summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2020-04-05Fix PHP notices in the account formorigin/liveLukas Fleischer1-5/+5
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-04-05Fix invalid session ID checkLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-03-27Release 5.0.0v5.0.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-03-27Add new upgrade instructionsLukas Fleischer1-0/+8
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-03-27Translation updates from TransifexLukas Fleischer2-282/+282
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-03-22Map BIGINT to INTEGER for SQLiteFrédéric Mangano-Tarumi1-0/+11
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-29Write test/README.md to help working with testsFrédéric Mangano-Tarumi1-0/+37
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-29test/Makefile: Run tests with prove when availableFrédéric Mangano-Tarumi1-0/+7
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-29Support running tests from any directoryFrédéric Mangano-Tarumi11-13/+12
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-27Change the extension of TAP test suites to .tFrédéric Mangano-Tarumi11-1/+1
This is the common convention for TAP, and makes harnesses like prove automatically detect them. Plus, test suites don’t have to be shell scripts anymore. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-27Disable Alembic support on test databasesFrédéric Mangano-Tarumi2-4/+10
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-27Create an initial Alembic migrationFrédéric Mangano-Tarumi1-0/+24
This way the database will get stamped, and Git will create the `versions` directory without which Alembic won’t work. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-27Set up Alembic for database migrationsFrédéric Mangano-Tarumi8-3/+252
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-27Migrate the database schema to SQLAlchemyFrédéric Mangano-Tarumi10-482/+481
The new schema was generated with sqlacodegen and then manually adjusted to fit schema/aur-schema.sql faithfully, both in the organisation of the code and in the SQL generated by SQLAlchemy. Initializing the database now requires the new tool aurweb.initdb. References to aur-schema.sql have been updated and the old schema dropped. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-27Properly escape passwords in the account edit formLukas Fleischer1-2/+2
Addresses FS#65639. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-26Fix HTML code in the account search results tableLukas Fleischer1-15/+5
Do not add an opening <tbody> tag for every row. Instead, wrap all rows in <tbody></tbody>. While at it, also simplify the code used to color the rows. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-26README.md: add references to TransifexLukas Fleischer1-0/+8
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-26README.md: fix a small typoYaron Shahrabani1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-13Fix more PHP 7.4 warningsEli Schwartz1-0/+1
The try_login() function documents it returns an array containing an 'error' key, and our only caller *only* consults the 'error' key. Then the function returns null instead of an array, if the login succeeded! I question why we bother returning the new SID if we never use it, surely we could either return the error or return default null. But, for now, I'm just going to fix it to return what it's actually supposed to, without changing the API. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-13Fix PHP 7.4 warningsEli Schwartz2-8/+24
If a db query returned NULL instead of an array, then accessing $row[0] now throws a warning. The undocumented behavior of evaluating to NULL is maintained, and we want to return NULL anyway, so add a check for the value and fall back on the default function return type. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-11Use relative URIs for {source_file,log,commit}_uriLukas Fleischer1-3/+3
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-11Make SMTP port and authentication configurableLukas Fleischer2-1/+24
Add more options to configure the smtplib implementation for sending notification emails. The port can be changed using the new smtp-port option. Encryption can be configured using smtp-use-ssl and smtp-use-starttls. Keep in mind that you usually also need to change the port when enabling either of these options. Authentication can be configured using smtp-user and smtp-password. Authentication is disabled if either of these values is empty. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-11Support smtplib for sending emailsLukas Fleischer2-5/+20
Support mail delivery without a local MTA. Instead, an SMTP server can now be configured using the smtp-server option in the [notifications] section. In order to use this option, the value of the sendmail option must be empty. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-11Update README and convert to Markdown syntaxLukas Fleischer1-26/+8
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-10Translation updates from TransifexLukas Fleischer29-980/+4002
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02rendercomment: use python-markdown's new registration APIFrédéric Mangano-Tarumi2-6/+10
First, this gets rid of the deprecation warnings Python displayed. Second, this fixes the case where a link contained a pair of underscores, which used to be interpreted as an emphasis because the linkify processor ran after the emphasis processor. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02rendercomment: test headings loweringFrédéric Mangano-Tarumi1-0/+26
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02rendercomment: safer Flyspray task linkificationFrédéric Mangano-Tarumi2-7/+40
When an FS#123 is part of a code block, it must not be converted into a link. FS#123 may also appear inside an URL, in which case regular linkifaction of URLs must take precedence. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02rendercomment: safer auto-linkification of URLsFrédéric Mangano-Tarumi2-10/+24
Fixes a few edge cases: - URLs within code blocks used to get redundant <> added, breaking bash code snippets like `curl https://...` into `curl <https://...>`. - Links written with markdown's <https://...> syntax also used to get an extra pair of brackets. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02rendercomment: add a test for Git commit linksFrédéric Mangano-Tarumi1-0/+29
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02rendercomment: respectful linkification of Git commitsFrédéric Mangano-Tarumi1-16/+20
Turn the git-commits markdown processor into an inline processor, which is smart enough not to convert Git hashes contained in code blocks or links. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02Update message catalogLukas Fleischer1-21/+125
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02Explain syntax/features in the comments sectionLukas Fleischer1-0/+4
Addresses FS#64983. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02Explain the hide email address settingLukas Fleischer1-5/+9
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02Add support for backup email addressesLukas Fleischer9-14/+47
Support secondary email addresses that can be used to recover an account in case access to the primary email address is lost. Reset keys for an account are always sent to both the primary and the backup email address. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-02-02Add option to send reset key for a given user nameLukas Fleischer2-19/+19
In addition to supporting email addresses in the reset key form, also support user names. The reset key is then sent to the email address in the user's profile. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Update copyright range in the cgit footerLukas Fleischer1-1/+1
2020-01-30Require password when changing account informationLukas Fleischer4-24/+21
Since commits daee20c (Require current password when setting a new one, 2020-01-30) and 8fc8898 (Require password when deleting an account, 2020-01-30), changing a password and deleting an account require the current password. Extend this to all other profile changes. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Require password when deleting an accountLukas Fleischer2-6/+22
Further reduce the attack surface in case of a stolen session ID. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Verify current password against logged in userLukas Fleischer2-7/+6
When changing the password of an account, instead of asking for the old password of the account, ask for the password of the currently logged in user. This allows privileged users to edit other accounts without knowing their passwords. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Undo accidental code additionLukas Fleischer1-1/+0
Rollback an accidental change that sneaked into commit daee20c (Require current password when setting a new one, 2020-01-30). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30t2500: fix test casesLukas Fleischer1-0/+3
Since commit eeaa1c3 (Separate text from footer in notification emails, 2020-01-04), information about unsubscribing from notifications is added in a signature block. Fix the test cases accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Keep signature delimiters intact in notificationsLukas Fleischer1-0/+3
Since commit eeaa1c3 (Separate text from footer in notification emails, 2020-01-04), information about unsubscribing from notifications is added in a signature block. However, the code to format the email body trimmed the RFC 3676 signature delimiter, replacing "-- " by "--". Fix this by adding a special case for signature delimiters. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-30Require current password when setting a new oneLukas Fleischer4-14/+36
Prevent from easily taking over an account by changing the password with a stolen session ID. Fixes FS#65325. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2020-01-06Separate text from footer in notification emailsStephan Springer1-2/+3
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-12-11Copy Git repository URL on clickLukas Fleischer2-4/+30
The Git repository URLs are not meant to be visited using a web browser. Copy the link to the clipboard instead. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-11-24.gitignore: add schema/aur-schema-sqlite.sqlLukas Fleischer1-0/+1
The SQLite schema is generated automatically from the main schema and used in the test suite. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-11-23t2500: fix test case for orphan request notificationsLukas Fleischer1-1/+1
Since commit a66c7fa (notify.py: Use a/an correctly when sending request notifications, 2019-08-09), the body of notification emails sent when filing orphan requests refers to "an orphan request" instead of "a orphan request". Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-11-23Store timestamp and user ID when closing requestsLukas Fleischer5-6/+21
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-11-23Don't require all Python database modules to be installedLukas Fleischer1-2/+9
We support multiple database backends. Don't require Python modules for all backends to be installed. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>