The TTL for package details can be much longer than for generic values
since they never change. Note that when an update is pushed via Git, all
packages belonging to that package base are deleted and new packages are
created.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Cache the results of the extended fields computation if the global
caching mechanism is enabled.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The package provider and dependency queries are quite CPU-intensive and
usually yield rather small result sets. Cache these values if the global
caching mechanism is enabled.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
With the previous implementation, unlucky users could have their CAPTCHA
be invalidated by a single account creation while filling out their
account registration form.
Make this more robust by allowing up to five account registrations
before rejecting a CAPTCHA salt.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a CAPTCHA to protect against automated account creation. The CAPTCHA
changes whenever three new accounts are registered.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Will no longer send notifications about "a orphan request", but determine
whether to use a/an based on the first character of the request type.
Signed-off-by: Lars Rustand <rustand.lars@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In commit 3578e77ad4 we implemented
listing of comments from the account details page , but this was
intended to only be available to TUs and Devs. As the comment says:
"display the comment list if they're a TU/dev"
The credential checking code, however, set this credential for all
users, contrary to the intention of the commit.
In order to preserve the ability to list a person's own comments, also
declare the allowed uids based on the profile being viewed.
Since 09cb61a (schema: Remove invalid default values for TEXT columns,
2017-04-15) the PackageRequests.ClosureComment field no longer has a
default value.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
VCS packages should not be flagged out-of-date when the package version
does not match the most recent commit.
Implements FS#62733.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
After creating a new account, users need to verify their email address
and set an initial password. Without setting a password, users cannot
use their account on the web interface. However, when logging in via
SSH, we did not check whether the account is verified.
Fix this by only allowing SSH access once a password is set.
Reported-by: Pat Hogan <pathtofile@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, it is a little to easy to forget to enable notifications
for a package after leaving a comment, thus never being notified of a
reply. Even though the "Enable notifications" link is on the same
page, it is not part of the flow for posting a new comment, and so,
easy to miss.
Most web forums and comment systems include a checkbox to enable
notifications when posting for the first time in a thread. This patch
implements this in aurweb, as well.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Reverse the order of deletion and addition so that deletion comes first.
This prevents corner cases such as failing unique key constraints when a
provided package changes from lower case to upper case and the old name
is not yet gone.
Helped-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Notifications are still going to the wrong people. We tried to fix this
in commit b702e5c0e7, but only fixed it
for the python callers. There's another caller in the php code, which
needs to use the right order of arguments as well.
Fixes FS#60601
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
As of today, there is no easy way to obtain a link to a specific
comment on a package page.
Many implementations of forums and comment systems today seem to
follow a convention where a comment's timestamp is an unobtrusive link
to the comment itself. Some examples are:
- phpBB (e.g. bbs.archlinux.org)
- GitHub
- Disqus
- Discourse
This patch adopts this convention as well, by making the timestamp a
link to the comment.
Use disjoint sets of IDs for users, package bases, package comments and
package requests to ensure the notification script expects the
parameters in the same order we pass them.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since commit a7865ef (Make the locale directory configurable,
2018-07-22), we need to specify the locale directory in the
configuration file.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In commit f3b4c5c (Refactor the notification script, 2018-05-17), the
parameters of the adopt, disown, comaintainer-add and
comaintainer-remove notification modules were accidentally pushed around
without changing the order in the callers. The notify script now expects
to see the userid followed by additional arguments like the pkgbase id.
As a result, some random userid with the same id as the pkgbase, got
sent a notification regarding some package with the same id as the real
user's id.
Fix this by changing the order in every invocation of the aforementioned
modules.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new configuration option to specify the locale directory to use.
This allows the Python scripts to find the translations, even when not
being run from the source code checkout. At the same time, multiple
parallel aurweb setups can still use different sets of translations.
Fixes FS#59278.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In commit 840ee20 (Rename translation resources from aur to aurweb,
2018-07-07) the translations file was renamed but we never actually
switched to using the renamed translations.
As a result, every single push to the AUR contains the following
traceback:
remote: Traceback (most recent call last):
remote: File "/usr/bin/aurweb-notify", line 11, in <module>
remote: load_entry_point('aurweb==4.7.0', 'console_scripts', 'aurweb-notify')()
remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/scripts/notify.py", line 541, in main
remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/scripts/notify.py", line 69, in send
remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/scripts/notify.py", line 56, in get_body_fmt
remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/scripts/notify.py", line 192, in get_body
remote: File "/usr/lib/python3.6/site-packages/aurweb-4.7.0-py3.6.egg/aurweb/l10n.py", line 14, in translate
remote: File "/usr/lib/python3.6/gettext.py", line 514, in translation
remote: raise OSError(ENOENT, 'No translation file found for domain', domain)
remote: FileNotFoundError: [Errno 2] No translation file found for domain: 'aur'
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
* Rename the aur project to aurweb on Transifex.
* Rename aur.pot to aurweb.pot.
* Update documentation and Makefile.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Mention both the package base name and the request type in the subject
of request closure notification.
Implements FS#41607.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently we hardcode the architectures the official repos historically
supported, which seems both inefficient because of hardcoding, and
simply wrong, because many packages support various ARM platforms too.
If we were to say "only officially supported arches will be supported in
the AUR" we'd have to disable i686, which seems silly and arbitrarily
restrictive. Also there's better places to implement such a blacklist
(via die_commit in the main loop, via a config option to list supported
arches, would make much more sense in terms of logic).
As for the metadata extraction itself, there's no reason to hardcode the
arches to check for at all. We can get this information too, from the
.SRCINFO itself. Detecting this dynamically is not incompatible with a
blacklist, should we ever decide to implement such a thing.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
User modern Python format() strings with curly braces. Also, convert all
placeholders to named arguments. This allows translators to reorder
messages.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add support for translating notification emails and send localized
notifications, based on the user's language preferences. Also, update
the translations Makefile to add strings from the notification script
to the message catalog.
Implements FS#31850.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Reimplement most of the notification script logic. Create a separate
class for each notification type. Each class provides methods for
generating the list of recipients, the message subject, the message
body, the references to add at the end of the message and the message
headers. Additionally, a method for sending notification emails is
provided.
One major benefit of the new implementation is that both the generation
of recipients and message contents are much more flexible. For example,
it is now easily possible to make user-specific adjustments to every
single notification of a batch.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Fixes a regression introduced in 97c5bce (config: allow reading both the
defaults file and the modified config, 2018-04-15).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Fixes a regression introduced in 97c5bce (config: allow reading both the
defaults file and the modified config, 2018-04-15).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, a form is used instead of a link. This forwards to a
confirmation page, and currently drops the "via" parameter in the
process.
As a result, accepted orphan requests usually show:
Request #XXXXXX has been accepted automatically by the Arch User
Repository package request system:
The user YYYYYYY disowned the package.
This is wrong, and should show (will show, if you manually add it or use
the close button instead of the accept button):
Request #XXXXXX has been rejected by YYYYYYY [1]:
Fixes FS#56606.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
