Closes#7842
Currently mobile devices add autocapitalization & autocorrect to input fields with type `text`. In login form it can either be username or email address.
There's currently no testing. This is only trivial change
Co-authored-by: Jolly Good <1671375+good-lly@users.noreply.github.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7872
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Jolly_Good <jolly_good@noreply.codeberg.org>
Co-committed-by: Jolly_Good <jolly_good@noreply.codeberg.org>
Ref https://codeberg.org/forgejo/forgejo/issues/7842#issuecomment-4574366
Currently browsers could offer spellcheck on these fields, my browser does.
MDN [recommends](https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes/spellcheck#security_and_privacy_concerns) that on fields with sensitive information this property is set to `false` in case 3rd party not-fully-trusted spellchecking service is used. I consider these fields as containing sensitive information, and spellcheck is not useful on them anyway.
### Testing
There's currently no integration testing for these TOTP forms. I do plan to add some in my other TOTP-related work.
I tested that this did change the behavior in my browser and don't think we need additional testing right now.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7868
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
Old activities are shown like before, new commits are displayed like commits in e.g. the commits list. _(Second commit)_
| New signed commits | Old (signed) commits |
|:--:|:--:|
|  |  |
Additionally the sha box was moved in an own component to unify the usage. _(First commit)_
Closes#1824
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/6933): <!--number 6933 --><!--line 0 --><!--description U2hvdyBpZiBjb21taXQgaXMgdmVyaWZpZWQgaW4gYWN0aXZpdHkgZmVlZCBvZiBhbiB1c2VyIG9yIGFuIG9yZ2FuaXphdGlvbiBmb3IgbmV3IGFjdGl2aXR5-->Show if commit is verified in activity feed of an user or an organization for new activity<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6933
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Co-committed-by: Beowulf <beowulf@beocode.eu>
By redirecting the user to the settings when clicking on the avatar, it is not immediately obvious that the user has to scroll down the page to change their avatar. By adding an id to reference in the fragment, we fix this.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7678
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Kenneth Bruen <kenny@kbruen.ro>
Co-committed-by: Kenneth Bruen <kenny@kbruen.ro>
This makes it easier for people to verify their SSH key with various
setups. People with a key stored in a file won't have to manually
substitute the correct file path anymore. People who store their SSH
key in a password manager and access it via an ssh-agent won't have
to copy the private key to a temporary file or figure out the process
substitution thing anymore.
A slight disadvantage is that the fish shell doesn't have the same
syntax for process substitution as POSIX shells. For that reason, a
default-collapsed box with a custom command for fish users is provided,
just like for the Windows shells.
The Windows shells do not have an equivalent to process substitution, so
those commands remain unchanged.
## Checklist
The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).
### Tests
- I added test coverage for Go changes...
- [ ] ~in their respective `*_test.go` for unit tests.~
- [ ] ~in the `tests/integration` directory if it involves interactions with a live Forgejo server.~
- I added test coverage for JavaScript changes...
- [ ] ~in `web_src/js/*.test.js` if it can be unit tested.~
- [ ] ~in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)).~
### Documentation
- [ ] ~I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.~
- [x] I did not document these changes and I do not expect someone else to do it.
### Release notes
- [ ] I do not want this change to show in the release notes.
- [x] I want the title to show in the release notes with a link to this pull request.
- [ ] I want the content of the `release-notes/<pull request number>.md` to be be used for the release notes instead of the title.
## [](#testing)Testing
* `pr=7516 ; git fetch forgejo +refs/pull/$pr/head:refs/heads/wip-pr-$pr`
* `git checkout wip-pr-$pr`
* `make TAGS='sqlite sqlite_unlock_notify' watch`
* login
* visit /user/settings/keys and add an ssh key
* click verify
* see a CLI sample is displayed
* run CLI sample, copy paste the output and submit it
* check that the verification is successful
<!--start release-notes-assistant-->
## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- User Interface features
- [PR](https://codeberg.org/forgejo/forgejo/pulls/7516): <!--number 7516 --><!--line 0 --><!--description aW5saW5lIHB1YmxpYyBzc2gga2V5IGluIHZlcmlmaWNhdGlvbiBjb21tYW5k-->inline public ssh key in verification command<!--description-->
<!--end release-notes-assistant-->
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7516
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Remo Senekowitsch <remo@buenzli.dev>
Co-committed-by: Remo Senekowitsch <remo@buenzli.dev>
- Add new translations, if an existing one couldn't be used.
- Use existing translations, if one existed and fit the purpose.
- Spotted by the lint-locale-usage tooling by @fogti.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7422
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
- When the user has a dark theme selected, image captchas are sometimes unreadable.
- Make sure the image captcha always has a white background color.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7390
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Beowulf <beowulf@beocode.eu>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Andreas Shimokawa <shimokawa@fsfe.org>
Co-committed-by: Andreas Shimokawa <shimokawa@fsfe.org>
- If configured, add `AppSubUrl` to the visibility hint URLs shown to the user on the profile activity page.
- Resolves https://codeberg.org/forgejo/forgejo/issues/7327
- Integration testing adjusted.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7379
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
The related CSS `milestone-card` is used in 3 places:
* global milestone view `/milestones`
* per-repo milestone view
* per-user/org projects view
The first two had gaps too small basically provided by whitespace. The latter was using an unusually large gap via tailwind.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7174
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
Allow translating theme names. Not even for i18n reasons but because this way the menu is clearer and cleaner.
The number of translated entries is kept minimal for now. It is easy to pollute locales with these names otherwise.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7168
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
- Issue title rendering can lead to nested `<a>` which is incorrect. So
revert a portion of forgejo/forgejo#6715.
- Integration test adjusted
- Resolvesforgejo/forgejo#7076
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7171
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
- Add the ability to regenerate existing access tokens in the UI. This preserves the ID of the access token, but generates a new salt and token contents.
- Integration test added.
- Unit test added.
- Resolves#6880
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6963
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
Co-committed-by: Dmitrii Sharshakov <d3dx12.xx@gmail.com>
## Dropping SSPI auth support
SSPI authentication relied on Microsoft Windows support, removal started in https://codeberg.org/forgejo/forgejo/pulls/5353, because it was broken anyway. We have no knowledge of any users using SSPI authentication. However, if you somehow managed to run Forgejo on Windows, or want to upgrade from a Gitea version which does, please ensure that you do not use SSPI as an authentication mechanism for user accounts. Feel free to reach out if you need assistance.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7148
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Otto Richter <otto@codeberg.org>
Co-committed-by: Otto Richter <otto@codeberg.org>
The main change here is to use `datalist` for pronouns This supports
(see also docs[1]):
* Displaying the value already set by the user (if any), otherwise
* Presenting a list of common options to the user, and
* Allowing them to freely enter any value
This setup requires no additional JS and resolves[2].
This is different from the previous flow which used, if JS was available:
* A menu for a default 'recognised' set of pronouns, and if the user
wanted another value:
* An extra text div if the user wanted to enter custom pronouns
Without JS enabled both the menu and the custom text div would always be
displayed.
This change means there's no longer a distinction between 'custom' and
'recognised' pronouns (this difference looks to have only been made in
code, and not in any data models).
Link: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/datalist [1]
Link: https://codeberg.org/forgejo/forgejo/issues/6774 [2]
Co-authored-by: Matthew Hughes <matthewhughes934@gmail.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6835
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: mhughes9 <mhughes9@noreply.codeberg.org>
Co-committed-by: mhughes9 <mhughes9@noreply.codeberg.org>
It is shown when there's no activity in the feed.
This is a partial implementation of https://github.com/go-gitea/gitea/pull/32990.
Differences:
* drawer icon instead of package icon
* h2 instead of h3
* explore links include a link to organizations list
* explore links are hidden for hidden explore sections
* locales are in JSON, I think it's the time to start using it, the hint is simpler and doesn't lie about following users to get their updates in the feed, which isn't a feature yet
* hint uses general hint color instead of input placeholder color
* the large icon still uses placeholder color, but I think it's ok
Things to improve later:
* use 24px variant of icon. This will require reworking `tools/generate-svg.js`
* the vue part wasn't ported, but it'd be also nice to have
Inspired-by: Kerwin Bryant <kerwin612@qq.com>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/7030
Reviewed-by: Michael Kriese <michael.kriese@gmx.de>
closes#6909
related to forgejo/design#14
# Description
Adds the following boolean operators for issues when using an indexer (with minor caveats)
- `+term`: `term` MUST be present for any result
- `-term`: negation; exclude results that contain `term`
- `"this is a term"`: matches the exact phrase `this is a term`
In all cases the special characters may be escaped by the prefix `\`
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6952
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
Co-committed-by: Shiny Nematoda <snematoda.751k2@aleeas.com>
This commit contains UI changes, tests and migrations for a feature
that lets users optionally hide their pronouns from the general
public. This is useful if a person wants to disclose that
information to a smaller set of people on a local instance
belonging to a local community/association.
Co-authored-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Beowulf <beowulf@beocode.eu>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6773
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
Co-committed-by: Panagiotis "Ivory" Vasilopoulos <git@n0toose.net>
- Make it such that `[service].ENABLE_INTERNAL_SIGNIN = false` disables the forgotten password prompt on the login page.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6680
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: davrot <davrot@noreply.codeberg.org>
Co-committed-by: davrot <davrot@noreply.codeberg.org>
- Render the issue titles in dashboard feed in consistent manner, by using the existing `RenderIssueTitle`.
- Added integration tests (not exhaustive for all comment types, but exhaustive enough for the current code where some comment types are grouped together).
- Resolvesforgejo/forgejo#6705
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6715
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
Add a new option that allows instances to set a cooldown period to claim
old usernames. In the context of public instances this can be used to
prevent old usernames to be claimed after they are free and allow
graceful migration (by making use of the redirect feature) to a new
username. The granularity of this cooldown is a day. By default this
feature is disabled and thus no cooldown period.
The `CreatedUnix` column is added the `user_redirect` table, for
existing redirects the timestamp is simply zero as we simply do not know
when they were created and are likely already over the cooldown period
if the instance configures one.
Users can always reclaim their 'old' user name again within the cooldown
period. Users can also always reclaim 'old' names of organization they
currently own within the cooldown period.
Creating and renaming users as an admin user are not affected by the
cooldown period for moderation and user support reasons.
To avoid abuse of the cooldown feature, such that a user holds a lot of
usernames, a new option is added `MAX_USER_REDIRECTS` which sets a limit
to the amount of user redirects a user may have, by default this is
disabled. If a cooldown period is set then the default is 5. This
feature operates independently of the cooldown period feature.
Added integration and unit testing.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6422
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
[skip ci] no relevant tests
Followup to https://codeberg.org/forgejo/forgejo/pulls/6459.
This PR applies the new switch design to areas where it is simple to apply and no other interventions are needed other than switching classes.
Also, added back the utility class `list-header-toggle` to a few places where it was removed in https://codeberg.org/forgejo/forgejo/pulls/6459. It is used for item reordering on smaller screens and it isn't actually needed in those areas (does nothing because of too wide elements), but it wasn't supposed to be removed.
The affected areas also include the menus in notifications. This is a followup to https://codeberg.org/forgejo/forgejo/pulls/3175 which should make the unchosen item look more obviously as an interactive element.
## Preview
|Area|Before|After|
|-|-|-|
|`projects/list.tmpl`||
|`repo/issue/navbar.tmp`||No visible change|
|`repo/issue/openclose.tmpl`||No visible change|
|`.../dashboard/issues.tmpl`||
|`.../dashboard/milestones.tmpl`||
|`.../notification_div.tmpl`||
|`.../notification_subscriptions.tmpl`||
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6542
Reviewed-by: Otto <otto@codeberg.org>
Co-authored-by: 0ko <0ko@noreply.codeberg.org>
Co-committed-by: 0ko <0ko@noreply.codeberg.org>
Fix a minor UI bug introduced in https://codeberg.org/forgejo/forgejo/pulls/6112.
The condition `if .EnableInternalSignIn` was added to display of the divider, but it is only available when `oauth_container.tmpl` is called from signIn page, it is not relevant to signUp page.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/6463
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Accessibility:
- improved semantic layout
- Fixes unlabelled input for custom pronouns. CC @hazy
- Adds labels to dropdowns.
- Shortens certain texts for less verbose screen reader outputs and
people with slow reading speed.
- Turned optional username rename helper text with low contrast into
"normal" help text.
UI/UX:
- Removes section about primary email which is no longer managed in the
profile section.
- Fixes section about primary email not displaying in user settings when notifications are
not available.
- Removes primary email display, because it is not actually a form
element here. (Alternatively, we could display it and link to the
account settings for managing the email)
Setting ENABLE_INTERNAL_SIGNIN to false will disable the built-in
signin form, should the administrator prefer to limit users to SSO.
Continuation of forgejo/forgejo#6076
Previously hitting tab in the username field set the focus to the "forgot password" link. Only on the next hit the password field was selected.
This is an issue for some password managers (keepassdx android keyboard) and not as nice for accessibility.
Now the forgot link is below the sign up link at the bottom of the page.
Using "tabindex" didn't work properly with the templating engine because many elements get assigned a tabindex of "0" by default disrupting the tab selection sequence.
Follow https://github.com/go-gitea/gitea/pull/32383
This PR cleans up the "Deadline" usages in templates, make them call
`ParseLegacy` first to get a `Time` struct then display by `DateUtils`.
Now it should be pretty clear how "deadline string" works, it makes it
possible to do further refactoring and correcting.
(cherry picked from commit 259811617ba15c77ddd89360178a59251d611af2)
- Add a new script that proccess the localization files and verify that
they only contain HTML according to our strictly defined rules.
- This should make adding malicious HTML near-impossible.
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5703
Reviewed-by: 0ko <0ko@noreply.codeberg.org>
Co-authored-by: Gusted <postmaster@gusted.xyz>
Co-committed-by: Gusted <postmaster@gusted.xyz>
* added a message for the case where the user's profile is private but the Public activity is not hidden
The activity is still hidden anyway because the profile is private, but previously the message would say:
`Your activity is visible to everyone, except for interactions in private spaces...`
which I would consider as a flaw of the original implementation. Now it will say:
`Your activity is only visible to you and the instance administrators because your profile is private...`
* started showing the message for admins that the activity they see should remain private in the case
where the whole profile is private, not just the activity tab. Previously it would say:
This activity is visible to everyone, but as an administrator you can also see interactions in private spaces.`
which I would also consider as a flaw of the original implementation. Now it will say:
`This activity is visible to you because you're an administrator, but the user wants it to remain private.`
* added test cases
* bumped up the number of our GPL-licensed files
Preview
For both screenshots, Forgejo would previously display misinformation.
Change 1: User viewing their private profile, but activity isn't configured as hidden
https://codeberg.org/attachments/6659c80c-15dd-48be-a379-db737fd1dd5e
Change 2: Admin viewing user's private profile
https://codeberg.org/attachments/220da57f-b658-4474-9ad2-049e8438a0af
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/5638
Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Part of #27700
Removes all URLs from translation strings to easy up changing them in
the future and to exclude people injecting malicious URLs through
translations. First measure as long as #24402 is out of scope.
(cherry picked from commit 83f37f630246e381eefd650fc2d4b1f3976ea882)
Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
Conflicts:
- options/locale/locale_en-US.ini
Resolved by manually applying the URL->%s changes to our translations.
- routers/web/admin/hooks.go
templates/repo/settings/protected_branch.tmpl
templates/status/500.tmpl
Manually resolved.
- templates/repo/settings/webhook/settings.tmpl
Applied the change to templates/webhook/shared-settings.tmpl
instead
Additional changes: Gitea-specific URLs have been replaced by their
Forgejo counterparts, lifted from the original translation text.
