht seo dochúlaithe, an bhfuil tú cinnte? +settings.delete.success=Tá an pacáiste scriosta. +settings.delete.error=Theip ar an pacáiste a scriosadh. +owner.settings.cargo.title=Innéacs Clárlann Lasta +owner.settings.cargo.initialize=Innéacs a chur i dtosach +owner.settings.cargo.initialize.description=Tá gá le stóras innéacs speisialta Git chun an clárlann Cargo a úsáid. Tríd an rogha seo, cruthófar an stóras (nó athchruthófar é) agus cumrófar é go huathoibríoch. +owner.settings.cargo.initialize.error=Níorbh fhéidir an t-innéacs Cargo a thúsú: %v +owner.settings.cargo.initialize.success=Cruthaíodh an t-innéacs Cargo go rathúil. +owner.settings.cargo.rebuild=Innéacs Atógáil +owner.settings.cargo.rebuild.description=Is féidir atógáil a bheith úsáideach mura bhfuil an t-innéacs sioncronaithe leis na pacáistí Cargo stóráilte. +owner.settings.cargo.rebuild.error=Níorbh fhéidir an t-innéacs Cargo a atógáil: %v +owner.settings.cargo.rebuild.success=D'éirigh leis an innéacs Cargo a atógáil. +owner.settings.cleanuprules.title=Bainistigh Rialacha Glanta +owner.settings.cleanuprules.add=Cuir Riail Glantacháin leis +owner.settings.cleanuprules.edit=Cuir Riail Glantacháin in eagar +owner.settings.cleanuprules.none=Níl aon rialacha glanta ar fáil. Féach ar na doiciméid le do thoil. +owner.settings.cleanuprules.preview=Réamhamharc Riail Glantacháin +owner.settings.cleanuprules.preview.overview=Tá pacáistí %d beartaithe a bhaint. +owner.settings.cleanuprules.preview.none=Ní hionann riail glantacháin agus pacáistí ar bith. owner.settings.cleanuprules.enabled=Cumasaithe +owner.settings.cleanuprules.pattern_full_match=Cuir patrún i bhfeidhm ar ainm an phacáiste iomlán +owner.settings.cleanuprules.keep.title=Coinnítear leaganacha a mheaitseálann leis na rialacha seo, fiú má mheaitseálann siad riail bhaint thíos. +owner.settings.cleanuprules.keep.count=Coinnigh an ceann is déanaí +owner.settings.cleanuprules.keep.count.1=1 leagan in aghaidh an phacáiste +owner.settings.cleanuprules.keep.count.n=Leaganacha %d in aghaidh an phacáiste +owner.settings.cleanuprules.keep.pattern=Coinnigh leaganacha meaitseála +owner.settings.cleanuprules.keep.pattern.container=Coinnítear an leagan is déanaí le haghaidh pacáistí Coimeádán i gcónaí. +owner.settings.cleanuprules.remove.title=Baintear leaganacha a mheaitseálann leis na rialacha seo, mura deir riail thuas iad a choinneáil. +owner.settings.cleanuprules.remove.days=Bain leaganacha níos sine ná +owner.settings.cleanuprules.remove.pattern=Bain leaganacha meaitseála +owner.settings.cleanuprules.success.update=Nuashonraíodh an riail ghlantacháin. +owner.settings.cleanuprules.success.delete=Scriosadh an riail glantacháin. +owner.settings.chef.title=Clárlann Chef +owner.settings.chef.keypair=Gin péire eochair +owner.settings.chef.keypair.description=Tá eochairphéire riachtanach le fíordheimhniú a dhéanamh ar chlárlann an Chef. Má tá péire eochrach ginte agat roimhe seo, má ghinfidh tú eochairphéire nua, scriosfar an seanphéire eochair. [secrets] +secrets=Rúin +description=Cuirfear rúin ar aghaidh chuig gníomhartha áirithe agus ní féidir iad a léamh ar mhalairt. +none=Níl aon rúin ann fós. +creation=Cuir Rúnda leis +creation.name_placeholder=carachtair alfanumair nó íoslaghda amháin nach féidir a thosú le GITEA_ nó GITHUB_ +creation.value_placeholder=Ionchur ábhar ar bith. Fágfar spás bán ag tús agus ag deireadh ar lár. +creation.success=Tá an rún "%s" curtha leis. +creation.failed=Theip ar an rún a chur leis. +deletion=Bain rún +deletion.description=Is buan rún a bhaint agus ní féidir é a chealú. Lean ort? +deletion.success=Tá an rún bainte. +deletion.failed=Theip ar rún a bhaint. +management=Bainistíocht Rúin [actions] +actions=Gníomhartha - - +unit.desc=Bainistigh gníomhartha + +status.unknown=Anaithnid +status.waiting=Ag fanacht +status.running=Ag rith +status.success=Rath +status.failure=Teip +status.cancelled=Cealaíodh +status.skipped=Scipeáilte +status.blocked=Blocáilte + +runners=Reathaitheoirí +runners.runner_manage_panel=Bainistíocht reathaithe +runners.new=Cruthaigh reathaí nua +runners.new_notice=Conas reathaí a thosú +runners.status=Stádas +runners.id=ID runners.name=Ainm runners.owner_type=Cineál runners.description=Cur síos runners.labels=Lipéid +runners.last_online=Am Ar Líne Deiridh +runners.runner_title=Reathaí +runners.task_list=Tascanna le déanaí ar an reathaí seo +runners.task_list.no_tasks=Níl aon tasc ann fós. runners.task_list.run=Rith +runners.task_list.status=Stádas runners.task_list.repository=Stóras runners.task_list.commit=Tiomantas +runners.task_list.done_at=Déanta ag +runners.edit_runner=Cuir Reathaí in Eagar +runners.update_runner=Nuashonrú Athruithe +runners.update_runner_success=Nuashonraíodh an Reathaí +runners.update_runner_failed=Theip ar an reathaí a nuashonrú +runners.delete_runner=Scrios an reathaí seo +runners.delete_runner_success=Scriosadh an reathaí go rathúil +runners.delete_runner_failed=Theip ar an reathaí a scriosadh +runners.delete_runner_header=Deimhnigh an reathaí seo a scriosadh +runners.delete_runner_notice=Má tá tasc ar siúl ar an reathaí seo, cuirfear deireadh leis agus marcáil mar theip. Féadfaidh sé sreabhadh oibre tógála a bhriseadh. +runners.none=Níl aon reathaí ar fáil +runners.status.unspecified=Anaithnid +runners.status.idle=Díomhaoin runners.status.active=Gníomhach +runners.status.offline=As líne runners.version=Leagan runners.reset_registration_token=Athshocraigh comhartha clár runners.reset_registration_token_success=D'éirigh le hathshocrú comhartha clárúcháin an dara háit @@ -3455,11 +3700,54 @@ runs.commit=Tiomantas runs.scheduled=Sceidealaithe runs.pushed_by=bhrú ag runs.invalid_workflow_helper=Tá comhad cumraíochta sreabhadh oibre nebhailí. Seiceáil do chomhad cumraithe le do thoil: %s - - - +runs.no_matching_online_runner_helper=Gan aon reathaí ar líne a mheaitseáil le lipéad: %s +runs.no_job_without_needs=Caithfidh post amháin ar a laghad a bheith sa sreabhadh oibre gan spleáchas. +runs.no_job=Caithfidh post amháin ar a laghad a bheith sa sreabhadh oibre +runs.actor=Aisteoir +runs.status=Stádas +runs.actors_no_select=Gach aisteoir +runs.status_no_select=Gach stádas +runs.no_results=Níor mheaitseáil aon torthaí. +runs.no_workflows=Níl aon sreafaí oibre ann fós. +runs.no_workflows.quick_start=Níl a fhios agam conas tosú le Gitea Actions? Féach an treoirleabhar mear tosaithe. +runs.no_workflows.documentation=Le haghaidh tuilleadh eolais ar Gitea Actions, féach ar na doiciméid. +runs.no_runs=Níl aon rith ag an sreabhadh oibre fós. +runs.empty_commit_message=(teachtaireacht tiomantas folamh) +runs.expire_log_message=Glanadh logaí toisc go raibh siad ró-sean. + +workflow.disable=Díchumasaigh sreabhadh oibre +workflow.disable_success=D'éirigh le sreabhadh oibre '%s' a dhíchumasú. +workflow.enable=Cumasaigh sreabhadh oibre +workflow.enable_success=Cumasaíodh sreabhadh oibre '%s' go rathúil. +workflow.disabled=Tá sreabhadh oibre díchumasaithe +workflow.run=Rith Sreabhadh Oibre +workflow.not_found=Níor aimsíodh sreabhadh oibre '%s'. +workflow.run_success=Ritheann sreabhadh oibre '%s' go rathúil. +workflow.from_ref=Úsáid sreabhadh oibre ó +workflow.has_workflow_dispatch=Tá comhoibriú ag an gcur i bhfeidhm seo le himeacht workflow_dispatch. + +need_approval_desc=Teastaíonn faomhadh chun sreafaí oibre a rith le haghaidh iarratas tarraingt forc. + +variables=Athróga +variables.management=Bainistíocht Athróg +variables.creation=Cuir Athróg leis +variables.none=Níl aon athróga ann fós. +variables.deletion=Bain athróg +variables.deletion.description=Tá athróg a bhaint buan agus ní féidir é a chur ar ais. Lean ar aghaidh? +variables.description=Cuirfear athróga chuig gníomhartha áirithe agus ní féidir iad a léamh ar mhalairt eile. +variables.id_not_exist=Níl athróg le ID %d ann. +variables.edit=Cuir Athróg in Eagar +variables.deletion.failed=Theip ar athróg a bhaint. +variables.deletion.success=Tá an athróg bainte. +variables.creation.failed=Theip ar athróg a chur leis. +variables.creation.success=Tá an athróg "%s" curtha leis. +variables.update.failed=Theip ar athróg a chur in eagar. +variables.update.success=Tá an t-athróg curtha in eagar. [projects] +deleted.display_name=Tionscadal scriosta +type-1.display_name=Tionscadal Aonair +type-2.display_name=Tionscadal Stórais type-3.display_name=Tionscadal Eagrúcháin [git.filemode] From dd83cfcacc989d0e7cbd21ec5eba029fdfcb72dd Mon Sep 17 00:00:00 2001 From: wxiaoguang Date: Thu, 10 Oct 2024 11:48:21 +0800 Subject: [PATCH 7/7] Refactor CSRF token (#32216) --- routers/web/auth/auth.go | 8 ++- routers/web/auth/oauth.go | 4 +- services/auth/auth.go | 4 +- services/context/csrf.go | 4 +- tests/integration/admin_user_test.go | 4 +- tests/integration/api_httpsig_test.go | 2 +- .../api_packages_container_test.go | 4 +- tests/integration/attachment_test.go | 4 +- tests/integration/auth_ldap_test.go | 6 +- .../integration/change_default_branch_test.go | 4 +- tests/integration/delete_user_test.go | 4 +- tests/integration/editor_test.go | 4 +- tests/integration/empty_repo_test.go | 8 +-- tests/integration/git_test.go | 4 +- tests/integration/integration_test.go | 26 ++++----- tests/integration/issue_test.go | 20 +++---- tests/integration/mirror_push_test.go | 4 +- tests/integration/nonascii_branches_test.go | 2 +- tests/integration/org_project_test.go | 4 +- tests/integration/org_team_invite_test.go | 57 ++++++------------- tests/integration/privateactivity_test.go | 2 +- tests/integration/pull_merge_test.go | 6 +- tests/integration/pull_status_test.go | 6 +- tests/integration/rename_branch_test.go | 2 +- tests/integration/repo_branch_test.go | 9 +-- tests/integration/signin_test.go | 2 - tests/integration/user_avatar_test.go | 2 +- tests/integration/user_test.go | 8 +-- tests/integration/xss_test.go | 2 +- 29 files changed, 90 insertions(+), 126 deletions(-) diff --git a/routers/web/auth/auth.go b/routers/web/auth/auth.go index 5cbe2f5388cab..c9ef9193f12e4 100644 --- a/routers/web/auth/auth.go +++ b/routers/web/auth/auth.go @@ -98,7 +98,7 @@ func autoSignIn(ctx *context.Context) (bool, error) { return false, err } - ctx.Csrf.DeleteCookie(ctx) + ctx.Csrf.PrepareForSessionUser(ctx) return true, nil } @@ -359,8 +359,8 @@ func handleSignInFull(ctx *context.Context, u *user_model.User, remember, obeyRe ctx.Locale = middleware.Locale(ctx.Resp, ctx.Req) } - // Clear whatever CSRF cookie has right now, force to generate a new one - ctx.Csrf.DeleteCookie(ctx) + // force to generate a new CSRF token + ctx.Csrf.PrepareForSessionUser(ctx) // Register last login if err := user_service.UpdateUser(ctx, u, &user_service.UpdateOptions{SetLastLogin: true}); err != nil { @@ -804,6 +804,8 @@ func handleAccountActivation(ctx *context.Context, user *user_model.User) { return } + ctx.Csrf.PrepareForSessionUser(ctx) + if err := resetLocale(ctx, user); err != nil { ctx.ServerError("resetLocale", err) return diff --git a/routers/web/auth/oauth.go b/routers/web/auth/oauth.go index ccbb3bebf1f5c..730d68051be38 100644 --- a/routers/web/auth/oauth.go +++ b/routers/web/auth/oauth.go @@ -358,8 +358,8 @@ func handleOAuth2SignIn(ctx *context.Context, source *auth.Source, u *user_model return } - // Clear whatever CSRF cookie has right now, force to generate a new one - ctx.Csrf.DeleteCookie(ctx) + // force to generate a new CSRF token + ctx.Csrf.PrepareForSessionUser(ctx) if err := resetLocale(ctx, u); err != nil { ctx.ServerError("resetLocale", err) diff --git a/services/auth/auth.go b/services/auth/auth.go index a2523a2452e9b..43ff95f05302e 100644 --- a/services/auth/auth.go +++ b/services/auth/auth.go @@ -103,8 +103,8 @@ func handleSignIn(resp http.ResponseWriter, req *http.Request, sess SessionStore middleware.SetLocaleCookie(resp, user.Language, 0) - // Clear whatever CSRF has right now, force to generate a new one + // force to generate a new CSRF token if ctx := gitea_context.GetWebContext(req); ctx != nil { - ctx.Csrf.DeleteCookie(ctx) + ctx.Csrf.PrepareForSessionUser(ctx) } } diff --git a/services/context/csrf.go b/services/context/csrf.go index 9b66d613e3b44..7b475a8fd858e 100644 --- a/services/context/csrf.go +++ b/services/context/csrf.go @@ -129,10 +129,8 @@ func (c *csrfProtector) PrepareForSessionUser(ctx *Context) { } if needsNew { - // FIXME: actionId. c.token = GenerateCsrfToken(c.opt.Secret, c.id, "POST", time.Now()) - cookie := newCsrfCookie(&c.opt, c.token) - ctx.Resp.Header().Add("Set-Cookie", cookie.String()) + ctx.Resp.Header().Add("Set-Cookie", newCsrfCookie(&c.opt, c.token).String()) } ctx.Data["CsrfToken"] = c.token diff --git a/tests/integration/admin_user_test.go b/tests/integration/admin_user_test.go index 669060c787d48..090e60da291fb 100644 --- a/tests/integration/admin_user_test.go +++ b/tests/integration/admin_user_test.go @@ -51,7 +51,7 @@ func testSuccessfullEdit(t *testing.T, formData user_model.User) { func makeRequest(t *testing.T, formData user_model.User, headerCode int) { session := loginUser(t, "user1") - csrf := GetCSRF(t, session, "/admin/users/"+strconv.Itoa(int(formData.ID))+"/edit") + csrf := GetUserCSRFToken(t, session) req := NewRequestWithValues(t, "POST", "/admin/users/"+strconv.Itoa(int(formData.ID))+"/edit", map[string]string{ "_csrf": csrf, "user_name": formData.Name, @@ -72,7 +72,7 @@ func TestAdminDeleteUser(t *testing.T) { session := loginUser(t, "user1") - csrf := GetCSRF(t, session, "/admin/users/8/edit") + csrf := GetUserCSRFToken(t, session) req := NewRequestWithValues(t, "POST", "/admin/users/8/delete", map[string]string{ "_csrf": csrf, }) diff --git a/tests/integration/api_httpsig_test.go b/tests/integration/api_httpsig_test.go index cca477f5e138f..b9dc508ad0928 100644 --- a/tests/integration/api_httpsig_test.go +++ b/tests/integration/api_httpsig_test.go @@ -95,7 +95,7 @@ func TestHTTPSigCert(t *testing.T) { defer tests.PrepareTestEnv(t)() session := loginUser(t, "user1") - csrf := GetCSRF(t, session, "/user/settings/keys") + csrf := GetUserCSRFToken(t, session) req := NewRequestWithValues(t, "POST", "/user/settings/keys", map[string]string{ "_csrf": csrf, "content": "user1", diff --git a/tests/integration/api_packages_container_test.go b/tests/integration/api_packages_container_test.go index 409e7513a6e60..3905ad1b70368 100644 --- a/tests/integration/api_packages_container_test.go +++ b/tests/integration/api_packages_container_test.go @@ -784,7 +784,7 @@ func TestPackageContainer(t *testing.T) { newOwnerName := "newUsername" req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "name": newOwnerName, "email": "user2@example.com", "language": "en-US", @@ -794,7 +794,7 @@ func TestPackageContainer(t *testing.T) { t.Run(fmt.Sprintf("Catalog[%s]", newOwnerName), checkCatalog(newOwnerName)) req = NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "name": user.Name, "email": "user2@example.com", "language": "en-US", diff --git a/tests/integration/attachment_test.go b/tests/integration/attachment_test.go index 11aa03bb7e715..30c394e9b02f2 100644 --- a/tests/integration/attachment_test.go +++ b/tests/integration/attachment_test.go @@ -57,14 +57,14 @@ func createAttachment(t *testing.T, session *TestSession, csrf, repoURL, filenam func TestCreateAnonymousAttachment(t *testing.T) { defer tests.PrepareTestEnv(t)() session := emptyTestSession(t) - createAttachment(t, session, GetCSRF(t, session, "/user/login"), "user2/repo1", "image.png", generateImg(), http.StatusSeeOther) + createAttachment(t, session, GetAnonymousCSRFToken(t, session), "user2/repo1", "image.png", generateImg(), http.StatusSeeOther) } func TestCreateIssueAttachment(t *testing.T) { defer tests.PrepareTestEnv(t)() const repoURL = "user2/repo1" session := loginUser(t, "user2") - uuid := createAttachment(t, session, GetCSRF(t, session, repoURL), repoURL, "image.png", generateImg(), http.StatusOK) + uuid := createAttachment(t, session, GetUserCSRFToken(t, session), repoURL, "image.png", generateImg(), http.StatusOK) req := NewRequest(t, "GET", repoURL+"/issues/new") resp := session.MakeRequest(t, req, http.StatusOK) diff --git a/tests/integration/auth_ldap_test.go b/tests/integration/auth_ldap_test.go index 317787f403115..deb79187eb91e 100644 --- a/tests/integration/auth_ldap_test.go +++ b/tests/integration/auth_ldap_test.go @@ -156,7 +156,7 @@ func addAuthSourceLDAP(t *testing.T, sshKeyAttribute, groupFilter string, groupM groupTeamMap = groupMapParams[1] } session := loginUser(t, "user1") - csrf := GetCSRF(t, session, "/admin/auths/new") + csrf := GetUserCSRFToken(t, session) req := NewRequestWithValues(t, "POST", "/admin/auths/new", buildAuthSourceLDAPPayload(csrf, sshKeyAttribute, groupFilter, groupTeamMap, groupTeamMapRemoval)) session.MakeRequest(t, req, http.StatusSeeOther) } @@ -252,7 +252,7 @@ func TestLDAPUserSyncWithEmptyUsernameAttribute(t *testing.T) { defer tests.PrepareTestEnv(t)() session := loginUser(t, "user1") - csrf := GetCSRF(t, session, "/admin/auths/new") + csrf := GetUserCSRFToken(t, session) payload := buildAuthSourceLDAPPayload(csrf, "", "", "", "") payload["attribute_username"] = "" req := NewRequestWithValues(t, "POST", "/admin/auths/new", payload) @@ -487,7 +487,7 @@ func TestLDAPPreventInvalidGroupTeamMap(t *testing.T) { defer tests.PrepareTestEnv(t)() session := loginUser(t, "user1") - csrf := GetCSRF(t, session, "/admin/auths/new") + csrf := GetUserCSRFToken(t, session) req := NewRequestWithValues(t, "POST", "/admin/auths/new", buildAuthSourceLDAPPayload(csrf, "", "", `{"NOT_A_VALID_JSON"["MISSING_DOUBLE_POINT"]}`, "off")) session.MakeRequest(t, req, http.StatusOK) // StatusOK = failed, StatusSeeOther = ok } diff --git a/tests/integration/change_default_branch_test.go b/tests/integration/change_default_branch_test.go index 703834b712961..729eb1e4ce662 100644 --- a/tests/integration/change_default_branch_test.go +++ b/tests/integration/change_default_branch_test.go @@ -22,7 +22,7 @@ func TestChangeDefaultBranch(t *testing.T) { session := loginUser(t, owner.Name) branchesURL := fmt.Sprintf("/%s/%s/settings/branches", owner.Name, repo.Name) - csrf := GetCSRF(t, session, branchesURL) + csrf := GetUserCSRFToken(t, session) req := NewRequestWithValues(t, "POST", branchesURL, map[string]string{ "_csrf": csrf, "action": "default_branch", @@ -30,7 +30,7 @@ func TestChangeDefaultBranch(t *testing.T) { }) session.MakeRequest(t, req, http.StatusSeeOther) - csrf = GetCSRF(t, session, branchesURL) + csrf = GetUserCSRFToken(t, session) req = NewRequestWithValues(t, "POST", branchesURL, map[string]string{ "_csrf": csrf, "action": "default_branch", diff --git a/tests/integration/delete_user_test.go b/tests/integration/delete_user_test.go index 806b87dc4cef4..ad3c88288200a 100644 --- a/tests/integration/delete_user_test.go +++ b/tests/integration/delete_user_test.go @@ -33,7 +33,7 @@ func TestUserDeleteAccount(t *testing.T) { defer tests.PrepareTestEnv(t)() session := loginUser(t, "user8") - csrf := GetCSRF(t, session, "/user/settings/account") + csrf := GetUserCSRFToken(t, session) urlStr := fmt.Sprintf("/user/settings/account/delete?password=%s", userPassword) req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ "_csrf": csrf, @@ -48,7 +48,7 @@ func TestUserDeleteAccountStillOwnRepos(t *testing.T) { defer tests.PrepareTestEnv(t)() session := loginUser(t, "user2") - csrf := GetCSRF(t, session, "/user/settings/account") + csrf := GetUserCSRFToken(t, session) urlStr := fmt.Sprintf("/user/settings/account/delete?password=%s", userPassword) req := NewRequestWithValues(t, "POST", urlStr, map[string]string{ "_csrf": csrf, diff --git a/tests/integration/editor_test.go b/tests/integration/editor_test.go index f510c79bc6b01..f0f71b80d1b5d 100644 --- a/tests/integration/editor_test.go +++ b/tests/integration/editor_test.go @@ -49,7 +49,7 @@ func TestCreateFileOnProtectedBranch(t *testing.T) { onGiteaRun(t, func(t *testing.T, u *url.URL) { session := loginUser(t, "user2") - csrf := GetCSRF(t, session, "/user2/repo1/settings/branches") + csrf := GetUserCSRFToken(t, session) // Change master branch to protected req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{ "_csrf": csrf, @@ -84,7 +84,7 @@ func TestCreateFileOnProtectedBranch(t *testing.T) { assert.Contains(t, resp.Body.String(), "Cannot commit to protected branch "master".") // remove the protected branch - csrf = GetCSRF(t, session, "/user2/repo1/settings/branches") + csrf = GetUserCSRFToken(t, session) // Change master branch to protected req = NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/1/delete", map[string]string{ diff --git a/tests/integration/empty_repo_test.go b/tests/integration/empty_repo_test.go index 002aa5600e08b..630a3c03af89b 100644 --- a/tests/integration/empty_repo_test.go +++ b/tests/integration/empty_repo_test.go @@ -29,7 +29,7 @@ import ( func testAPINewFile(t *testing.T, session *TestSession, user, repo, branch, treePath, content string) *httptest.ResponseRecorder { url := fmt.Sprintf("/%s/%s/_new/%s", user, repo, branch) req := NewRequestWithValues(t, "POST", url, map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "commit_choice": "direct", "tree_path": treePath, "content": content, @@ -63,7 +63,7 @@ func TestEmptyRepoAddFile(t *testing.T) { doc := NewHTMLParser(t, resp.Body).Find(`input[name="commit_choice"]`) assert.Empty(t, doc.AttrOr("checked", "_no_")) req = NewRequestWithValues(t, "POST", "/user30/empty/_new/"+setting.Repository.DefaultBranch, map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "commit_choice": "direct", "tree_path": "test-file.md", "content": "newly-added-test-file", @@ -89,7 +89,7 @@ func TestEmptyRepoUploadFile(t *testing.T) { body := &bytes.Buffer{} mpForm := multipart.NewWriter(body) - _ = mpForm.WriteField("_csrf", GetCSRF(t, session, "/user/settings")) + _ = mpForm.WriteField("_csrf", GetUserCSRFToken(t, session)) file, _ := mpForm.CreateFormFile("file", "uploaded-file.txt") _, _ = io.Copy(file, bytes.NewBufferString("newly-uploaded-test-file")) _ = mpForm.Close() @@ -101,7 +101,7 @@ func TestEmptyRepoUploadFile(t *testing.T) { assert.NoError(t, json.Unmarshal(resp.Body.Bytes(), &respMap)) req = NewRequestWithValues(t, "POST", "/user30/empty/_upload/"+setting.Repository.DefaultBranch, map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "commit_choice": "direct", "files": respMap["uuid"], "tree_path": "", diff --git a/tests/integration/git_test.go b/tests/integration/git_test.go index ac56cffe5e6de..f024d22c4a197 100644 --- a/tests/integration/git_test.go +++ b/tests/integration/git_test.go @@ -462,7 +462,7 @@ func doBranchProtectPRMerge(baseCtx *APITestContext, dstPath string) func(t *tes func doProtectBranch(ctx APITestContext, branch, userToWhitelistPush, userToWhitelistForcePush, unprotectedFilePatterns string) func(t *testing.T) { // We are going to just use the owner to set the protection. return func(t *testing.T) { - csrf := GetCSRF(t, ctx.Session, fmt.Sprintf("/%s/%s/settings/branches", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame))) + csrf := GetUserCSRFToken(t, ctx.Session) formData := map[string]string{ "_csrf": csrf, @@ -644,7 +644,7 @@ func doPushCreate(ctx APITestContext, u *url.URL) func(t *testing.T) { func doBranchDelete(ctx APITestContext, owner, repo, branch string) func(*testing.T) { return func(t *testing.T) { - csrf := GetCSRF(t, ctx.Session, fmt.Sprintf("/%s/%s/branches", url.PathEscape(owner), url.PathEscape(repo))) + csrf := GetUserCSRFToken(t, ctx.Session) req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/branches/delete?name=%s", url.PathEscape(owner), url.PathEscape(repo), url.QueryEscape(branch)), map[string]string{ "_csrf": csrf, diff --git a/tests/integration/integration_test.go b/tests/integration/integration_test.go index 1f12430fcfbf6..f72ac5f51c357 100644 --- a/tests/integration/integration_test.go +++ b/tests/integration/integration_test.go @@ -486,23 +486,19 @@ func VerifyJSONSchema(t testing.TB, resp *httptest.ResponseRecorder, schemaFile assert.True(t, result.Valid()) } -// GetCSRF returns CSRF token from body -// If it fails, it means the CSRF token is not found in the response body returned by the url with the given session. -// In this case, you should find a better url to get it. -func GetCSRF(t testing.TB, session *TestSession, urlStr string) string { +// GetUserCSRFToken returns CSRF token for current user +func GetUserCSRFToken(t testing.TB, session *TestSession) string { t.Helper() - req := NewRequest(t, "GET", urlStr) - resp := session.MakeRequest(t, req, http.StatusOK) - doc := NewHTMLParser(t, resp.Body) - csrf := doc.GetCSRF() - require.NotEmpty(t, csrf) - return csrf + cookie := session.GetCookie("_csrf") + require.NotEmpty(t, cookie) + return cookie.Value } -// GetCSRFFrom returns CSRF token from body -func GetCSRFFromCookie(t testing.TB, session *TestSession, urlStr string) string { +// GetUserCSRFToken returns CSRF token for anonymous user (not logged in) +func GetAnonymousCSRFToken(t testing.TB, session *TestSession) string { t.Helper() - req := NewRequest(t, "GET", urlStr) - session.MakeRequest(t, req, http.StatusOK) - return session.GetCookie("_csrf").Value + resp := session.MakeRequest(t, NewRequest(t, "GET", "/user/login"), http.StatusOK) + csrfToken := NewHTMLParser(t, resp.Body).GetCSRF() + require.NotEmpty(t, csrfToken) + return csrfToken } diff --git a/tests/integration/issue_test.go b/tests/integration/issue_test.go index 308b82d4b950b..df45da84a55de 100644 --- a/tests/integration/issue_test.go +++ b/tests/integration/issue_test.go @@ -197,21 +197,21 @@ func TestEditIssue(t *testing.T) { issueURL := testNewIssue(t, session, "user2", "repo1", "Title", "Description") req := NewRequestWithValues(t, "POST", fmt.Sprintf("%s/content", issueURL), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), "content": "modified content", "context": fmt.Sprintf("/%s/%s", "user2", "repo1"), }) session.MakeRequest(t, req, http.StatusOK) req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/content", issueURL), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), "content": "modified content", "context": fmt.Sprintf("/%s/%s", "user2", "repo1"), }) session.MakeRequest(t, req, http.StatusBadRequest) req = NewRequestWithValues(t, "POST", fmt.Sprintf("%s/content", issueURL), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), "content": "modified content", "content_version": "1", "context": fmt.Sprintf("/%s/%s", "user2", "repo1"), @@ -246,11 +246,11 @@ func TestIssueCommentDelete(t *testing.T) { // Using the ID of a comment that does not belong to the repository must fail req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d/delete", "user5", "repo4", commentID), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), }) session.MakeRequest(t, req, http.StatusNotFound) req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d/delete", "user2", "repo1", commentID), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), }) session.MakeRequest(t, req, http.StatusOK) unittest.AssertNotExistsBean(t, &issues_model.Comment{ID: commentID}) @@ -270,13 +270,13 @@ func TestIssueCommentUpdate(t *testing.T) { // Using the ID of a comment that does not belong to the repository must fail req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user5", "repo4", commentID), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), "content": modifiedContent, }) session.MakeRequest(t, req, http.StatusNotFound) req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user2", "repo1", commentID), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), "content": modifiedContent, }) session.MakeRequest(t, req, http.StatusOK) @@ -298,7 +298,7 @@ func TestIssueCommentUpdateSimultaneously(t *testing.T) { modifiedContent := comment.Content + "MODIFIED" req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user2", "repo1", commentID), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), "content": modifiedContent, }) session.MakeRequest(t, req, http.StatusOK) @@ -306,13 +306,13 @@ func TestIssueCommentUpdateSimultaneously(t *testing.T) { modifiedContent = comment.Content + "2" req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user2", "repo1", commentID), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), "content": modifiedContent, }) session.MakeRequest(t, req, http.StatusBadRequest) req = NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/comments/%d", "user2", "repo1", commentID), map[string]string{ - "_csrf": GetCSRF(t, session, issueURL), + "_csrf": GetUserCSRFToken(t, session), "content": modifiedContent, "content_version": "1", }) diff --git a/tests/integration/mirror_push_test.go b/tests/integration/mirror_push_test.go index 1c262b334967b..6b1c808cf46ba 100644 --- a/tests/integration/mirror_push_test.go +++ b/tests/integration/mirror_push_test.go @@ -81,7 +81,7 @@ func testMirrorPush(t *testing.T, u *url.URL) { func doCreatePushMirror(ctx APITestContext, address, username, password string) func(t *testing.T) { return func(t *testing.T) { - csrf := GetCSRF(t, ctx.Session, fmt.Sprintf("/%s/%s/settings", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame))) + csrf := GetUserCSRFToken(t, ctx.Session) req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame)), map[string]string{ "_csrf": csrf, @@ -101,7 +101,7 @@ func doCreatePushMirror(ctx APITestContext, address, username, password string) func doRemovePushMirror(ctx APITestContext, address, username, password string, pushMirrorID int) func(t *testing.T) { return func(t *testing.T) { - csrf := GetCSRF(t, ctx.Session, fmt.Sprintf("/%s/%s/settings", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame))) + csrf := GetUserCSRFToken(t, ctx.Session) req := NewRequestWithValues(t, "POST", fmt.Sprintf("/%s/%s/settings", url.PathEscape(ctx.Username), url.PathEscape(ctx.Reponame)), map[string]string{ "_csrf": csrf, diff --git a/tests/integration/nonascii_branches_test.go b/tests/integration/nonascii_branches_test.go index a189273eacd81..e5934a148d892 100644 --- a/tests/integration/nonascii_branches_test.go +++ b/tests/integration/nonascii_branches_test.go @@ -17,7 +17,7 @@ import ( func setDefaultBranch(t *testing.T, session *TestSession, user, repo, branch string) { location := path.Join("/", user, repo, "settings/branches") - csrf := GetCSRF(t, session, location) + csrf := GetUserCSRFToken(t, session) req := NewRequestWithValues(t, "POST", location, map[string]string{ "_csrf": csrf, "action": "default_branch", diff --git a/tests/integration/org_project_test.go b/tests/integration/org_project_test.go index 31d10f16ff113..c3894fd7afdec 100644 --- a/tests/integration/org_project_test.go +++ b/tests/integration/org_project_test.go @@ -34,7 +34,7 @@ func TestOrgProjectAccess(t *testing.T) { // change the org's visibility to private session := loginUser(t, "user2") req = NewRequestWithValues(t, "POST", "/org/org3/settings", map[string]string{ - "_csrf": GetCSRF(t, session, "/org3/-/projects"), + "_csrf": GetUserCSRFToken(t, session), "name": "org3", "visibility": "2", }) @@ -48,7 +48,7 @@ func TestOrgProjectAccess(t *testing.T) { // disable team1's project unit session = loginUser(t, "user2") req = NewRequestWithValues(t, "POST", "/org/org3/teams/team1/edit", map[string]string{ - "_csrf": GetCSRF(t, session, "/org3/-/projects"), + "_csrf": GetUserCSRFToken(t, session), "team_name": "team1", "repo_access": "specific", "permission": "read", diff --git a/tests/integration/org_team_invite_test.go b/tests/integration/org_team_invite_test.go index 919769a61a251..274fde4085054 100644 --- a/tests/integration/org_team_invite_test.go +++ b/tests/integration/org_team_invite_test.go @@ -40,7 +40,7 @@ func TestOrgTeamEmailInvite(t *testing.T) { session := loginUser(t, "user1") teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name) - csrf := GetCSRF(t, session, teamURL) + csrf := GetUserCSRFToken(t, session) req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{ "_csrf": csrf, "uid": "1", @@ -59,7 +59,7 @@ func TestOrgTeamEmailInvite(t *testing.T) { // join the team inviteURL := fmt.Sprintf("/org/invite/%s", invites[0].Token) - csrf = GetCSRF(t, session, inviteURL) + csrf = GetUserCSRFToken(t, session) req = NewRequestWithValues(t, "POST", inviteURL, map[string]string{ "_csrf": csrf, }) @@ -94,7 +94,7 @@ func TestOrgTeamEmailInviteRedirectsExistingUser(t *testing.T) { teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name) req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{ - "_csrf": GetCSRF(t, session, teamURL), + "_csrf": GetUserCSRFToken(t, session), "uid": "1", "uname": user.Email, }) @@ -137,7 +137,7 @@ func TestOrgTeamEmailInviteRedirectsExistingUser(t *testing.T) { // make the request req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{ - "_csrf": GetCSRF(t, session, test.RedirectURL(resp)), + "_csrf": GetUserCSRFToken(t, session), }) resp = session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", test.RedirectURL(resp)) @@ -165,7 +165,7 @@ func TestOrgTeamEmailInviteRedirectsNewUser(t *testing.T) { teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name) req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{ - "_csrf": GetCSRF(t, session, teamURL), + "_csrf": GetUserCSRFToken(t, session), "uid": "1", "uname": "doesnotexist@example.com", }) @@ -210,7 +210,7 @@ func TestOrgTeamEmailInviteRedirectsNewUser(t *testing.T) { // make the redirected request req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{ - "_csrf": GetCSRF(t, session, test.RedirectURL(resp)), + "_csrf": GetUserCSRFToken(t, session), }) resp = session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", test.RedirectURL(resp)) @@ -233,22 +233,18 @@ func TestOrgTeamEmailInviteRedirectsNewUserWithActivation(t *testing.T) { } // enable email confirmation temporarily - defer func(prevVal bool) { - setting.Service.RegisterEmailConfirm = prevVal - }(setting.Service.RegisterEmailConfirm) - setting.Service.RegisterEmailConfirm = true - + defer test.MockVariableValue(&setting.Service.RegisterEmailConfirm, true)() defer tests.PrepareTestEnv(t)() org := unittest.AssertExistsAndLoadBean(t, &organization.Organization{ID: 3}) team := unittest.AssertExistsAndLoadBean(t, &organization.Team{ID: 2}) - // create the invite + // user1: create the invite session := loginUser(t, "user1") teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name) req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{ - "_csrf": GetCSRF(t, session, teamURL), + "_csrf": GetUserCSRFToken(t, session), "uid": "1", "uname": "doesnotexist@example.com", }) @@ -261,53 +257,34 @@ func TestOrgTeamEmailInviteRedirectsNewUserWithActivation(t *testing.T) { assert.NoError(t, err) assert.Len(t, invites, 1) - // accept the invite + // new user: accept the invite + session = emptyTestSession(t) + inviteURL := fmt.Sprintf("/org/invite/%s", invites[0].Token) req = NewRequest(t, "GET", fmt.Sprintf("/user/sign_up?redirect_to=%s", url.QueryEscape(inviteURL))) - inviteResp := MakeRequest(t, req, http.StatusOK) - - doc := NewHTMLParser(t, resp.Body) + session.MakeRequest(t, req, http.StatusOK) req = NewRequestWithValues(t, "POST", "/user/sign_up", map[string]string{ - "_csrf": doc.GetCSRF(), "user_name": "doesnotexist", "email": "doesnotexist@example.com", "password": "examplePassword!1", "retype": "examplePassword!1", }) - for _, c := range inviteResp.Result().Cookies() { - req.AddCookie(c) - } - - resp = MakeRequest(t, req, http.StatusOK) + session.MakeRequest(t, req, http.StatusOK) user, err := user_model.GetUserByName(db.DefaultContext, "doesnotexist") assert.NoError(t, err) - ch := http.Header{} - ch.Add("Cookie", strings.Join(resp.Header()["Set-Cookie"], ";")) - cr := http.Request{Header: ch} - - session = emptyTestSession(t) - baseURL, err := url.Parse(setting.AppURL) - assert.NoError(t, err) - session.jar.SetCookies(baseURL, cr.Cookies()) - activateURL := fmt.Sprintf("/user/activate?code=%s", user.GenerateEmailActivateCode("doesnotexist@example.com")) req = NewRequestWithValues(t, "POST", activateURL, map[string]string{ "password": "examplePassword!1", }) - // use the cookies set by the signup request - for _, c := range inviteResp.Result().Cookies() { - req.AddCookie(c) - } - resp = session.MakeRequest(t, req, http.StatusSeeOther) // should be redirected to accept the invite assert.Equal(t, inviteURL, test.RedirectURL(resp)) req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{ - "_csrf": GetCSRF(t, session, test.RedirectURL(resp)), + "_csrf": GetUserCSRFToken(t, session), }) resp = session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", test.RedirectURL(resp)) @@ -342,7 +319,7 @@ func TestOrgTeamEmailInviteRedirectsExistingUserWithLogin(t *testing.T) { teamURL := fmt.Sprintf("/org/%s/teams/%s", org.Name, team.Name) req := NewRequestWithValues(t, "POST", teamURL+"/action/add", map[string]string{ - "_csrf": GetCSRF(t, session, teamURL), + "_csrf": GetUserCSRFToken(t, session), "uid": "1", "uname": user.Email, }) @@ -366,7 +343,7 @@ func TestOrgTeamEmailInviteRedirectsExistingUserWithLogin(t *testing.T) { // make the request req = NewRequestWithValues(t, "POST", test.RedirectURL(resp), map[string]string{ - "_csrf": GetCSRF(t, session, test.RedirectURL(resp)), + "_csrf": GetUserCSRFToken(t, session), }) resp = session.MakeRequest(t, req, http.StatusSeeOther) req = NewRequest(t, "GET", test.RedirectURL(resp)) diff --git a/tests/integration/privateactivity_test.go b/tests/integration/privateactivity_test.go index 5362462f7df9f..a1fbadec99ede 100644 --- a/tests/integration/privateactivity_test.go +++ b/tests/integration/privateactivity_test.go @@ -48,7 +48,7 @@ func testPrivateActivityDoSomethingForActionEntries(t *testing.T) { func testPrivateActivityHelperEnablePrivateActivity(t *testing.T) { session := loginUser(t, privateActivityTestUser) req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "name": privateActivityTestUser, "email": privateActivityTestUser + "@example.com", "language": "en-US", diff --git a/tests/integration/pull_merge_test.go b/tests/integration/pull_merge_test.go index 9a412329a1c0d..c1c8a8bf4e839 100644 --- a/tests/integration/pull_merge_test.go +++ b/tests/integration/pull_merge_test.go @@ -694,7 +694,7 @@ func TestPullAutoMergeAfterCommitStatusSucceed(t *testing.T) { }) // add protected branch for commit status - csrf := GetCSRF(t, session, "/user2/repo1/settings/branches") + csrf := GetUserCSRFToken(t, session) // Change master branch to protected req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{ "_csrf": csrf, @@ -777,7 +777,7 @@ func TestPullAutoMergeAfterCommitStatusSucceedAndApproval(t *testing.T) { }) // add protected branch for commit status - csrf := GetCSRF(t, session, "/user2/repo1/settings/branches") + csrf := GetUserCSRFToken(t, session) // Change master branch to protected req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{ "_csrf": csrf, @@ -905,7 +905,7 @@ func TestPullAutoMergeAfterCommitStatusSucceedAndApprovalForAgitFlow(t *testing. session := loginUser(t, "user1") // add protected branch for commit status - csrf := GetCSRF(t, session, "/user2/repo1/settings/branches") + csrf := GetUserCSRFToken(t, session) // Change master branch to protected req := NewRequestWithValues(t, "POST", "/user2/repo1/settings/branches/edit", map[string]string{ "_csrf": csrf, diff --git a/tests/integration/pull_status_test.go b/tests/integration/pull_status_test.go index 26e1baeb11305..ac9036ca962f9 100644 --- a/tests/integration/pull_status_test.go +++ b/tests/integration/pull_status_test.go @@ -29,7 +29,7 @@ func TestPullCreate_CommitStatus(t *testing.T) { url := path.Join("user1", "repo1", "compare", "master...status1") req := NewRequestWithValues(t, "POST", url, map[string]string{ - "_csrf": GetCSRF(t, session, url), + "_csrf": GetUserCSRFToken(t, session), "title": "pull request from status1", }, ) @@ -129,7 +129,7 @@ func TestPullCreate_EmptyChangesWithDifferentCommits(t *testing.T) { url := path.Join("user1", "repo1", "compare", "master...status1") req := NewRequestWithValues(t, "POST", url, map[string]string{ - "_csrf": GetCSRF(t, session, url), + "_csrf": GetUserCSRFToken(t, session), "title": "pull request from status1", }, ) @@ -152,7 +152,7 @@ func TestPullCreate_EmptyChangesWithSameCommits(t *testing.T) { url := path.Join("user1", "repo1", "compare", "master...status1") req := NewRequestWithValues(t, "POST", url, map[string]string{ - "_csrf": GetCSRF(t, session, url), + "_csrf": GetUserCSRFToken(t, session), "title": "pull request from status1", }, ) diff --git a/tests/integration/rename_branch_test.go b/tests/integration/rename_branch_test.go index 71bfb6b6cb26b..576264ba95192 100644 --- a/tests/integration/rename_branch_test.go +++ b/tests/integration/rename_branch_test.go @@ -54,7 +54,7 @@ func testRenameBranch(t *testing.T, u *url.URL) { assert.Equal(t, "main", repo1.DefaultBranch) // create branch1 - csrf := GetCSRF(t, session, "/user2/repo1/src/branch/main") + csrf := GetUserCSRFToken(t, session) req = NewRequestWithValues(t, "POST", "/user2/repo1/branches/_new/branch/main", map[string]string{ "_csrf": csrf, diff --git a/tests/integration/repo_branch_test.go b/tests/integration/repo_branch_test.go index f5217374b00f9..6d1cc8afcf108 100644 --- a/tests/integration/repo_branch_test.go +++ b/tests/integration/repo_branch_test.go @@ -27,14 +27,7 @@ import ( ) func testCreateBranch(t testing.TB, session *TestSession, user, repo, oldRefSubURL, newBranchName string, expectedStatus int) string { - var csrf string - if expectedStatus == http.StatusNotFound { - // src/branch/branch_name may not container "_csrf" input, - // so we need to get it from cookies not from body - csrf = GetCSRFFromCookie(t, session, path.Join(user, repo, "src/branch/master")) - } else { - csrf = GetCSRFFromCookie(t, session, path.Join(user, repo, "src", oldRefSubURL)) - } + csrf := GetUserCSRFToken(t, session) req := NewRequestWithValues(t, "POST", path.Join(user, repo, "branches/_new", oldRefSubURL), map[string]string{ "_csrf": csrf, "new_branch_name": newBranchName, diff --git a/tests/integration/signin_test.go b/tests/integration/signin_test.go index 77e19bba9634f..886d4a825932e 100644 --- a/tests/integration/signin_test.go +++ b/tests/integration/signin_test.go @@ -21,7 +21,6 @@ import ( func testLoginFailed(t *testing.T, username, password, message string) { session := emptyTestSession(t) req := NewRequestWithValues(t, "POST", "/user/login", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/login"), "user_name": username, "password": password, }) @@ -68,7 +67,6 @@ func TestSigninWithRememberMe(t *testing.T) { session := emptyTestSession(t) req := NewRequestWithValues(t, "POST", "/user/login", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/login"), "user_name": user.Name, "password": userPassword, "remember": "on", diff --git a/tests/integration/user_avatar_test.go b/tests/integration/user_avatar_test.go index ec5813df0d522..caca9a3e560c0 100644 --- a/tests/integration/user_avatar_test.go +++ b/tests/integration/user_avatar_test.go @@ -37,7 +37,7 @@ func TestUserAvatar(t *testing.T) { } session := loginUser(t, "user2") - csrf := GetCSRF(t, session, "/user/settings") + csrf := GetUserCSRFToken(t, session) imgData := &bytes.Buffer{} diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go index c4544f37aa3aa..53d88aeb37b17 100644 --- a/tests/integration/user_test.go +++ b/tests/integration/user_test.go @@ -33,7 +33,7 @@ func TestRenameUsername(t *testing.T) { session := loginUser(t, "user2") req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "name": "newUsername", "email": "user2@example.com", "language": "en-US", @@ -77,7 +77,7 @@ func TestRenameInvalidUsername(t *testing.T) { t.Logf("Testing username %s", invalidUsername) req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "name": invalidUsername, "email": "user2@example.com", }) @@ -135,7 +135,7 @@ func TestRenameReservedUsername(t *testing.T) { for _, reservedUsername := range reservedUsernames { t.Logf("Testing username %s", reservedUsername) req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "name": reservedUsername, "email": "user2@example.com", "language": "en-US", @@ -293,7 +293,7 @@ func TestUserLocationMapLink(t *testing.T) { session := loginUser(t, "user2") req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "name": "user2", "email": "user@example.com", "language": "en-US", diff --git a/tests/integration/xss_test.go b/tests/integration/xss_test.go index e575ed3990cc3..a8eaa5fc6246c 100644 --- a/tests/integration/xss_test.go +++ b/tests/integration/xss_test.go @@ -21,7 +21,7 @@ func TestXSSUserFullName(t *testing.T) { session := loginUser(t, user.Name) req := NewRequestWithValues(t, "POST", "/user/settings", map[string]string{ - "_csrf": GetCSRF(t, session, "/user/settings"), + "_csrf": GetUserCSRFToken(t, session), "name": user.Name, "full_name": fullName, "email": user.Email,