Found along with the previous commit to be a security hole in our
implementation. This commit resolves an issue regarding comment editing.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This addresses a severe security issue, which is omitted from this
git message for obscurity purposes.
Otherwise, it allows co-maintainers to see the keyword form when
viewing a package they co-maintain.
Closes#378
Signed-off-by: Kevin Morris <kevr@0cost.org>
This was incorrectly using the particular Package record's name
to format options.snapshot_uri in order to produce URLPath.
It should, instead, use the PackageBase record's name, which
this commit resolves.
Bug reported by thomy2000
Closes#382
Signed-off-by: Kevin Morris <kevr@0cost.org>
Redis's get() method can return None which makes an RPC request error
out:
File "/srv/http/aurweb/aurweb/ratelimit.py", line 103, in check_ratelimit
requests = int(requests.decode())
AttributeError: 'NoneType' object has no attribute 'decode'
With this commit, it is advised to `rm ./data/root_ca.crt ./data/*.pem`,
as new certificates and a root CA will be generated while utilizing the
step volume.
Closes#367
Signed-off-by: Kevin Morris <kevr@0cost.org>
This reverts commit 952c24783b.
The issue found was actually:
- If `./aur.git` exists within the aurweb repository locally,
it also ends up in the destination, stopping the aurweb_git_data
volume from being mounted properly.
Speeds up SSHPubKeys.PubKey searches in a larger database.
Fixed form of the original commit which was reverted,
1a7f6e1fa9
Signed-off-by: Kevin Morris <kevr@0cost.org>
This reverts commit 1a7f6e1fa9.
This commit broke account creation in some way. We'd still like to
do this, but we need to ensure it does not intrude on other facets.
Extra: We should really work out how this even passed tests; it
should not have.
Remove all extra whitespace when parsing Keywords to ensure we don't add
empty keywords in the DB.
Closes: #332
Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>
For our development setup we run a redis container without a
username/password. Redis recently set protected mode by default which
disallows this, turn it off as it has no security implication.
We've not been using this as it is and its now warning us
about strtobool deprecation changes. Removing it for now.
Signed-off-by: Kevin Morris <kevr@0cost.org>
Reference from
github.com/PostHog/posthog/pull/4631/commits/341c28da0f6d33d6fb12fe443766a2d822ff0097
This fixes a deprecation warning regarding distutil's strtobool.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This patch does not include a javascript implementating, but
provides a pure HTML/HTTP method of paging through these lists.
Also fixes erroneous limiting. We now use a hardcoded limit of 20
by default.
Signed-off-by: Kevin Morris <kevr@0cost.org>
This patch brings in two new features:
- when viewing proposal listings, there is a new Statistics section,
containing the total and active number of Trusted Users found in the
database.
- when viewing a proposal directly, the number of active trusted users
assigned when the proposal was added is now displayed in the details
section.
Closes#323
Signed-off-by: Kevin Morris <kevr@0cost.org>
