Derived off of original work done by Leonidas Spyropoulos
at https://gitlab.archlinux.org/archlinux/aurweb/-/merge_requests/503
This revision of that original work finishes off the inconsistencies
mentioned in the original MR and adds a small bit of testing for more
regression checks.
Fixes: #360
Signed-off-by: Kevin Morris <kevr@0cost.org>
This addresses a severe security issue, which is omitted from this
git message for obscurity purposes.
Otherwise, it allows co-maintainers to see the keyword form when
viewing a package they co-maintain.
Closes#378
Signed-off-by: Kevin Morris <kevr@0cost.org>
This patch does not include a javascript implementating, but
provides a pure HTML/HTTP method of paging through these lists.
Also fixes erroneous limiting. We now use a hardcoded limit of 20
by default.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This patch brings in two new features:
- when viewing proposal listings, there is a new Statistics section,
containing the total and active number of Trusted Users found in the
database.
- when viewing a proposal directly, the number of active trusted users
assigned when the proposal was added is now displayed in the details
section.
Closes#323
Signed-off-by: Kevin Morris <kevr@0cost.org>
Not sure where this works, but it doesn't seem to work on my
browser. Achieved the same by forEaching through the array
returned by querySelectorAll instead.
Signed-off-by: Kevin Morris <kevr@0cost.org>
The previous behavior was carried over from PHP. It has been requested
that we use the true defaults when rendering the default form, making
search a bit more sensible.
Closes#269
Signed-off-by: Kevin Morris <kevr@0cost.org>
For requests, we always pass a `next` of /requests, leading us
back to the requests page. For a standard package, we get redirected
to the involved pkgbase, or target pkgbase if a merge action was taken.
Signed-off-by: Kevin Morris <kevr@0cost.org>
There was one blazing issue with the previous implementation regardless
of the multiple records: we were generating fingerprints by storing
the key into a file and reading it with ssh-keygen. This is absolutely
terrible and was not meant to be left around (it was forgotten, my bad).
Took this opportunity to clean up a few things:
- simplify pubkey validation
- centralize things a bit better
Signed-off-by: Kevin Morris <kevr@0cost.org>
- the "Flagged Out-of-date on ..." link in the package action panel does
not contain a timezone specifier.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit does quite a bit:
- Catches unhandled exceptions raised in the route handler and
produces a 500 Internal Server Error Arch-themed response.
- Each unhandled exception causes a notification to be sent to new
`notifications.postmaster` email with a "Traceback ID."
- Traceback ID is logged to the server along with the traceback which
caused the 500: `docker-compose logs fastapi | grep '<traceback_id>'`
- If `options.traceback` is set to `1`, traceback is displayed in
the new 500.html template.
Signed-off-by: Kevin Morris <kevr@0cost.org>
In addition, we display the Voters partial regardless of them existing
or not; with no voters, an empty Voters list is displayed.
Closes#236
Signed-off-by: Kevin Morris <kevr@0cost.org>
Previously, when the relationship was None, an <a> would still
wrap the None value erroneously. This addresses that for all
three user fields.
In addition, this commit adds direct testing for the
`templates/partials/packages/details.html` template.
Signed-off-by: Kevin Morris <kevr@0cost.org>
While this does make more sense to me personally, there is no need
to change how the AUR treats its users; it has been accepted for
ages and not found to be ridden with flaws. Stay with the tried
and true method.
Signed-off-by: Kevin Morris <kevr@0cost.org>
- Use queries more closely aligned to PHP's implementation; removes
the need for separate vote/notification queries.
- Default sort by popularity
Closes#214
Signed-off-by: Kevin Morris <kevr@0cost.org>
