We try to find packages when a user enters a URL like /somepkg
or accidentally opens /somepkg.git in the browser.
However, it currently also does this for URL's like /pkgbase/doesnotexist
and falsely interprets "pkgbase" part as a package or pkgbase name.
This in combination with a pkgbase that is named "pkgbase" generates
some misleading 404 message for URL's like /pkgbase/doesnotexist.
That being said, we should probably add pkgbase to the blacklist check
as well (we do this for pkgname already) and add things like
"pkgbase" to the blacklist -> Will be picked up in another commit.
Signed-off-by: moson <moson@archlinux.org>
By default, markdown within an HTML block element is not parsed.
Add markdown extension to support markdown text within block
elements.
With this we can annotate our element with a "markdown" attribute:
E.g. <details markdown>*Markdown*</details>
And thus indicate that the content should be parsed.
Signed-off-by: moson <moson@archlinux.org>
We can set the "reply-to" header to the "to" address for any mails
that go out to the aur-requests mailing list.
Signed-off-by: moson <moson@archlinux.org>
Disable prometheus multiprocess mode in tests to avoid global state:
Depending on the workers which are processing a testfile,
we might run into race issues where tests might influence each other.
We also need to make sure to clear any previously collected values
in case the same worker/process is executing different tests which
evaluate prometheus values.
Signed-off-by: moson <moson@archlinux.org>
Support setting the timezone as well as the language via query params:
The timezone parameter previously only worked on certain pages.
While we're at it, let's also add the language as a param.
Refactor code for timezone and language functions.
Remove unused AURTZ cookie.
Signed-off-by: moson <moson@archlinux.org>
Avoid using special characters and use '<sup>' HTML tag instead.
To not rely on user's fonts Unicode coverage.
Closes: #490
Signed-off-by: Hanabishi <1722-hanabishi@users.noreply.gitlab.archlinux.org>
When setting up a context with user provided variables,
we should not override any existing values previously set.
Signed-off-by: moson <moson@archlinux.org>
Renaming of symbols. Functions, variables, values, DB values, etc.
Basically everything that is not user-facing.
This only covers "Trusted User" things:
tests, comments, etc. will covered in a following commit.
Dependencies might reside in the AUR or official repositories.
Add "AUR" as superscript letters to indicate if a package/provider
is present in the AUR.
Signed-off-by: moson <moson@archlinux.org>
It could happen that test data is already generated by a previous test.
(running in the same worker)
Make sure we clear everything before performing our checks.
Signed-off-by: moson <moson@archlinux.org>
All tests within a file run in the same worker and out test DB names
are unique per file as well. We don't really need a locking
mechanism here.
Same is valid for the test-emails. The only potential issue is that it
might try to create the same directory multiple times and thus run
into an error. However, that can be covered by specifying
"exist_ok=True" with os.makedirs such that those errors are ignored.
Signed-off-by: moson <moson@archlinux.org>
We should check if a user (target) exists before validating permissions.
Otherwise things crash when a TU is trying to edit an account that
does not exist.
Fixes: aurweb-errors#529
Signed-off-by: moson <moson@archlinux.org>
Problem is that we join with PackageBase, thus we are missing
requests for packages that were deleted.
Fixes: #483
Signed-off-by: moson <moson@archlinux.org>
The new module/class helps us constructing queries and count records to
expose various statistics on the homepage. We also utilize for some new
prometheus metrics (package and user gauges).
Record counts are being cached with Redis.
Signed-off-by: moson <moson@archlinux.org>
We currently validate all commits going from latest -> oldest.
It would be nicer to go oldest -> latest so that, in case of errors,
we would indicate which commit "introduced" the problem.
Signed-off-by: moson <moson@archlinux.org>
The current query is a bit mixed up. The intention was to return the
number of unaccepted records. Now it does also count all records
that were accepted by some other user though.
Let's check the total number of terms vs. the number of accepted
records (by our user) instead.
Signed-off-by: moson <moson@archlinux.org>
The chance of finding multiple object IDs when performing lookups with
a shortened SHA1 hash (7 digits) seems to be quite high.
In those cases pygit2 will throw an error.
Let's catch those exceptions and gracefully handle them.
Fixes: aurweb-errors#496 (and alike)
Signed-off-by: moson <moson@archlinux.org>
In some translations we might be missing replacement placeholders (%).
This turns out to be problematic when calling the format function.
Wrap the jinja2 format function and just return the string unformatted
when % is missing.
Fixes: #341
Signed-off-by: moson <moson@archlinux.org>
Our set of keys returned by "util.parse_ssh_keys" is unordered so we
have to adapt our test to not rely on a specific order for multiple keys.
Fixes: 5ccfa7c0fd ("fix: same ssh key entered multiple times")
Signed-off-by: moson <moson@archlinux.org>
Users might accidentally past their ssh key multiple times
when they try to register or edit their account.
Convert our of list of keys to a set, removing any double keys.
Signed-off-by: moson <moson@archlinux.org>
Package requests are sent to the ML as well as users (CC).
For those who chose to hide their mail address,
we should add them to the BCC list instead.
Signed-off-by: moson-mo <mo-son@mailbox.org>
Fix order of recipients for "FlagNotification" test.
Apply sorting to the recipients query.
(only relevant for tests, but who knows when they change things again)
MariaDB 11 includes some changes related to the
query optimizer. Turns out that this might have effects
on how records are ordered for certain queries.
(in case no ORDER BY clause was specified)
https://mariadb.com/kb/en/mariadb-11-0-0-release-notes/
Signed-off-by: moson <moson@archlinux.org>
The queries being done on the package search page are quite costly.
(Especially the default one ordered by "Popularity" when navigating to /packages)
Let's add the search results to the Redis cache:
Every result of a search query is being pushed to Redis until we hit our maximum of 50k.
An entry expires after 3 minutes before it's evicted from the cache.
Lifetime an Max values are configurable.
Signed-off-by: moson-mo <mo-son@mailbox.org>
We're currently creating a "PackageBases" when the "restore" command is executed.
This is problematic for pkgbases that never existed before.
In those cases it will create the record but fail in the update.py script.
Thus it leaves an orphan "PackageBases" record in the DB
(which does not have any related "Packages" record(s))
Navigating to such a packages /pkgbase/... URL will result in a crash
since it is not foreseen to have "orphan" pkgbase records.
We can safely remove the early creation of that record because
it'll be taken care of in the update.py script that is being called
We'll also fix some tests. Before it was executing a dummy script
instead of "update.py" which might be a bit misleading
since it did not check the real outcome of our "restore" action.
Signed-off-by: moson-mo <mo-son@mailbox.org>
This allows migration of git history for packages dropped from a repo to AUR
in case they contain PGP key material
Signed-off-by: moson-mo <mo-son@mailbox.org>
Use "contains" filtering instead of an exact match
when a package name filter is given.
This makes it easier to find requests for a "group" of packages.
Signed-off-by: moson-mo <mo-son@mailbox.org>
This is done in order to relax the constraints so that dropping packages
from the official repos can be done with preserving their history.
Its sufficient to also have this present in the latest commit of a push.
Signed-off-by: Christian Heusel <christian@heusel.eu>
This should match more closely the expectation of a user.
A session cookie should vanish on browser close
and you thus they need to authenticate again.
There is no need to bump the expiration of AURSID either,
so we can remove that part.
Signed-off-by: moson-mo <mo-son@mailbox.org>
- Add package name textbox for filtering requests (with auto-suggest)
- Make "x pending requests" a link for TU/Dev on the package details page
Signed-off-by: moson-mo <mo-son@mailbox.org>
