| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Update JSoup to version 1.16.2.
This requires renaming `Whitelist` to `Safelist`,
because the class name was changed in version 1.15.1
in a breaking change.
|
| |\
| |
| | |
Add SHA-256 hash calculation to StringUtils
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The calculation of a MD5 and SHA-1 sum are all message digest implementations.
Instead or replicating the same code over and over again, provide a
common function for message digest calculation which can do this for
different algorithms based on the algorithm name passed as a parameter.
Then replace the existing `getMD5` and `getSHA1` functions by calling
the common function passing the respective algorithm name.
|
| |/ |
|
| |
|
|
|
|
|
| |
Catch all exceptions, and not just IOExceptions, from bugtraq formatter.
If an exception is caught, ignore the bugtraq handling of the commit
message and show the plain message. Way better then not showing anything
just because something broke in bugtraq.
|
| |
|
|
|
|
|
| |
Updating JGit fixed the issue that a commit in a repo with an unknown
character set throws an exception. This would crash the RepositoryManager.
The extra handling, which patches JGit classes during runtime is completely
removed.
|
| |
|
|
|
| |
Unknown encodings may cause gitblit to fail to start. This modification
injects a wrapper class in the JGit internal to fake a valid return value.
|
| |
|
|
|
|
|
|
|
|
|
| |
The version 1.69 is chosen instead of 1.70, because the moxie build
would not download the jars, trying to download `...1.7.jar` instead.
Three class deprecations are fixed. `PEMWriter` and `X509Extension`
are replaced with their drop-in replacements `JcaPEMWriter` and
`Extension`. The `PasswordFinder` deprecation note says that "it is
no longer used". It also was never used in Gitblit's code, so it is
removed from the key par provider class.
|
| | |
|
| |
|
|
|
| |
Tabs are not always 4 spaces large. It completes the line to the 4th
character.
|
| |
|
|
|
|
|
| |
To help with analysis, try to detect if the instance is running inside
a container. Some containers are detected, but this is probably not
exhaustive. At least a Docker container should be detectable.
Report in the runtime manager to the log if a container was detected.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The `daysAgo` method seemed to want to normalize on a calendar day? I
can't really tell what it was trying to do, but the problem is that it
does not take into account any time shift due to time zones so it never
really worked outside of GMT.
So instead a new `calendarDaysAgo` method is added (because I am unsure
on what the `daysAgo` method is trying to do. It can probably be removed).
The new method cleanly calculates difference in calendar days because it
normalizes the two given time stamps on the same time zone.
The `timeAgo` method now used the new method. This fixes #1248.
|
| |
|
|
|
|
|
|
|
|
| |
For some reason the `TimeUtilsTest` class is, like almost all tests, in
the `com.gitblit.tests` package. But this way all methods in classes
which we might predominately need for tests have to be public.
So move the unit test class `TimeUtilsTest` to the same package as the
class it is testing, i.e. `com.gitblit.utils.TimeUtils`.
This way we ca set the new added methods which get the current time
passed in to be at least not public.
|
| |
|
|
|
|
|
|
|
| |
Add tests for `timeAgo` to analyse issue #1248.
The tests are dependent on when they run as they time functions use the
current date and time. To make them testable in a reproducible way, we
need the ability to pass in what we think is "now". So add overloaded
methods that take a `now` parameter so that we can pass in the current
time.
|
| |
|
|
|
|
| |
Zero out the password to remove it from memory after use.
This is only a first step, implementing it for one method:
`AuthenticationManager.authenticate(String, char[], String)`.
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Integrate the `PasswordHash` class and subclass in the user
and password editing and authentication. Replaces the old code and
the previous `SecurePasswordHashingUtils` class.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Integrate the work of pingunaut to add support for PBKDF2 password
hashing. A new class `PasswordHashPbkdf2` is added, which builds
on his `SecurePasswordHashUtils` class, but makes it a subclass
of `PasswordHash`. This will replace the original class when
integrating the new PasswordHash way into GitBlit.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of having to deal with the implementation details of hashing
and verifying passwords in multiple places, have a central unit
be responsible for it. Otherwise we need to edit three different places
when adding a new hashing scheme.
With this class adding a new hashing scheme just requires creating a
new subclass of `PasswordHash` and registering its type in the enum
`PasswordHash.Type`.
The rest of the code will use a common interface for all hashing
schemes and doesn't need to be changed when a new one is added.
|
| | | |
|
| | |
| |
| |
| | |
Addresses #1166
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When symbolic links under the base repository folder point to repositories
outside the base repository folder, the forming of relative repository
names failed and resulted in NullPointerExceptions.
Create the relative path by not following symbolic links, i.e. the link
name is taken as is and not resolved to the external path.
This also changes the whole `exactPath` method to work on Paths, instead
of Files.
Fixes #891 and fixes #837.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check if tickets need to be reindexed when the server starts. This is the
case if no ticket index exists. In that case the ticket index is built.
This is done during the start of the `ITicketService`.
For this the interface of `ITicketService` needed to change. The `start`
method was defined abstract and the specific ticket services had to
implement it. None does any real starting stuff in it.
The `start` method is now final. It calls a new abstract method `onStart`
which the specific ticket services need to implement. In the existing
implementations I just changed `start` to `onStart`.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to be able to update the index definition, the ticket index
is assigned a version number, 2. This way the definiton can be updated
and compatability with existing index files can be checked.
The actual index is stored in a directory of name `indexVersion_codecVersion`.
This wayit is veriy easy to check if an index of a certain version exists on the
filesystem. It allows to have multiple indexes of different versions present,
so that a downgrade of the software is possible without having to reindex
again. Of coure, this is only possible if no new tickets were created since these
would be missing in the old index.
A new class `LuceneIndexStore` is introduced, which abstracts away the versioned
index directory. The idea is, that this provides one place to keep the Lucene
codec version and to allow to code compatibility rules into this class, so that
older indices can still be used if they are compatible.
|
| | |
| |
| |
| |
| | |
X-Forwarded-Host can contain port number and it is added twice in that situation
This fix just prevent adding port number if it is already there
|
| |/ |
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Introduce our own wrapper `SecureRandom` around `java.security.SecureRandom`.
This a) makes sure that the PRNG is seeded on creation and not when
random bytes are retrieved, and
b) uses a static instance in the `UserModel` so that lags do not occur
during operation due to potentially seeding getting blocked on Unix
when reading from the system's entropy pool. To keep the random data
still secure, the static instance will reseed all 24 hours, also a
functionality of the wrapper class.
This fixes #1063 and extends and closes PR #1116
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The regular expression used for user mentions used to work
only inside sentences. Also, since it tested for whitespace, the
whitespace would get replaced, too, which would join lines together.
Instead the new regex uses boundary matchers to match against
word boundaires. As these are not capturing only the actual user
mention can be captured and is then replaced. Also, this way the
regex can ignore punctuation like in "@jim, look at this."
Since Gibtlit now requires Java 7 we can use named capture groups.
This makes the use of a centrally defined regular expression much
safer. The (admittedly only) group to capture the user name is named
"user" and can be referenced by this name. By using the name instead
of a group number, the regex could be changed without the code using
it breaking because the group number changed.
A simple test is added for user mentions, which unfortunately
has to deal with the full markdown replacement, too.
Fixes #985
|
| | |/ |
|
| |\ \
| | |
| | | |
Merge strategy
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add the option to merge a ticket branch to the integration branch
only when it can be fast-forwarded, or
always with a merge commit, or
by fast-foward if possible, otherwise with a merge commit.
Adds a new property ticket.mergeType with the valid values
FAST_FOWARD_ONLY, MERGE_ALWAYS and MERGE_IF_NECESSARY.
Merging and canMerge were refactored to make use of a new
IntegrationStrategy class for each type of strategy.
|
| |/
|
|
|
|
|
|
|
|
| |
* Make the CommitCache fully thread-safe. It was using a
ConcurrentHashMap containing lists, but then handed out these lists.
It also did multiple operations on that map that as a whole should
be atomic.
* Use isEmpty() instead of size() == 0.
* Run the loading of the commit cache in a background daemon thread
|
| |\
| |
| | |
Ticket Reference handling #1048
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
+ Supports referencing:
+ Tickets from other tickets via comments
+ Tickets from commits on any branch
+ Common TicketLink class used for both commits and tickets
+ TicketLink is temporary and persisted to ticket as a Reference
+ Support deletion of ticket references
+ Rebasing patchsets/branches will generate new references
+ Deleting old patchsets/branches will remove the relevant references
+ Substantial testing of use cases
+ With and without patchsets, deleting, amending
+ BranchTicketService used during testing to allow end-to-end ref testing
+ Relocated common git helper functions to JGitUtils
|
| |/ |
|
| | |
|
| |
|
|
| |
+ Prevent Edit of old doc version
|
| |
|
|
|
|
|
|
|
|
|
|
| |
+ New docEdit page with links from docPage and docList
+ Bespoke menu system with full screen edit mode
+ npm required for building client side scripts
+ Ant script added for BuildUI which performs npm commands
+ Update font-awesome to 4.5.0
+ Factor out to JGitUtils common code in BranchTicketService for EditFilePage
+ getTreeEntries
+ commitIndex
+ Merge capability for document editing
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
+ GitLFS client support
+ FilestoreModel now parses meta file
+ Read meta heading from cache if available
+ Authentication based on accept headers for browser view filestore login
+ PathModel & PathChangeModel now understands filestore items
+ Zip & Rar downloads contain include filestore items
+ Filestore servlet returns LFS JSON error only if accepted by client
+ DiffStat now knows repository to allow identification of filestore items
+ Filestore items identified and returned via view, raw & blob links on
blame, commitDiff, commit and Tree pages
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
+ Metadata maintained in append-only JSON file providing complete audit
history.
+ Filestore menu item
+ Lists filestore items
+ Current size and availability
+ Link to GitBlit Filestore help page (top right)
+ Hooks into existing repository permissions
+ Uses default repository path for out-of-box operation with Git-LFS
client
+ accessRestrictionFilter now has access to http method and auth header
+ Testing for servlet and manager
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| |/
|
|
|
| |
JGit 4.0.0 fixes a memory leak but introduces a non-compatible change
for closing the RevWalk: before it was release() but now is close()
|
