Age | Commit message (Collapse) | Author | Files | Lines |
|
After creating a new account, users need to verify their email address
and set an initial password. Without setting a password, users cannot
use their account on the web interface. However, when logging in via
SSH, we did not check whether the account is verified.
Fix this by only allowing SSH access once a password is set.
Reported-by: Pat Hogan <pathtofile@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
|
|
In commit f3b4c5c (Refactor the notification script, 2018-05-17), the
parameters of the adopt, disown, comaintainer-add and
comaintainer-remove notification modules were accidentally pushed around
without changing the order in the callers. The notify script now expects
to see the userid followed by additional arguments like the pkgbase id.
As a result, some random userid with the same id as the pkgbase, got
sent a notification regarding some package with the same id as the real
user's id.
Fix this by changing the order in every invocation of the aforementioned
modules.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently we hardcode the architectures the official repos historically
supported, which seems both inefficient because of hardcoding, and
simply wrong, because many packages support various ARM platforms too.
If we were to say "only officially supported arches will be supported in
the AUR" we'd have to disable i686, which seems silly and arbitrarily
restrictive. Also there's better places to implement such a blacklist
(via die_commit in the main loop, via a config option to list supported
arches, would make much more sense in terms of logic).
As for the metadata extraction itself, there's no reason to hardcode the
arches to check for at all. We can get this information too, from the
.SRCINFO itself. Detecting this dynamically is not incompatible with a
blacklist, should we ever decide to implement such a thing.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
git/auth is run as an AutherizedKeysCommand which does not get the
environment variables passed to it, so AUR_OVERWRITE always got
hard-set to '0' by it. Instead we need to perform the actual privilege
check in git/update instead.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Use `/usr/bin/env python3` instead of `/usr/bin/python3` in the shebang
of Python scripts. This adds support for non-standard Python interpreter
paths such as the paths used in virtualenv environments.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a missing space to the SQL statement performing the disown
operation.
Fixes FS#55068.
Note that the broken query was not discovered by the test suite since
SQLite parses "?AND" inside prepared statements gracefully while MySQL
does not.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the
block on non-fast-forward commits. While valid in this case, we should
not do so by default, since in at least one case a TU did this without
realizing there was an existing package.
( https://aur.archlinux.org/packages/rtmidi/ )
Switch to using allow_overwrite to check for destructive actions.
Use .ssh/config "SendEnv" on the TU's side and and sshd_config
"AcceptEnv" in the AUR server to specifically request overwrite access.
TUs should use: `AUR_OVERWRITE=1 git push --force`
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This was broken in commit 8914a41db938194efc021f842c89d47ff6b522c9 which
refactored the argument parsing. Instead of checking for at least the
set-keywords command and a pkgbase name, we were checking for *exactly*
the command and pkgbase name, leaving no room for keywords...
As a result, while we could clear the keywords, we could not set them.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Since commit 09cb61a (schema: Remove invalid default values for TEXT
columns, 2017-04-15), the PackageBases.FlaggerComment field no longer
has a default value. Initialize this field explicitly whenever a new row
is added to the PackageBases table.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Split optional dependency descriptions from dependency names before
storing them in the database and use a separate column to store the
descriptions.
This allows us to simplify and optimize the SQL queries in
pkg_dependencies() as well as pkg_required().
Suggested-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Reject commits containing .SRCINFO files without any pkgname entries.
Suggested-by: Bruno Pagani <bruno.n.pagani@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, IP address bans affect the web interface only. Make sure they
are honored in the SSH interface as well.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In addition to logging the last login date and IP address on the web
interface, store the time stamp and IP address of the last SSH login in
the database.
This simplifies user banning if one of the new SSH interface features,
such as the voting mechanism implemented in 7ee2fdd (git-serve: Add
support for (un-)voting, 2017-01-23), is abused.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add support for voting for packages and removing votes from the SSH
interface. The syntax is `vote <pkgbase>` resp. `unvote <pkgbase>`.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Make it easier to reuse the helper functions provided by git-serve from
another Python script by throwing exceptions instead of terminating the
program on errors.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add support for flagging or unflagging packages from the SSH interface.
The syntax is `flag <pkgbase> <comment>` resp. `unflag <pkgbase>`.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
When disowning a package base via the SSH interface, auto-accept all
pending orphan requests for the affected package.
Also, add a test case that checks whether (only) orphan requests
belonging to disowned packages are closed correctly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Bail out early if the source array contains an entry with more than 8000
characters.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
According to RFC 7230, URLs can be up too 8000 characters long. Resize
all URL fields accordingly.
Also, add a test to verify that URLs with more than 8000 characters are
rejected by the update hook.
Reported-by: Andreas Linz <klingt.net@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Move the Git interface scripts from git-interface/ to aurweb/git/. Use
setuptools to automatically create wrappers which can be installed using
`python3 setup.py install`. Update the configuration files, the test
suite as well as the INSTALL and README files to reflect these changes.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|