A few things added with this commit:
- aurweb.packages.util
- A module providing package and pkgbase helpers.
- aurweb.template.register_filter
- A decorator that can be used to register a filter:
@register_filter("some_filter") def f(): pass
Additionally, template partials have been split off a bit
differently. Changes:
- /packages/{name} is defined in packages/show.html.
- partials/packages/package_actions.html is now
partials/packages/actions.html.
- partials/packages/details.html has been added.
- partials/packages/comments.html has been added.
- partials/packages/comment.html has been added.
- models.dependency_type additions: name and id constants.
- models.relation_type additions: name and id constants.
- models.official_provider additions: base official url constant.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Slight markup changes, same style overall and same
form parameters as the PHP implementation.
In addition, we've disabled the "left" and "right"
navigation buttons when we're at the border of the
table.
CSS Changes:
- Added similar styling to submit `<buttons>` that submit `<input>` had.
- Added .results tr td[align="{left,right}"] styling to align
the result table's `More -->` button to the right of the table.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit ports the `/tu/?id={proposal_id}` PHP routes to
FastAPI into two individual GET and POST routes.
With this port of the single proposal view and POST logic,
several things have changed.
- The only parameter used is now `decision`, which
must contain `Yes`, `No`, or `Abstain` as a string.
When an invalid value is given, a BAD_REQUEST response
is returned in plaintext: Invalid 'decision' value.
- The `doVote` parameter has been removed.
- The details section has been rearranged into a set
of divs with specific classes that can be used for
testing. CSS has been added to persist the layout with
the element changes.
- Several errors that can be discovered in the POST path
now trigger their own non-200 HTTPStatus codes.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This solves an issue where DECIMAL is not native
to sqlite by using a string to store values and
converting them to float in user code.
Signed-off-by: Kevin Morris <kevr@0cost.org>
jsdelivr is another free CDN service for open source projects.
The main motivation for this change is that it is the only one that works fairly
well across the globe. The Google CDN service is known to be hardly
accessible in mainland China, unfortunately.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
I think after 10-15 years we might want to adjust those values. With a
30min cache and 20 items per creation I would bet some new AUR packages
might be swept under the carpet.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Introduce a `redirect` query argument to SSO login endpoints so that
users are redirected to the page they were originally on when they
clicked the Login link.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Support secondary email addresses that can be used to recover an account
in case access to the primary email address is lost. Reset keys for an
account are always sent to both the primary and the backup email
address.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In addition to supporting email addresses in the reset key form, also
support user names. The reset key is then sent to the email address in
the user's profile.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since commits daee20c (Require current password when setting a new one,
2020-01-30) and 8fc8898 (Require password when deleting an account,
2020-01-30), changing a password and deleting an account require the
current password. Extend this to all other profile changes.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Prevent from easily taking over an account by changing the password with
a stolen session ID.
Fixes FS#65325.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a CAPTCHA to protect against automated account creation. The CAPTCHA
changes whenever three new accounts are registered.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In commit 3578e77ad4 we implemented
listing of comments from the account details page , but this was
intended to only be available to TUs and Devs. As the comment says:
"display the comment list if they're a TU/dev"
The credential checking code, however, set this credential for all
users, contrary to the intention of the commit.
In order to preserve the ability to list a person's own comments, also
declare the allowed uids based on the profile being viewed.
VCS packages should not be flagged out-of-date when the package version
does not match the most recent commit.
Implements FS#62733.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, it is a little to easy to forget to enable notifications
for a package after leaving a comment, thus never being notified of a
reply. Even though the "Enable notifications" link is on the same
page, it is not part of the flow for posting a new comment, and so,
easy to miss.
Most web forums and comment systems include a checkbox to enable
notifications when posting for the first time in a thread. This patch
implements this in aurweb, as well.
Signed-off-by: Eli Schwartz <eschwartz@archlinux.org>
Replace special characters in the referer GET parameter using
htmlspecialchars() before inserting it into the login form fields to
prevent from XSS attacks.
Fixes FS#55286.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This allows for adding Terms of Service documents to the database that
registered users need to accept before using the AUR. A revision field
can be used to indicate whether a document was updated. If it is
increased, all users are again asked to accept the new terms.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of calling check_sid() from every single PHP script representing
a web page, add the call to aur.inc.php which is sourced by all of them.
Also, remove set_lang() calls from the scripts since these are also
already included in aur.inc.php.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In commit 4abde89 (Use JavaScript to collapse long comments,
2017-04-19), support for collapsing/expanding long comments was added.
This was broken by the recent Markdown support since comments no longer
live inside a single HTML paragraph. Fix this by wrapping each comment
in another div container.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of using CSS to limit the height of package comments as
implemented in 7b13203 (Limit comment height to 15 lines, 2016-03-12),
use JavaScript to collapse long comments and add a link to expand them.
Clicking the same link twice results in the corresponding comment being
collapsed again.
If JavaScript is disabled, the full comments are shown (without any
possibility to collapse or expand).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
