#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for redirection on logout. We can request <http://localhost:8090/logout?redirect_uri=/archives> with GET method, then click the logout to see the redirection.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7401
#### Does this PR introduce a user-facing change?
```release-note
登出页面支持自定义重定向
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
1. This PR removes duplicate invocations while resolving handler functions of theme.
2. Throw NotFoundException while post was not found.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7409
#### Does this PR introduce a user-facing change?
```release-note
修复访问不存在的分类或者文章页面时始终抛出异常的问题
```
#### What type of PR is this?
/kind feature
#### What this PR does / why we need it:
标签支持根据文章量排序
#### Does this PR introduce a user-facing change?
```release-note
标签支持根据文章量排序
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds SwitchUserGrantedAuthorityMixin into HaloSecurityJackson2Module to fix the deserialization error.
See https://github.com/halo-dev/halo/issues/7406 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7406
#### Does this PR introduce a user-facing change?
```release-note
修复个人中心处可能出现登录设备查询异常的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR makes Argon2 password encoder as default to remove password limit of 72.
Please note that there is no compatibility issue for old passwords.
#### Which issue(s) this PR fixes:
Fixes#7405
#### Special notes for your reviewer:
1. Try to login as admin
2. Create a password having the length of 73 or more for a new user
3. See the result
#### Does this PR introduce a user-facing change?
```release-note
修复无法设置长度超过72个字符的密码的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds therapi-runtime-javadoc dependency and annotationProcessor for api and application projects. After doing that, SpringDoc will introspect Javadoc annotations and comments. See https://springdoc.org/#javadoc-support for more.
For support in plugin, just add an annotationProcessor like below:
```gradle
dependencies {
implementation platform('run.halo.tools.platform:plugin:2.20.8-SNAPSHOT')
compileOnly 'run.halo.app:api'
annotationProcessor 'com.github.therapi:therapi-runtime-javadoc-scribe:0.13.0'
}
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
This PR manually set UTF-8 charset while loading YAML file to fix the problem "java.nio.charset.MalformedInputException: Input length = 1".
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6937
Fixes https://github.com/orgs/halo-dev/discussions/7375
#### Does this PR introduce a user-facing change?
```release-note
修复 Windows 下可能无法正常初始化的问题
```
### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
In PR <https://github.com/halo-dev/halo/pull/7371>, I used strong secure random to generate metadata name, but the random may cause system block in some specific environments. See https://github.com/orgs/lxware-dev/discussions/13#discussioncomment-12907298 for more.
So this PR revert the use of strong secure random.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR use secure-strong SecureRandom to generate unpredictable metadata name. Meanwhile, the length of generate name suffix is increased to `8` and lower-case is to prevent data conflicts caused by database case sensitivity as possible.
Another improvement is using bounded-elastic thread to run the method `secureString()#nextAlphanumeric` because the method contains blocking operation, which might cause system block.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR removes application startup steps buffer to reduce memory usage.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR disables CSRF check for PAT authentication because the authentication won't pass any cookies to server.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for impersonating other users for super admin.
1. Login as super admin
2. Request `POST /login/impersonate?username=xxx` and the current user should be xxx
3. Request `POST /logout/impersonate` and the current user should be super admin
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/milestone 2.20.x
#### What this PR does / why we need it:
文章访问路径支持设置 `/categories/{categorySlug}/{postSlug}` 的形式
#### Which issue(s) this PR fixes:
Fixes#7330
#### Does this PR introduce a user-facing change?
```release-note
文章访问路径支持设置 `/categories/{categorySlug}/{postSlug}` 的形式
```
#### What type of PR is this?
/kind bug
#### What this PR does / why we need it:
修复 postFinder.list() 传参 categoryName 查询不到子类文章
#### Which issue(s) this PR fixes:
Fixes#7296
#### Does this PR introduce a user-facing change?
```release-note
修复 postFinder.list() 的 categoryName 参数无效的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors UserScopedPatHandlerImpl with PAT service to make PAT operations flexible.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/area theme
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for sec:authorize attribute of Thymeleaf which is not supported yet. See https://github.com/halo-dev/halo/issues/7316 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7316
#### Does this PR introduce a user-facing change?
```release-note
完善主题模板判断用户角色等功能
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR fixes the NPE while post content is null. See https://github.com/halo-dev/halo/issues/7320 for more.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7320
#### Does this PR introduce a user-facing change?
```release-note
修复通过接口创建文章可能导致无法发布和删除的问题
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR allows users to upload local attachment always with a random filename to simply prevent resource leak.
Please see the configuration and the uploaded result below:
```json
{
"spec": {
"displayName": "halo.run-ykfswxmokpjopvkqwybghazloxeovgae.cer",
"policyName": "attachment-policy-XVdDK",
"ownerName": "admin",
"mediaType": "application/pkix-cert",
"size": 1803
},
"status": {
"permalink": "/upload/random/halo.run-ykfswxmokpjopvkqwybghazloxeovgae.cer"
},
"apiVersion": "storage.halo.run/v1alpha1",
"kind": "Attachment",
"metadata": {
"finalizers": [
"attachment-manager"
],
"name": "44b4c8de-0d3b-4bbb-acc2-4af50175a2b5",
"annotations": {
"storage.halo.run/local-relative-path": "upload/random/halo.run-ykfswxmokpjopvkqwybghazloxeovgae.cer",
"storage.halo.run/uri": "/upload/random/halo.run-ykfswxmokpjopvkqwybghazloxeovgae.cer"
},
"version": 2,
"creationTimestamp": "2025-03-18T15:53:11.817541483Z"
}
}
```
#### Does this PR introduce a user-facing change?
```release-note
支持上传附件至本地时总是随机命名文件名
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds timeout for blocking Extension client to prevent system from blocking without any error.
#### Which issue(s) this PR fixes:
Recently, we have received several issues about getting stuck in creating menu items. Please refer to the key threaddump detail:
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
撤回对插件类加载顺序的改动这可能导致破坏性更新
同时,不在考虑修改加载顺序问题,由于社区版和专业版引入的依赖不同插件无法以社区版为依赖基准保证功能在专业版也可用,举个例子:
1. 插件引入了 okhttp4 作为依赖,这可能是插件引入的依赖所附带的
2. 在社区版没有问题,插件开发者也是这么测试的
3. 但是在专业版中引入了 okhttp3 作为依赖,此时插件在专业版就不可用了因为插件依赖了 okhttp4 的功能
通过上述问题就导致了不可预知的问题
#### Does this PR introduce a user-facing change?
```release-note
撤回对插件类加载顺序的改动这可能导致破坏性更新
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
Add favicon to login page
#### Which issue(s) this PR fixes:
Fixes#7287
#### Special notes for your reviewer:
#### Does this PR introduce a user-facing change?
```release-note
为登录相关的页面添加 Favicon
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
支持禁用主题预览功能,但拥有主题管理权限的用户不受此功能影响
#### Which issue(s) this PR fixes:
Fixes#7204
#### Does this PR introduce a user-facing change?
```release-note
支持禁用主题预览功能,但拥有主题管理权限的用户不受此功能影响
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR turns off the logging of TemplateEngine to prevent too many annoying and useless logs.
Please note that the TemplateExceptions won't be eat up because we have a global error handler to log them.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/4468
#### Special notes for your reviewer:
Steps to verify:
- Start Halo instance
- Execute command `ab -c 100 -n 10000 -H 'Accept: text/html' -H 'Cache-Control: no-cache' http://localhost:8090/` and then press `Ctrl + C` to stop the ab process.
- See the logs of Halo instance.
#### Does this PR introduce a user-facing change?
```release-note
解决日志中出现大量 InterruptedException 异常的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR fixes the pending problem of requesting console and ui pages in dev mode.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7191
#### Special notes for your reviewer:
Steps to reproduce:
- Start ui projects with dev mode by executing command `make -C ui dev`.
- Run Halo instance in dev mode by executing command `./gradlew bootRun --args="--spring.profiles.active=dev"`.
- Try to request <http://localhost:8090/uc> and <http://localhost:8090/console>.
- Try to refresh page by hand and see the result
#### Does this PR introduce a user-facing change?
```release-note
修复开发模式下无法正常进入管理和个人中心页面的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
仅对包含文章权限的用户生成作者页面
#### Which issue(s) this PR fixes:
Fixes#7202
#### Does this PR introduce a user-facing change?
```release-note
仅对包含文章权限的用户生成作者页面
```
#### What type of PR is this?
/kind improvment
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
为自定义页面的图片增加缩略图支持
<img width="1594" alt="image" src="https://github.com/user-attachments/assets/f317d73b-e515-4c3c-83e7-06ef55873a37" />
#### Which issue(s) this PR fixes:
Fixes#7232
#### Does this PR introduce a user-facing change?
```release-note
为自定义页面的图片增加缩略图支持
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
将获取文件名的代码由 `Part.name()` 改为 `FilePart.filename()`。`Part.name()` 在没有覆写 form 时可能无法正确获取到文件的客户端路径。
#### How to test it?
1. 在文章设置 - 附件存储策略 中,设置一个其他的附件存储策略。
2. 测试在富文本编辑器中上传文件是否报错文件类型与后缀不匹配的问题。
#### Which issue(s) this PR fixes:
Fixes#7274
#### Does this PR introduce a user-facing change?
```release-note
解决在默认编辑器中上传文件失败的问题
```
#### What type of PR is this?
/kind cleanup
#### What this PR does / why we need it:
Replaces deprecated functions (`String defaultString(final String str, final String nullDefault)`) with its recommended alternatives
See 29ccc7665f/src/main/java/org/apache/commons/lang3/StringUtils.java (L1635) for more.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
自动生成摘要仅对内容变更时生效
see https://github.com/halo-dev/halo/issues/7193#issuecomment-2581699190 for more details
避免对资源造成浪费如 AI 摘要生成
#### Which issue(s) this PR fixes:
Fixes#7193
#### Does this PR introduce a user-facing change?
```release-note
自动生成摘要仅对内容发生变更时生效
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复主题中声明的通知模板无法被创建的问题
#### Which issue(s) this PR fixes:
Fixes#7195
#### Does this PR introduce a user-facing change?
```release-note
修复主题中声明的通知模板无法被创建的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
卸载主题之后清理模板缓存
此问题是 https://github.com/halo-dev/halo/pull/2970 的遗留问题
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复文件类型限制能通过混合文件类型绕过检测的问题
参考:https://github.com/halo-dev/halo/security/advisories/GHSA-99mc-ch53-pqh9
#### Does this PR introduce a user-facing change?
```release-note
修复文件类型限制能通过混合文件类型绕过检测的问题
```
#### What type of PR is this?
/kind feature
/kind improvement
#### What this PR does / why we need it:
本次PR对系统中用于电子邮件哈希的算法进行了升级。原先使用的是MD5算法,现在替换为了更安全的SHA-256算法。这一变更提高了数据的安全性,降低了电子邮件被破解的风险。
#### Which issue(s) this PR fixes:
未指定具体问题编号,但解决了潜在的安全隐患。
#### Special notes for your reviewer:
在替换哈希算法的过程中,我已经确保了代码的兼容性和性能。建议审查者在合并前进行全面的测试,以确保新算法的正确性和系统的稳定性。
#### Does this PR introduce a user-facing change?
```release-note
增强评论邮箱哈希算法(SHA256)
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
为系统配置获取增加缓存以提高路由和主题模板渲染的速度
#### Special notes for your reviewer:
1. 系统能正确初始化
2. 测试修改系统配置后 http://localhost:8090/actuator/globalinfo 和主题端 `${site}` 是否都是新的
3. 更改了文章路由规则后能正确调整到新的规则
#### Does this PR introduce a user-facing change?
```release-note
为系统配置的获取增加缓存以提高路由和主题模板渲染的速度
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
统一使用同一个 RequestPath 来解析请求信息
#### Does this PR introduce a user-facing change?
```release-note
None
```
What type of PR is this?
/kind feature
What this PR does / why we need it:
This PR modifies the behavior of the "Send" button for sending verification codes. Now, when the button is clicked, it immediately shows a "Sending..." state, improving user experience by providing instant feedback. After a successful request, a countdown is displayed. This makes the process clearer for users and reduces confusion during waiting time.
Which issue(s) this PR fixes:
Fixes#7064
Special notes for your reviewer:
Please review the implementation for consistent UI behavior and ensure no race conditions occur if the button is clicked multiple times quickly.
Does this PR introduce a user-facing change?
Improved user experience for sending verification codes: the button now immediately shows "
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
限制缩略图生成仅针对附件库中的图片,防止任意 URI 的生成行为带来的潜在攻击风险
先 merge #7077 后才能合并此 PR
#### Does this PR introduce a user-facing change?
```release-note
限制缩略图生成仅针对附件库中的图片,防止任意 URI 的生成行为带来的潜在攻击风险
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复可能为因为并发调用缩略图生成导致多次创建缩略图的问题
此 PR 为 #7031 的补充,并且会清理以前重复生成的缩略图记录和文件
#### Does this PR introduce a user-facing change?
```release-note
修复可能为因为并发调用缩略图生成导致多次重复缩略图记录的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
对本地缩略图的原图链接和尺寸增加唯一性检查避免重复
#### Does this PR introduce a user-facing change?
```release-note
对本地缩略图的原图链接和尺寸增加唯一性检查避免重复
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR removes template engine instead of clearing cache of template engine after upgrading theme to resolve incomplete cache clear.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/7056
#### Special notes for your reviewer:
1. Try to install the theme `theme-earth 1.12.0`
2. Request index page and you will see the `上一页` which should be `下一页`
3. Try to upgrade to the theme `theme-earth 1.12.1`
4. Request index page and you should see the `下一页` directly.
#### Does this PR introduce a user-facing change?
```release-note
修复升级主题后语言包未更新的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复新创建的标签在主题端展示关联文章数量为 null 的问题
#### Which issue(s) this PR fixes:
Fixes#7042
#### Does this PR introduce a user-facing change?
```release-note
修复新创建的标签在主题端展示关联文章数量为 null 的问题
```
#### What type of PR is this?
/kind feature
#### What this PR does / why we need it:
This PR adds support for detecting OpenHarmony as a device operating system.
#### Which issue(s) this PR fixes:
Fixes#7039
#### Special notes for your reviewer:
This PR introduces minor changes in the device OS detection logic.
#### Does this PR introduce a user-facing change?
```release-note
新设备登录通知的操作系统名支持展示鸿蒙替代 Unknown
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
隐藏关键通知项设置以避免用户意外禁用而无法收到通知
#### Which issue(s) this PR fixes:
Fixes#6967
#### Does this PR introduce a user-facing change?
```release-note
隐藏关键通知项设置以避免用户意外禁用而无法收到通知
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR rearranges order of security configurers. Especially, SecurityWebFiltersConfigurer has lower priority to configure than other security configurers.
So we can catch internal authentication in plugins.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds support for hooking user creating. Plugin developers can define extension points of `UserPreCreatingHandler` and `UserPostCreatingHandler` to do something else.
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中定义用户创建的前置和后置处理器
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复登录页面路由会被自定义页面覆盖导致无法登录的问题
#### Which issue(s) this PR fixes:
Fixes#6893
#### Does this PR introduce a user-facing change?
```release-note
修复登录页面路由会被自定义页面路由覆盖导致无法登录的问题
```
#### What type of PR is this?
/kind bug
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
修复插件配置可能因为缺少校验导致使用时类型转换失败从而影响 Halo 使用的问题
#### Which issue(s) this PR fixes:
Fixes#6899
#### Does this PR introduce a user-facing change?
```release-note
修复插件配置可能因为缺少校验导致使用时类型转换失败从而影响 Halo 使用的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复使用 `singlePageFinder.list()` 时会提示缺少 spec.deleted 索引的问题
#### Which issue(s) this PR fixes:
Fixes#6919
#### Does this PR introduce a user-facing change?
```release-note
修复使用 `singlePageFinder.list()` 时会提示缺少 spec.deleted 索引的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复登录时切换了其他语言但是登录成功后始终显示中文的问题
此问题为 https://github.com/halo-dev/halo/pull/6891 导致
#### Does this PR introduce a user-facing change?
```release-note
修复登录时切换了其他语言但是登录成功后始终显示中文的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR adds the annotations `@NestedConfigurationProperties` to let Spring Configuration Processor generate fully metadata.
We can execute command `./gradlew :application:compileJava` to generate `application/build/classes/java/main/META-INF/spring-configuration-metadata.json`. If you are using IDEA Ultimate, configuration hints related to Halo will be available.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修正 OpenAPI 的分组匹配规则 之前有很多 PublicAPIs 没有出现在对应的组
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR excludes console and uc assets in security configuration to make them access by anonymous users.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6908
#### Special notes for your reviewer:
```bash
http http://localhost:8090/uc/assets/index-E-uvwInx.css -ph
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: no-cache
Content-Encoding: gzip
Content-Length: 26213
Content-Type: text/css
Vary: Accept-Encoding
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复在低版本 Safari 浏览器中,注册表单中的按钮高度溢出的问题。
#### Which issue(s) this PR fixes:
Fixes#6910
#### Does this PR introduce a user-facing change?
```release-note
修复在低版本 Safari 浏览器中,注册表单中的按钮高度溢出的问题。
```
<!-- Fuck Safari -->
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
将 MySQL 的表创建脚本 name 列字符集改为 utf8mb4_bin 以使其对大小写敏感
Fixes https://github.com/halo-dev/halo/issues/4372
**how to test it?**
使用 docker 运行 MySQL
```shell
# mariadb 同样将镜像改为 mariadb 后执行相同步骤
docker run --name mysql-test -e MYSQL_ROOT_PASSWORD=root -e MYSQL_DATABASE=halo -p 3306:3306 --rm -d mysql:latest
```
然后执行表创建脚本并手动执行以下两条 SQL 能成功插入
```sql
insert into extensions(name,data,version) values('a', 'a', 0)
insert into extensions(name,data,version) values('A', 'A', 0)
```
#### Does this PR introduce a user-facing change?
```release-note
修改 MySQL 表创建脚本 name 列的字符集使其大小写敏感以解决可能会遇到切换数据库时因为数据冲突而无法导入备份的问题(这只对此版本及之后的新用户有效)
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复非 HTTPS 连接下无法记住用户语言偏好的问题
#### Which issue(s) this PR fixes:
Fixes#6888
#### Does this PR introduce a user-facing change?
```release-note
修复非 HTTPS 连接下无法记住用户语言偏好的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors sign up data binding using internal `bind` method in `ServerRequest` instead of binding my hand. It's more convenient and simpler.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR appends query `method=local` after redirection location in authentication failure handler to redirect to login page with local method.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6894
#### Does this PR introduce a user-facing change?
```release-note
修复非默认登录方式登录失败之后跳转至默认登录方式的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复从旧版本升级到 2.20 会因为默认主题目录已经存在而无法初始化的问题
#### Which issue(s) this PR fixes:
Fixes#6887
#### Does this PR introduce a user-facing change?
```release-note
修复从旧版本升级到 2.20 会因为默认主题目录已经存在而无法初始化的问题
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR exposes ReactiveUserDetailsService to authentication plugins.
#### Does this PR introduce a user-facing change?
```release-note
支持在插件中使用 ReactiveUserDetailsService
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
Bump app store plugin to 1.6.0
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR makes PAT configuration standalone and removes unused configuration related with `JWT`.
After this, we can define additional authentications in plugins with correct configuration order.
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind feature
/area plugin
/milestone 2.20.x
#### What this PR does / why we need it:
This PR exposes user and role services into plugins. Some authentication plugins may interact with users and users' roles.
#### Does this PR introduce a user-facing change?
```release-note
允许在插件中使用 UserService 和 RoleService
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复由 #6680 导致的插件模板处理扩展中无法获取到请求上下文的问题
#6680 修复了插件可以在模板处理扩展中通过请求上下文获取到 Halo 的 ApplicationContext 的问题
但这也引入了新的问题就是导致模板处理扩展无法获取到请求上下文,此 PR 通过判断传递给插件的 ITemplateContext 是否为 IWebContext,如果是则包装为 SecureTemplateWebContext 传递给插件,以解决此问题
#### Which issue(s) this PR fixes:
Fixes#6875
#### Does this PR introduce a user-facing change?
```release-note
修复插件模板处理扩展中无法获取到请求上下文的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR refactors check of whether the current user is a real user to fix the problem of not being able to create PAT for OAuth2 user.
#### Does this PR introduce a user-facing change?
```release-note
修复通过 OAuth2 登录之后无法正常创建和恢复个人令牌的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR corrects typo of `apisGroups` to `apiGroups` to fix the problem of not being able to disconnect OAuth2 user.
#### Special notes for your reviewer:
0. Install OAuth2 plugin
1. Log in as a normal user
2. Bind a OAuth2 user
3. Try to unbind it
#### Does this PR introduce a user-facing change?
```release-note
修复无法正常解绑 OAuth2 用户
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复初始化 Halo 之后无法进入登录页面的问题
此问题原因是更改了 AuthProvider 的逻辑,当系统启动之后缺少默认的登录方式导致登录页面无法正确渲染
此 PR 将确保默认的登录方式始终存在来解决此问题
how to test it?
重新初始化 Halo 之后能正确渲染登录页面并登录即为符合预期
#### Does this PR introduce a user-facing change?
```release-note
修复初始化 Halo 之后无法进入登录页面的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR ignores URI fragment while removing redirect URI. Before that, users may be redirected to previous redirect URI that contains fragment.
#### Does this PR introduce a user-facing change?
```release-note
修复二次登录后重定向跳转至旧地址的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
恢复 https://github.com/halo-dev/halo/pull/6846 中删除的 SystemSetting.AuthProvider#enabled 字段避免插件应用到了它可能会发生错误,将其标记为过时
#### Does this PR introduce a user-facing change?
```release-note
None
```
* refactor: auth provider sorting logic for better maintainability and clarity
* Refine UI
* chore: remove other auth type
* Remove other auth providers
---------
Co-authored-by: Ryan Wang <i@ryanc.cc>
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
注册表单发送邮箱验证码时,支持显示来自后端的异常。
<img width="693" alt="image" src="https://github.com/user-attachments/assets/78d1d793-7673-4442-9b0b-1eb7c4d91ebd">
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复首次初始化之后,个人中心使用的附件存储策略没有默认值的问题。
#### Which issue(s) this PR fixes:
Fixes#6834
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/area core
/kind bug
/milestone 2.20.x
#### What this PR does / why we need it:
修复初始化登录之后,没有正确重定向到 /console 的问题。
#### Which issue(s) this PR fixes:
Fixes#6850
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR fills operation ID while building setup route to prevent errors when generating OpenAPI docs.
```java
2024-10-13T22:09:46.997+08:00 ERROR 68966 --- [ parallel-4] a.w.r.e.AbstractErrorWebExceptionHandler : [88654f05-3] 500 Server Error for HTTP GET "/v3/api-docs/apis_aggregated.api_v1alpha1"
java.lang.IllegalStateException: You should either fill, the Operation or at least the bean class and the bean method
at org.springdoc.core.fn.builders.operation.Builder.build(Builder.java:467) ~[springdoc-openapi-starter-common-2.6.0.jar:2.6.0]
Suppressed: reactor.core.publisher.FluxOnAssembly$OnAssemblyException:
```
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/milestone 2.20.x
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
忽略预设插件安装时的错误避免无法初始化
可能因为没有预先 download 预设插件到项目目录而发生 IO 异常影响初始化流程
#### Does this PR introduce a user-facing change?
```release-note
None
```
#### What type of PR is this?
/kind improvement
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
修复竖向图片生成缩略图后会丢失方向信息展示为横向图片的问题
#### Which issue(s) this PR fixes:
Fixes#6802
#### Does this PR introduce a user-facing change?
```release-note
修复竖向图片生成缩略图后会丢失方向信息展示为横向图片的问题
```
#### What type of PR is this?
/kind bug
/area core
/milestone 2.20.x
#### What this PR does / why we need it:
This PR preserves `remember-me` option after authentication failure.
#### Which issue(s) this PR fixes:
Fixes https://github.com/halo-dev/halo/issues/6835
#### Special notes for your reviewer:
1. Go to login page
2. Input invalid username or password and select `remember-me` option
3. Click `Login` button
4. See the result
#### Does this PR introduce a user-facing change?
```release-note
修复登录失败后记住我选项被重置的问题
```
#### What type of PR is this?
/area core
/kind improvement
/milestone 2.20.x
#### What this PR does / why we need it:
优化登录等页面的 UI,主要优化低分屏下的 UI 表现,防止元素过大。
#### Does this PR introduce a user-facing change?
```release-note
优化登录等页面的 UI,优化低分屏下的 UI 表现,防止元素过大。
```
John Niang