Renaming of symbols. Functions, variables, values, DB values, etc.
Basically everything that is not user-facing.
This only covers "Trusted User" things:
tests, comments, etc. will covered in a following commit.
In accordance with black's defined style, we now expect a maximum
of 88 columns for any one particular line.
This change fixes remaining violations of 88 columns in the codebase
(not many), and introduces the modified flake8 configuration.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Somehow, many aur.al records of PackageVotes do not have a valid VoteTS
value. This migration fixes that issue by setting all null VoteTS
columns to the epoch timestamp.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit halves MAX_USERS and MAX_PKGS, in addition
to setting OPEN_PROPOSALS to 15 and CLOSE_PROPOSALS to 50.
A few counts are now configurable via environment variable:
- MAX_USERS, default: 38000
- MAX_PKGS, default: 32000
- OPEN_PROPOSALS, default: 15
- CLOSE_PROPOSALS, default: 15
Signed-off-by: Kevin Morris <kevr@0cost.org>
As of Python updates, we are no longer considering rows with
empty salts to be legacy hashes. Update gendummydata.py to
generate salts for the legacy passwords it uses with
salt rounds = 4.
Signed-off-by: Kevin Morris <kevr@0cost.org>
As per our regex and policies, usernames should consist of
ascii alphanumeric characters and possibly (-, _ or .).
gendummydata.py was creating unicode versions of some
usernames and adding them into the DB. With our newfound
collations, this becomes a problem as it treats them as
the same.
This should have never been the case here, and so,
gendummydata.py has been patched to normalize all of its
usernames and package names.
Signed-off-by: Kevin Morris <kevr@0cost.org>
The new schema was generated with sqlacodegen and then manually adjusted
to fit schema/aur-schema.sql faithfully, both in the organisation of the
code and in the SQL generated by SQLAlchemy.
Initializing the database now requires the new tool aurweb.initdb.
References to aur-schema.sql have been updated and the old schema
dropped.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Support secondary email addresses that can be used to recover an account
in case access to the primary email address is lost. Reset keys for an
account are always sent to both the primary and the backup email
address.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This allows us to prevent users from hammering the API every few seconds
to check if any of their packages were updated. Real world users check
as often as every 5 or 10 seconds.
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Use `/usr/bin/env python3` instead of `/usr/bin/python3` in the shebang
of Python scripts. This adds support for non-standard Python interpreter
paths such as the paths used in virtualenv environments.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
PackageBases.FlaggerComment and PackageComments.RenderedComment cannot
be NULL and would cause problems in the output file for sqlite users.
This patch adds empty strings ("") as values for these fields.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
This allows for adding Terms of Service documents to the database that
registered users need to accept before using the AUR. A revision field
can be used to indicate whether a document was updated. If it is
increased, all users are again asked to accept the new terms.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of converting package comments from plain text to HTML code when
they are displayed, do the conversion when the comment is posted and
store the rendered result in the database. The conversion itself is done
by a Python script which uses Bleach for sanitizing the text.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Split optional dependency descriptions from dependency names before
storing them in the database and use a separate column to store the
descriptions.
This allows us to simplify and optimize the SQL queries in
pkg_dependencies() as well as pkg_required().
Suggested-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
>From the mysql 5.7 breaking change page:
Columns in a PRIMARY KEY must be NOT NULL, but if declared explicitly as
NULL produced no error. Now an error occurs. For example, a statement
such as CREATE TABLE t (i INT NULL PRIMARY KEY) is rejected. The same
occurs for similar ALTER TABLE statements. (Bug #13995622, Bug #66987,
Bug #15967545, Bug #16545198)
References:
http://stackoverflow.com/a/22314073
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
When running in strict mode, mysql throws an error upon encountering
these definitions since they are not supported.
References:
https://dev.mysql.com/doc/refman/5.7/en/data-type-defaults.html
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Sqlite3 does not support the MD5 function like MySQL does, instead of the
database program hash the passwords, have Python's hashlib module do it
instead.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Allow for automatically converting the schema into a schema that works
with SQLite by running `make` from the schema/ subdirectory. Use the new
Makefile in the test suite.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Modify the schema such that it only creates the necessary tables,
indices and predefined data. This makes it easier to import the schema
into a database with a name other than "AUR".
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Replace the default hash function used for storing passwords by
password_hash() which internally uses bcrypt. Legacy MD5 hashes are
still supported and are immediately converted to the new format when a
user logs in.
Since big parts of the authentication system needed to be rewritten in
this context, this patch also includes some simplification and
refactoring of all code related to password checking and resetting.
Fixes FS#52297.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In addition to logging the last login date and IP address on the web
interface, store the time stamp and IP address of the last SSH login in
the database.
This simplifies user banning if one of the new SSH interface features,
such as the voting mechanism implemented in 7ee2fdd (git-serve: Add
support for (un-)voting, 2017-01-23), is abused.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Currently, aurweb displays all dates and times in UTC time. This patch
adds a capability for each logged in user to set their preferred
timezone.
Implements FS#48729.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
According to RFC 7230, URLs can be up too 8000 characters long. Resize
all URL fields accordingly.
Also, add a test to verify that URLs with more than 8000 characters are
rejected by the update hook.
Reported-by: Andreas Linz <klingt.net@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
* Remove test accounts.
* Create indices using CREATE INDEX.
* Always use INTEGER UNSIGNED for IDs.
* Always use BIGINT UNSIGNED for timestamps.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The language code for Latin American Spanish is es_419, which is longer
than the 5 characters previously allowed.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Commits 6ec4a35 (Send notifications when changing ownership, 2016-02-21)
and e3670ef (Add a homepage field to accounts, 2016-06-02) forgot to
change some usages of display_account_form() and process_account_form()
to account for the new parameter. The former also forgot to add the new
column to the database schema.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Directly store the information contained in $_SERVER['REMOTE_ADDR']
instead of using ip2long() which does not support IPv6 addresses. Note
that the LastLoginIPAddress field is designed to be used by the
administrator on rare occasions only (e.g. to fight spam) and is not
displayed anywhere.
Fixes FS#48557.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Introduce a new notification option to receive notifications when a new
commit is pushed to a package repository.
Implements FS#30109.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a configuration option to the account edit page that allows for
globally enabling/disabling package base comment notifications.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
As a preparatory step to adding support for package notifications on
events other than comments, rename the database table accordingly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
