Age | Commit message (Collapse) | Author | Files | Lines |
|
Sqlite3 does not support the MD5 function like MySQL does, instead of the
database program hash the passwords, have Python's hashlib module do it
instead.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Allow for automatically converting the schema into a schema that works
with SQLite by running `make` from the schema/ subdirectory. Use the new
Makefile in the test suite.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Modify the schema such that it only creates the necessary tables,
indices and predefined data. This makes it easier to import the schema
into a database with a name other than "AUR".
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.
Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.
Fixes FS#52297.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Inspired by commit 32c8d0c (Store last login address as plain text,
2016-03-13).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In addition to logging the last login date and IP address on the web
interface, store the time stamp and IP address of the last SSH login in
the database.
This simplifies user banning if one of the new SSH interface features,
such as the voting mechanism implemented in 7ee2fdd (git-serve: Add
support for (un-)voting, 2017-01-23), is abused.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Currently, aurweb displays all dates and times in UTC time. This patch
adds a capability for each logged in user to set their preferred
timezone.
Implements FS#48729.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
According to RFC 7230, URLs can be up too 8000 characters long. Resize
all URL fields accordingly.
Also, add a test to verify that URLs with more than 8000 characters are
rejected by the update hook.
Reported-by: Andreas Linz <klingt.net@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
* Remove test accounts.
* Create indices using CREATE INDEX.
* Always use INTEGER UNSIGNED for IDs.
* Always use BIGINT UNSIGNED for timestamps.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
The language code for Latin American Spanish is es_419, which is longer
than the 5 characters previously allowed.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Commits 6ec4a35 (Send notifications when changing ownership, 2016-02-21)
and e3670ef (Add a homepage field to accounts, 2016-06-02) forgot to
change some usages of display_account_form() and process_account_form()
to account for the new parameter. The former also forgot to add the new
column to the database schema.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Allow users to add a link to their homepage to their profile.
Implements FS#22774.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
When updating the list of packages provided by the official
repositories, also save the repository names.
|
|
Make sure that all valid IPv6 addresses fit into the LastLoginIPAddress
field.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Directly store the information contained in $_SERVER['REMOTE_ADDR']
instead of using ip2long() which does not support IPv6 addresses. Note
that the LastLoginIPAddress field is designed to be used by the
administrator on rare occasions only (e.g. to fight spam) and is not
displayed anywhere.
Fixes FS#48557.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Introduce a new notification option to receive notifications when a new
commit is pushed to a package repository.
Implements FS#30109.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a configuration option to the account edit page that allows for
globally enabling/disabling package base comment notifications.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
As a preparatory step to adding support for package notifications on
events other than comments, rename the database table accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Makes FlaggerComments a TEXT field to be more consistent with package
comments.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Instead of modifying EditedTS when a comment is deleted, use a separate
field DelTS. Use this field to determine whether a comment has been
deleted, instead of checking DelUsersID which might be unset when the
corresponding user is deleted.
Fixes FS#47362.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Adds capability to pin comments before others.
Implements FS#10863.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Using unique indexes on VARCHAR fields with a character count of more
than 255 produces an error in MySQL with InnoDB tables and UTF-8
encoding.
Also, as per https://www.rfc-editor.org/errata_search.php?eid=1690, the
maximum length for email addresses is limited to 254 characters.
Fixes FS#47038.
Signed-off-by: Stefan Auditor <stefan.auditor@erdfisch.de>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
According to RFC 3696 (and the associated errata), an email address can
be up to 256 characters long. Change the database field and the length
limit on all input fields accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Maintain a list of virtual provisions of packages from the official
binary package repositories. The list can be updated using the aurblup
script, e.g. via a cronjob.
This allows for adding proper links to package dependencies: If an AUR
package depends on a package from the official repositories (or on a
name provided by a package from the official repositories), add a link
to the corresponding archweb package details page. If an AUR package
depends on another AUR package (or on a name provided by another AUR
package), add a link to the corresponding aurweb package details page.
Otherwise, just display the name and do not add a link at all.
Fixes FS#46549.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Implements FS#42343.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Implements FS#42827.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Add a new FlaggerUID field to the database and use it to store the user
ID of the account who recently flagged a package out-of-date.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Create two new actions, do_AddComment and do_EditComment. When editing
or deleting a comment, a timestamp is added.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Attaching more than one SSH public key to the same account is useful,
e.g. if one uses different machines to access the AUR SSH interface.
Multiple keys can now be specified by adding multiple lines to the text
area on the account edit form.
Implements FS#45469.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Acked-by: Leonidas Spyropoulos <artafinde@gmail.com>
|
|
The url and pkgdesc PKGBUILD variables are optional, so they should be
in the AUR as well.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
By default, aurweb is cloned into the aurweb directory nowadays.
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Even if we only display two digits after the decimal point, storing more
digits internally allows us to order the search results more accurately.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Remove package base categories. Instead, users can now specify up to
twenty custom keywords that are taken into consideration when searching.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
Create a new field Popularity in the PackageBases table. The field is
updated by the popupdate script and reflects the popularity of a
package. Popularity is the sum of all votes with each vote being
weighted with a factor of 0.98 per day since its creation.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
In addition to saving the list of package co-maintainers, also save
their order. This makes it possible to define a "primary" co-maintainer.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
|
|
This allows for having multiple co-maintainers for AUR packages.
Co-maintainers have push access to the package base Git repository but
are not allowed to change the package base category, disown the package
or modify the list of co-maintainers. The primary maintainer of an AUR
package can edit the list of co-maintainers from the Package Actions
box.
Implements FS#17911.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Users can now add an SSH public key on the account edit page. This will
later be used to authenticate users via SSH.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
The number of columns in the SQLs doesn't match the number of rows,
so an error like below occurs:
ERROR 1136 (21S01) at line 50929: Column count doesn't match value count
at row 1
Signed-off-by: Shinya Yamaoka <contact@mail.libmacro.com>
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Implements FS#41372.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This can potentially be used to identify trending packages.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
As a follow-up to 4d7da95 (Add support for architecture-specific fields,
2014-08-10), handle architecture-specific source fields as well.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This adds support for architecture-specific dependencies and relations.
Support for this has recently been added to makepkg, see commit 2b556d8
(PKGBUILD: handle arch specific attributes, 2014-07-25) in the pacman
repository for details.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This group has full permissions on everything.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|
|
This adds a new "Merge" category to the list of available request types
and also adds a new "Merge into" field that is hidden via JavaScript
when "Deletion" or "Orphan" is selected.
Signed-off-by: Lukas Fleischer <archlinux@cryptocrack.de>
|