In addition to logging the last login date and IP address on the web
interface, store the time stamp and IP address of the last SSH login in
the database.
This simplifies user banning if one of the new SSH interface features,
such as the voting mechanism implemented in 7ee2fdd (git-serve: Add
support for (un-)voting, 2017-01-23), is abused.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
As of commit 3718860 (Make maintenance scripts installable, 2016-10-17),
the notification script is installed as aurweb-notify. Update the
sample configuration file accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
On package base pages, if a co-maintainer visits, only the read-only URL
is displayed which is inconsistent with how the individual packages of a
package base's pages displays them. This adds the SSH clone URL to the
package base's page for co-maintainers to see.
Implements FS#52675.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add support for voting for packages and removing votes from the SSH
interface. The syntax is `vote <pkgbase>` resp. `unvote <pkgbase>`.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Modify the call to process_account_form() to only having one parameter per
line.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, when a user edits their language setting from the edit user form,
the changes aren't reflected until the user either lets the original cookie
expire, deletes the cookie manually, or changes the language a second time via
the dropdown menu on the top of the page. This patch makes the language cookie
get updated when it is changed from the edit user form.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, aurweb displays all dates and times in UTC time. This patch
adds a capability for each logged in user to set their preferred
timezone.
Implements FS#48729.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a note to the Git/SSH interface documentation that we recommend to
disable automatic garbage collection and use a maintenance script to
cleanup and optimize the Git repository instead.
Also, add a reference to the Git/SSH interface documentation to the Git
repository setup instructions in INSTALL.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
There are 95 printable ASCII characters which with a minimum length of 4
gives 95^4 or 81 million possible passwords. Increasing the minimum
length to 8 increases the number of possible passwords by a factor of
about 10^7.
Relates to FS#52297.
Signed-off-by: Alex Muller <alex@mullr.net>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Make it easier to reuse the helper functions provided by git-serve from
another Python script by throwing exceptions instead of terminating the
program on errors.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add support for flagging or unflagging packages from the SSH interface.
The syntax is `flag <pkgbase> <comment>` resp. `unflag <pkgbase>`.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Do not use the EXCEPT clause which is unsupported in MySQL. Instead, use
a subquery which is standard-compliant and makes the query easier to
read at the same time.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Make sure that out-of-date notifications are sent to package base
maintainers as well as co-maintainers.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, only package maintainers receive out-of-date notifications
for their packages. Add package base co-maintainers to the list of
recipients for out-of-date notifications.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The scripts were moved to aurweb/scripts/ in commit 3718860 (Make
maintenance scripts installable, 2016-10-17). Update the paths in the
test suite accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The quote is a leftover of legacy code and was meant to be removed by
commit e171f6f (Migrate all DB code to use PDO, 2012-08-08).
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In commit baf8a22 (git-interface: Support SQLite as database backend,
2016-08-03), conf/config.proto was changed so that dsn_prefix was
changed to backend and this fixes this in web/lib/DB.class.php.
Since SQLite's dsn is different, this adds a check of which backend is
desired and will quit if MySQL or SQLite are not the backend selected.
SQLite2 may be supported, but is untested and will trigger an error if
used.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
UNIX_TIMESTAMP is not part of the SQL standard. Instead, all usage in
the web interface is changed to use PHP's time() function.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since d4fe77a (Reorganize Git interface scripts, 2016-10-08), the key
components of the aurweb SSH interface are installed system-wide. Update
the default configuration path to point to a central location.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The registration date field on the account details page currently
defaults to the current day if the user's registration date is unknown.
To avoid confusion, show "unknown" in these cases instead.
Fixes FS#51405.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When disowning a package base via the SSH interface, auto-accept all
pending orphan requests for the affected package.
Also, add a test case that checks whether (only) orphan requests
belonging to disowned packages are closed correctly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The location of the Git interface wrapper scripts was changed by commit
d4fe77a (Reorganize Git interface scripts, 2016-10-08). Add a note to
the upgrade instructions to remind users to update their configuration
files.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
According to RFC 7230, URLs can be up too 8000 characters long. Resize
all URL fields accordingly.
Also, add a test to verify that URLs with more than 8000 characters are
rejected by the update hook.
Reported-by: Andreas Linz <klingt.net@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Move the Git interface scripts from git-interface/ to aurweb/git/. Use
setuptools to automatically create wrappers which can be installed using
`python3 setup.py install`. Update the configuration files, the test
suite as well as the INSTALL and README files to reflect these changes.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When clicking on the linked Git clone URL of a package base, users are
faced with a 404 error page since the URL is not supposed to be opened
in a web browser. Add some notes to 404 error pages corresponding to Git
clone URLs that explain how to use them instead.
Fixes FS#51266.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add support for the `git receive-pack` and `git upload-pack` commands
which are aliases for git-receive-pack and git-upload-pack,
respectively.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a test to make sure that Trusted Users, who already voted on a
proposal, do not receive any reminders.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of only checking whether the notification script is called with
the correct parameters, actually invoke the real notify script and check
whether proper notifications are generated.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Support for multiple servers has never been used by the official aurweb
setup and the current implementation makes it impossible to use server
URIs that contain spaces. For simplicity, change the implementation such
that only a single server is supported.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Avoid using UNIX_TIMESTAMP which is not part of the SQL standard.
See f2a6bd2 (git-interface: Do not use UNIX_TIMESTAMP, 2016-08-05) for
related changes.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of writing the output to hardcoded files (relative to the
document root), make the output paths of mkpkglists configurable.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
