summaryrefslogtreecommitdiffstats
path: root/src/main/java/com/gitblit/utils
Commit message (Collapse)AuthorAgeFilesLines
* Delete password from memory in AuthenticationManagerFlorian Zschocke2020-04-051-0/+15
| | | | | | Zero out the password to remove it from memory after use. This is only a first step, implementing it for one method: `AuthenticationManager.authenticate(String, char[], String)`.
* Merge branch 'pingunaut-1166_more_secure_password_hashes' into master.Florian Zschocke2019-11-063-4/+568
|\
| * Use the new PasswordHash classes.Florian Zschocke2019-11-053-219/+57
| | | | | | | | | | | | Integrate the `PasswordHash` class and subclass in the user and password editing and authentication. Replaces the old code and the previous `SecurePasswordHashingUtils` class.
| * Add support for PBKDF2 to PasswordHashFlorian Zschocke2019-11-052-10/+326
| | | | | | | | | | | | | | | | Integrate the work of pingunaut to add support for PBKDF2 password hashing. A new class `PasswordHashPbkdf2` is added, which builds on his `SecurePasswordHashUtils` class, but makes it a subclass of `PasswordHash`. This will replace the original class when integrating the new PasswordHash way into GitBlit.
| * Add a PasswordHash class as a central place to deal with password hashes.Florian Zschocke2019-11-051-0/+220
| | | | | | | | | | | | | | | | | | | | | | | | Instead of having to deal with the implementation details of hashing and verifying passwords in multiple places, have a central unit be responsible for it. Otherwise we need to edit three different places when adding a new hashing scheme. With this class adding a new hashing scheme just requires creating a new subclass of `PasswordHash` and registering its type in the enum `PasswordHash.Type`. The rest of the code will use a common interface for all hashing schemes and doesn't need to be changed when a new one is added.
| * Update AuthenticationManager to update weakly stored passwords on loginMartin Spielmann2017-01-071-4/+20
| |
| * Added possibility to use secure hashes to store passwordsMartin Spielmann2017-01-011-0/+174
| | | | | | | | Addresses #1166
* | Escape folder names in JGitUtils to allow special characters. Fixes #999Martin Spielmann2019-06-101-3/+3
| |
* | Do not resolve symbolic links to repositories.Florian Zschocke2019-06-101-7/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When symbolic links under the base repository folder point to repositories outside the base repository folder, the forming of relative repository names failed and resulted in NullPointerExceptions. Create the relative path by not following symbolic links, i.e. the link name is taken as is and not resolved to the external path. This also changes the whole `exactPath` method to work on Paths, instead of Files. Fixes #891 and fixes #837.
* | Reindex tickets on server start if no index existsFlorian Zschocke2017-03-051-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Check if tickets need to be reindexed when the server starts. This is the case if no ticket index exists. In that case the ticket index is built. This is done during the start of the `ITicketService`. For this the interface of `ITicketService` needed to change. The `start` method was defined abstract and the specific ticket services had to implement it. None does any real starting stuff in it. The `start` method is now final. It calls a new abstract method `onStart` which the specific ticket services need to implement. In the existing implementations I just changed `start` to `onStart`.
* | Introduce an index version for the ticket indexFlorian Zschocke2017-03-051-0/+98
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to be able to update the index definition, the ticket index is assigned a version number, 2. This way the definiton can be updated and compatability with existing index files can be checked. The actual index is stored in a directory of name `indexVersion_codecVersion`. This wayit is veriy easy to check if an index of a certain version exists on the filesystem. It allows to have multiple indexes of different versions present, so that a downgrade of the software is possible without having to reindex again. Of coure, this is only possible if no new tickets were created since these would be missing in the old index. A new class `LuceneIndexStore` is introduced, which abstracts away the versioned index directory. The idea is, that this provides one place to keep the Lucene codec version and to allow to code compatibility rules into this class, so that older indices can still be used if they are compatible.
* | Fix #1114 HttpUtils getGitblitURL does not support nonstandard portsJan Breuer2017-02-151-1/+3
| | | | | | | | | | X-Forwarded-Host can contain port number and it is added twice in that situation This fix just prevent adding port number if it is already there
* | Sending email (certificate zip file) based on locale that user selectedwilliam2017-01-241-2/+30
|/
* Merge branch 'rcaa-master' into master.Florian Zschocke2016-12-131-0/+83
|\
| * Introduce SecureRandom wrapper for properly seeded static instancesFlorian Zschocke2016-12-121-0/+83
| | | | | | | | | | | | | | | | | | | | | | | | | | Introduce our own wrapper `SecureRandom` around `java.security.SecureRandom`. This a) makes sure that the PRNG is seeded on creation and not when random bytes are retrieved, and b) uses a static instance in the `UserModel` so that lags do not occur during operation due to potentially seeding getting blocked on Unix when reading from the system's entropy pool. To keep the random data still secure, the static instance will reseed all 24 hours, also a functionality of the wrapper class. This fixes #1063 and extends and closes PR #1116
* | Merge branch 'fixMentionsInTickets-985'Florian Zschocke2016-12-121-2/+3
|\ \
| * | Fix user mention regular expression and group replacement.merged--fixMentionsInTickets-985Florian Zschocke2016-12-101-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The regular expression used for user mentions used to work only inside sentences. Also, since it tested for whitespace, the whitespace would get replaced, too, which would join lines together. Instead the new regex uses boundary matchers to match against word boundaires. As these are not capturing only the actual user mention can be captured and is then replaced. Also, this way the regex can ignore punctuation like in "@jim, look at this." Since Gibtlit now requires Java 7 we can use named capture groups. This makes the use of a centrally defined regular expression much safer. The (admittedly only) group to capture the user name is named "user" and can be referenced by this name. By using the name instead of a group number, the regex could be changed without the code using it breaking because the group number changed. A simple test is added for user mentions, which unfortunately has to deal with the full markdown replacement, too. Fixes #985
| * | Use REGEX_TICKET_MENTION instead of hardcoded regular expressionGlenn Matthys2016-12-101-1/+2
| |/
* | Merge pull request #1142 from fzs/merge-strategyJames Moger2016-10-281-65/+278
|\ \ | | | | | | Merge strategy
| * | Add integration strategy to merge tickes fast-forward or with commit.Florian Zschocke2016-10-281-65/+278
| |/ | | | | | | | | | | | | | | | | | | | | | | | | Add the option to merge a ticket branch to the integration branch only when it can be fast-forwarded, or always with a merge commit, or by fast-foward if possible, otherwise with a merge commit. Adds a new property ticket.mergeType with the valid values FAST_FOWARD_ONLY, MERGE_ALWAYS and MERGE_IF_NECESSARY. Merging and canMerge were refactored to make use of a new IntegrationStrategy class for each type of strategy.
* / Issue #1076: load commit cache in a background threadTom2016-10-272-51/+68
|/ | | | | | | | | | * Make the CommitCache fully thread-safe. It was using a ConcurrentHashMap containing lists, but then handed out these lists. It also did multiple operations on that map that as a whole should be atomic. * Use isEmpty() instead of size() == 0. * Run the loading of the commit cache in a background daemon thread
* Merge pull request #1055 from gitblit/1048-TicketReferencesPaul Martin2016-06-181-3/+168
|\ | | | | Ticket Reference handling #1048
| * Ticket Reference handling #1048Paul Martin2016-04-271-3/+168
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | + Supports referencing: + Tickets from other tickets via comments + Tickets from commits on any branch + Common TicketLink class used for both commits and tickets + TicketLink is temporary and persisted to ticket as a Reference + Support deletion of ticket references + Rebasing patchsets/branches will generate new references + Deleting old patchsets/branches will remove the relevant references + Substantial testing of use cases + With and without patchsets, deleting, amending + BranchTicketService used during testing to allow end-to-end ref testing + Relocated common git helper functions to JGitUtils
* | fix baseURL handling in HttpUtils, fixes #1083Dirk Steinkopf2016-06-121-2/+14
|/
* Fix for #962 - Delete patchset abilityPaul Martin2016-04-061-7/+3
|
* Friendly URL for EditFile Page #974Paul Martin2016-03-271-0/+17
| | | | + Prevent Edit of old doc version
* Document edit capability via ProseMirror submodule #974Paul Martin2016-03-271-0/+131
| | | | | | | | | | | | + New docEdit page with links from docPage and docList + Bespoke menu system with full screen edit mode + npm required for building client side scripts + Ant script added for BuildUI which performs npm commands + Update font-awesome to 4.5.0 + Factor out to JGitUtils common code in BranchTicketService for EditFilePage + getTreeEntries + commitIndex + Merge capability for document editing
* Fix for #976 - Filestore links via browserPaul Martin2015-12-255-47/+196
| | | | | | | | | | | | | + GitLFS client support + FilestoreModel now parses meta file + Read meta heading from cache if available + Authentication based on accept headers for browser view filestore login + PathModel & PathChangeModel now understands filestore items + Zip & Rar downloads contain include filestore items + Filestore servlet returns LFS JSON error only if accepted by client + DiffStat now knows repository to allow identification of filestore items + Filestore items identified and returned via view, raw & blob links on blame, commitDiff, commit and Tree pages
* Fix 2 possible NullPointer occurencesmarco2015-11-231-1/+10
|
* Git-LFS supportPaul Martin2015-10-101-7/+14
| | | | | | | | | | | | | | + Metadata maintained in append-only JSON file providing complete audit history. + Filestore menu item + Lists filestore items + Current size and availability + Link to GitBlit Filestore help page (top right) + Hooks into existing repository permissions + Uses default repository path for out-of-box operation with Git-LFS client + accessRestrictionFilter now has access to http method and auth header + Testing for servlet and manager
* Use author date to be consistent with other tools (fixes #919)James Moger2015-09-182-3/+6
|
* Update to Pegdown 1.5.0James Moger2015-09-181-1/+2
|
* Merged #258 "Create an avatar provider that defaults to Gravatar"James Moger2015-06-151-2/+2
|\
| * Revised AvatarGenerator to be injectableJames Moger2015-06-151-2/+2
| |
* | Bump to JGit 4.0.0Luca Milanesio2015-06-123-18/+18
|/ | | | | JGit 4.0.0 fixes a memory leak but introduces a non-compatible change for closing the RevWalk: before it was release() but now is close()
* Implement configurable tab length support for blob viewsJames Moger2015-05-223-21/+48
|
* Cleanup diff rename outputJames Moger2015-05-221-1/+2
|
* Parse X509 DN with LdapNameJames Moger2015-05-221-10/+12
|
* Add links to commit diff and blob diff pages to toggle whitespace settingJames Moger2015-03-071-6/+14
|
* Add DiffComparator argument to all DiffUtils calls, default to ignore all ↵James Moger2015-03-071-18/+52
| | | | whitespace
* Restore tab conversion to 4 spaces in HTML diff outputJames Moger2015-03-071-3/+5
|
* Merge branch 'ticket/244' into developJames Moger2015-03-071-0/+33
|\
| * Minor refactoring of user/team checksummingJames Moger2015-03-071-0/+33
| |
| * Whitelist the "target" link attribute in the XSS filterJames Moger2014-11-041-1/+1
| |
| * Fix backslash regression in relative path determiniationJames Moger2014-10-131-1/+1
| |
* | Update SLF4j, JGit, Groovy, BouncyCastle, Mina, Gson, Freemarker, libpam4j, ↵James Moger2015-03-052-2/+18
| | | | | | | | args4j, Jedis, waffle-jna, Unboundid
* | #230 - Improve empty folder navigation.Milos Cubrilo2015-01-112-202/+392
| | | | | | | | Empty folders are automatically skipped when browsing repository tree (similar to github "folder jumping" feature).
* | Opacity adjustments for image diffsTom2014-11-121-1/+1
| | | | | | | | | | | | | | | | * ImageDiffHandler adds the slider; styled in gitblit.css * imgdiff.js is a little bottom-loaded Javascript that adjusts the opacity on sliders' scroll events. * The three diff pages add this bottom script to the page if needed * GitBlitDiffFormatter: center image diffs.
* | Image diffsTom2014-11-113-20/+255
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Ticket 88: https://dev.gitblit.com/tickets/gitblit.git/88 Based on Lea Verou's pure CSS slider: http://lea.verou.me/2014/07/image-comparison-slider-with-pure-css/ * Add a callback interface, pass it through DiffUtils to the GitBlitDiffFormatter. Is needed because the rendering needs access to the repositoryName and other things that are known only at higher levels. * New class ImageDiffHandler responsible for rendering an image diff. Called for all binary diffs, doesn't do anything if it's not an image. HTML is generated via JSoup: no worries about forgetting to close a tag, not about HTML escaping, nor about XSS. * The 3 diff pages set up such an ImageDIffHandler and pass it along. * CSS changes: from Lea Verou, with some minor improvements. I think in the long run there'll be no way around rewriting the HTML diff formatter from scratch, not using the standard JGit DiffFormatter at all.
* | Fix a copy/paste error in a comment.Tom2014-11-061-3/+3
| |
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 01:25:58 +0000