Commit graph

1,080 commits

Author SHA1 Message Date
oliverpool
fd283c80b7 feat: add hint to disable the "Enable more" units hint (#12747)
Following the feedback in #12565, this adds a hint to the units page when the "Enable more" hint is enabled:

![image](/attachments/32dac116-9f25-498d-9ef0-8b18b06cfc53)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12747
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-27 20:43:47 +02:00
Mathieu Fenniak
6d522ecba0 feat: add "Forgejo Actions (Local)" authorized integration UI (#12672)
Extracts the separate concepts for different UIs out of the original implementation, and then adds the new UI for Forgejo Actions (Local).  Manual end-to-end testing was performed on all variations of the "workflow file", "git reference", and "event" filter options as well.  They're covered by test automation, but not in an end-to-end manner.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
    - Documentation is next up after this change is complete.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12672
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-05-23 16:26:28 +02:00
B0sh
e49cb9e772 fix: emoji's should not render in inline code blocks in issue lists (#12644)
This fixes #12548. I used the `RenderRefIssueTitle` function so it wouldn't create issue or PR links from #<number> strings.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12644
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
2026-05-22 13:20:42 +02:00
0ko
9a2ae75a43 feat(ui): provide ability to add a warning message to the registration/login screens (#12597)
Example for how that would look like on code.forgejo.org:

![img](/attachments/eff849d5-4269-4c26-b742-b525de7709d1)

Login screen examples:

|![1](/attachments/78c23389-7bbd-490d-967a-da87d451c199)|![2](/attachments/c4693cd3-2616-4396-92e3-f22dbe8a0103)|
|-|-|

Many instances would benefit from being able to communicate such information before a user signs up or logs in after a long break.

## Testing

Disabled unless admin explicitly decides to create a template override, nothing to test.

In theory CSS could break but IDK how to test against that given the custom template requirement.

Also need to know that template customizations are provided as-is and shift all accountability of maintaining them to admins.

## Documentation

https://codeberg.org/forgejo/docs/pulls/1945

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12597
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-21 06:04:41 +02:00
Mathieu Fenniak
cd5a1173d5 feat: web UI to delete authorized integration (#12632)
Adds a "Delete" option to the authorized integration list.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12632
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-05-19 17:10:43 +02:00
Mathieu Fenniak
8d50e7b25e feat: create new authorized integration in web UI (#12613)
Extends work completed in #12601 to enable creating new authorized integrations in the web UI.  This UI is identical to the edit experience, except: "Audience" is only presented once the object is saved, "Save authorized integration is changed to "Create authorized integration", and performing the create redirects to the completed object to access the audience rather than redirecting the list page.

A drop-down menu is used for the "UI" of the new authorized integration, even though only the generic "write your own rule" UI is currently implemented.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
      - e2e tests here are for complete experience, but aren't for "JavaScript changes" as noted here.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
    - Documentation coming soon.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12613
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-05-18 16:13:57 +02:00
Mathieu Fenniak
cf087a2f12 feat: ability to edit authorized integration in web UI (#12601)
Extends the UI introduced in #12558 to have edit capabilities.  (not in scope: "Add" for a new Authorized Integration will be the next update to this UI; `create-authorized-integration` CLI is still the only way to create a new record)

This PR includes a few refactoring steps.  The goal of these steps is to have `services/auth` be a single entrypoint for validating, inserting, or updating an authorized integration.  Some logic is moved out of `services/authz` because it is not authorization related, and some is moved out of `services/auth/method` to allow it to be reused during validation without creating a cyclical module dependency.

This PR also adds comprehensive validation to the more complex fields in the authorized integration, such as the issuer and claim rules.  This validation applies to the `forgejo admin user create-authorized-integration` CLI as well.

The visible UI is the same as #12558, but with a "Save" button, and the ability to display errors:

![Screenshot 2026-05-16 at 15-43-20 Authorized Integrations - Forgejo Beyond coding. We Forge](/attachments/ffaf60e2-3652-429b-a815-b339100f05f8)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.
    - Documentation is on my TODO list and will be completed before release.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12601
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
2026-05-17 18:33:39 +02:00
Shiny Nematoda
4ecb25a549 enh(issue-search): support filtering by project in user/org listing (#12596)
Support filtering `/issue` & `/pulls` (and corresponding org paths) by a project ID.

Closes #12559

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12596
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-17 12:00:25 +02:00
Robert Wolff
d4d2c64d23 fix(ui): use URL query escaping for SSH key verification reload token link (#12581)
Follow-up of: forgejo/forgejo!9002

Closes: Codeberg/Community#2575

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12581
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2026-05-16 11:51:17 +02:00
Mathieu Fenniak
c1000624c6 feat: view authorized integration (generic) 2026-05-14 23:54:16 +02:00
Mathieu Fenniak
ba3619d1df feat(ui): list authorized integrations 2026-05-14 23:54:16 +02:00
0ko
f05ff7ec5b chore(i18n): move 89 strings to JSON (#12280)
Previous similar PR: https://codeberg.org/forgejo/forgejo/pulls/11879.

Moved strings from INI to JSON. Some directly, some with keys updated to be consistent. The latter was done carefully, making sure all usages are updated, and was tested locally.

There are more deletions than insertions because some languages also had some extra empty lines removed.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12280
Reviewed-by: Robert Wolff <mahlzahn@posteo.de>
2026-04-27 16:07:51 +02:00
famfo
fd28fd896b feat: Follow remote users; feed tab (#10380)
This is hopefully the final part of PR #4767, rebased and squashed.

More thorough federation tests are at https://code.forgejo.org/forgejo/end-to-end/pulls/1276 but the mock has been extended to hopefully cover a good chunk as well.

Co-authored-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
Co-authored-by: zam <mirco.zachmann@meissa.de>
Co-authored-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10380
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
2026-04-12 03:31:03 +02:00
doasu
a9bd068d00 fix: URL-encode login provider name in the href attribute (#10301)
The authentication provider's name (`$provider.DisplayName`) is not URL-encoded, so any illegal characters (e.g., '/') will be put in the link's href attribute verbatim.
For example, if the provider's name is `foo/bar` (valid name), the href attribute will point to `/user/oauth2/foo/bar` instead of `/user/oauth2/foo%2Fbar`, resulting in a "404 Not found" error.

This patch fixes this behaviour by URL-encoding the provider's DisplayName before appending it to the href attribute.

Signed-off-by: doasu <me@doasu.dev>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10301
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: doasu <me@doasu.dev>
Co-committed-by: doasu <me@doasu.dev>
2026-03-31 21:51:57 +02:00
Mathieu Fenniak
35b872f383 feat(ui): create repo-specific access tokens (#11696)
Adds a user interface for creating repo-specific access tokens (#11311).  When the new option "Specific repositories" is selected, a search option appears.  Each repository in the search result has an "Add" button to include it on the access token, and once included, a repository can be removed with the "Remove" button.  This is a JS-free form.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/
README.md#end-to-end-tests)).
    - Technically there are no "JavaScript changes" in this PR, but e2e tests were added for browser interaction testing.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
    - TODO: planning to create documentation in https://forgejo.org/docs/next/user/token-scope/; there is none for public only tokens but I think this seems like a good place to add both.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11696
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2026-03-23 15:29:08 +01:00
Mathieu Fenniak
aef91ab1a3 ui: move "New access token" to a separate UI page (#11659)
We are updating the user's personal access token page (`/user/settings/applications`) to allow the creation of repo-specific tokens, adding a third option to "Repository and Organization Access".  In preparation for this new UI, this PR moves the creation of access tokens to a new page accessed by "New access token".

This also resolves a pet-peeve: the "Select permissions" dropdown on the inline edit form hides a *required* input for an access token.  This section is expanded on the new dedicated page.  (The Vue component used here is replaced with a JS-free alternative as well.  This form component used to lose selected values when an error occurred, and it didn't make sense as a Vue component, so it has been translated into an HTML template instead.)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11659
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2026-03-18 22:33:14 +01:00
Mathieu Fenniak
6e804c8b1b feat(ui): display repositories accessible by repo-specific access tokens (#11604)
When an access token is repository specific, display the repositories that it can access when expanded in the UI (token **test** in this screenshot):

![image](/attachments/6d2d539c-7781-4a4f-ba90-a28b7c365c6c)

Default, collapsed view is unchanged:

![image](/attachments/a4f0a36d-2f2b-46af-8fa6-c8d445f707e4)

Bulk loading of repositories is refactored out of the access token API endpoint into a `BulkGetRepositoriesForAccessTokens` method that can be used in both this UI, and the original API location.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11604
Reviewed-by: Andreas Ahlenstorf <aahlenst@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2026-03-12 16:06:38 +01:00
Andreas Ahlenstorf
2963572845 feat: add form-based runner management (#11516)
Forgejo Runner is deprecating the runner registration token. It is too powerful, requires tooling, and is unnecessary. As a consequence, users need new mechanisms for managing runners in Forgejo. https://codeberg.org/forgejo/forgejo/pulls/10677 added an HTTP API for runner registration. This PR adds the ability to manage runners using Forgejo's web interface.

Runners can be added, modified, and deleted. It is also possible to regenerate a runner's token. When a runner is added or a runner's token is regenerated, setup instructions are displayed. They explain how to alter Forgejo Runner's configuration file or how to launch `forgejo-runner daemon` (yet to be implemented). The existing details page has been overhauled and is now accessible to all users that are allowed to use a particular runner. The details page displays additional information that had to be removed from the list of runners due to space constraints. The task list is filtered. That means it only lists jobs of the respective repository, user, or organization.

The runner registration token has been marked as deprecated.

See https://code.forgejo.org/forgejo/forgejo-actions-feature-requests/issues/88 for context and design considerations.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

(can be removed for JavaScript changes)

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing

### Tests for JavaScript changes

(can be removed for Go changes)

- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [x] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11516
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
Co-committed-by: Andreas Ahlenstorf <andreas@ahlenstorf.ch>
2026-03-12 02:14:45 +01:00
0ko
d665904a22 feat(ui): improve visibility of counters inside of switch items (#11472)
Apply the feature from https://codeberg.org/forgejo/forgejo/pulls/2935 on element from https://codeberg.org/forgejo/forgejo/pulls/6459 (which was applied to notifications page in https://codeberg.org/forgejo/forgejo/pulls/6542).

A few small semi-related refactors. One of them (nested CSS commit) actually revealed a hole in testing: there are no test cases for hover in `evaluateSwitchItem`. I would like to address this but this PR already conflicts with https://codeberg.org/forgejo/forgejo/pulls/11341, so I won't do that until either is merged to save on rebase work.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11472
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2026-03-08 18:09:13 +01:00
Έλλεν Εμίλια Άννα Zscheile
c357be8b52 chore: rename SafeHTML to TrustHTML (#11481)
Naming is less confusing this way, might not give the impression this will sanitize HTML to safe HTML.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11481
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
Co-committed-by: Έλλεν Εμίλια Άννα Zscheile <fogti+devel@ytrizja.de>
2026-03-08 02:41:37 +01:00
panc
a4821c2bf9 fix(ui): update sort dropdown structure for consistency across templates (#11423)
Main modified pages  `/milestones`, `/issues`, `/pulls` and `/user/repo/projects`
| Before | After |
|----|----|
| ![image](/attachments/0cbb14b9-2231-4a91-917b-1304663dbc2a) | ![image](/attachments/2dd5c3d2-a531-450b-a602-14355d9af2a6) |

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11423
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: panc <pan0xc@foxmail.com>
Co-committed-by: panc <pan0xc@foxmail.com>
2026-02-24 04:21:59 +01:00
Gusted
7ed496ea37 fix: reflect allowed username change in profile setting (#11171)
- When working forgejo/forgejo!8714 I did not touch the UI to remove the
note and `disabled` attribute. This was not intentional, and was likely
caused by me straight going for testing (as the backend code would allow
the username change).
- Slightly refactor the context to a common function, don't hard error
if `CanUserRename` fails but does default to that you cannot rename in
that case (which is the standard behavior of OAuth2 users anyway).

I already was aware that it seems !8714 wasn't working on Codeberg but someone at FOSDEM pointed it out again, thus the reason for this bug fix.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11171
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2026-02-06 17:47:30 +01:00
Nils Goroll
d934e0c9fb chore: refactor signup logic (#10915)
This PR is in preparation of, but independent of, an upcoming suggestion for a feature addition:

* The first commit moves a tiny bit of logic into a separate function to prepare for extension of that logic, avoiding duplication
* The second commit moves checking for disabled registrations earlier, which, I think, has merits in terms of performance and resilience (hopefully not significant, but who knows?)
* The third commit adds simple unit tests for SignUp() and SignUpPost() to avoid the long-ish roundtrip over integration tests
*  The forth commit introduces `ctx.Data["DisableRegistrationReason"]` for the signup template to use as the reason printed if `.DisableRegistration` to prepare for other reasons to be added

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10915
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
2026-01-26 22:55:30 +01:00
hwipl
c9f81315d6 feat: add manage_password to user disable features (#10541)
Forgejo supports disabling features for users with the configuration
options `USER_DISABLED_FEATURES` and `EXTERNAL_USER_DISABLE_FEATURES`.

Add `manage_password` that prevents users from configuring passwords.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10541
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: hwipl <hwipl@noreply.codeberg.org>
Co-committed-by: hwipl <hwipl@noreply.codeberg.org>
2026-01-26 18:58:39 +01:00
Nils Goroll
b4412c2206 chore: do not pass the full signing key to template (#10967)
A template should not get (easy) access to a full signing key to prevent accidents.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10967
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Nils Goroll <nils.goroll@uplex.de>
Co-committed-by: Nils Goroll <nils.goroll@uplex.de>
2026-01-26 14:47:48 +01:00
0ko
0a6a5cb73e chore: remove obsolete code from button-legacy.css (#10581)
Fixes #10580

Remove obsolete styles so that people do not trip over them.

I went through the codebase with `rg` and made sure that the only elements which had potential to use such mix of classes were doing so accidentally, and removed all the unused code.

### A small fix for Forgejo themes

Ref https://codeberg.org/forgejo/forgejo/pulls/10581#issuecomment-9245399. The missing variable was used in one place outside of devtest.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10581
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-12-31 03:13:05 +01:00
0ko
1ef5496055 feat: use AppDomain for key verification (#10429)
Fixes #10416
Followup to a hardcoded string in [gitea#17743](https://github.com/go-gitea/gitea/pull/17743)

* instead of using a hardcoded namespace, use the configured application domain
    * `ssh-keygen` refuses to work with empty namespace, but `Domain` falls back to `localhost`:
    95dca7ff57/modules/setting/server.go (L192)
    * since `VerifySSHKey` verifies the namespace, I think that using a mostly-unique string instead of a hardcoded one doesn't hurt. Here's what `man ssh-keygen` says on the topic:
      > An additional signature namespace, used to prevent signature confusion across different domains of use (e.g. file signing vs email signing) must be provided  via  the  -n  flag.   Namespaces  are  arbitrary strings,  and  may  include:  “file”  for file signing, “email” for email signing.  For custom uses, it is recommended to use
names following a NAMESPACE@YOUR.DOMAIN pattern to generate unambiguous namespaces.

## Testing

There's a test `TestFromOpenSSH` but it uses a hardcoded default namespace `file`:
95dca7ff57/models/asymkey/ssh_key_test.go (L334)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10429
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-12-17 17:01:14 +01:00
Shiny Nematoda
255ed593d3 feat(issue-search): support query syntax (#9109)
List of currently supported filters:

- `is:open` (or `-is:closed`)
- `is:closed` (or `-is:open`)
- `is:all`
- `author:<username>`
- `assignee:<username>`
- `review:<username>`
- `mentions:<username>`
- `modified:[>|<]<date>`, where `<date>` is the last update date.
- `sort:<by>:[asc|desc]`, where `<by>` is among
	- created
	- comments
	- updated
	- deadline

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9109
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
2025-11-19 16:05:42 +01:00
Melissa Geels
bd26fdac36 fix: SSH key verification instructions for Windows cmd (#10106)
Resolves #10102

Adjust the SSH key verification instructions for Windows CMD to make it work.

## Test
1. Use Windows.
2. Go to the user settings.
3. Go to "SSH / GPG keys"
4. Add a SSH key.
5. Click on the "Verify" button for the SSH key.
6. Use the Windows CMD command to verify.
7. Verify that this generates a signature that is accepted by Forgejo.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/10106
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Melissa Geels <melissa@nimble.tools>
Co-committed-by: Melissa Geels <melissa@nimble.tools>
2025-11-16 15:00:16 +01:00
dawe
efd4d2d8f5 fix(ui): document token validity in key verification view (#9002)
Document that the token is only valid for a minute. Add a link to get a new token.

Resolves #8048

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9002
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: dawe <dawedawe@posteo.de>
Co-committed-by: dawe <dawedawe@posteo.de>
2025-11-14 23:40:03 +01:00
Gusted
a4642af51a feat: replace cross origin protection (#9830)
Replace the anti-CSRF token with a [cross origin protection by Go](https://go.dev/doc/go1.25#nethttppkgnethttp) that uses a stateless way of verifying if a request was cross origin or not. This allows is to remove al lot of code and replace it with a few lines of code and we no longer have to hand roll this protection. The new protection uses indicators by the browser itself that indicate if the request is cross-origin, thus we no longer have to take care of ensuring the generated CSRF token is passed back to the server any request by the the browser will have send this indicator.

Resolves forgejo/forgejo#3538

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9830
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-10-29 22:43:22 +01:00
0ko
c13f3cae95 feat(ui): improve new buttons, use in more areas (#9863)
* Make danger buttons brighter - followup https://codeberg.org/forgejo/forgejo/pulls/9652#issuecomment-7803875
The new lightness 0.26 is same as lightness of --color-box-body instead of being darker than it, so the form controls aren't darker than the background they're on which might look bad. Looks pretty good, the calculated contrast is fine.
* Apply new buttons to avatar upload/removal forms
    * Better responds to overflowing
* Consistently apply medium font-weight to all buttons - followup https://codeberg.org/forgejo/forgejo/pulls/9652#issuecomment-7783718
    * This improves readability a lot. The previous normal weight was only chosen because some of the buttons had it, which wasn't a good excuse. We also have buttons with medium, and they are easier to read.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9863
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-10-28 00:10:38 +01:00
0ko
9a29241cde feat(ui): implement new buttons for better cohesiveness (#9359)
Followup to https://codeberg.org/forgejo/forgejo/pulls/9317#issuecomment-7214470.

Summary of changes:
- implement new CSS for buttons that doesn't have problems Fomantic buttons have:
    - button height doesn't depend on it's content - `min-height:` is used instead of `padding-{top,bottom}:`
    - no margins to fit right in with the other elements while relying on `display:flex` and `flex-gap:`
- other `.button` changes compared to `.ui.button`:
    - no semi-bold black text for now, I think it looks just as fine with normal weight
    - no variable `font-size` - should give better readability compared to existing `.small` and `.tiny` buttons
    - variable height depending on specified size (currently normal or `.small`) and on `@media (pointer: )`
- apply the new buttons to areas where there are switches or dropdown openers near them

Before:
- https://codeberg.org/forgejo/forgejo/attachments/8d9a3941-8889-4420-8f4f-f44cb8c3726f
- https://codeberg.org/forgejo/forgejo/attachments/e5804fae-a71f-43ba-918b-20d4f742124c
- https://codeberg.org/forgejo/forgejo/attachments/65d4e31c-01b7-4050-89a1-4afe74aa574c
- https://codeberg.org/forgejo/forgejo/attachments/c8057262-a834-4b61-a87f-70dab60b5506
- https://codeberg.org/forgejo/forgejo/attachments/aa9508e3-dca1-4ffe-913e-9cbddbb0d6ff
- https://codeberg.org/forgejo/forgejo/attachments/4b2daa07-e0ca-4b44-8795-1609dff8968f
- https://codeberg.org/forgejo/forgejo/attachments/93f7803f-1338-44dc-a428-e44e26231517

After:
- https://codeberg.org/forgejo/forgejo/attachments/ca5426c4-d75e-493d-8b29-64eee1e1c9de
- https://codeberg.org/forgejo/forgejo/attachments/f21c7219-6880-4a2e-9117-6267d46b3081
- https://codeberg.org/forgejo/forgejo/attachments/da3ee771-b5d5-4b4f-8c88-9a8de11b1a45
- https://codeberg.org/forgejo/forgejo/attachments/56f974c3-f72e-4f80-9bbd-5bc785a4a624
- https://codeberg.org/forgejo/forgejo/attachments/17f6e360-dfe5-4bb6-a6b5-dd747dbc2af8
- https://codeberg.org/forgejo/forgejo/attachments/91cd10e1-6c5e-4134-be4c-18223ed2a4f4
- https://codeberg.org/forgejo/forgejo/attachments/f0322c5c-ee9d-4889-9840-0c46838566cc
- https://codeberg.org/forgejo/forgejo/attachments/96560fe7-3436-46dc-8456-c43bfaee2daf
- https://codeberg.org/forgejo/forgejo/attachments/273cf795-6bb4-479f-804f-f40010fae825

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9359
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-10-05 05:22:32 +02:00
zokki
bfee082c01 fix(ui): make "Token name"-input a real required-field (#8877)
## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Before:
![image](/attachments/f957bab5-7a8f-4642-8528-6b82f38dd329)

After:
![image](/attachments/80620a95-3828-479a-8ae3-61e34e0d8c40)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8877
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
2025-10-01 12:07:30 +02:00
0ko
2cf5eb65a3 feat(ui): improve subscriptions screen filters (#9192)
Refreshed the screen at `/notifications/subscriptions` a little.

General improvements:
- Use the new switch style

Notable mobile usability improvements:
- Add a minimum gap between the Subscriptions/Watching switch and the Notifications button
- Add a minimum h gap between the All/Open/Closed switch and the dropdown filters
- Let the second row overflow instead of breaking the viewport

Preview:
- https://codeberg.org/attachments/1e5d2d2e-9f36-4117-a2bc-dd237aba0091
- https://codeberg.org/attachments/8c337739-3c8a-424a-ada8-20718800fe3b
- https://codeberg.org/attachments/d72027a1-5fe1-440c-9112-3a7fe7020b39

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/9192
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-09-07 05:52:19 +02:00
Maxim Slipenko
ed3b70cbb9 feat: allow any README for .profile (#8798)
closes #1624

Co-authored-by: Maxim Slipenko <maks1ms@altlinux.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8798
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Maxim Slipenko <maks1ms@noreply.codeberg.org>
Co-committed-by: Maxim Slipenko <maks1ms@noreply.codeberg.org>
2025-09-01 13:58:00 +02:00
zokki
d6838462b8 feat: Global 2FA enforcement (#8753)
resolves #8549

This PR add a config to enforce 2FA for the whole Forgejo instance. It can be configured to `none`, `admin` or `all`.
A user who is required to enable 2FA is like a disabled user. He can only see the `/user/settings/security`-Page to enable 2FA, this should be similar to a user which needs to change his password. Also api and git-commands are not allowed.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [x] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

I will do it, if the general idea of this PR is a good feature.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Security features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/8753): <!--number 8753 --><!--line 0 --><!--description R2xvYmFsIDJGQSBlbmZvcmNlbWVudA==-->Global 2FA enforcement<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8753
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Ellen Εμιλία Άννα Zscheile <fogti@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: zokki <zokki.softwareschmiede@gmail.com>
Co-committed-by: zokki <zokki.softwareschmiede@gmail.com>
2025-08-15 10:56:45 +02:00
Remo Senekowitsch
ae785c1aa2 fix: make ssh key verification command more robust (#8821)
This is a follow-up to a13414341b.

There are two situations where the previous verification command could
fail:

* The user has an SSH key in a normal file, but no running SSH agent.

* The user uses a special SSH agent, but it's not specified via the
  SSH_AUTH_SOCK variable.

To fix that, we provide two separate commands to copy-paste. One
for file-based keys and one for agent-based keys. People using
file-based keys with a path other than the standard `~/.ssh/id_ed25519`
should notice themselves what to change. People using an SSH agent
get a little hint to make sure the SSH_AUTH_SOCK variable is set.

See also:
https://codeberg.org/Codeberg/Community/issues/2066

(no test or documentation changes)

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

## Testing

* `pr=8821 ; git fetch forgejo +refs/pull/$pr/head:refs/heads/wip-pr-$pr`

* `git checkout wip-pr-$pr`

* `make TAGS='sqlite sqlite_unlock_notify' watch`

* login

* visit /user/settings/keys and add an ssh key

* click verify

* see a CLI sample is displayed
      ![image](/attachments/7350cbe5-4a78-47a7-821f-575dd0a43e0e)

* run the command matching your setup (file-based SSH key or agent-provided one), copy paste the output and submit it

* check that the verification is successful
      ![image](attachments/20074f32-e06f-42fd-9732-32171016c47e)

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8821
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Remo Senekowitsch <remo@buenzli.dev>
Co-committed-by: Remo Senekowitsch <remo@buenzli.dev>
2025-08-11 07:44:27 +02:00
Mathieu Fenniak
9524b8c370 fix: PR review dismissals were not appearing in activity feed (#8853)
Discovered that `NotifyPullRevieweDismiss` was dead code while working on another issue; it should have been `PullReviewDismiss` when originally implemented.  Related fixes to the activity feed view which were incomplete as well.

Dismissing a PR review now appears on the activity feed:
![image](/attachments/99bd37c5-218d-4ecf-a74c-d01451ceae17)

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8853
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Mathieu Fenniak <mathieu@fenniak.net>
Co-committed-by: Mathieu Fenniak <mathieu@fenniak.net>
2025-08-11 07:39:17 +02:00
Gusted
72bac98365 feat: require data-modal-id for delete buttons (#8711)
All instances should have a `data-modal-id` now. Throw a user-friendly error if this is not the case (custom templates, or missed cases).

Checked via `rg -P -e '^(?=.*delete-button)' | grep -v "data-modal-id"`

Removed two instances of delete modals and one case of simplified logic.

## Rationale
I am currently surveying the existing modals in Forgejo in the context of eventually replacing the modals implementation with our own modal implementation. This refactor fixes one of the many inconsistencies that the current usage of modals has. It should explicitly specify which modal should be used to avoids any problems if new modals are introduced on the page (for example via https://codeberg.org/forgejo/forgejo/pulls/8662).

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8711
Reviewed-by: oliverpool <oliverpool@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
2025-08-08 01:53:23 +02:00
Bente Groh
7ab27a7a7f fix(ui): add missing lazy load attribute to images (#8246)
closes #8076

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8246
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Bente Groh <mail@bentegroh.de>
Co-committed-by: Bente Groh <mail@bentegroh.de>
2025-06-25 18:31:03 +02:00
Thomas Böhler
53d5e6d754 feat(ui): show size constraints of custom avatar (#7998)
Closes #7862
This adds a note for the user profile settings page about the avatar constraints.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7998
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Thomas Böhler <witcher@wiredspace.de>
Co-committed-by: Thomas Böhler <witcher@wiredspace.de>
2025-06-14 16:35:50 +02:00
Shalabh Agarwal
39b93f828b fix: add user visibility description in settings page (#8121)
Closes: #7501

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [ ] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I added test coverage for JavaScript changes...
  - [ ] in `web_src/js/*.test.js` if it can be unit tested.
  - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).
Closes: #7501

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [ ] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [ ] I do not want this change to show in the release notes.
- [ ] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8121
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Co-authored-by: Shalabh Agarwal <shalabhagarwal1024@gmail.com>
Co-committed-by: Shalabh Agarwal <shalabhagarwal1024@gmail.com>
2025-06-11 09:27:22 +02:00
jmaasing
5391f43888 fix: remove trailing slash from the issuer in oauth claims (#8028)
- Trim the ending slash '/' from the URL used in the OpenID Connect "well_known" endpoint and in the JWT tokens issued by Forgejo.
- This makes it compliant with the OpenID specification. https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderConfig
- Resolves #7941

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8028
Reviewed-by: Lucas <sclu1034@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: jmaasing <jmaasing@noreply.codeberg.org>
Co-committed-by: jmaasing <jmaasing@noreply.codeberg.org>
2025-06-10 20:46:17 +02:00
0ko
0dd605a8d3 chore(ui): clean up hashbox CSS, small design changes (#7822)
Co-authored-by: Beowulf <beowulf@beocode.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7822
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
2025-05-25 12:51:27 +02:00
Jolly_Good
1ec20030af fix(ui): disable autocapitalization/autocorrect for username inputs (#7872)
Closes #7842

Currently mobile devices add autocapitalization & autocorrect to input fields with type `text`. In login form it can either be username or email address.

There's currently no testing. This is only trivial change

Co-authored-by: Jolly Good <1671375+good-lly@users.noreply.github.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7872
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Jolly_Good <jolly_good@noreply.codeberg.org>
Co-committed-by: Jolly_Good <jolly_good@noreply.codeberg.org>
2025-05-15 18:35:37 +00:00
0ko
e3ba342665 fix(ui): disable spellcheck on TOTP form fields (#7868)
Ref https://codeberg.org/forgejo/forgejo/issues/7842#issuecomment-4574366

Currently browsers could offer spellcheck on these fields, my browser does.

MDN [recommends](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes/spellcheck#security_and_privacy_concerns) that on fields with sensitive information this property is set to `false` in case 3rd party not-fully-trusted spellchecking service is used. I consider these fields as containing sensitive information, and spellcheck is not useful on them anyway.

### Testing

There's currently no integration testing for these TOTP forms. I do plan to add some in my other TOTP-related work.

I tested that this did change the behavior in my browser and don't think we need additional testing right now.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7868
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
2025-05-14 23:04:43 +00:00
Beowulf
37d566bdb0 Show if commit is signed in activity feed and unify sha box (#6933)
Old activities are shown like before, new commits are displayed like commits in e.g. the commits list. _(Second commit)_

| New signed commits | Old (signed) commits |
|:--:|:--:|
| ![image](/attachments/cd81c761-eda6-44bf-8c43-ac3b7e6f16eb) | ![image](/attachments/243080f3-1b77-4ca7-bc03-bbf855c39c99) |

Additionally the sha box was moved in an own component to unify the usage. _(First commit)_

Closes #1824

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface features
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/6933): <!--number 6933 --><!--line 0 --><!--description U2hvdyBpZiBjb21taXQgaXMgdmVyaWZpZWQgaW4gYWN0aXZpdHkgZmVlZCBvZiBhbiB1c2VyIG9yIGFuIG9yZ2FuaXphdGlvbiBmb3IgbmV3IGFjdGl2aXR5-->Show if commit is verified in activity feed of an user or an organization for new activity<!--description-->
<!--end release-notes-assistant-->

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6933
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
2025-05-03 10:54:52 +00:00
Kenneth Bruen
f6599099ee feat: add label for avatar settings (#7678)
By redirecting the user to the settings when clicking on the avatar, it is not immediately obvious that the user has to scroll down the page to change their avatar. By adding an id to reference in the fragment, we fix this.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7678
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Kenneth Bruen <kenny@kbruen.ro>
Co-committed-by: Kenneth Bruen <kenny@kbruen.ro>
2025-04-29 13:31:07 +00:00
0ko
507280b073 fix(ui): use gap in switch items (#7581)
Followup to PRs where the old switches were converted to this one.

The main change here is to the switch with counter. It was missing a gap.

Additionally, it removes tailwind helpers the other switches retained from before switch refactors, because they are now using gap.

Preview:
https://codeberg.org/attachments/6191f55e-0b61-49fa-ba8f-cd9c93ca7bd4
https://codeberg.org/attachments/a03fb681-45b7-40f5-929e-55154abeb20d
No visual change to the ones with icons.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7581
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
2025-04-21 04:25:08 +00:00