summaryrefslogtreecommitdiffstats
path: root/aurweb
AgeCommit message (Collapse)AuthorFilesLines
2019-04-28git-auth: deny login if no password has been setLukas Fleischer1-1/+2
After creating a new account, users need to verify their email address and set an initial password. Without setting a password, users cannot use their account on the web interface. However, when logging in via SSH, we did not check whether the account is verified. Fix this by only allowing SSH access once a password is set. Reported-by: Pat Hogan <pathtofile@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-02-08notify: add X-AUR-Reason header to allow conveniently filtering emailsEli Schwartz1-0/+4
Because filtering by matching the sender && regular expressions on the subject is awkward. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2019-01-21aurblup: make provider updates more robustLukas Fleischer1-3/+3
Reverse the order of deletion and addition so that deletion comes first. This prevents corner cases such as failing unique key constraints when a provided package changes from lower case to upper case and the old name is not yet gone. Helped-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2019-01-14Quote MySql 8.0 reserved keywordsFlorian Pritz1-2/+2
Signed-off-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
2018-08-12Fix notifications emails going to the right peopleEli Schwartz1-5/+5
In commit f3b4c5c (Refactor the notification script, 2018-05-17), the parameters of the adopt, disown, comaintainer-add and comaintainer-remove notification modules were accidentally pushed around without changing the order in the callers. The notify script now expects to see the userid followed by additional arguments like the pkgbase id. As a result, some random userid with the same id as the pkgbase, got sent a notification regarding some package with the same id as the real user's id. Fix this by changing the order in every invocation of the aforementioned modules. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-08-06Make the locale directory configurableLukas Fleischer1-1/+4
Add a new configuration option to specify the locale directory to use. This allows the Python scripts to find the translations, even when not being run from the source code checkout. At the same time, multiple parallel aurweb setups can still use different sets of translations. Fixes FS#59278. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-07-09Fix regression in translating anything at allEli Schwartz1-1/+1
In commit 840ee20 (Rename translation resources from aur to aurweb, 2018-07-07) the translations file was renamed but we never actually switched to using the renamed translations. As a result, every single push to the AUR contains the following traceback: remote: Traceback (most recent call last): remote: File "/usr/bin/aurweb-notify", line 11, in <module> remote: load_entry_point('aurweb==4.7.0', 'console_scripts', 'aurweb-notify')() remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/scripts/notify.py", line 541, in main remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/scripts/notify.py", line 69, in send remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/scripts/notify.py", line 56, in get_body_fmt remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/scripts/notify.py", line 192, in get_body remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/l10n.py", line 14, in translate remote: File "/usr/lib/python3.6/gettext.py", line 514, in translation remote: raise OSError(ENOENT, 'No translation file found for domain', domain) remote: FileNotFoundError: [Errno 2] No translation file found for domain: 'aur' Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-20Add package base name in request close notificationsLukas Fleischer1-4/+12
Mention both the package base name and the request type in the subject of request closure notification. Implements FS#41607. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-18git-update: accept any arch in arch-dependent metadataEli Schwartz1-1/+1
Currently we hardcode the architectures the official repos historically supported, which seems both inefficient because of hardcoding, and simply wrong, because many packages support various ARM platforms too. If we were to say "only officially supported arches will be supported in the AUR" we'd have to disable i686, which seems silly and arbitrarily restrictive. Also there's better places to implement such a blacklist (via die_commit in the main loop, via a config option to list supported arches, would make much more sense in terms of logic). As for the metadata extraction itself, there's no reason to hardcode the arches to check for at all. We can get this information too, from the .SRCINFO itself. Detecting this dynamically is not incompatible with a blacklist, should we ever decide to implement such a thing. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-17Use modern format strings in notification messagesLukas Fleischer1-44/+52
User modern Python format() strings with curly braces. Also, convert all placeholders to named arguments. This allows translators to reorder messages. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-17Localize notification emailsLukas Fleischer2-109/+165
Add support for translating notification emails and send localized notifications, based on the user's language preferences. Also, update the translations Makefile to add strings from the notification script to the message catalog. Implements FS#31850. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-17Refactor the notification scriptLukas Fleischer1-393/+429
Reimplement most of the notification script logic. Create a separate class for each notification type. Each class provides methods for generating the list of recipients, the message subject, the message body, the references to add at the end of the message and the message headers. Additionally, a method for sending notification emails is provided. One major benefit of the new implementation is that both the generation of recipients and message contents are much more flexible. For example, it is now easily possible to make user-specific adjustments to every single notification of a batch. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-16notify.py: Do not add stray newlinesLukas Fleischer1-4/+4
Make sure we are consistent with not adding newlines at the end of notification emails. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-05-10Erase login IP addresses after seven daysLukas Fleischer1-0/+22
Add a script to periodically remove old IP addresses from the users database. The login IP addresses are stored for spam protection and to prevent from abuse. It is quite unlikely that we ever need the IP address of a user whose last login is more than a week old. It makes sense to remove such IP addresses to protect our users' privacy. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-04-22config: allow reading both the defaults file and the modified configEli Schwartz1-4/+6
In the process, rename config.proto to config.defaults (because that is what it is now). Also use dict.get('key', default_value) when querying os.environ, rather than an if block, as it is more pythonic/readable/concise, and reduces the number of dict lookups. This change allows aurweb configuration to be done via either: - copying config.defaults to config and modifying values - creating a new config only containing modified values, next to a config.defaults containing unmodified values The motivation for this change is to enable ansible configuration in our flagship deployment by storing only changed values, and deferring to config.defaults otherwise. A side benefit is, it is easier to see what has changed by inspecting only the site configuration file. If a config.defaults file does not exist next to $AUR_CONFIG or in $AUR_CONFIG_DEFAULTS, it is ignored and *all* values are expected to live in the modified config file. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-04-08Allow manual breaks and horizontal lines in commentsLukas Fleischer1-2/+2
When sanitizing rendered comments, keep <hr> tags and <br> tags. The former are generated when using "---" in Markdown comments, the latter are used when putting two spaces at the end of a line. Fixes FS#56649.
2018-03-13notify: Send vote reminders to TUs that are also devsJohannes Löthberg1-1/+1
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2018-01-21Move AUR_OVERWRITE privilege check from git/auth to git/updateJohannes Löthberg2-2/+1
git/auth is run as an AutherizedKeysCommand which does not get the environment variables passed to it, so AUR_OVERWRITE always got hard-set to '0' by it. Instead we need to perform the actual privilege check in git/update instead. Signed-off-by: Johannes Löthberg <johannes@kyriasis.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-11-08Auto-link bug reports in commentsLukas Fleischer1-0/+15
Automatically detect references to Flyspray bug reports in comments and convert them to links to the Arch Linux bug tracker. Implements FS#52008. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-08-25Do not hardcode path to the Python interpreterLukas Fleischer10-10/+10
Use `/usr/bin/env python3` instead of `/usr/bin/python3` in the shebang of Python scripts. This adds support for non-standard Python interpreter paths such as the paths used in virtualenv environments. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-08-08git-serve: Fix broken SQL statementLukas Fleischer1-1/+1
Add a missing space to the SQL statement performing the disown operation. Fixes FS#55068. Note that the broken query was not discovered by the test suite since SQLite parses "?AND" inside prepared statements gracefully while MySQL does not. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-08-01mkpkglists: Generate a list of user namesLukas Fleischer1-0/+7
In addition to the packages list and the package base list, also create a list of registered user names. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-07-25Require TUs to explicitly request to overwrite a pkgbaseEli Schwartz2-1/+4
AUR_PRIVILEGED allows people with privileged AUR accounts to evade the block on non-fast-forward commits. While valid in this case, we should not do so by default, since in at least one case a TU did this without realizing there was an existing package. ( https://aur.archlinux.org/packages/rtmidi/ ) Switch to using allow_overwrite to check for destructive actions. Use .ssh/config "SendEnv" on the TU's side and and sshd_config "AcceptEnv" in the AUR server to specifically request overwrite access. TUs should use: `AUR_OVERWRITE=1 git push --force` Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-07-22Fix setting keywords in the SSH interfaceEli Schwartz1-1/+1
This was broken in commit 8914a41db938194efc021f842c89d47ff6b522c9 which refactored the argument parsing. Instead of checking for at least the set-keywords command and a pkgbase name, we were checking for *exactly* the command and pkgbase name, leaving no room for keywords... As a result, while we could clear the keywords, we could not set them. Signed-off-by: Eli Schwartz <eschwartz@archlinux.org> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-26Support headings in package commentsLukas Fleischer1-2/+18
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-25Explicitly initialize PackageBases.FlaggerCommentLukas Fleischer2-4/+6
Since commit 09cb61a (schema: Remove invalid default values for TEXT columns, 2017-04-15), the PackageBases.FlaggerComment field no longer has a default value. Initialize this field explicitly whenever a new row is added to the PackageBases table. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-24Support fenced code in package commentsLukas Fleischer1-2/+3
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-24Do not keep line breaks in commentsLukas Fleischer1-2/+2
With the new Markdown support, text paragraphs are now properly converted to HTML paragraphs, so we no longer need to keep line breaks. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-24Make references to Git commits clickableLukas Fleischer1-5/+54
Automatically detect Git commit identifiers, shorten them, and make them link to the cgit interface. Implements FS#43290. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-23Reintroduce backwards-compatible hyperlink syntaxLukas Fleischer1-1/+15
Before switching to the new comment rendering script and Markdown, no special syntax was needed to make URLs clickable. Reintroduce this feature and automatically detect links in addition to the hyperlink syntax already supported by Markdown. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-23Add Markdown support to package commentsLukas Fleischer1-3/+5
Support Markdown syntax in package comments. Among other things, this makes it easier to paste command line output and patches. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-23Render comments when storing them in the databaseLukas Fleischer1-0/+35
Instead of converting package comments from plain text to HTML code when they are displayed, do the conversion when the comment is posted and store the rendered result in the database. The conversion itself is done by a Python script which uses Bleach for sanitizing the text. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-19Store dependency descriptions in a separate columnLukas Fleischer1-9/+7
Split optional dependency descriptions from dependency names before storing them in the database and use a separate column to store the descriptions. This allows us to simplify and optimize the SQL queries in pkg_dependencies() as well as pkg_required(). Suggested-by: Florian Pritz <bluewind@xinu.at> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-04-06git-update: Check for missing pkgname entriesLukas Fleischer1-0/+3
Reject commits containing .SRCINFO files without any pkgname entries. Suggested-by: Bruno Pagani <bruno.n.pagani@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25git-serve: Implement IP address bansLukas Fleischer2-0/+16
Currently, IP address bans affect the web interface only. Make sure they are honored in the SSH interface as well. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-25git-serve: Save last SSH login date and IP addressLukas Fleischer1-0/+13
In addition to logging the last login date and IP address on the web interface, store the time stamp and IP address of the last SSH login in the database. This simplifies user banning if one of the new SSH interface features, such as the voting mechanism implemented in 7ee2fdd (git-serve: Add support for (un-)voting, 2017-01-23), is abused. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2017-01-23git-serve: Add support for (un-)votingLukas Fleischer2-0/+75
Add support for voting for packages and removing votes from the SSH interface. The syntax is `vote <pkgbase>` resp. `unvote <pkgbase>`. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-23git-serve: Use Python exceptions for error handlingLukas Fleischer2-79/+131
Make it easier to reuse the helper functions provided by git-serve from another Python script by throwing exceptions instead of terminating the program on errors. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20git-serve: Add support for (un-)flagging packagesLukas Fleischer1-0/+70
Add support for flagging or unflagging packages from the SSH interface. The syntax is `flag <pkgbase> <comment>` resp. `unflag <pkgbase>`. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-12-20notify: Avoid EXCEPT in SQL statementLukas Fleischer1-6/+4
Do not use the EXCEPT clause which is unsupported in MySQL. Instead, use a subquery which is standard-compliant and makes the query easier to read at the same time. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-11-13Send out-of-date notifications to co-maintainersLukas Fleischer1-6/+9
Currently, only package maintainers receive out-of-date notifications for their packages. Add package base co-maintainers to the list of recipients for out-of-date notifications. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Make maintenance scripts installableLukas Fleischer7-0/+622
Add wrappers for the maintenance scripts to the setuptools configuration. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17Move configuration to /etc/aurweb/configLukas Fleischer1-2/+1
Since d4fe77a (Reorganize Git interface scripts, 2016-10-08), the key components of the aurweb SSH interface are installed system-wide. Update the default configuration path to point to a central location. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-17aurweb/git: Add missing __init__.py fileLukas Fleischer1-0/+0
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-11git-serve: Close orphan requests upon disownLukas Fleischer1-1/+43
When disowning a package base via the SSH interface, auto-accept all pending orphan requests for the affected package. Also, add a test case that checks whether (only) orphan requests belonging to disowned packages are closed correctly. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-11git-update: Catch long source URLsLukas Fleischer1-0/+3
Bail out early if the source array contains an entry with more than 8000 characters. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-11Make URL columns 8000 characters wideLukas Fleischer1-2/+3
According to RFC 7230, URLs can be up too 8000 characters long. Resize all URL fields accordingly. Also, add a test to verify that URLs with more than 8000 characters are rejected by the update hook. Reported-by: Andreas Linz <klingt.net@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-10-08Reorganize Git interface scriptsLukas Fleischer3-0/+890
Move the Git interface scripts from git-interface/ to aurweb/git/. Use setuptools to automatically create wrappers which can be installed using `python3 setup.py install`. Update the configuration files, the test suite as well as the INSTALL and README files to reflect these changes. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
2016-09-29Use setuptools to install Python modulesLukas Fleischer3-0/+82
Instead of using relative imports, add support for installing the config and db Python modules to a proper location using setuptools. Change all git-interface scripts to access those modules from the search path. Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>