| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Only the core functionality is implemented here. See the TODOs.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This column holds a user ID issed by the single sign-on provider. For
Keycloak, it is an UUID. For more flexibility, we will be using a
standardly-sized VARCHAR field.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The install method in Python’s gettext API aliases the translator’s
gettext method to an application-global _(). We don’t use that anywhere,
and it’s clear from aurweb’s Translator interface that we want to
translate a piece of text without affecting any global namespace.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Developers can go to /sso/login to get redirected to the SSO. On
successful login, the ID token is displayed.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
conf/config.dev’s purpose is to provide a lighter configuration template
for developers, and split development-specific options off the default
configuration file.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
aurweb.spawn used to launch only PHP’s built-in server. Now it spawns a
dummy FastAPI application too. Since both stacks spawn their own HTTP
server, aurweb.spawn also spawns nginx as a reverse proxy to mount them
under the same base URL, defined by aur_location in the configuration.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
We are are moving to Gitlab CI.
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This program makes it easier for developers to spawn the PHP server
since it fetches automatically what it needs from the configuration
file, rather than having the user explicitly pass arguments to the php
executable.
When the setup gets more complicated as we introduce Python,
aurweb.spawn will keep providing the same interface, while under the
hood it is planned to support running multiple sub-processes.
Its Python interface provides an way for the test suite to spawn the
test server when it needs to perform HTTP requests to the test server.
The current implementation is somewhat weak as it doesn’t detect when a
child process dies, but this is not supposed to happen often, and it is
only meant for aurweb developers.
In the long term, aurweb.spawn will eventually become obsolete, and
replaced by Docker or Flask’s tools.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Filipe Laíns <lains@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
We usually guard such queries and have both mysql and sqlite branches.
But I have not implemented the sqlite branch. Given sqlite is typically
used for local dev setups, the fact that "users with more than the
configured max simultaneous logins" can avoid getting some logins
annulled is probably not a huge risk.
And this always *used* to fail on sqlite, silently. Now, in php 8, it
raises PDOException, which prevents running the test server
Document this as a FIXME for now, until someone reimplements the query
for sqlite.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Due to missing whitespace at the end of strings during joining, we ended
up with the query fragment
"DelTS IS NULLAND NOT PinnedTS"
which should be
"DelTS IS NULL AND NOT PinnedTS"
So the check for pinned comments > 5 likely always failed.
In php 7, a completely broken query that raises exceptions in the
database engine was silently ignored... in php 8, it raises
Uncaught PDOException: SQLSTATE[HY000]: General error: 1 near "PinnedTS": syntax error in <file>
and aborts the page building. End result: users with permission to pin
comments cannot see any comments, or indeed page content below the first
comment header
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The current package search query is quite poorly optimized and becomes a
resource hog when the offsets gets large enough. This DoSes the service.
A quick fix is to just ensure we have some limit to the number of hits
we return. The current hardcoding of 2500 is based on the following:
* 250 hits per page max
* 10 pages
We can maybe consider having it lower, but it seems easier to just have
this a multiple of 250 in the first iteration.
Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
When using the sendmail() function with smtplib.SMTP or
smtplib.SMTP_SSL, the list of actual recipients for the email (to be
translated to RCPT commands) has to be provided as a parameter.
Update the notification script and add all Cc recipients to that
parameter.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
After f7a57c8 (Localize notification emails, 2018-05-17), the
server.sendmail line was not updated to now send the to the email
address but instead sends to (email, 'en') and as sendmail accepts an
iterable an email is also send to 'en'.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This is the common convention for TAP, and makes harnesses like prove
automatically detect them. Plus, test suites don’t have to be shell
scripts anymore.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This way the database will get stamped, and Git will create the
`versions` directory without which Alembic won’t work.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The new schema was generated with sqlacodegen and then manually adjusted
to fit schema/aur-schema.sql faithfully, both in the organisation of the
code and in the SQL generated by SQLAlchemy.
Initializing the database now requires the new tool aurweb.initdb.
References to aur-schema.sql have been updated and the old schema
dropped.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Addresses FS#65639.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not add an opening <tbody> tag for every row. Instead, wrap all rows
in <tbody></tbody>.
While at it, also simplify the code used to color the rows.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The try_login() function documents it returns an array containing an
'error' key, and our only caller *only* consults the 'error' key. Then
the function returns null instead of an array, if the login succeeded!
I question why we bother returning the new SID if we never use it,
surely we could either return the error or return default null. But, for
now, I'm just going to fix it to return what it's actually supposed to,
without changing the API.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
If a db query returned NULL instead of an array, then accessing $row[0]
now throws a warning. The undocumented behavior of evaluating to NULL
is maintained, and we want to return NULL anyway, so add a check for the
value and fall back on the default function return type.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add more options to configure the smtplib implementation for sending
notification emails.
The port can be changed using the new smtp-port option.
Encryption can be configured using smtp-use-ssl and smtp-use-starttls.
Keep in mind that you usually also need to change the port when enabling
either of these options.
Authentication can be configured using smtp-user and smtp-password.
Authentication is disabled if either of these values is empty.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Support mail delivery without a local MTA. Instead, an SMTP server can
now be configured using the smtp-server option in the [notifications]
section. In order to use this option, the value of the sendmail option
must be empty.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
