summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-01-25Store banned IP addresses as plain textLukas Fleischer3-2/+9
Inspired by commit 32c8d0c (Store last login address as plain text, 2016-03-13). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25git-serve: Save last SSH login date and IP addressLukas Fleischer3-1/+24
In addition to logging the last login date and IP address on the web interface, store the time stamp and IP address of the last SSH login in the database. This simplifies user banning if one of the new SSH interface features, such as the voting mechanism implemented in 7ee2fdd (git-serve: Add support for (un-)voting, 2017-01-23), is abused. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25config.proto: Update path to the notification scriptLukas Fleischer1-1/+1
As of commit 3718860 (Make maintenance scripts installable, 2016-10-17), the notification script is installed as aurweb-notify. Update the sample configuration file accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23Show co-maintainers SSH clone URL on package base pageMark Weiman1-1/+1
On package base pages, if a co-maintainer visits, only the read-only URL is displayed which is inconsistent with how the individual packages of a package base's pages displays them. This adds the SSH clone URL to the package base's page for co-maintainers to see. Implements FS#52675. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23t1200: Add tests for vote/unvoteLukas Fleischer1-0/+66
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23git-serve: Add support for (un-)votingLukas Fleischer2-0/+75
Add support for voting for packages and removing votes from the SSH interface. The syntax is `vote <pkgbase>` resp. `unvote <pkgbase>`. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20account.php: Reformat process_account_form() callMark Weiman1-6/+18
Modify the call to process_account_form() to only having one parameter per line. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Update cookie for language setting when editing user informationMark Weiman1-0/+7
Currently, when a user edits their language setting from the edit user form, the changes aren't reflected until the user either lets the original cookie expire, deletes the cookie manually, or changes the language a second time via the dropdown menu on the top of the page. This patch makes the language cookie get updated when it is changed from the edit user form. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Add user set timezonesMark Weiman19-23/+130
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-17Document garbage collection settings for GitLukas Fleischer2-2/+12
Add a note to the Git/SSH interface documentation that we recommend to disable automatic garbage collection and use a maintenance script to cleanup and optimize the Git repository instead. Also, add a reference to the Git/SSH interface documentation to the Git repository setup instructions in INSTALL. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-12INSTALL: Refer to the AUR backend as aurwebLukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-07Increase minimum password length to 8 charactersAlex Muller1-1/+1
There are 95 printable ASCII characters which with a minimum length of 4 gives 95^4 or 81 million possible passwords. Increasing the minimum length to 8 increases the number of possible passwords by a factor of about 10^7. Relates to FS#52297. Signed-off-by: Alex Muller <alex@mullr.net> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-23git-serve: Use Python exceptions for error handlingLukas Fleischer2-79/+131
Make it easier to reuse the helper functions provided by git-serve from another Python script by throwing exceptions instead of terminating the program on errors. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20t1200: Add tests for flag/unflagLukas Fleischer1-0/+63
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20git-serve: Add support for (un-)flagging packagesLukas Fleischer1-0/+70
Add support for flagging or unflagging packages from the SSH interface. The syntax is `flag <pkgbase> <comment>` resp. `unflag <pkgbase>`. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20t1200: Test maintenance modeLukas Fleischer1-0/+11
Add a test case to ensure that enabling the maintenance mode disables the SSH interface. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20notify: Avoid EXCEPT in SQL statementLukas Fleischer1-6/+4
Do not use the EXCEPT clause which is unsupported in MySQL. Instead, use a subquery which is standard-compliant and makes the query easier to read at the same time. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-13Add tests for out-of-date notificationsLukas Fleischer1-0/+33
Make sure that out-of-date notifications are sent to package base maintainers as well as co-maintainers. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-13Send out-of-date notifications to co-maintainersLukas Fleischer1-6/+9
Currently, only package maintainers receive out-of-date notifications for their packages. Add package base co-maintainers to the list of recipients for out-of-date notifications. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-13test/setup.sh: Fix script pathsLukas Fleischer1-5/+5
The scripts were moved to aurweb/scripts/ in commit 3718860 (Make maintenance scripts installable, 2016-10-17). Update the paths in the test suite accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-10Remove extraneous quote in translator.inc.phpMark Weiman1-1/+1
The quote is a leftover of legacy code and was meant to be removed by commit e171f6f (Migrate all DB code to use PDO, 2012-08-08). Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-10Fix DB.class.php to match config and include SQLite supportMark Weiman1-7/+17
In commit baf8a22 (git-interface: Support SQLite as database backend, 2016-08-03), conf/config.proto was changed so that dsn_prefix was changed to backend and this fixes this in web/lib/DB.class.php. Since SQLite's dsn is different, this adds a check of which backend is desired and will quit if MySQL or SQLite are not the backend selected. SQLite2 may be supported, but is untested and will trigger an error if used. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-10Remove all usage of UNIX_TIMESTAMP in web interfaceMark Weiman4-16/+16
UNIX_TIMESTAMP is not part of the SQL standard. Instead, all usage in the web interface is changed to use PHP's time() function. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Release 4.4.1v4.4.1Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Make maintenance scripts installableLukas Fleischer9-0/+9
Add wrappers for the maintenance scripts to the setuptools configuration. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Move configuration to /etc/aurweb/configLukas Fleischer5-6/+7
Since d4fe77a (Reorganize Git interface scripts, 2016-10-08), the key components of the aurweb SSH interface are installed system-wide. Update the default configuration path to point to a central location. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17aurweb/git: Add missing __init__.py fileLukas Fleischer1-0/+0
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Do not show current day if registration date is unknownLukas Fleischer1-0/+4
The registration date field on the account details page currently defaults to the current day if the user's registration date is unknown. To avoid confusion, show "unknown" in these cases instead. Fixes FS#51405. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-15Release 4.4.0v4.4.0Lukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-15Translation updates from TransifexLukas Fleischer29-237/+803
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-11git-serve: Close orphan requests upon disownLukas Fleischer2-1/+66
When disowning a package base via the SSH interface, auto-accept all pending orphan requests for the affected package. Also, add a test case that checks whether (only) orphan requests belonging to disowned packages are closed correctly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-11upgrading/4.4.0.txt: Warn about new scriptsLukas Fleischer1-0/+5
The location of the Git interface wrapper scripts was changed by commit d4fe77a (Reorganize Git interface scripts, 2016-10-08). Add a note to the upgrade instructions to remind users to update their configuration files. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-11git-update: Catch long source URLsLukas Fleischer2-0/+19
Bail out early if the source array contains an entry with more than 8000 characters. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-11Make URL columns 8000 characters wideLukas Fleischer4-4/+33
According to RFC 7230, URLs can be up too 8000 characters long. Resize all URL fields accordingly. Also, add a test to verify that URLs with more than 8000 characters are rejected by the update hook. Reported-by: Andreas Linz <klingt.net@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-08Update message catalogLukas Fleischer1-5/+19
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-08Update .gitignoreLukas Fleischer1-3/+3
Remove obsolete files. Add byte-compiled Python files and test results. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-08Reorganize Git interface scriptsLukas Fleischer12-48/+26
Move the Git interface scripts from git-interface/ to aurweb/git/. Use setuptools to automatically create wrappers which can be installed using `python3 setup.py install`. Update the configuration files, the test suite as well as the INSTALL and README files to reflect these changes. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-08Add clone hints to 404 error pagesLukas Fleischer1-0/+33
When clicking on the linked Git clone URL of a package base, users are faced with a 404 error page since the URL is not supposed to be opened in a web browser. Add some notes to 404 error pages corresponding to Git clone URLs that explain how to use them instead. Fixes FS#51266. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-01git-serve: Support `git {receive,upload}-pack`Lukas Fleischer1-0/+4
Add support for the `git receive-pack` and `git upload-pack` commands which are aliases for git-receive-pack and git-upload-pack, respectively. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-30Update message catalogLukas Fleischer1-2/+11
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29t2200: Check that only non-voters get remindersLukas Fleischer2-0/+31
Add a test to make sure that Trusted Users, who already voted on a proposal, do not receive any reminders. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29Use the notify script in testsLukas Fleischer2-10/+15
Instead of only checking whether the notification script is called with the correct parameters, actually invoke the real notify script and check whether proper notifications are generated. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29tuvotereminder: Wait for notify processesLukas Fleischer1-1/+1
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29Add tests for aurblupLukas Fleischer2-0/+59
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29aurblup: Drop support for multiple serversLukas Fleischer2-3/+3
Support for multiple servers has never been used by the official aurweb setup and the current implementation makes it impossible to use server URIs that contain spaces. For simplicity, change the implementation such that only a single server is supported. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29Add tests for pkgmaintLukas Fleischer2-0/+27
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29scripts: Do not use UNIX_TIMESTAMPLukas Fleischer2-4/+9
Avoid using UNIX_TIMESTAMP which is not part of the SQL standard. See f2a6bd2 (git-interface: Do not use UNIX_TIMESTAMP, 2016-08-05) for related changes. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29Add tests for tuvotereminderLukas Fleischer2-1/+29
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29Add tests for mkpkglistsLukas Fleischer2-0/+52
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29mkpkglists: Make output files configurableLukas Fleischer2-4/+9
Instead of writing the output to hardcoded files (relative to the document root), make the output paths of mkpkglists configurable. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>