summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2017-02-24Use bcrypt to hash passwordsLukas Fleischer5-146/+68
Replace the default hash function used for storing passwords by password_hash() which internally uses bcrypt. Legacy MD5 hashes are still supported and are immediately converted to the new format when a user logs in. Since big parts of the authentication system needed to be rewritten in this context, this patch also includes some simplification and refactoring of all code related to password checking and resetting. Fixes FS#52297. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-24Fix user name in disown notificationsLukas Fleischer1-3/+3
Do not overwrite the $uid variable when updating co-maintainers. Fixes FS#52225. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-23Update message catalogLukas Fleischer1-11/+59
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-23Add security tracker into navbarMorten Linderud2-0/+2
Signed-off-by: Morten Linderud <morten@linderud.pw> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Fix several PHP short open tagsLukas Fleischer7-7/+7
Use "<?=" instead of "<?" for printing. Fixes a regression introduced in a9048bb (Dedupe translatable strings, 2015-11-25). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15pkgbase.php: Add default titleLukas Fleischer1-1/+1
Instead of triggering a PHP warning and using an empty title if no package base is specified, use a default title. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Hide old requests from the dashboardLukas Fleischer2-1/+4
Only show package requests created less than 6 months ago on the dashboard. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-15Add a parameter to skip old requests to pkgreq_list()Lukas Fleischer1-5/+12
Allow for hiding requests which were opened before a given time stamp. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-14Make aurjson error messages consistentMichael Straube1-2/+2
All error messages in aurjson except two end with a period. Add the missing periods to make the messages consistent. Signed-off-by: Michael Straube <straubem@gmx.de> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-12Add direct links to each source fileJanne Heß3-5/+7
Currently, each source file which is an external link (http://, https://, ...) is a clickable link. This commit extends the behaviour by making files from the repository clickable as well. The link brings the user to the corresponding cgit page. Also, the link to the PKGBUILD is altered to make the configuration more consistent. Signed-off-by: Janne Heß <jannehess@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-12Move package search links on the dashboardLukas Fleischer1-2/+4
Move the package search links below the section headings. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Move my packages to separate dashboard sectionsLukas Fleischer1-6/+10
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add requests to dashboardLukas Fleischer1-0/+6
Add a new table which shows all package requests affecting the currently logged in user. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08pkgreq_results.php: Add a flag to hide headersLukas Fleischer2-4/+9
Introduce a new boolean flag that can be used to disable extended headers, pagination and forms. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08pkgreq_results.php: Split out package results boxLukas Fleischer2-120/+120
Do not include the wrapper div container in the template. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add an option to filter by user to pkgreq_list()Lukas Fleischer1-1/+8
When a user is specified, the function only returns package requests which are either opened by the given user or affecting packages maintained by the given user. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add flagged packages to the dashboardLukas Fleischer1-0/+12
Implement a table that shows all packages which are flagged out-of-date and either maintained or co-maintained by the currently logged in user. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Allow to search for both maintainer and co-maintainerLukas Fleischer2-0/+9
As a follow-up to commit 6cb8c04 (Implement co-maintainer search, 2017-01-26), add an option to search for both maintainers and co-maintainers at the same time. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08confparser.inc.php: Support alternative config pathLukas Fleischer1-1/+5
Add a AUR_CONFIG environment variable that can be used to specify an alternative configuration file, similar to the feature introduced in ecbf32f (git-interface: Add AUR_CONFIG environment variable, 2016-08-03). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Add links to all owned packages to the dashboardLukas Fleischer1-2/+2
In addition to showing the 50 most recent maintained and co-maintained packages, add links to all packages one owns or co-maintains. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Return the number of results in pkg_search_page()Lukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-08Hide the table sorting links on the dashboardLukas Fleischer1-8/+27
The tables on the dashboard always show the 50 most recent packages, ordered by last update. Do not make the table headers of these tables clickable. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04Add dashboardLukas Fleischer2-5/+38
For logged in users, the home page is replaced with an overview of the packages the user maintains or co-maintains. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04pkg_search_results.php: Split out package results boxLukas Fleischer2-88/+88
Do not print the wrapper div container when calling pkg_search_page(). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-04Refactor pkg_search_page()Lukas Fleischer3-87/+55
* Pass search parameters using an associative array instead of $_GET. * Add a boolean parameter to enable and disable headers/footers. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-02-03Split out the search form from pkg_search_page()Lukas Fleischer2-3/+2
This makes it easier to display search results without showing the search form. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-28Implement co-maintainer searchLukas Fleischer2-0/+9
Add an option to filter package search results by co-maintainer. Partly fixes FS#45591. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25t1200: Test IP address log and bansLukas Fleischer2-0/+29
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25git-serve: Implement IP address bansLukas Fleischer2-0/+16
Currently, IP address bans affect the web interface only. Make sure they are honored in the SSH interface as well. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25Store banned IP addresses as plain textLukas Fleischer3-2/+9
Inspired by commit 32c8d0c (Store last login address as plain text, 2016-03-13). Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25git-serve: Save last SSH login date and IP addressLukas Fleischer3-1/+24
In addition to logging the last login date and IP address on the web interface, store the time stamp and IP address of the last SSH login in the database. This simplifies user banning if one of the new SSH interface features, such as the voting mechanism implemented in 7ee2fdd (git-serve: Add support for (un-)voting, 2017-01-23), is abused. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25config.proto: Update path to the notification scriptLukas Fleischer1-1/+1
As of commit 3718860 (Make maintenance scripts installable, 2016-10-17), the notification script is installed as aurweb-notify. Update the sample configuration file accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23Show co-maintainers SSH clone URL on package base pageMark Weiman1-1/+1
On package base pages, if a co-maintainer visits, only the read-only URL is displayed which is inconsistent with how the individual packages of a package base's pages displays them. This adds the SSH clone URL to the package base's page for co-maintainers to see. Implements FS#52675. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23t1200: Add tests for vote/unvoteLukas Fleischer1-0/+66
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23git-serve: Add support for (un-)votingLukas Fleischer2-0/+75
Add support for voting for packages and removing votes from the SSH interface. The syntax is `vote <pkgbase>` resp. `unvote <pkgbase>`. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20account.php: Reformat process_account_form() callMark Weiman1-6/+18
Modify the call to process_account_form() to only having one parameter per line. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Update cookie for language setting when editing user informationMark Weiman1-0/+7
Currently, when a user edits their language setting from the edit user form, the changes aren't reflected until the user either lets the original cookie expire, deletes the cookie manually, or changes the language a second time via the dropdown menu on the top of the page. This patch makes the language cookie get updated when it is changed from the edit user form. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-20Add user set timezonesMark Weiman19-23/+130
Currently, aurweb displays all dates and times in UTC time. This patch adds a capability for each logged in user to set their preferred timezone. Implements FS#48729. Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-17Document garbage collection settings for GitLukas Fleischer2-2/+12
Add a note to the Git/SSH interface documentation that we recommend to disable automatic garbage collection and use a maintenance script to cleanup and optimize the Git repository instead. Also, add a reference to the Git/SSH interface documentation to the Git repository setup instructions in INSTALL. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-12INSTALL: Refer to the AUR backend as aurwebLukas Fleischer1-2/+2
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-07Increase minimum password length to 8 charactersAlex Muller1-1/+1
There are 95 printable ASCII characters which with a minimum length of 4 gives 95^4 or 81 million possible passwords. Increasing the minimum length to 8 increases the number of possible passwords by a factor of about 10^7. Relates to FS#52297. Signed-off-by: Alex Muller <alex@mullr.net> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-23git-serve: Use Python exceptions for error handlingLukas Fleischer2-79/+131
Make it easier to reuse the helper functions provided by git-serve from another Python script by throwing exceptions instead of terminating the program on errors. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20t1200: Add tests for flag/unflagLukas Fleischer1-0/+63
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20git-serve: Add support for (un-)flagging packagesLukas Fleischer1-0/+70
Add support for flagging or unflagging packages from the SSH interface. The syntax is `flag <pkgbase> <comment>` resp. `unflag <pkgbase>`. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20t1200: Test maintenance modeLukas Fleischer1-0/+11
Add a test case to ensure that enabling the maintenance mode disables the SSH interface. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20notify: Avoid EXCEPT in SQL statementLukas Fleischer1-6/+4
Do not use the EXCEPT clause which is unsupported in MySQL. Instead, use a subquery which is standard-compliant and makes the query easier to read at the same time. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-13Add tests for out-of-date notificationsLukas Fleischer1-0/+33
Make sure that out-of-date notifications are sent to package base maintainers as well as co-maintainers. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-13Send out-of-date notifications to co-maintainersLukas Fleischer1-6/+9
Currently, only package maintainers receive out-of-date notifications for their packages. Add package base co-maintainers to the list of recipients for out-of-date notifications. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-13test/setup.sh: Fix script pathsLukas Fleischer1-5/+5
The scripts were moved to aurweb/scripts/ in commit 3718860 (Make maintenance scripts installable, 2016-10-17). Update the paths in the test suite accordingly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-10Remove extraneous quote in translator.inc.phpMark Weiman1-1/+1
The quote is a leftover of legacy code and was meant to be removed by commit e171f6f (Migrate all DB code to use PDO, 2012-08-08). Signed-off-by: Mark Weiman <mark.weiman@markzz.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>