summaryrefslogtreecommitdiffstats
path: root/src/main/java/com/gitblit
Commit message (Collapse)AuthorAgeFilesLines
* Delete password from memory in AuthenticationManagerFlorian Zschocke2020-04-052-19/+38
| | | | | | Zero out the password to remove it from memory after use. This is only a first step, implementing it for one method: `AuthenticationManager.authenticate(String, char[], String)`.
* 🦟 fix: Password hash upgrade kills existing passwordsFlorian Zschocke2020-04-051-17/+26
| | | | | | | | | | The upgrade of a MD5 stored password hash to a PBKDF password hash destroys the stored password. The has check zeroes out the password that is tested, so that the new hash is built over the zeroed out value. This fix prevents that an also adds a check to the test. Fixes #1335
* Fix user preferences selecting the wrong preferred locale.Florian Zschocke2019-11-112-46/+28
| | | | | | | | | | | Due to a wrong comparison, when loading the preferred locale in the user preferences page, in cases like `zh_CN` or `de_DE` the wrong locale would be chosen. As with too many things, the code is duplicated on the `UserPage` and the `EditUserPage`. And they differ. So extract the choosing of the preferred language for display into a method in the (more up-to-date) `UserPage` and call that from the `EditUserPage`.
* Guard docs pages against bad URLsFlorian Zschocke2019-11-112-0/+9
| | | | | | | | If, for example, an external site links to a docs page or a specific doc page, and the branch that link points to is no longer existing, an internal error happens due to a NPE. The NPE is guarded against and a No Docs page is returned.
* Add `clone.bundle` as known command, but reject it as not implemented.Florian Zschocke2019-11-112-2/+19
|
* Fix NPE when no action can be parsed from the URLFlorian Zschocke2019-11-112-30/+45
| | | | | | | | | | | | Renames `static final` variables according to convention to be in all upper case. That makes it easier to see that in an `equals` comparison the final variable should come first as it will not trigger a NPE. Also strip parameters from the URL when extracting the repository name from it. Parameters can not be part of a repository name, and this way an empty repository name can be detected. Fixes #1092
* Update SSHD dependency to version 1.2.0.Florian Zschocke2019-11-103-3/+3
|
* Update SSHD dependency to version 1.1.0.Florian Zschocke2019-11-103-7/+9
|
* Remove Launcher from Manager and Federation Client.Florian Zschocke2019-11-081-165/+0
| | | | | They will need to be called with the classpath and main class now, instead of simply using the Jar.
* Fix NullpointerException when stopping GitBlit Server.Florian Zschocke2019-11-071-5/+7
| | | | | | | | When GitBlit server did not start properly, is running but couldn't start the `PluginManager`, then stopping the server via the `--stop` argument on the command line resulted in a NullpointerException. Which left the server running. Now this is prevented and the server will actually shut down.
* For Java 9+ define the classpath instead of using a Launcher.Florian Zschocke2019-11-075-317/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The (moxie and other) Launcher do not work with Java 9 and later anymore. It used to dynamically extend the classpath, misusing an internal interface of the `URLClassLoader`. This is no longer possible since Java 9, which closed that path and does not offer any way to dynamically extend the classpath during runtime. So the choice is between providing one large Jar with everything in it, providing a Jar that has the Jars in `ext` listed explicitly in its manifest, and specifying the classpath on the command line where the `ext` directory can be added and all contained jar files will be put on the classpath. The motivation for the Launcher class was to be able to simply drop new jar files into a directory and they will be picked up at the application start, without having to specify a classpath. We opt for solution three here. This way jar files can still be dropped into the ext directory, albeit the directory needs to be added to the classpath on the command line. Unfortunately using a wildcard is not possible in the manifest file. We change the calls in the script files accordingly. This seems like a good compromise, since no one will run the application manually typing the whole commandline anyway. This also does away with the splash screen, by the way. Again, doesn't seem like a big loss, as I don't think it was ever shown for the Authority. Personally, I am not convinced that it is the best way, because I don't really think that the use case of dropping whatever jar files into the `ext` directory is a valid one that happened a lot. This does not yet fix the client programs, which still use a Launcher. Maybe for them a all-in-one Jar is a better solution. Fixes #1262 Fixes #1294
* Report Java versions used during build and server start.Florian Zschocke2019-11-071-0/+4
| | | | | | | | | | | | | | With three versions about to be supported right now it is getting more important to know which Java version is used when building and testing Gitblit, and which Java version is used to run Gitblit. So have the Moxie build report the javac version, and the JVM version that Moxie is running on. These might be different. The `GitBlitServer` will print the Java version and vendor, so that it gets visible if a user would paste a log output for analysis.
* Merge branch 'pingunaut-1166_more_secure_password_hashes' into master.Florian Zschocke2019-11-067-53/+636
|\
| * Use the new PasswordHash classes.Florian Zschocke2019-11-057-300/+108
| | | | | | | | | | | | Integrate the `PasswordHash` class and subclass in the user and password editing and authentication. Replaces the old code and the previous `SecurePasswordHashingUtils` class.
| * Add support for PBKDF2 to PasswordHashFlorian Zschocke2019-11-052-10/+326
| | | | | | | | | | | | | | | | Integrate the work of pingunaut to add support for PBKDF2 password hashing. A new class `PasswordHashPbkdf2` is added, which builds on his `SecurePasswordHashUtils` class, but makes it a subclass of `PasswordHash`. This will replace the original class when integrating the new PasswordHash way into GitBlit.
| * Add a PasswordHash class as a central place to deal with password hashes.Florian Zschocke2019-11-051-0/+220
| | | | | | | | | | | | | | | | | | | | | | | | Instead of having to deal with the implementation details of hashing and verifying passwords in multiple places, have a central unit be responsible for it. Otherwise we need to edit three different places when adding a new hashing scheme. With this class adding a new hashing scheme just requires creating a new subclass of `PasswordHash` and registering its type in the enum `PasswordHash.Type`. The rest of the code will use a common interface for all hashing schemes and doesn't need to be changed when a new one is added.
| * fix commentMartin Spielmann2017-01-071-1/+1
| |
| * Replaced duplicated strings by using constantMartin Spielmann2017-01-072-4/+4
| |
| * Update AuthenticationManager to update weakly stored passwords on loginMartin Spielmann2017-01-072-10/+55
| |
| * Added possibility to use secure hashes to store passwordsMartin Spielmann2017-01-014-3/+197
| | | | | | | | Addresses #1166
* | encoded email's sender name with utf-8.william2019-06-161-1/+1
| |
* | Remove "folding outlines" and sort repositories before subfolders.Florian Zschocke2019-06-152-19/+21
| | | | | | | | | | | | | | | | Remove guard rails at the left to get a cleaner look. To make it easier to determine which repositories belong to which folder, display the repositories first, then the subfolder. Decreased indentation a little.
* | Add support nested groups on the Repositories pageFlorian Zschocke2019-06-155-5/+546
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix for #725. Also covers #527. This is a squashed commit of the following commits, merging and closing pull request #1267: commit 55fee41769ffab1aff59344fe117d481687aa743 Author: Martin Spielmann <mail@martinspielmann.de> Date: Mon Nov 6 17:19:53 2017 +0100 declared local variable final to fix travis build commit 131e4d14a48c2a3fdce621fa54637de50684d040 Author: Martin Spielmann <mail@martinspielmann.de> Date: Mon Nov 6 14:11:55 2017 +0100 fix formatting (use tab for identation) commit 8da5f6d5967894f157251c320928acdab3a451e7 Author: Martin Spielmann <mail@martinspielmann.de> Date: Mon Nov 6 13:45:39 2017 +0100 Add repositoryListType tree. Addresses #725, 527 and includes #1224 commit 6c061651fb95212ae242dbca06c8d9ef80146201 Merge: f365daa3 40ee9653 Author: Martin Spielmann <mail@martinspielmann.de> Date: Sat Nov 4 13:19:08 2017 +0100 Merge remote-tracking branch 'collapsible/ticket/527' into 725_nested_repos commit f365daa3b1d6be135365f9b11bdece320beabf4e Author: Martin Spielmann <mail@martinspielmann.de> Date: Sat Nov 4 13:10:24 2017 +0100 first working version of tree model
* | collapsible group repositoriesybosy2019-06-153-3/+60
| |
* | Escape folder names in JGitUtils to allow special characters. Fixes #999Martin Spielmann2019-06-101-3/+3
| |
* | Null-safe compare for ticket milestones without due dateFritz Schrogl2019-06-101-2/+14
| |
* | Do not resolve symbolic links to repositories.Florian Zschocke2019-06-101-7/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When symbolic links under the base repository folder point to repositories outside the base repository folder, the forming of relative repository names failed and resulted in NullPointerExceptions. Create the relative path by not following symbolic links, i.e. the link name is taken as is and not resolved to the external path. This also changes the whole `exactPath` method to work on Paths, instead of Files. Fixes #891 and fixes #837.
* | Rename the setting to httpIdleTimeoutSebastiano Pilla2017-06-031-2/+2
| |
* | Adds theSebastiano Pilla2017-06-011-3/+3
| | | | | | | | | | | | server.httpTimeout setting to allow cloning big repositories over HTTP. This change fixes the java.util.concurrent.TimeoutException issue described in https://groups.google.com/d/topic/gitblit/UvDC48NpmF4/discussion .
* | Merge pull request #1239 from pingunaut/1226_sshkey_form_feedbackJames Moger2017-05-221-1/+1
|\ \ | | | | | | 1226 sshkey form feedback
| * | Remove unused codeMartin Spielmann2017-05-221-4/+0
| | |
| * | Revert "Fix nullpointer exception with unsupported URL protocol #1237"Martin Spielmann2017-05-221-1/+1
| | | | | | | | | | | | This reverts commit 51b9b7f9016899bbf8a39f6bc33a916a3d2b3838.
* | | Revert "Add feedback to SSH Key Form. #1226"Martin Spielmann2017-05-224-13/+1
|/ / | | | | | | | | This reverts commit c3e317a28899915036517c3a05a2b883796f633d. Was added by mistake here. Should go into own branch to be able to merge with upstream using separate PR
* | Add feedback to SSH Key Form. #1226Martin Spielmann2017-05-224-1/+13
| | | | | | | | if key is empty of can not be parsed, form did provide any feedback to user before
* | Fix nullpointer exception with unsupported URL protocol #1237Martin Spielmann2017-05-211-1/+1
| |
* | Reindex tickets on server start if no index existsFlorian Zschocke2017-03-057-17/+54
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Check if tickets need to be reindexed when the server starts. This is the case if no ticket index exists. In that case the ticket index is built. This is done during the start of the `ITicketService`. For this the interface of `ITicketService` needed to change. The `start` method was defined abstract and the specific ticket services had to implement it. None does any real starting stuff in it. The `start` method is now final. It calls a new abstract method `onStart` which the specific ticket services need to implement. In the existing implementations I just changed `start` to `onStart`.
* | Use versioned index directories for repository indices.Florian Zschocke2017-03-052-48/+72
| | | | | | | | | | | | | | | | | | | | | | | | | | Change from the index version of a repository index being stored in a config file to also using index directories with the version in the name. For that, `LuceneRepoIndexStore` is added, which adds the fixed `lucene` part to the path. It also gives out the location of the `lucene.conf` file, which is now stored in the index directory. This way it is automatically deleted when the directory is deleted. I believe that it should also provide means to store branch aliases and tips, i.e. hide the config file completely. But this isn't implemented with this commit, the `LuceneService` is still aware that a config file is used.
* | Introduce an index version for the ticket indexFlorian Zschocke2017-03-052-9/+107
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In order to be able to update the index definition, the ticket index is assigned a version number, 2. This way the definiton can be updated and compatability with existing index files can be checked. The actual index is stored in a directory of name `indexVersion_codecVersion`. This wayit is veriy easy to check if an index of a certain version exists on the filesystem. It allows to have multiple indexes of different versions present, so that a downgrade of the software is possible without having to reindex again. Of coure, this is only possible if no new tickets were created since these would be missing in the old index. A new class `LuceneIndexStore` is introduced, which abstracts away the versioned index directory. The idea is, that this provides one place to keep the Lucene codec version and to allow to code compatibility rules into this class, so that older indices can still be used if they are compatible.
* | Add DocValues to support sorting of ticket index fields.Florian Zschocke2017-03-051-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | In order to support sorting, Lucene 5 needs DocValue fields in an index. So in order to make the ticket index work, i.e. show any tickets on the tickets page, the ticket index needs to be changed, adding a DocValues field. The DocValuesFields are implemented for the current index, which does not use multiple values for a field. Should at any time in the future an existing numeric field get multiple values stored in a document, then the index needs to know that and use SortedNumeric DocValues and SortFields instead.
* | Replace deprecated BooleanQuery constructor with builder.Florian Zschocke2017-03-052-15/+13
| | | | | | | | | | Also replace deprecated `search` method with the one without a filter argument, since the filter isn't used anyhow.
* | Update link target to Lucene 5.5 query syntax, moving the link to the page.Florian Zschocke2017-03-0516-119/+139
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Update the link target to the query parser syntax page of the 5.5 version. Refactor the `LuceneSearchPage` to use an `ExternalLink` for the link to the lucene page, so that the link target is kept and updated in the Java code. Move the link out of the language files. This was way too cumbersome to update the link target (which is probably why no one ever did). The query help text is changed to contain a variable: `gb.queryHelp = here be some ${querySyntax} help`, which is replaced by Wicket with a link. The link text is a new lange file property: `gb.querySyntax`.
* | Remove obsolete Lucene version constants.Florian Zschocke2017-03-052-6/+0
| |
* | Bump to Lucene 5.5.2Luca Milanesio2017-03-052-26/+26
| |
* | Better Czech localizationJan Breuer2017-03-031-76/+76
| |
* | Fix #1114 HttpUtils getGitblitURL does not support nonstandard portsJan Breuer2017-02-151-1/+3
| | | | | | | | | | X-Forwarded-Host can contain port number and it is added twice in that situation This fix just prevent adding port number if it is already there
* | Add Czech localeJan Breuer2017-02-153-0/+848
| |
* | Merge pull request #1192 from mystygage/listBranchForRepositoryJames Moger2017-02-081-0/+4
|\ \ | | | | | | List branches from only one repository if a repository name is given
| * | List branches from only one repository if a repository name is givenMarkus Fömpe2017-01-261-0/+4
| | | | | | | | | | | | | | | | | | e.g.: https://localhost:8443/rpc/?req=LIST_REPOSITORY_BRANCHES&name=repo.git Fix #1184
* | | New Setting "Default Language" when creating user.william2017-02-084-29/+71
| | |
* | | fix bug "get user default language null exception"william2017-01-251-1/+5
| | |