Age | Commit message (Collapse) | Author | Files | Lines |
|
Mention both the package base name and the request type in the subject
of request closure notification.
Implements FS#41607.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently we hardcode the architectures the official repos historically
supported, which seems both inefficient because of hardcoding, and
simply wrong, because many packages support various ARM platforms too.
If we were to say "only officially supported arches will be supported in
the AUR" we'd have to disable i686, which seems silly and arbitrarily
restrictive. Also there's better places to implement such a blacklist
(via die_commit in the main loop, via a config option to list supported
arches, would make much more sense in terms of logic).
As for the metadata extraction itself, there's no reason to hardcode the
arches to check for at all. We can get this information too, from the
.SRCINFO itself. Detecting this dynamically is not incompatible with a
blacklist, should we ever decide to implement such a thing.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
User modern Python format() strings with curly braces. Also, convert all
placeholders to named arguments. This allows translators to reorder
messages.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add support for translating notification emails and send localized
notifications, based on the user's language preferences. Also, update
the translations Makefile to add strings from the notification script
to the message catalog.
Implements FS#31850.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Reimplement most of the notification script logic. Create a separate
class for each notification type. Each class provides methods for
generating the list of recipients, the message subject, the message
body, the references to add at the end of the message and the message
headers. Additionally, a method for sending notification emails is
provided.
One major benefit of the new implementation is that both the generation
of recipients and message contents are much more flexible. For example,
it is now easily possible to make user-specific adjustments to every
single notification of a batch.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Check that for all kinds of notifications, the generated messages match
what we expect.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Make sure we are consistent with not adding newlines at the end of
notification emails.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The each() function has been deprecated as of PHP 7.2.0. Use foreach
loops instead.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Fixes a regression introduced in 0ffa067 (Use a link to accept orphan
requests, 2018-05-10).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Fixes a regression introduced in 97c5bce (config: allow reading both the
defaults file and the modified config, 2018-04-15).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Fixes a regression introduced in 97c5bce (config: allow reading both the
defaults file and the modified config, 2018-04-15).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, a form is used instead of a link. This forwards to a
confirmation page, and currently drops the "via" parameter in the
process.
As a result, accepted orphan requests usually show:
Request #XXXXXX has been accepted automatically by the Arch User
Repository package request system:
The user YYYYYYY disowned the package.
This is wrong, and should show (will show, if you manually add it or use
the close button instead of the accept button):
Request #XXXXXX has been rejected by YYYYYYY [1]:
Fixes FS#56606.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a script to periodically remove old IP addresses from the users
database.
The login IP addresses are stored for spam protection and to prevent
from abuse. It is quite unlikely that we ever need the IP address of a
user whose last login is more than a week old. It makes sense to remove
such IP addresses to protect our users' privacy.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Four years just passed in the blink of an eye :)
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In the process, rename config.proto to config.defaults (because that is
what it is now).
Also use dict.get('key', default_value) when querying os.environ, rather
than an if block, as it is more pythonic/readable/concise, and reduces
the number of dict lookups.
This change allows aurweb configuration to be done via either:
- copying config.defaults to config and modifying values
- creating a new config only containing modified values, next to a
config.defaults containing unmodified values
The motivation for this change is to enable ansible configuration in our
flagship deployment by storing only changed values, and deferring to
config.defaults otherwise.
A side benefit is, it is easier to see what has changed by inspecting
only the site configuration file.
If a config.defaults file does not exist next to $AUR_CONFIG or in
$AUR_CONFIG_DEFAULTS, it is ignored and *all* values are expected to
live in the modified config file.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
When sanitizing rendered comments, keep <hr> tags and <br> tags. The
former are generated when using "---" in Markdown comments, the latter
are used when putting two spaces at the end of a line.
Fixes FS#56649.
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Change the defines to config_get and add one cache option and one option
to define memcache_servers. Mention the required dependency to get
memcached working in the INSTALL file.
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Jelle van der Waa <jelle@vdwaa.nl>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
It is now possible to search for packages that depend on a given package,
for instance:
/rpc/?v=5&type=search&by=depends&arg=ocaml
It is similarly possible to match on "makedepends", "checkdepends" and
"optdepends".
Signed-off-by: Baptiste Jonglez <git@bitsofnetworks.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Implements FS#53832.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This allows us to prevent users from hammering the API every few seconds
to check if any of their packages were updated. Real world users check
as often as every 5 or 10 seconds.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
For some reason, running the SELECT .. WHERE .. OR .. query takes e.g.
58ms on a randomly generated db for some dependency name. Splitting the
OR into two dedicated queries and UNIONing the result takes only 0.42ms.
On the Arch Linux installation, searching for the providers of e.g.
mongodb takes >=110ms when not cached by the query cache. The new query
takes <1ms even when not cached.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
To people unfamiliar with the code, it is not obvious that
the pdo_* PHP extensions must be enabled.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
git/auth is run as an AutherizedKeysCommand which does not get the
environment variables passed to it, so AUR_OVERWRITE always got
hard-set to '0' by it. Instead we need to perform the actual privilege
check in git/update instead.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In commit 8c98db0b82cc85a4498589e5d60299fefd93b421 support was added for
package co-maintainers to pin comments in addition to maintainers.
Due to a typo, the SQL query was reset halfway through and only added
the co-maintainer IDs to the list of allowed users.
Fixes FS#56783.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Since commit 4efba18 (Only allow valid HTTP(s) URLs as home page,
2017-11-05), the home page field in the account settings must be a valid
URL. However, this new check prevents from leaving the field empty. Keep
the check in place but skip it if the home page field is left empty.
Fixes FS#56550.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This partially fixes FS#56472.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Automatically detect references to Flyspray bug reports in comments and
convert them to links to the Arch Linux bug tracker.
Implements FS#52008.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
A bug introduced in commit 7d7e079 (Hide the table sorting links on the
dashboard, 2017-02-04) resulted in multiple clicks on a table heading in
the package search results table no longer having any effect, instead of
changing the sorting order. Fix this by removing erroneous spaces from
the GET parameters in the search URL.
Fixes FS#56261.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Implements FS#56255.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Replace special characters in the referer GET parameter using
htmlspecialchars() before inserting it into the login form fields to
prevent from XSS attacks.
Fixes FS#55286.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The home page specified in the account settings is converted to a
clickable link on the user's profile. Make sure it is a valid URL which
uses the http or https scheme.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not allow to render aurweb pages in a frame to protect against
clickjacking.
Fixes FS#56168.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a Travis CI configuration file to setup a test environment with all
the required dependencies and run the test suite.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Use `/usr/bin/env python3` instead of `/usr/bin/python3` in the shebang
of Python scripts. This adds support for non-standard Python interpreter
paths such as the paths used in virtualenv environments.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Since c5302d3 (Require TUs to explicitly request to overwrite a pkgbase,
2017-07-24), non-fast-forward pushes require setting the AUR_OVERWRITE
environment variable. Make sure that git-auth passes this variable to
git-serve when it should (and does not pass it if it shouldn't).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a missing space to the SQL statement performing the disown
operation.
Fixes FS#55068.
Note that the broken query was not discovered by the test suite since
SQLite parses "?AND" inside prepared statements gracefully while MySQL
does not.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Since commit c5302d3 (Require TUs to explicitly request to overwrite a
pkgbase, 2017-07-24), non-fast-forward pushes are denied even for
Trusted Users, unless the AUR_OVERWRITE environment variable is set.
Mark the test case performing a non-fast-forward push from a TU
account as test_must_fail and add another test case performing the
same operation with AUR_OVERWRITE=1.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|