Merge branch 'main' into tooldeps2

Author: silverwind

models/perm/access/repo_permission.go

@@ -127,7 +127,8 @@ func (p *Permission) LogString() string {
 }
 
 // GetUserRepoPermission returns the user permissions to the repository
-func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (perm Permission, err error) {
+func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, user *user_model.User) (Permission, error) {
+	var perm Permission
 	if log.IsTrace() {
 		defer func() {
 			if user == nil {
@@ -147,63 +148,64 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
 	// TODO: anonymous user visit public unit of private repo???
 	if user == nil && repo.IsPrivate {
 		perm.AccessMode = perm_model.AccessModeNone
-		return
+		return perm, nil
 	}
 
-	var is bool
+	var isCollaborator bool
+	var err error
 	if user != nil {
-		is, err = repo_model.IsCollaborator(ctx, repo.ID, user.ID)
+		isCollaborator, err = repo_model.IsCollaborator(ctx, repo.ID, user.ID)
 		if err != nil {
 			return perm, err
 		}
 	}
 
-	if err = repo.LoadOwner(ctx); err != nil {
-		return
+	if err := repo.LoadOwner(ctx); err != nil {
+		return perm, err
 	}
 
 	// Prevent strangers from checking out public repo of private organization/users
 	// Allow user if they are collaborator of a repo within a private user or a private organization but not a member of the organization itself
-	if !organization.HasOrgOrUserVisible(ctx, repo.Owner, user) && !is {
+	if !organization.HasOrgOrUserVisible(ctx, repo.Owner, user) && !isCollaborator {
 		perm.AccessMode = perm_model.AccessModeNone
-		return
+		return perm, nil
 	}
 
-	if err = repo.LoadUnits(ctx); err != nil {
-		return
+	if err := repo.LoadUnits(ctx); err != nil {
+		return perm, err
 	}
 
 	perm.Units = repo.Units
 
 	// anonymous visit public repo
 	if user == nil {
 		perm.AccessMode = perm_model.AccessModeRead
-		return
+		return perm, nil
 	}
 
 	// Admin or the owner has super access to the repository
 	if user.IsAdmin || user.ID == repo.OwnerID {
 		perm.AccessMode = perm_model.AccessModeOwner
-		return
+		return perm, nil
 	}
 
 	// plain user
 	perm.AccessMode, err = accessLevel(ctx, user, repo)
 	if err != nil {
-		return
+		return perm, err
 	}
 
-	if err = repo.LoadOwner(ctx); err != nil {
-		return
+	if err := repo.LoadOwner(ctx); err != nil {
+		return perm, err
 	}
 	if !repo.Owner.IsOrganization() {
-		return
+		return perm, nil
 	}
 
 	perm.UnitsMode = make(map[unit.Type]perm_model.AccessMode)
 
 	// Collaborators on organization
-	if is {
+	if isCollaborator {
 		for _, u := range repo.Units {
 			perm.UnitsMode[u.Type] = perm.AccessMode
 		}
@@ -212,15 +214,15 @@ func GetUserRepoPermission(ctx context.Context, repo *repo_model.Repository, use
 	// get units mode from teams
 	teams, err := organization.GetUserRepoTeams(ctx, repo.OwnerID, user.ID, repo.ID)
 	if err != nil {
-		return
+		return perm, err
 	}
 
 	// if user in an owner team
 	for _, team := range teams {
 		if team.AccessMode >= perm_model.AccessModeAdmin {
 			perm.AccessMode = perm_model.AccessModeOwner
 			perm.UnitsMode = nil
-			return
+			return perm, nil
 		}
 	}
 

models/repo/collaboration_test.go

@@ -33,6 +33,19 @@ func TestRepository_GetCollaborators(t *testing.T) {
 	test(2)
 	test(3)
 	test(4)
+
+	// Test db.ListOptions
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 22})
+
+	collaborators1, err := repo_model.GetCollaborators(db.DefaultContext, repo.ID, db.ListOptions{PageSize: 1, Page: 1})
+	assert.NoError(t, err)
+	assert.Len(t, collaborators1, 1)
+
+	collaborators2, err := repo_model.GetCollaborators(db.DefaultContext, repo.ID, db.ListOptions{PageSize: 1, Page: 2})
+	assert.NoError(t, err)
+	assert.Len(t, collaborators2, 1)
+
+	assert.NotEqualValues(t, collaborators1[0].ID, collaborators2[0].ID)
 }
 
 func TestRepository_IsCollaborator(t *testing.T) {
@@ -66,5 +79,80 @@ func TestRepository_ChangeCollaborationAccessMode(t *testing.T) {
 
 	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(db.DefaultContext, repo, unittest.NonexistentID, perm.AccessModeAdmin))
 
+	// Disvard invalid input.
+	assert.NoError(t, repo_model.ChangeCollaborationAccessMode(db.DefaultContext, repo, 4, perm.AccessMode(unittest.NonexistentID)))
+
 	unittest.CheckConsistencyFor(t, &repo_model.Repository{ID: repo.ID})
 }
+
+func TestRepository_CountCollaborators(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+	count, err := repo_model.CountCollaborators(repo1.ID)
+	assert.NoError(t, err)
+	assert.EqualValues(t, 2, count)
+
+	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 22})
+	count, err = repo_model.CountCollaborators(repo2.ID)
+	assert.NoError(t, err)
+	assert.EqualValues(t, 2, count)
+
+	// Non-existent repository.
+	count, err = repo_model.CountCollaborators(unittest.NonexistentID)
+	assert.NoError(t, err)
+	assert.EqualValues(t, 0, count)
+}
+
+func TestRepository_IsOwnerMemberCollaborator(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	repo1 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 3})
+
+	// Organisation owner.
+	actual, err := repo_model.IsOwnerMemberCollaborator(repo1, 2)
+	assert.NoError(t, err)
+	assert.True(t, actual)
+
+	// Team member.
+	actual, err = repo_model.IsOwnerMemberCollaborator(repo1, 4)
+	assert.NoError(t, err)
+	assert.True(t, actual)
+
+	// Normal user.
+	actual, err = repo_model.IsOwnerMemberCollaborator(repo1, 1)
+	assert.NoError(t, err)
+	assert.False(t, actual)
+
+	repo2 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+
+	// Collaborator.
+	actual, err = repo_model.IsOwnerMemberCollaborator(repo2, 4)
+	assert.NoError(t, err)
+	assert.True(t, actual)
+
+	repo3 := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 15})
+
+	// Repository owner.
+	actual, err = repo_model.IsOwnerMemberCollaborator(repo3, 2)
+	assert.NoError(t, err)
+	assert.True(t, actual)
+}
+
+func TestRepo_GetCollaboration(t *testing.T) {
+	assert.NoError(t, unittest.PrepareTestDatabase())
+
+	repo := unittest.AssertExistsAndLoadBean(t, &repo_model.Repository{ID: 4})
+
+	// Existing collaboration.
+	collab, err := repo_model.GetCollaboration(db.DefaultContext, repo.ID, 4)
+	assert.NoError(t, err)
+	assert.NotNil(t, collab)
+	assert.EqualValues(t, 4, collab.UserID)
+	assert.EqualValues(t, 4, collab.RepoID)
+
+	// Non-existing collaboration.
+	collab, err = repo_model.GetCollaboration(db.DefaultContext, repo.ID, 1)
+	assert.NoError(t, err)
+	assert.Nil(t, collab)
+}

models/repo/release.go

@@ -339,7 +339,7 @@ func (s releaseMetaSearch) Less(i, j int) bool {
 // GetReleaseAttachments retrieves the attachments for releases
 func GetReleaseAttachments(ctx context.Context, rels ...*Release) (err error) {
 	if len(rels) == 0 {
-		return
+		return nil
 	}
 
 	// To keep this efficient as possible sort all releases by id,

modules/avatar/hash_test.go

@@ -0,0 +1,26 @@
+// Copyright 2023 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package avatar_test
+
+import (
+	"bytes"
+	"image"
+	"image/png"
+	"testing"
+
+	"code.gitea.io/gitea/modules/avatar"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func Test_HashAvatar(t *testing.T) {
+	myImage := image.NewRGBA(image.Rect(0, 0, 32, 32))
+	var buff bytes.Buffer
+	png.Encode(&buff, myImage)
+
+	assert.EqualValues(t, "9ddb5bac41d57e72aa876321d0c09d71090c05f94bc625303801be2f3240d2cb", avatar.HashAvatar(1, buff.Bytes()))
+	assert.EqualValues(t, "9a5d44e5d637b9582a976676e8f3de1dccd877c2fe3e66ca3fab1629f2f47609", avatar.HashAvatar(8, buff.Bytes()))
+	assert.EqualValues(t, "ed7399158672088770de6f5211ce15528ebd675e92fc4fc060c025f4b2794ccb", avatar.HashAvatar(1024, buff.Bytes()))
+	assert.EqualValues(t, "161178642c7d59eb25a61dddced5e6b66eae1c70880d5f148b1b497b767e72d9", avatar.HashAvatar(1024, []byte{}))
+}

modules/indexer/issues/bleve/bleve.go

@@ -23,7 +23,7 @@ import (
 const (
 	issueIndexerAnalyzer      = "issueIndexer"
 	issueIndexerDocType       = "issueIndexerDocType"
-	issueIndexerLatestVersion = 2
+	issueIndexerLatestVersion = 3
 )
 
 // numericEqualityQuery a numeric equality query for the given value and field
@@ -67,15 +67,16 @@ func generateIssueIndexMapping() (mapping.IndexMapping, error) {
 	docMapping := bleve.NewDocumentMapping()
 
 	numericFieldMapping := bleve.NewNumericFieldMapping()
+	numericFieldMapping.Store = false
 	numericFieldMapping.IncludeInAll = false
-	docMapping.AddFieldMappingsAt("RepoID", numericFieldMapping)
+	docMapping.AddFieldMappingsAt("repo_id", numericFieldMapping)
 
 	textFieldMapping := bleve.NewTextFieldMapping()
 	textFieldMapping.Store = false
 	textFieldMapping.IncludeInAll = false
-	docMapping.AddFieldMappingsAt("Title", textFieldMapping)
-	docMapping.AddFieldMappingsAt("Content", textFieldMapping)
-	docMapping.AddFieldMappingsAt("Comments", textFieldMapping)
+	docMapping.AddFieldMappingsAt("title", textFieldMapping)
+	docMapping.AddFieldMappingsAt("content", textFieldMapping)
+	docMapping.AddFieldMappingsAt("comments", textFieldMapping)
 
 	if err := addUnicodeNormalizeTokenFilter(mapping); err != nil {
 		return nil, err
@@ -91,6 +92,7 @@ func generateIssueIndexMapping() (mapping.IndexMapping, error) {
 	mapping.DefaultAnalyzer = issueIndexerAnalyzer
 	mapping.AddDocumentMapping(issueIndexerDocType, docMapping)
 	mapping.AddDocumentMapping("_all", bleve.NewDocumentDisabledMapping())
+	mapping.DefaultMapping = bleve.NewDocumentDisabledMapping() // disable default mapping, avoid indexing unexpected structs
 
 	return mapping, nil
 }
@@ -116,17 +118,7 @@ func NewIndexer(indexDir string) *Indexer {
 func (b *Indexer) Index(_ context.Context, issues []*internal.IndexerData) error {
 	batch := inner_bleve.NewFlushingBatch(b.inner.Indexer, maxBatchSize)
 	for _, issue := range issues {
-		if err := batch.Index(indexer_internal.Base36(issue.ID), struct {
-			RepoID   int64
-			Title    string
-			Content  string
-			Comments []string
-		}{
-			RepoID:   issue.RepoID,
-			Title:    issue.Title,
-			Content:  issue.Content,
-			Comments: issue.Comments,
-		}); err != nil {
+		if err := batch.Index(indexer_internal.Base36(issue.ID), (*IndexerData)(issue)); err != nil {
 			return err
 		}
 	}
@@ -149,7 +141,7 @@ func (b *Indexer) Delete(_ context.Context, ids ...int64) error {
 func (b *Indexer) Search(ctx context.Context, keyword string, repoIDs []int64, limit, start int) (*internal.SearchResult, error) {
 	var repoQueriesP []*query.NumericRangeQuery
 	for _, repoID := range repoIDs {
-		repoQueriesP = append(repoQueriesP, numericEqualityQuery(repoID, "RepoID"))
+		repoQueriesP = append(repoQueriesP, numericEqualityQuery(repoID, "repo_id"))
 	}
 	repoQueries := make([]query.Query, len(repoQueriesP))
 	for i, v := range repoQueriesP {
@@ -159,9 +151,9 @@ func (b *Indexer) Search(ctx context.Context, keyword string, repoIDs []int64, l
 	indexerQuery := bleve.NewConjunctionQuery(
 		bleve.NewDisjunctionQuery(repoQueries...),
 		bleve.NewDisjunctionQuery(
-			newMatchPhraseQuery(keyword, "Title", issueIndexerAnalyzer),
-			newMatchPhraseQuery(keyword, "Content", issueIndexerAnalyzer),
-			newMatchPhraseQuery(keyword, "Comments", issueIndexerAnalyzer),
+			newMatchPhraseQuery(keyword, "title", issueIndexerAnalyzer),
+			newMatchPhraseQuery(keyword, "content", issueIndexerAnalyzer),
+			newMatchPhraseQuery(keyword, "comments", issueIndexerAnalyzer),
 		))
 	search := bleve.NewSearchRequestOptions(indexerQuery, limit, start, false)
 	search.SortBy([]string{"-_score"})

options/locale/locale_en-US.ini

@@ -3463,7 +3463,7 @@ runners.reset_registration_token_success = Runner registration token reset succe
 
 runs.all_workflows = All Workflows
 runs.commit = Commit
-runs.pushed_by = Pushed by
+runs.pushed_by = pushed by
 runs.invalid_workflow_helper = Workflow config file is invalid. Please check your config file: %s
 runs.no_matching_runner_helper = No matching runner: %s
 runs.actor = Actor

routers/web/auth/auth.go

@@ -201,7 +201,7 @@ func SignInPost(ctx *context.Context) {
 
 	u, source, err := auth_service.UserSignIn(form.UserName, form.Password)
 	if err != nil {
-		if user_model.IsErrUserNotExist(err) || user_model.IsErrEmailAddressNotExist(err) {
+		if errors.Is(err, util.ErrNotExist) || errors.Is(err, util.ErrInvalidArgument) {
 			ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplSignIn, &form)
 			log.Info("Failed authentication attempt for %s from %s: %v", form.UserName, ctx.RemoteAddr(), err)
 		} else if user_model.IsErrEmailAlreadyUsed(err) {

routers/web/auth/linkaccount.go

@@ -13,7 +13,9 @@ import (
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
 	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
 	"code.gitea.io/gitea/modules/setting"
+	"code.gitea.io/gitea/modules/util"
 	"code.gitea.io/gitea/modules/web"
 	auth_service "code.gitea.io/gitea/services/auth"
 	"code.gitea.io/gitea/services/auth/source/oauth2"
@@ -81,6 +83,32 @@ func LinkAccount(ctx *context.Context) {
 	ctx.HTML(http.StatusOK, tplLinkAccount)
 }
 
+func handleSignInError(ctx *context.Context, userName string, ptrForm any, tmpl base.TplName, invoker string, err error) {
+	if errors.Is(err, util.ErrNotExist) {
+		ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tmpl, ptrForm)
+	} else if errors.Is(err, util.ErrInvalidArgument) {
+		ctx.Data["user_exists"] = true
+		ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tmpl, ptrForm)
+	} else if user_model.IsErrUserProhibitLogin(err) {
+		ctx.Data["user_exists"] = true
+		log.Info("Failed authentication attempt for %s from %s: %v", userName, ctx.RemoteAddr(), err)
+		ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
+		ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
+	} else if user_model.IsErrUserInactive(err) {
+		ctx.Data["user_exists"] = true
+		if setting.Service.RegisterEmailConfirm {
+			ctx.Data["Title"] = ctx.Tr("auth.active_your_account")
+			ctx.HTML(http.StatusOK, TplActivate)
+		} else {
+			log.Info("Failed authentication attempt for %s from %s: %v", userName, ctx.RemoteAddr(), err)
+			ctx.Data["Title"] = ctx.Tr("auth.prohibit_login")
+			ctx.HTML(http.StatusOK, "user/auth/prohibit_login")
+		}
+	} else {
+		ctx.ServerError(invoker, err)
+	}
+}
+
 // LinkAccountPostSignIn handle the coupling of external account with another account using signIn
 func LinkAccountPostSignIn(ctx *context.Context) {
 	signInForm := web.GetForm(ctx).(*forms.SignInForm)
@@ -116,12 +144,7 @@ func LinkAccountPostSignIn(ctx *context.Context) {
 
 	u, _, err := auth_service.UserSignIn(signInForm.UserName, signInForm.Password)
 	if err != nil {
-		if user_model.IsErrUserNotExist(err) {
-			ctx.Data["user_exists"] = true
-			ctx.RenderWithErr(ctx.Tr("form.username_password_incorrect"), tplLinkAccount, &signInForm)
-		} else {
-			ctx.ServerError("UserLinkAccount", err)
-		}
+		handleSignInError(ctx, signInForm.UserName, &signInForm, tplLinkAccount, "UserLinkAccount", err)
 		return
 	}