Test the authentication script with an invalid key type and with a key
that does not exist in the database.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Explicitly remove all package sources, dependencies, relations, licenses
and groups before inserting new ones.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
* Remove test accounts.
* Create indices using CREATE INDEX.
* Always use INTEGER UNSIGNED for IDs.
* Always use BIGINT UNSIGNED for timestamps.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In addition to MySQL, add support for SQLite to the database abstraction
layer. Also, add a new configuration option to select the DBMS.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Avoid using UNIX_TIMESTAMP which is not part of the SQL standard.
Retrieve the current UNIX time in Python and substitute it into the SQL
queries instead.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Avoid using Cursor.rowcount to obtain the number of rows returned by a
SELECT statement as this is not guaranteed to be supported by every
database engine.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Introduce a new environment variable that can be used to specify the
path to an aurweb configuration file. If the environment variable is
unset, the default search path is used.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new module that automatically locates the configuration file and
provides methods to obtain the values of configuration options.
Use the new module instead of ConfigParser everywhere.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new class that connects to the database specified in the
configuration file and provides an interface to execute SQL queries.
Prepared statements with qmark ("?") placeholders are supported.
Replace all direct database accesses with calls to the new abstraction
layer.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of looking up the account type of the current user again, use
the AUR_PRIVILEGED environment variable to check whether the user is
allowed to perform non-fast-forward ref updates.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
From the sshd(8) man page:
Enable all restrictions, i.e. disable port, agent and X11
forwarding, as well as disabling PTY allocation and execution of
~/.ssh/rc. If any future restriction capabilities are added to
authorized_keys files they will be included in this set.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since 02dd9c5 (git-serve.py: Automatically create repositories,
2015-01-06), one can create new package bases by running `git push`. It
is no longer necessary to run setup-repo manually.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Show a warning when a Trusted User or a developer creates a package that
is blacklisted or already provided by an official package.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Read all environment variables at the beginning of the script and
immediately pre-process their values.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Even though the singular form never occurs, we need to use _n() here to
obtain the correct behavior for languages with multiple plural forms.
Signed-off-by: Safa AlFulaij <safa1996alfulaij@gmail.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The language code for Latin American Spanish is es_419, which is longer
than the 5 characters previously allowed.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Even though that number is hardcoded in the source code, it is better to
make it not appear in the message catalog such that it can be made
configurable easily later.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Before commit 9746a65 (Port notification routines to Python,
2015-06-27), notification emails for automatically closed requests
explicitly stated that the action was taken "automatically by the Arch
User Repository package request system". When porting the notification
routines to Python, this feature was overlooked and emails sent by the
new script always reported that the requester triggered the acceptance
or rejection of a request.
This patch reimplements the old behavior such that notifications no
longer look as if the requester had accepted the request himself.
Reported-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Introduce a configuration option max_depends which can be used to
specify a maximum number of (reverse) dependencies to display on the
package details pages.
Fixes FS#49059.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Commits 6ec4a35 (Send notifications when changing ownership, 2016-02-21)
and e3670ef (Add a homepage field to accounts, 2016-06-02) forgot to
change some usages of display_account_form() and process_account_form()
to account for the new parameter. The former also forgot to add the new
column to the database schema.
Signed-off-by: Johannes Löthberg <johannes@kyriasis.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Reword most parts of the README file, add information on new features
and update the directory layout.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Remove a leftover var_dump() invocation that was introduced in commit
5fb7a74 (Replace categories with keywords, 2015-06-13).
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Instead of automatically adding packages from the official binary
repositories to the package blacklist, use the official provider list to
prevent users from uploading duplicates.
This does not only result in reduced disk usage but also has a nice
visible side effect. The error messages printed by the update hook now
look like
error: package already provided by [community]: powerline-fonts
instead of
error: package is blacklisted: powerline-fonts
which was confusing to most end users.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Introduce a configuration option max_depends which can be used to
specify a maximum number of (reverse) dependencies to display on the
package details pages.
Fixes FS#49059.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Since notifications are sent for more than just comments, change the notify
link to more generic text.
Signed-off-by: Mark Weiman <mark.weiman@markzz.com>
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
In 002d348 (Describe how to omit "have" lines, 2015-11-14), we added
instructions on how to omit "have" lines originating from other package
repositories. Fix those instructions such that the HEAD ref of the
repository is transferred properly.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Directly store the information contained in $_SERVER['REMOTE_ADDR']
instead of using ip2long() which does not support IPv6 addresses. Note
that the LastLoginIPAddress field is designed to be used by the
administrator on rare occasions only (e.g. to fight spam) and is not
displayed anywhere.
Fixes FS#48557.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The IDs of packages are unique, so there is no need to group search
results by package ID.
Note that the GROUP BY statement in question was introduced in commit
3447dfc (Support versioned RPC queries, 2014-04-28) for no apparent
reason and could even lead to errors in various DBMS.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
The popularity field is declared as "NOT NULL" in the database schema.
Fix the popularity update query such that it uses a popularity of 0.0
instead of NULL for packages with no votes.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
Add a new option that makes it possible to subscribe to package
ownership changes (adoption/disownment).
Fixes FS#15412.
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
