Bump version

CHANGELOG.md

@@ -1188,3 +1188,248 @@
 * Discolor pull request tab labels (#23950) (#23987)
 * Treat PRs with agit flow as fork PRs when triggering actions. (#23884) (#23967)
 * Left-align review comments (#23937)
+
+[1.28.2]
+* Update Gitea to 1.19.2
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.19.2)
+* Require repo scope for PATs for private repos and basic authentication (#24362) (#24364)
+* Only delete secrets belonging to its owner (#24284) (#24286)
+* Fix typo in API route (#24310) (#24332)
+* Fix access token issue on some public endpoints (#24194) (#24259)
+* Fix broken clone script on an empty archived repo (#24339) (#24348)
+* Fix Monaco IOS keyboard button (#24341) (#24347)
+* Don't set meta theme-color by default (#24340) (#24346)
+
+[1.28.3]
+* Update Gitea to 1.19.3
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.19.3)
+* Use golang 1.20.4 to fix CVE-2023-24539, CVE-2023-24540, and CVE-2023-29400
+* Enable whitespace rendering on selection in Monaco (#24444) (#24485)
+* Improve milestone filter on issues page (#22423) (#24440)
+* Fix api error message if fork exists (#24487) (#24493)
+* Fix user-cards format (#24428) (#24431)
+
+[1.28.4]
+* Update Gitea to 1.19.4
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.19.4)
+* Fix open redirect check for more cases (#25143) (#25155)
+* Return 404 in the API if the requested webhooks were not found (#24823) (#24830)
+* Fix organization field being null in GET /api/v1/teams/{id} (#24694) (#24696)
+* Set --font-weight-bold to 600 (#24840)
+* Make mailer SMTP check have timed context (#24751) (#24759)
+* Do not select line numbers when selecting text from the action run logs (#24594) (#24596)
+
+[1.29.0]
+* Update Gitea to 1.20.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.20.0)
+* [Blog](https://blog.gitea.com/release-of-1.20.0/)
+* Add button on diff header to copy file name, misc diff header tweaks (#24986)
+* API endpoint for changing/creating/deleting multiple files (#24887)
+* Support changing git config through app.ini, use diff.algorithm=histogram by default (#24860)
+* Add up and down arrows to selected lookup repositories (#24727)
+* Add Go package registry (#24687)
+* Add status indicator on main home screen for each repo (#24638)
+* Support for status check pattern (#24633)
+
+[1.29.1]
+* Update Gitea to 1.20.1
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.20.1)
+* Disallow dangerous URL schemes (#25960) (#25964)
+* Show the mismatched ROOT_URL warning on the sign-in page if OAuth2 is enabled (#25947) (#25972)
+* Make pending commit status yellow again (#25935) (#25968)
+* Fix version in rpm repodata/primary.xml.gz (#26009) (#26048)
+* Fix env config parsing for "GITEA____APP_NAME" (#26001) (#26013)
+* ParseScope with owner/repo always sets owner to zero (#25987) (#25989)
+* Fix SSPI auth panic (#25955) (#25969)
+* Avoid creating directories when loading config (#25944) (#25957)
+* Make environment-to-ini work with INSTALL_LOCK=true (#25926) (#25937)
+* Ignore `runs-on` with expressions when warning no matched runners (#25917) (#25933)
+* Avoid opening/closing PRs which are already merged (#25883) (#25903)
+* RPM Registry: Show zypper commands for SUSE based distros as well (#25981) (#26020)
+* Correctly refer to dev tags as nightly in the docker docs (#26004) (#26019)
+* Update path related documents (#25417) (#25982)
+* Adding remaining enum for migration repo model type. (#26021) (#26034)
+* Fix the route for pull-request's authors (#26016) (#26018)
+* Fix commit status color on dashboard repolist (#25993) (#25998)
+* Avoid hard-coding height in language dropdown menu (#25986) (#25997)
+* Add shutting down notice (#25920) (#25922)
+* Fix incorrect milestone count when provide a keyword (#25880) (#25904)
+
+[1.29.2]
+* Update Gitea to 1.20.2
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.20.2)
+* Calculate `MAX_WORKERS` default value by CPU number (#26177) (#26183)
+* Display deprecated warning in admin panel pages as well as in the log file (#26094) (#26154)
+
+[1.29.3]
+* Update Gitea to 1.20.3
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.20.3)
+* Fix the wrong derive path (#26271) (#26318)
+* Fix API leaking Usermail if not logged in (#25097) (#26350)
+* Add ThreadID parameter for Telegram webhooks (#25996) (#26480)
+* Add minimum polyfill to support "relative-time-element" in PaleMoon (#26575) (#26578)
+* Fix dark theme highlight for "NameNamespace" (#26519) (#26527)
+* Detect ogg mime-type as audio or video (#26494) (#26505)
+* Use object-fit: contain for oauth2 custom icons (#26493) (#26498)
+* Move dropzone progress bar to bottom to show filename when uploading (#26492) (#26497)
+* Remove last newline from config file (#26468) (#26471)
+* Minio: add missing region on client initialization (#26412) (#26438)
+* Add pull request review request webhook event (#26401) (#26407)
+* Fix text truncate (#26354) (#26384)
+* Fix incorrect color of selected assignees when create issue (#26324) (#26372)
+* Display human-readable text instead of cryptic filemodes (#26352) (#26358)
+* Hide last indexed SHA when a repo could not be indexed yet (#26340) (#26345)
+* Fix the topic validation rule and suport dots (#26286) (#26303)
+* Fix due date rendering the wrong date in issue (#26268) (#26274)
+* Don't autosize textarea in diff view (#26233) (#26244)
+* Fix commit compare style (#26209) (#26226)
+* Warn instead of reporting an error when a webhook cannot be found (#26039) (#26211)
+* Use "input" event instead of "keyup" event for migration form (#26602) (#26605)
+* Do not use deprecated log config options by default (#26592) (#26600)
+* Fix "issueReposQueryPattern does not match query" (#26556) (#26564)
+* Sync repo's IsEmpty status correctly (#26517) (#26560)
+* Fix project filter bugs (#26490) (#26558)
+* Use hidden over clip for text truncation (#26520) (#26522)
+* Set "type=button" for editor's toolbar buttons (#26510) (#26518)
+* Fix NuGet search endpoints (#25613) (#26499)
+* Fix storage path logic especially for relative paths (#26441) (#26481)
+* Close stdout correctly for "git blame" (#26470) (#26473)
+* Check first if minio bucket exists before trying to create it (#26420) (#26465)
+* Avoiding accessing undefined tributeValues #26461 (#26462)
+* Call git.InitSimple for runRepoSyncReleases (#26396) (#26450)
+* Add transaction when creating pull request created dirty data (#26259) (#26437)
+* Fix wrong middleware sequence (#26428) (#26436)
+* Fix admin queue page title and fix CI failures (#26409) (#26421)
+* Introduce ctx.PathParamRaw to avoid incorrect unescaping (#26392) (#26405)
+* Bypass MariaDB performance bug of the "IN" sub-query, fix incorrect IssueIndex (#26279) (#26368)
+* Fix incorrect CLI exit code and duplicate error message (#26346) (#26347)
+* Prevent newline errors with Debian packages (#26332) (#26342)
+* Fix bug with sqlite load read (#26305) (#26339)
+* Make git batch operations use parent context timeout instead of default timeout (#26325) (#26330)
+* Support getting changed files when commit ID is EmptySHA (#26290) (#26316)
+* Clarify the logger's MODE config option (#26267) (#26281)
+* Use shared template for webhook icons (#26242) (#26246)
+* Fix pull request check list is limited (#26179) (#26245)
+* Fix attachment clipboard copy on insecure origin (#26224) (#26231)
+* Fix access check for org-level project (#26182) (#26223)
+* Improve profile readme rendering (#25988) (#26453)
+* [docs] Add missing backtick in quickstart.zh-cn.md (#26349) (#26357)
+* Upgrade x/net to 0.13.0 (#26301)
+
+[1.29.4]
+* Update Gitea to 1.20.4
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.20.4)
+* Check blocklist for emails when adding them to account (#26812) (#26831)
+* Add branch_filter to hooks API endpoints (#26599) (#26632)
+* Fix incorrect "tabindex" attributes (#26733) (#26734)
+* Use line-height: normal by default (#26635) (#26708)
+* Fix unable to display individual-level project (#26198) (#26636)
+* Fix wrong review requested number (#26784) (#26880)
+* Avoid double-unescaping of form value (#26853) (#26863)
+* Redirect from {repo}/issues/new to {repo}/issues/new/choose when blank issues are disabled (#26813) (#26847)
+* Sync tags when adopting repos (#26816) (#26834)
+* Fix verifyCommits error when push a new branch (#26664) (#26810)
+* Include the GITHUB_TOKEN/GITEA_TOKEN secret for fork pull requests (#26759) (#26806)
+* Fix some slice append usages (#26778) (#26798)
+* Add fix incorrect can_create_org_repo for org owner team (#26683) (#26791)
+* Fix bug for ctx usage (#26763)
+* Make issue template field template access correct template data (#26698) (#26709)
+* Use correct minio error (#26634) (#26639)
+* Ignore the trailing slashes when comparing oauth2 redirect_uri (#26597) (#26618)
+* Set errwriter for urfave/cli v1 (#26616)
+* Fix reopen logic for agit flow pull request (#26399) (#26613)
+* Fix context filter has no effect in dashboard (#26695) (#26811)
+* Fix being unable to use a repo that prohibits accepting PRs as a PR source. (#26785) (#26790)
+* Fix Page Not Found error (#26768)
+
+[1.30.0]
+* Implement OIDC auth
+
+[1.30.1]
+* Update Gitea to 1.20.5
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.20.5)
+* Fix z-index on markdown completion (#27237) (#27242 & #27238)
+* Use secure cookie for HTTPS sites (#26999) (#27013)
+* Fix git 2.11 error when checking IsEmpty (#27393) (#27396)
+* Allow get release download files and lfs files with oauth2 token format (#26430) (#27378)
+* Fix orphan check for deleted branch (#27310) (#27320)
+* Quote table release in sql queries (#27205) (#27219)
+* Fix release URL in webhooks (#27182) (#27184)
+* Fix successful return value for SyncAndGetUserSpecificDiff (#27152) (#27156)
+* fix pagination for followers and following (#27127) (#27138)
+* Fix issue templates when blank isses are disabled (#27061) (#27082)
+* Fix context cache bug & enable context cache for dashabord commits' authors(#26991) (#27017)
+* Fix INI parsing for value with trailing slash (#26995) (#27001)
+* Fix PushEvent NullPointerException jenkinsci/github-plugin (#27203) (#27249)
+* Fix organization field being null in POST /orgs/{orgid}/teams (#27150) (#27167 & #27162)
+* Fix bug of review request number (#27406) (#27104)
+
+[1.31.0]
+* Update base image to 4.2.0
+
+[1.32.0]
+* Update Gitea to 1.21.0
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.21.0)
+
+[1.32.1]
+* Update Gitea to 1.21.1
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.21.1)
+
+[1.32.2]
+* Update Gitea to 1.21.2
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.21.2)
+* Rebuild with recently released golang version
+* Fix missing check (#28406) (#28411)
+* Do some missing checks (#28423) (#28432)
+* Fix margin in server signed signature verification view (#28379) (#28381)
+* Fix object does not exist error when checking citation file (#28314) (#28369)
+* Use filepath instead of path to create SQLite3 database file (#28374) (#28378)
+* Fix the runs will not be displayed bug when the main branch have no workflows but other branches have (#28359) (#28365)
+* Handle repository.size column being NULL in migration v263 (#28336) (#28363)
+* Convert git commit summary to valid UTF8. (#28356) (#28358)
+* Fix migration panic due to an empty review comment diff (#28334) (#28362)
+* Add HEAD support for rpm repo files (#28309) (#28360)
+* Fix RPM/Debian signature key creation (#28352) (#28353)
+* Keep profile tab when clicking on Language (#28320) (#28331)
+* Fix missing issue search index update when changing status (#28325) (#28330)
+* Fix wrong link in protect_branch_name_pattern_desc (#28313) (#28315)
+* Read previous info from git blame (#28306) (#28310)
+* Ignore "non-existing" errors when getDirectorySize calculates the size (#28276) (#28285)
+* Use appSubUrl for OAuth2 callback URL tip (#28266) (#28275)
+* Meilisearch: require all query terms to be matched (#28293) (#28296)
+* Fix required error for token name (#28267) (#28284)
+* Fix issue will be detected as pull request when checking First-time contributor (#28237) (#28271)
+* Use full width for project boards (#28225) (#28245)
+* Increase "version" when update the setting value to a same value as before (#28243) (#28244)
+* Also sync DB branches on push if necessary (#28361) (#28403)
+* Make gogit Repository.GetBranchNames consistent (#28348) (#28386)
+* Recover from panic in cron task (#28409) (#28425)
+* Deprecate query string auth tokens (#28390) (#28430)
+* Improve doctor cli behavior (#28422) (#28424)
+* Fix margin in server signed signature verification view (#28379) (#28381)
+* Refactor template empty checks (#28351) (#28354)
+* Read previous info from git blame (#28306) (#28310)
+* Use full width for project boards (#28225) (#28245)
+* Enable system users search via the API (#28013) (#28018)
+
+[1.32.3]
+* Update Gitea to 1.21.3
+* [Full changelog](https://github.com/go-gitea/gitea/releases/tag/v1.21.3)
+* Update golang.org/x/crypto (#28519)
+* chore(api): support ignore password if login source type is LDAP for creating user API (#28491) (#28525)
+* Add endpoint for not implemented Docker auth (#28457) (#28462)
+* Add option to disable ambiguous unicode characters detection (#28454) (#28499)
+* Refactor SSH clone URL generation code (#28421) (#28480)
+* Polyfill SubmitEvent for PaleMoon (#28441) (#28478)
+* Fix the issue ref rendering for wiki (#28556) (#28559)
+* Fix duplicate ID when deleting repo (#28520) (#28528)
+* Only check online runner when detecting matching runners in workflows (#28286) (#28512)
+* Initalize stroage for orphaned repository doctor (#28487) (#28490)
+* Fix possible nil pointer access (#28428) (#28440)
+* Don't show unnecessary citation JS error on UI (#28433) (#28437)
+* Fix inperformant query on retrifing review from database. (#28552) (#28562)
+* Improve the prompt for "ssh-keygen sign" (#28509) (#28510)
+* Update docs for DISABLE_QUERY_AUTH_TOKEN (#28485) (#28488)
+* Fix Chinese translation of config cheat sheet[API] (#28472) (#28473)
+* Retry SSH key verification with additional CRLF if it failed (#28392) (#28464)
+

CloudronManifest.json

@@ -4,16 +4,16 @@
   "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "1.28.1",
-  "upstreamVersion": "1.19.1",
+  "version": "1.32.3",
+  "upstreamVersion": "1.21.3",
   "healthCheckPath": "/explore",
   "httpPort": 3000,
   "memoryLimit": 536870912,
   "addons": {
     "mysql": { },
-    "sendmail": { },
-    "localstorage": { "supportsDisplayName": true },
-    "ldap": { }
+    "sendmail": { "supportsDisplayName": true },
+    "localstorage": { },
+    "oidc": { "loginRedirectUri": "/user/oauth2/cloudron/callback" }
   },
   "tcpPorts": {
     "SSH_PORT": {
@@ -37,7 +37,7 @@
   "tags": [ "version control", "git", "code hosting", "development", "github", "bitbucket", "gitlab" ],
   "changelog": "file://CHANGELOG.md",
   "postInstallMessage": "file://POSTINSTALL.md",
-  "minBoxVersion": "7.3.0",
+  "minBoxVersion": "7.5.1",
   "forumUrl": "https://forum.cloudron.io/category/19/gitea",
   "documentationUrl": "https://docs.cloudron.io/apps/gitea/"
 }

Dockerfile

@@ -1,4 +1,4 @@
-FROM cloudron/base:4.0.0@sha256:31b195ed0662bdb06a6e8a5ddbedb6f191ce92e8bee04c03fb02dd4e9d0286df
+FROM cloudron/base:4.2.0@sha256:46da2fffb36353ef714f97ae8e962bd2c212ca091108d768ba473078319a47f4
 
 RUN apt-get update && \
     apt-get install -y openssh-server git asciidoctor pandoc && \
@@ -19,7 +19,7 @@ WORKDIR /home/git
 # for autosign feature
 ENV GNUPGHOME="/app/data/gnupg"
 
-ARG VERSION=1.19.1
+ARG VERSION=1.21.3
 
 RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
     && chmod +x /home/git/gitea/gitea

app.ini.template

@@ -48,16 +48,23 @@ ENABLED = true
 ; APP_DATA_PATH/attachments
 PATH =
 
+[oauth2_client]
+ENABLE_AUTO_REGISTRATION = true
+USERNAME = sub
+UPDATE_AVATAR = false
+ACCOUNT_LINKING = auto
 
 [mailer]
 ENABLED = true
 
 ; those settings are protected and can't be modified
-HOST = ##MAIL_SERVER:##MAIL_PORT
+SMTP_ADDR = ##MAIL_SERVER
+SMTP_PORT = ##MAIL_PORT
 USER = ##MAIL_SMTP_USERNAME
 PASSWD = ##MAIL_SMTP_PASSWORD
 FROM = ##MAIL_FROM
-SKIP_VERIFY = true
+PROTOCOL = smtps
+FORCE_TRUST_SERVER_CERT = true
 
 
 [security]

start.sh

@@ -4,25 +4,23 @@ set -eu -o pipefail
 
 mkdir -p /run/gitea/tmp/uploads /run/sshd /run/gitea/sessions
 
-setup_ldap_source() {
+migrate_ldap_users_to_oidc() {
     set -eu
 
-    echo "==> Setup LDAP source"
+    echo "==> migrate LDAP to OIDC"
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e \
+        "UPDATE user u, (select id from login_source WHERE name='cloudron' and type='6') ls SET u.login_type=6, u.login_source=ls.id WHERE u.login_type=2 AND u.login_source=1"
+}
 
-    # Get the existing LDAP source status. This allows the user to disable LDAP
-    # Note that this method is deprecated since this app now supports optionalSso
-    ldap_status=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "select is_active from login_source WHERE name='cloudron';")
-    [[ -z "${ldap_status}" ]] && ldap_status="1"
+setup_oidc_source() {
+    set -eu
+
+    echo "==> Setup OIDC source"
 
     now=$(date +%s)
+    mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -e \
+        "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,6,'cloudron', 1,'{\"Provider\":\"openidConnect\",\"ClientID\":\"${CLOUDRON_OIDC_CLIENT_ID}\",\"ClientSecret\":\"${CLOUDRON_OIDC_CLIENT_SECRET}\",\"OpenIDConnectAutoDiscoveryURL\":\"${CLOUDRON_OIDC_ISSUER}/.well-known/openid-configuration\",\"CustomURLMapping\":null,\"IconURL\":\"\",\"Scopes\":[\"openid email profile\"],\"RequiredClaimName\":\"\",\"RequiredClaimValue\":\"\",\"GroupClaimName\":\"\",\"AdminGroup\":\"\",\"GroupTeamMap\":\"\",\"GroupTeamMapRemoval\":false,\"RestrictedGroup\":\"\"}','${now}','${now}')"
 
-    if mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" \
-        -e "REPLACE INTO login_source (id, type, name, is_active, cfg, created_unix, updated_unix) VALUES (1,2,'cloudron',${ldap_status},'{\"Name\":\"cloudron\",\"Host\":\"${CLOUDRON_LDAP_SERVER}\",\"Port\":${CLOUDRON_LDAP_PORT},\"UseSSL\":false,\"SkipVerify\":true,\"BindDN\":\"${CLOUDRON_LDAP_BIND_DN}\",\"BindPassword\":\"${CLOUDRON_LDAP_BIND_PASSWORD}\",\"UserBase\":\"${CLOUDRON_LDAP_USERS_BASE_DN}\",\"AttributeUsername\":\"username\",\"AttributeName\":\"displayname\",\"AttributeSurname\":\"\",\"AttributeMail\":\"mail\",\"Filter\":\"(\\\\u007C(mail=%[1]s)(username=%[1]s))\"}','${now}','${now}');"; then
-        echo "==> LDAP Authentication was setup with activation status ${ldap_status}"
-    else
-        echo "==> Failed to setup LDAP authentication"
-        exit 1
-    fi
 }
 
 setup_root_user() {
@@ -47,11 +45,12 @@ setup_auth() {
 
     echo "==> Gitea is up, setting up auth"
 
-    if [[ -n "${CLOUDRON_LDAP_SERVER:-}" ]]; then
-        setup_ldap_source
+    if [[ -n "${CLOUDRON_OIDC_ISSUER:-}" ]]; then
+        setup_oidc_source
+        migrate_ldap_users_to_oidc
     fi
 
-    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user;")
+    user_count=$(mysql -u"${CLOUDRON_MYSQL_USERNAME}" -p"${CLOUDRON_MYSQL_PASSWORD}" -h mysql --database="${CLOUDRON_MYSQL_DATABASE}" -N -B -e "SELECT count(*) FROM user")
     # be careful, not to create root user for existing LDAP based installs
     if [[ "${user_count}" == "0" ]]; then
         echo "==> Setting up root user for first run"
@@ -111,11 +110,13 @@ crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"
 crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
 crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
 crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
-crudini --set "/run/gitea/app.ini" mailer HOST "${CLOUDRON_MAIL_SMTP_SERVER}:${CLOUDRON_MAIL_SMTPS_PORT}"
+crudini --set "/run/gitea/app.ini" mailer SMTP_ADDR "${CLOUDRON_MAIL_SMTP_SERVER}"
+crudini --set "/run/gitea/app.ini" mailer SMTP_PORT "${CLOUDRON_MAIL_SMTPS_PORT}"
+crudini --set "/run/gitea/app.ini" mailer PROTOCOL smtps
 crudini --set "/run/gitea/app.ini" mailer USER "${CLOUDRON_MAIL_SMTP_USERNAME}"
 crudini --set "/run/gitea/app.ini" mailer PASSWD "${CLOUDRON_MAIL_SMTP_PASSWORD}"
 crudini --set "/run/gitea/app.ini" mailer FROM "${CLOUDRON_MAIL_FROM_DISPLAY_NAME:-Gitea} <${CLOUDRON_MAIL_FROM}>"
-crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"
+crudini --set "/run/gitea/app.ini" mailer FORCE_TRUST_SERVER_CERT "true"
 crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
 crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_LIMIT 1
 crudini --set "/run/gitea/app.ini" security REVERSE_PROXY_TRUSTED_PROXIES "*"

test/git_ssh_wrapper.sh

@@ -2,4 +2,4 @@
 
 readonly SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
-ssh -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${SCRIPT_DIR}/id_rsa "$@"
+ssh -o IdentitiesOnly=yes -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -i ${SCRIPT_DIR}/id_ed25519 "$@"

test/id_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACDECyFdxcmgOemNvs0wUhkgzfj9IS2OTG6bU5AXfNkXfgAAAJAoNQg/KDUI
+PwAAAAtzc2gtZWQyNTUxOQAAACDECyFdxcmgOemNvs0wUhkgzfj9IS2OTG6bU5AXfNkXfg
+AAAEC9nIZlzus9hn/b99E/cnSE2Vpycx0invItrrzgOX9qwMQLIV3FyaA56Y2+zTBSGSDN
++P0hLY5MbptTkBd82Rd+AAAADW5lYnVsb25AbHVuYXI=
+-----END OPENSSH PRIVATE KEY-----

test/id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMQLIV3FyaA56Y2+zTBSGSDN+P0hLY5MbptTkBd82Rd+ nebulon@lunar

test/id_rsa

@@ -1,27 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEA14L+HdwPXRHC2A+fyRv1FTsRE/OPl0Z0KnEigzIIdA65CzTy
-l3m3ATNFI1o/Ies7RW6rsr9UHuLLufNVg1NwIBdns8sPE4pSZSjfdPnznifIIs7y
-wL/vn2D3JEhpA8EOasSy0c+z+6X23evsLB3D81y7ICsBc16Q147WZ6D+QMUP+A4b
-wlmEcy0hAoPx/jnnPlRDVOK1ZnBvuAaHBkcBh+sA272BhB6Kv13MBu0wctDjKw5w
-cNmgVWbzBBtK1L8BZVMDKmKWZ2PKP4GkkpnAvkD0+4sdARe148faV8HHigAKKNN7
-vt+njs6nHuS4ksJL1E9cKGHdBJudJc3p24iI7QIDAQABAoIBABm5ojnQPek/KIIA
-A3PPKYc6QMSf60EEgPNcA+GjRE0OQNpsnJSmS8kR5KvepvCWksGr/0Tb/9+b9POi
-b0+40waRpKhakdckSMeYhGwDNihn2UUGbQXDI4hj27xyBE8VaXInPq063OIqInjF
-I7D0cKKJLDEf0RGDdUi13TQLjK4QX78W/9S8d5ClznAVi4wUBb1urs7fAoVetn/i
-PnlEj9KZHio4mCg28djTudAoWzjzUikRqKRYY5QNEJ13abVoLqIRSRHC1DzwpxVv
-Y88l4hmm6IcmWGo0O9lpu5IJFvEmngfpmyaVbeLE0fhLPFWcEHARw37SThTZVQeY
-Tx1816UCgYEA9j5dyNbFcC4YL9i9DQyut658bYziY2vsAvZNMMf249IJGbZOxlZK
-ylB00zlbO/2uNh12Y9z6BN2hO2lER3O3SM75tCnvXR0+qG+xmfjLcRVczEkU10+r
-8UxKBgg7Sf9uvfeONefEYPwiwzFoWgdaFSrR2sCmuoHPwfc9i+PSp+8CgYEA4Azq
-DToKdv6VBWPlNXT6OW3+HUPeHF087Ve03+3orCckZ+d2DImEOvWdt+pDeGQJJcq+
-o+SzZk9FjFOIiQehuA44OFrvcbag9YAlm1JQYYrRTdZEJz3iSucXCzJH/P5TrB84
-BHvzgCklZzZ0IpEFxzMe8oNS6XfJmilh6I98YOMCgYBybOy7xUGeLW1D3p2LENen
-t0dOyObyeFYF0lpwTpulphZgglz8wWCjvttqw/5nVCy+LNa09RyhYjPoHbSC13zW
-MofKdqoqRMq3DqAjAn/XHqwuqc8rdnRZ/q9vOigC7NWTJRRKbFbPEps8xRrOqxfr
-OiimVFul02ito6xP8yAStQKBgQDHbPdPup/h9wzx9U7p3Ct1vt/3cJddK+i1YeIP
-iBYYVebjzXSYCDd4u3MdZxmTKYey6dnyy/ibUmgXVassPWzHBXEpSFflIaf3nY7b
-x9LgX82ZuOSFAWJRRYyPXLwTBtW3WTplU2cUZotyaVfKBMfd3TToq9e7E/KQk9Eg
-Tcdp/QKBgCyKD1gGU/H1bsQOuWHuFR1v7v82V1DLVjyn5kllej0tlfTLO/5uUsEE
-SIjGHfTHxgpww9HN9BPyy8xdQMAc6p7UyvJAIyhg679AQBrMLLvhE5niaGu4jQOa
-ZVY6nZUQNCwgxJwnUkFnOyXDYjzjyxZOCAWPxghYbS+IEl1GzhZU
------END RSA PRIVATE KEY-----

test/id_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDXgv4d3A9dEcLYD5/JG/UVOxET84+XRnQqcSKDMgh0DrkLNPKXebcBM0UjWj8h6ztFbquyv1Qe4su581WDU3AgF2ezyw8TilJlKN90+fOeJ8gizvLAv++fYPckSGkDwQ5qxLLRz7P7pfbd6+wsHcPzXLsgKwFzXpDXjtZnoP5AxQ/4DhvCWYRzLSECg/H+Oec+VENU4rVmcG+4BocGRwGH6wDbvYGEHoq/XcwG7TBy0OMrDnBw2aBVZvMEG0rUvwFlUwMqYpZnY8o/gaSSmcC+QPT7ix0BF7Xjx9pXwceKAAoo03u+36eOzqce5LiSwkvUT1woYd0Em50lzenbiIjt girish@beast

test/package-lock.json

@@ -9,17 +9,17 @@
       "version": "1.0.0",
       "license": "ISC",
       "dependencies": {
-        "chromedriver": "^112.0.0",
+        "chromedriver": "^120.0.0",
         "expect.js": "^0.3.1",
         "mocha": "^10.2.0",
-        "selenium-webdriver": "^4.8.2",
-        "superagent": "^8.0.9"
+        "selenium-webdriver": "^4.16.0",
+        "superagent": "^8.1.2"
       }
     },
     "node_modules/@testim/chrome-version": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.3.tgz",
-      "integrity": "sha512-g697J3WxV/Zytemz8aTuKjTGYtta9+02kva3C1xc7KXB8GdbfE1akGJIsZLyY/FSh2QrnE+fiB7vmWU3XNcb6A=="
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.4.tgz",
+      "integrity": "sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g=="
     },
     "node_modules/@types/node": {
       "version": "16.11.11",
@@ -105,9 +105,9 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "node_modules/axios": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.2.3.tgz",
-      "integrity": "sha512-pdDkMYJeuXLZ6Xj/Q5J3Phpe+jbGdsSzlQaFVkMQzRUL05+6+tetX8TV3p4HrU4kzuO9bt+io/yGQxuyxA/xcw==",
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.1.tgz",
+      "integrity": "sha512-vfBmhDpKafglh0EldBEbVuoe7DyAavGSLWhuSm5ZSEKQnHhBf0xAAwybbNH1IkrJNGnS/VG4I5yxig1pCEXE4g==",
       "dependencies": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -236,24 +236,24 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "112.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-112.0.0.tgz",
-      "integrity": "sha512-fEw1tI05dmK1KK8MGh99LAppP7zCOPEXUxxbYX5wpIBCCmKasyrwZhk/qsdnxJYKd/h0TfiHvGEj7ReDQXW1AA==",
+      "version": "120.0.0",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-120.0.0.tgz",
+      "integrity": "sha512-LGy2LhWRBiqDarFIU8gQ43EEyj+07Tc3JuUhthkESAwZ99lrifSnKZwKU0aVwansU84+k6bt71z7K3dkk65gZg==",
       "hasInstallScript": true,
       "dependencies": {
-        "@testim/chrome-version": "^1.1.3",
-        "axios": "^1.2.1",
-        "compare-versions": "^5.0.1",
+        "@testim/chrome-version": "^1.1.4",
+        "axios": "^1.6.0",
+        "compare-versions": "^6.1.0",
         "extract-zip": "^2.0.1",
         "https-proxy-agent": "^5.0.1",
         "proxy-from-env": "^1.1.0",
-        "tcp-port-used": "^1.0.1"
+        "tcp-port-used": "^1.0.2"
       },
       "bin": {
         "chromedriver": "bin/chromedriver"
       },
       "engines": {
-        "node": ">=14"
+        "node": ">=18"
       }
     },
     "node_modules/cliui": {
@@ -294,9 +294,9 @@
       }
     },
     "node_modules/compare-versions": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-5.0.1.tgz",
-      "integrity": "sha512-v8Au3l0b+Nwkp4G142JcgJFh1/TUhdxut7wzD1Nq1dyp5oa3tXaqb03EXOAB6jS4gMlalkjAUPZBMiAfKUixHQ=="
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz",
+      "integrity": "sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg=="
     },
     "node_modules/component-emitter": {
       "version": "1.3.0",
@@ -479,9 +479,9 @@
       }
     },
     "node_modules/follow-redirects": {
-      "version": "1.15.2",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
-      "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA==",
+      "version": "1.15.3",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz",
+      "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q==",
       "funding": [
         {
           "type": "individual",
@@ -797,9 +797,9 @@
       }
     },
     "node_modules/jszip": {
-      "version": "3.10.0",
-      "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.0.tgz",
-      "integrity": "sha512-LDfVtOLtOxb9RXkYOwPyNBTQDL4eUbqahtoY6x07GiDJHwSYvn8sHHIw8wINImV3MqbMNve2gSuM1DDqEKk09Q==",
+      "version": "3.10.1",
+      "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz",
+      "integrity": "sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==",
       "dependencies": {
         "lie": "~3.3.0",
         "pako": "~1.0.2",
@@ -807,33 +807,6 @@
         "setimmediate": "^1.0.5"
       }
     },
-    "node_modules/jszip/node_modules/readable-stream": {
-      "version": "2.3.7",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz",
-      "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==",
-      "dependencies": {
-        "core-util-is": "~1.0.0",
-        "inherits": "~2.0.3",
-        "isarray": "~1.0.0",
-        "process-nextick-args": "~2.0.0",
-        "safe-buffer": "~5.1.1",
-        "string_decoder": "~1.1.1",
-        "util-deprecate": "~1.0.1"
-      }
-    },
-    "node_modules/jszip/node_modules/safe-buffer": {
-      "version": "5.1.2",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
-      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
-    },
-    "node_modules/jszip/node_modules/string_decoder": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
-      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
-      "dependencies": {
-        "safe-buffer": "~5.1.0"
-      }
-    },
     "node_modules/lie": {
       "version": "3.3.0",
       "resolved": "https://registry.npmjs.org/lie/-/lie-3.3.0.tgz",
@@ -1140,6 +1113,25 @@
         "safe-buffer": "^5.1.0"
       }
     },
+    "node_modules/readable-stream": {
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+      "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+      "dependencies": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      }
+    },
+    "node_modules/readable-stream/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
     "node_modules/readdirp": {
       "version": "3.6.0",
       "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
@@ -1179,13 +1171,13 @@
       ]
     },
     "node_modules/selenium-webdriver": {
-      "version": "4.8.2",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.8.2.tgz",
-      "integrity": "sha512-d2dcpDLPcXlBy5qcPtB1B8RYTtj1N+JiHQLViFx3OP+i5hqkAuqTfJEYUh4qNX11S4NvbxjteiwN3OPwK3vPVw==",
+      "version": "4.16.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.16.0.tgz",
+      "integrity": "sha512-IbqpRpfGE7JDGgXHJeWuCqT/tUqnLvZ14csSwt+S8o4nJo3RtQoE9VR4jB47tP/A8ArkYsh/THuMY6kyRP6kuA==",
       "dependencies": {
-        "jszip": "^3.10.0",
+        "jszip": "^3.10.1",
         "tmp": "^0.2.1",
-        "ws": ">=8.11.0"
+        "ws": ">=8.14.2"
       },
       "engines": {
         "node": ">= 14.20.0"
@@ -1231,6 +1223,19 @@
         "url": "https://github.com/sponsors/ljharb"
       }
     },
+    "node_modules/string_decoder": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "dependencies": {
+        "safe-buffer": "~5.1.0"
+      }
+    },
+    "node_modules/string_decoder/node_modules/safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
     "node_modules/string-width": {
       "version": "4.2.3",
       "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
@@ -1267,9 +1272,9 @@
       }
     },
     "node_modules/superagent": {
-      "version": "8.0.9",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.0.9.tgz",
-      "integrity": "sha512-4C7Bh5pyHTvU33KpZgwrNKh/VQnvgtCSqPRfJAUdmrtSYePVzVg4E4OzsrbkhJj9O7SO6Bnv75K/F8XVZT8YHA==",
+      "version": "8.1.2",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.1.2.tgz",
+      "integrity": "sha512-6WTxW1EB6yCxV5VFOIPQruWGHqc3yI7hEmZK6h+pyk69Lk/Ut7rLUY6W/ONF2MjBuGjvmMiIpsrVJ2vjrHlslA==",
       "dependencies": {
         "component-emitter": "^1.3.0",
         "cookiejar": "^2.1.4",
@@ -1364,7 +1369,7 @@
     "node_modules/util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
     },
     "node_modules/workerpool": {
       "version": "6.2.1",
@@ -1393,9 +1398,9 @@
       "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
     },
     "node_modules/ws": {
-      "version": "8.12.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.12.0.tgz",
-      "integrity": "sha512-kU62emKIdKVeEIOIKVegvqpXMSTAMLJozpHZaJNDYqBjzlSYXQGviYwN1osDLJ9av68qHd4a2oSjd7yD4pacig==",
+      "version": "8.14.2",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.14.2.tgz",
+      "integrity": "sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==",
       "engines": {
         "node": ">=10.0.0"
       },
@@ -1487,9 +1492,9 @@
   },
   "dependencies": {
     "@testim/chrome-version": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.3.tgz",
-      "integrity": "sha512-g697J3WxV/Zytemz8aTuKjTGYtta9+02kva3C1xc7KXB8GdbfE1akGJIsZLyY/FSh2QrnE+fiB7vmWU3XNcb6A=="
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/@testim/chrome-version/-/chrome-version-1.1.4.tgz",
+      "integrity": "sha512-kIhULpw9TrGYnHp/8VfdcneIcxKnLixmADtukQRtJUmsVlMg0niMkwV0xZmi8hqa57xqilIHjWFA0GKvEjVU5g=="
     },
     "@types/node": {
       "version": "16.11.11",
@@ -1557,9 +1562,9 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "axios": {
-      "version": "1.2.3",
-      "resolved": "https://registry.npmjs.org/axios/-/axios-1.2.3.tgz",
-      "integrity": "sha512-pdDkMYJeuXLZ6Xj/Q5J3Phpe+jbGdsSzlQaFVkMQzRUL05+6+tetX8TV3p4HrU4kzuO9bt+io/yGQxuyxA/xcw==",
+      "version": "1.6.1",
+      "resolved": "https://registry.npmjs.org/axios/-/axios-1.6.1.tgz",
+      "integrity": "sha512-vfBmhDpKafglh0EldBEbVuoe7DyAavGSLWhuSm5ZSEKQnHhBf0xAAwybbNH1IkrJNGnS/VG4I5yxig1pCEXE4g==",
       "requires": {
         "follow-redirects": "^1.15.0",
         "form-data": "^4.0.0",
@@ -1652,17 +1657,17 @@
       }
     },
     "chromedriver": {
-      "version": "112.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-112.0.0.tgz",
-      "integrity": "sha512-fEw1tI05dmK1KK8MGh99LAppP7zCOPEXUxxbYX5wpIBCCmKasyrwZhk/qsdnxJYKd/h0TfiHvGEj7ReDQXW1AA==",
+      "version": "120.0.0",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-120.0.0.tgz",
+      "integrity": "sha512-LGy2LhWRBiqDarFIU8gQ43EEyj+07Tc3JuUhthkESAwZ99lrifSnKZwKU0aVwansU84+k6bt71z7K3dkk65gZg==",
       "requires": {
-        "@testim/chrome-version": "^1.1.3",
-        "axios": "^1.2.1",
-        "compare-versions": "^5.0.1",
+        "@testim/chrome-version": "^1.1.4",
+        "axios": "^1.6.0",
+        "compare-versions": "^6.1.0",
         "extract-zip": "^2.0.1",
         "https-proxy-agent": "^5.0.1",
         "proxy-from-env": "^1.1.0",
-        "tcp-port-used": "^1.0.1"
+        "tcp-port-used": "^1.0.2"
       }
     },
     "cliui": {
@@ -1697,9 +1702,9 @@
       }
     },
     "compare-versions": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-5.0.1.tgz",
-      "integrity": "sha512-v8Au3l0b+Nwkp4G142JcgJFh1/TUhdxut7wzD1Nq1dyp5oa3tXaqb03EXOAB6jS4gMlalkjAUPZBMiAfKUixHQ=="
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/compare-versions/-/compare-versions-6.1.0.tgz",
+      "integrity": "sha512-LNZQXhqUvqUTotpZ00qLSaify3b4VFD588aRr8MKFw4CMUr98ytzCW5wDH5qx/DEY5kCDXcbcRuCqL0szEf2tg=="
     },
     "component-emitter": {
       "version": "1.3.0",
@@ -1833,9 +1838,9 @@
       "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ=="
     },
     "follow-redirects": {
-      "version": "1.15.2",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.2.tgz",
-      "integrity": "sha512-VQLG33o04KaQ8uYi2tVNbdrWp1QWxNNea+nmIB4EVM28v0hmP17z7aG1+wAkNzVq4KeXTq3221ye5qTJP91JwA=="
+      "version": "1.15.3",
+      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.15.3.tgz",
+      "integrity": "sha512-1VzOtuEM8pC9SFU1E+8KfTjZyMztRsgEfwQl44z8A25uy13jSzTj6dyK2Df52iV0vgHCfBwLhDWevLn95w5v6Q=="
     },
     "form-data": {
       "version": "4.0.0",
@@ -2049,43 +2054,14 @@
       }
     },
     "jszip": {
-      "version": "3.10.0",
-      "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.0.tgz",
-      "integrity": "sha512-LDfVtOLtOxb9RXkYOwPyNBTQDL4eUbqahtoY6x07GiDJHwSYvn8sHHIw8wINImV3MqbMNve2gSuM1DDqEKk09Q==",
+      "version": "3.10.1",
+      "resolved": "https://registry.npmjs.org/jszip/-/jszip-3.10.1.tgz",
+      "integrity": "sha512-xXDvecyTpGLrqFrvkrUSoxxfJI5AH7U8zxxtVclpsUtMCq4JQ290LY8AW5c7Ggnr/Y/oK+bQMbqK2qmtk3pN4g==",
       "requires": {
         "lie": "~3.3.0",
         "pako": "~1.0.2",
         "readable-stream": "~2.3.6",
         "setimmediate": "^1.0.5"
-      },
-      "dependencies": {
-        "readable-stream": {
-          "version": "2.3.7",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.7.tgz",
-          "integrity": "sha512-Ebho8K4jIbHAxnuxi7o42OrZgF/ZTNcsZj6nRKyUmkhLFq8CHItp/fy6hQZuZmP/n3yZ9VBUbp4zz/mX8hmYPw==",
-          "requires": {
-            "core-util-is": "~1.0.0",
-            "inherits": "~2.0.3",
-            "isarray": "~1.0.0",
-            "process-nextick-args": "~2.0.0",
-            "safe-buffer": "~5.1.1",
-            "string_decoder": "~1.1.1",
-            "util-deprecate": "~1.0.1"
-          }
-        },
-        "safe-buffer": {
-          "version": "5.1.2",
-          "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
-          "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
-        },
-        "string_decoder": {
-          "version": "1.1.1",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
-          "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
-          "requires": {
-            "safe-buffer": "~5.1.0"
-          }
-        }
       }
     },
     "lie": {
@@ -2307,6 +2283,27 @@
         "safe-buffer": "^5.1.0"
       }
     },
+    "readable-stream": {
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.8.tgz",
+      "integrity": "sha512-8p0AUk4XODgIewSi0l8Epjs+EVnWiK7NoDIEGU0HhE7+ZyY8D1IMY7odu5lRrFXGg71L15KG8QrPmum45RTtdA==",
+      "requires": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      },
+      "dependencies": {
+        "safe-buffer": {
+          "version": "5.1.2",
+          "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+          "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+        }
+      }
+    },
     "readdirp": {
       "version": "3.6.0",
       "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
@@ -2326,13 +2323,13 @@
       "integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ=="
     },
     "selenium-webdriver": {
-      "version": "4.8.2",
-      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.8.2.tgz",
-      "integrity": "sha512-d2dcpDLPcXlBy5qcPtB1B8RYTtj1N+JiHQLViFx3OP+i5hqkAuqTfJEYUh4qNX11S4NvbxjteiwN3OPwK3vPVw==",
+      "version": "4.16.0",
+      "resolved": "https://registry.npmjs.org/selenium-webdriver/-/selenium-webdriver-4.16.0.tgz",
+      "integrity": "sha512-IbqpRpfGE7JDGgXHJeWuCqT/tUqnLvZ14csSwt+S8o4nJo3RtQoE9VR4jB47tP/A8ArkYsh/THuMY6kyRP6kuA==",
       "requires": {
-        "jszip": "^3.10.0",
+        "jszip": "^3.10.1",
         "tmp": "^0.2.1",
-        "ws": ">=8.11.0"
+        "ws": ">=8.14.2"
       }
     },
     "semver": {
@@ -2366,6 +2363,21 @@
         "object-inspect": "^1.9.0"
       }
     },
+    "string_decoder": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "requires": {
+        "safe-buffer": "~5.1.0"
+      },
+      "dependencies": {
+        "safe-buffer": {
+          "version": "5.1.2",
+          "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+          "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+        }
+      }
+    },
     "string-width": {
       "version": "4.2.3",
       "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
@@ -2390,9 +2402,9 @@
       "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig=="
     },
     "superagent": {
-      "version": "8.0.9",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.0.9.tgz",
-      "integrity": "sha512-4C7Bh5pyHTvU33KpZgwrNKh/VQnvgtCSqPRfJAUdmrtSYePVzVg4E4OzsrbkhJj9O7SO6Bnv75K/F8XVZT8YHA==",
+      "version": "8.1.2",
+      "resolved": "https://registry.npmjs.org/superagent/-/superagent-8.1.2.tgz",
+      "integrity": "sha512-6WTxW1EB6yCxV5VFOIPQruWGHqc3yI7hEmZK6h+pyk69Lk/Ut7rLUY6W/ONF2MjBuGjvmMiIpsrVJ2vjrHlslA==",
       "requires": {
         "component-emitter": "^1.3.0",
         "cookiejar": "^2.1.4",
@@ -2462,7 +2474,7 @@
     "util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
     },
     "workerpool": {
       "version": "6.2.1",
@@ -2485,9 +2497,9 @@
       "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
     },
     "ws": {
-      "version": "8.12.0",
-      "resolved": "https://registry.npmjs.org/ws/-/ws-8.12.0.tgz",
-      "integrity": "sha512-kU62emKIdKVeEIOIKVegvqpXMSTAMLJozpHZaJNDYqBjzlSYXQGviYwN1osDLJ9av68qHd4a2oSjd7yD4pacig==",
+      "version": "8.14.2",
+      "resolved": "https://registry.npmjs.org/ws/-/ws-8.14.2.tgz",
+      "integrity": "sha512-wEBG1ftX4jcglPxgFCMJmZ2PLtSbJ2Peg6TmpJFTbe9GZYOQCDPdMYu/Tm0/bGZkw8paZnJY45J4K2PZrLYq8g==",
       "requires": {}
     },
     "y18n": {

test/package.json

@@ -9,10 +9,10 @@
   "author": "",
   "license": "ISC",
   "dependencies": {
-    "chromedriver": "^112.0.0",
+    "chromedriver": "^120.0.0",
     "expect.js": "^0.3.1",
     "mocha": "^10.2.0",
-    "selenium-webdriver": "^4.8.2",
-    "superagent": "^8.0.9"
+    "selenium-webdriver": "^4.16.0",
+    "superagent": "^8.1.2"
   }
 }

test/test.js

@@ -27,20 +27,20 @@ if (!process.env.USERNAME || !process.env.PASSWORD || !process.env.EMAIL) {
 describe('Application life cycle test', function () {
     this.timeout(0);
 
-    var TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
-    var EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
-    var LOCATION = 'test';
-    var SSH_PORT = 29420;
+    const TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
+    const EXEC_ARGS = { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' };
+    const LOCATION = 'test';
+    const SSH_PORT = 29420;
 
-    var app;
-    var browser;
+    let app, browser;
+    var athenticated_by_oidc = false;
 
-    var repodir = '/tmp/testrepo';
-    var reponame = 'testrepo';
+    const repodir = '/tmp/testrepo';
+    const reponame = 'testrepo';
 
-    var username = process.env.USERNAME;
-    var password = process.env.PASSWORD;
-    var email = process.env.EMAIL;
+    const username = process.env.USERNAME;
+    const password = process.env.PASSWORD;
+    const email = process.env.EMAIL;
 
     before(function () {
         browser = new Builder().forBrowser('chrome').setChromeOptions(new Options().windowSize({ width: 1280, height: 1024 })).build();
@@ -57,6 +57,11 @@ describe('Application life cycle test', function () {
         expect(app).to.be.an('object');
     }
 
+    async function waitForElement(elem) {
+        await browser.wait(until.elementLocated(elem), TIMEOUT);
+        await browser.wait(until.elementIsVisible(browser.findElement(elem)), TIMEOUT);
+    }
+
     function sleep(millis) {
         return new Promise(resolve => setTimeout(resolve, millis));
     }
@@ -94,6 +99,29 @@ describe('Application life cycle test', function () {
         await login('root', 'changeme');
     }
 
+    async function loginOIDC(username, password) {
+        browser.manage().deleteAllCookies();
+        await browser.get(`https://${app.fqdn}/user/login`);
+        await browser.sleep(2000);
+
+
+        await browser.findElement(By.xpath('//a[contains(@class, "openidConnect") and contains(., "Sign in with cloudron")]')).click();
+        await browser.sleep(2000);
+
+        if (!athenticated_by_oidc) {
+            await waitForElement(By.xpath('//input[@name="username"]'));
+            await browser.findElement(By.xpath('//input[@name="username"]')).sendKeys(username);
+            await browser.findElement(By.xpath('//input[@name="password"]')).sendKeys(password);
+            await browser.sleep(2000);
+            await browser.findElement(By.xpath('//button[@type="submit" and contains(text(), "Sign in")]')).click();
+            await browser.sleep(2000);
+
+            athenticated_by_oidc = true;
+        }
+
+        await waitForElement(By.xpath('//img[contains(@class, "avatar")]'));
+    }
+
     async function logout() {
         await browser.get('https://' + app.fqdn);
 
@@ -104,11 +132,9 @@ describe('Application life cycle test', function () {
     }
 
     async function addPublicKey() {
-        var publicKey = fs.readFileSync(__dirname + '/id_rsa.pub', 'utf8');
+        var publicKey = fs.readFileSync(__dirname + '/id_ed25519.pub', 'utf8');
 
-        const sshPage = 'https://' + app.fqdn + '/user/settings/keys';
-
-        await browser.get(sshPage);
+        await browser.get('https://' + app.fqdn + '/user/settings/keys');
 
         await browser.wait(until.elementLocated(By.id('add-ssh-button')), TIMEOUT);
         await browser.findElement(By.id('add-ssh-button')).click();
@@ -116,7 +142,23 @@ describe('Application life cycle test', function () {
         await browser.findElement(By.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
         var button = browser.findElement(By.xpath('//button[contains(text(), "Add Key")]'));
         await browser.executeScript('arguments[0].scrollIntoView(false)', button);
-        await browser.findElement(By.xpath('//button[contains(text(), "Add Key")]')).click();
+        await browser.findElement(By.xpath('//form//button[contains(text(),"Add Key")]')).click();
+
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
+    }
+
+    async function addPublicKeyOld() {
+        var publicKey = fs.readFileSync(__dirname + '/id_ed25519.pub', 'utf8');
+
+        await browser.get('https://' + app.fqdn + '/user/settings/keys');
+
+        await browser.wait(until.elementLocated(By.id('add-ssh-button')), TIMEOUT);
+        await browser.findElement(By.id('add-ssh-button')).click();
+        await browser.findElement(By.id('ssh-key-title')).sendKeys('testkey');
+        await browser.findElement(By.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
+        var button = browser.findElement(By.xpath('//button[contains(text(), "Add Key")]'));
+        await browser.executeScript('arguments[0].scrollIntoView(false)', button);
+        await browser.findElement(By.xpath('//button[contains(text(), "Add Key") and contains(@class, "green")]')).click();
 
         await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "has been added.")]')), TIMEOUT);
     }
@@ -167,11 +209,11 @@ describe('Application life cycle test', function () {
     async function sendMail() {
         await browser.get(`https://${app.fqdn}/admin/config`);
 
-        var button = await browser.findElement(By.xpath('//button[@id="test-mail-btn"]'));
+        var button = await browser.findElement(By.xpath('//button[contains(text(), "Send")]'));
         await browser.executeScript('arguments[0].scrollIntoView(true)', button);
         await browser.findElement(By.xpath('//input[@name="email"]')).sendKeys('test@cloudron.io');
-        await browser.findElement(By.xpath('//button[@id="test-mail-btn"]')).click();
-        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(),"A testing email has been sent to \'test@cloudron.io\'")]')), TIMEOUT);
+        await browser.findElement(By.xpath('//button[contains(text(), "Send")]')).click();
+        await browser.wait(until.elementLocated(By.xpath('//p[contains(text(), "A testing email has been sent")]')), TIMEOUT);
     }
 
     xit('build app', function () { execSync('cloudron build', EXEC_ARGS); });
@@ -183,7 +225,7 @@ describe('Application life cycle test', function () {
     it('can send mail', sendMail);
     it('can logout', logout);
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
 
@@ -199,7 +241,7 @@ describe('Application life cycle test', function () {
 
     it('can restart app', function () { execSync('cloudron restart  --app ' + app.id); });
 
-    xit('can login', login.bind(null, username, password)); // no need to relogin since session persists
+    xit('can login', loginOIDC.bind(null, username, password)); // no need to relogin since session persists
     it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
     it('file exists in repo', fileExists);
@@ -207,7 +249,7 @@ describe('Application life cycle test', function () {
     it('backup app', function () { execSync('cloudron backup create --app ' + app.id, EXEC_ARGS); });
     it('restore app', function () { execSync('cloudron restore --app ' + app.id, EXEC_ARGS); });
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
@@ -221,7 +263,7 @@ describe('Application life cycle test', function () {
     });
     it('can get app information', getAppInfo);
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('displays correct clone url', checkCloneUrl);
     it('can clone the url', cloneRepo);
@@ -249,7 +291,7 @@ describe('Application life cycle test', function () {
     it('can install app', function () { execSync(`cloudron install --appstore-id ${app.manifest.id} --location ${LOCATION} -p SSH_PORT=${SSH_PORT}`, EXEC_ARGS); });
 
     it('can get app information', getAppInfo);
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
     it('can add public key', addPublicKey);
@@ -264,7 +306,7 @@ describe('Application life cycle test', function () {
     it('can send mail', sendMail);
     it('can logout', logout);
 
-    it('can login', login.bind(null, username, password));
+    it('can login', loginOIDC.bind(null, username, password));
     it('can get avatar', checkAvatar);
     it('can clone the url', cloneRepo);
     it('file exists in cloned repo', fileExists);