Age | Commit message (Collapse) | Author | Files | Lines |
|
Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.
Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.
Fixes FS#52297.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not overwrite the $uid variable when updating co-maintainers.
Fixes FS#52225.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Morten Linderud <morten@linderud.pw>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Use "<?=" instead of "<?" for printing.
Fixes a regression introduced in a9048bb (Dedupe translatable strings,
2015-11-25).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of triggering a PHP warning and using an empty title if no
package base is specified, use a default title.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Only show package requests created less than 6 months ago on the
dashboard.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Allow for hiding requests which were opened before a given time stamp.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
All error messages in aurjson except two end with a period. Add the
missing periods to make the messages consistent.
Signed-off-by: Michael Straube <straubem@gmx.de>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, each source file which is an external link (http://,
https://, ...) is a clickable link.
This commit extends the behaviour by making files from the repository
clickable as well. The link brings the user to the corresponding cgit
page.
Also, the link to the PKGBUILD is altered to make the configuration more
consistent.
Signed-off-by: Janne Heß <jannehess@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Move the package search links below the section headings.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a new table which shows all package requests affecting the currently
logged in user.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Introduce a new boolean flag that can be used to disable extended
headers, pagination and forms.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not include the wrapper div container in the template.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
When a user is specified, the function only returns package requests
which are either opened by the given user or affecting packages
maintained by the given user.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Implement a table that shows all packages which are flagged out-of-date
and either maintained or co-maintained by the currently logged in user.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
As a follow-up to commit 6cb8c04 (Implement co-maintainer search,
2017-01-26), add an option to search for both maintainers and
co-maintainers at the same time.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a AUR_CONFIG environment variable that can be used to specify an
alternative configuration file, similar to the feature introduced in
ecbf32f (git-interface: Add AUR_CONFIG environment variable,
2016-08-03).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In addition to showing the 50 most recent maintained and co-maintained
packages, add links to all packages one owns or co-maintains.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The tables on the dashboard always show the 50 most recent packages,
ordered by last update. Do not make the table headers of these tables
clickable.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
For logged in users, the home page is replaced with an overview of the
packages the user maintains or co-maintains.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not print the wrapper div container when calling pkg_search_page().
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
* Pass search parameters using an associative array instead of $_GET.
* Add a boolean parameter to enable and disable headers/footers.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This makes it easier to display search results without showing the
search form.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add an option to filter package search results by co-maintainer.
Partly fixes FS#45591.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, IP address bans affect the web interface only. Make sure they
are honored in the SSH interface as well.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Inspired by commit 32c8d0c (Store last login address as plain text,
2016-03-13).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In addition to logging the last login date and IP address on the web
interface, store the time stamp and IP address of the last SSH login in
the database.
This simplifies user banning if one of the new SSH interface features,
such as the voting mechanism implemented in 7ee2fdd (git-serve: Add
support for (un-)voting, 2017-01-23), is abused.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
As of commit 3718860 (Make maintenance scripts installable, 2016-10-17),
the notification script is installed as aurweb-notify. Update the
sample configuration file accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
On package base pages, if a co-maintainer visits, only the read-only URL
is displayed which is inconsistent with how the individual packages of a
package base's pages displays them. This adds the SSH clone URL to the
package base's page for co-maintainers to see.
Implements FS#52675.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add support for voting for packages and removing votes from the SSH
interface. The syntax is `vote <pkgbase>` resp. `unvote <pkgbase>`.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Modify the call to process_account_form() to only having one parameter per
line.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, when a user edits their language setting from the edit user form,
the changes aren't reflected until the user either lets the original cookie
expire, deletes the cookie manually, or changes the language a second time via
the dropdown menu on the top of the page. This patch makes the language cookie
get updated when it is changed from the edit user form.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, aurweb displays all dates and times in UTC time. This patch
adds a capability for each logged in user to set their preferred
timezone.
Implements FS#48729.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a note to the Git/SSH interface documentation that we recommend to
disable automatic garbage collection and use a maintenance script to
cleanup and optimize the Git repository instead.
Also, add a reference to the Git/SSH interface documentation to the Git
repository setup instructions in INSTALL.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
There are 95 printable ASCII characters which with a minimum length of 4
gives 95^4 or 81 million possible passwords. Increasing the minimum
length to 8 increases the number of possible passwords by a factor of
about 10^7.
Relates to FS#52297.
Signed-off-by: Alex Muller <alex@mullr.net>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Make it easier to reuse the helper functions provided by git-serve from
another Python script by throwing exceptions instead of terminating the
program on errors.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add support for flagging or unflagging packages from the SSH interface.
The syntax is `flag <pkgbase> <comment>` resp. `unflag <pkgbase>`.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a test case to ensure that enabling the maintenance mode disables
the SSH interface.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Do not use the EXCEPT clause which is unsupported in MySQL. Instead, use
a subquery which is standard-compliant and makes the query easier to
read at the same time.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Make sure that out-of-date notifications are sent to package base
maintainers as well as co-maintainers.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, only package maintainers receive out-of-date notifications
for their packages. Add package base co-maintainers to the list of
recipients for out-of-date notifications.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The scripts were moved to aurweb/scripts/ in commit 3718860 (Make
maintenance scripts installable, 2016-10-17). Update the paths in the
test suite accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The quote is a leftover of legacy code and was meant to be removed by
commit e171f6f (Migrate all DB code to use PDO, 2012-08-08).
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|