| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
Zero out the password to remove it from memory after use.
This is only a first step, implementing it for one method:
`AuthenticationManager.authenticate(String, char[], String)`.
|
| |
|
|
|
|
|
|
|
|
| |
The upgrade of a MD5 stored password hash to a PBKDF password hash
destroys the stored password. The has check zeroes out the password that
is tested, so that the new hash is built over the zeroed out value.
This fix prevents that an also adds a check to the test.
Fixes #1335
|
| |
|
|
|
|
|
|
|
|
|
| |
Due to a wrong comparison, when loading the preferred locale in the
user preferences page, in cases like `zh_CN` or `de_DE` the wrong
locale would be chosen.
As with too many things, the code is duplicated on the `UserPage`
and the `EditUserPage`. And they differ. So extract the choosing of
the preferred language for display into a method in the (more up-to-date)
`UserPage` and call that from the `EditUserPage`.
|
| |
|
|
|
|
|
|
| |
If, for example, an external site links to a docs page or a specific
doc page, and the branch that link points to is no longer existing,
an internal error happens due to a NPE.
The NPE is guarded against and a No Docs page is returned.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Renames `static final` variables according to convention to be in all
upper case. That makes it easier to see that in an `equals` comparison
the final variable should come first as it will not trigger a NPE.
Also strip parameters from the URL when extracting the repository
name from it. Parameters can not be part of a repository name, and
this way an empty repository name can be detected.
Fixes #1092
|
| | |
|
| | |
|
| |
|
|
|
| |
They will need to be called with the classpath and main class now,
instead of simply using the Jar.
|
| |
|
|
|
|
|
|
| |
When GitBlit server did not start properly, is running but couldn't
start the `PluginManager`, then stopping the server via the `--stop`
argument on the command line resulted in a NullpointerException.
Which left the server running. Now this is prevented and the server
will actually shut down.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The (moxie and other) Launcher do not work with Java 9 and later anymore.
It used to dynamically extend the classpath, misusing an internal
interface of the `URLClassLoader`. This is no longer possible since Java 9,
which closed that path and does not offer any way to dynamically extend
the classpath during runtime.
So the choice is between providing one large Jar with everything in it,
providing a Jar that has the Jars in `ext` listed explicitly in its
manifest, and specifying the classpath on the command line where
the `ext` directory can be added and all contained jar files will
be put on the classpath.
The motivation for the Launcher class was to be able to simply drop
new jar files into a directory and they will be picked up at the
application start, without having to specify a classpath. We opt
for solution three here. This way jar files can still be dropped
into the ext directory, albeit the directory needs to be added to
the classpath on the command line. Unfortunately using a wildcard
is not possible in the manifest file. We change the calls in the
script files accordingly. This seems like a good compromise,
since no one will run the application manually typing the whole
commandline anyway.
This also does away with the splash screen, by the way. Again,
doesn't seem like a big loss, as I don't think it was ever shown
for the Authority.
Personally, I am not convinced that it is the best way, because
I don't really think that the use case of dropping whatever jar
files into the `ext` directory is a valid one that happened a lot.
This does not yet fix the client programs, which still use a
Launcher. Maybe for them a all-in-one Jar is a better solution.
Fixes #1262
Fixes #1294
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
With three versions about to be supported right now
it is getting more important to know which Java version is
used when building and testing Gitblit, and which Java
version is used to run Gitblit.
So have the Moxie build report the javac version, and the
JVM version that Moxie is running on. These might be
different.
The `GitBlitServer` will print the Java version and vendor,
so that it gets visible if a user would paste a log output
for analysis.
|
| |\ |
|
| | |
| |
| |
| |
| |
| | |
Integrate the `PasswordHash` class and subclass in the user
and password editing and authentication. Replaces the old code and
the previous `SecurePasswordHashingUtils` class.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Integrate the work of pingunaut to add support for PBKDF2 password
hashing. A new class `PasswordHashPbkdf2` is added, which builds
on his `SecurePasswordHashUtils` class, but makes it a subclass
of `PasswordHash`. This will replace the original class when
integrating the new PasswordHash way into GitBlit.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Instead of having to deal with the implementation details of hashing
and verifying passwords in multiple places, have a central unit
be responsible for it. Otherwise we need to edit three different places
when adding a new hashing scheme.
With this class adding a new hashing scheme just requires creating a
new subclass of `PasswordHash` and registering its type in the enum
`PasswordHash.Type`.
The rest of the code will use a common interface for all hashing
schemes and doesn't need to be changed when a new one is added.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| | |
Addresses #1166
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Remove guard rails at the left to get a cleaner look.
To make it easier to determine which repositories belong to which
folder, display the repositories first, then the subfolder.
Decreased indentation a little.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix for #725.
Also covers #527.
This is a squashed commit of the following commits,
merging and closing pull request #1267:
commit 55fee41769ffab1aff59344fe117d481687aa743
Author: Martin Spielmann <mail@martinspielmann.de>
Date: Mon Nov 6 17:19:53 2017 +0100
declared local variable final to fix travis build
commit 131e4d14a48c2a3fdce621fa54637de50684d040
Author: Martin Spielmann <mail@martinspielmann.de>
Date: Mon Nov 6 14:11:55 2017 +0100
fix formatting (use tab for identation)
commit 8da5f6d5967894f157251c320928acdab3a451e7
Author: Martin Spielmann <mail@martinspielmann.de>
Date: Mon Nov 6 13:45:39 2017 +0100
Add repositoryListType tree. Addresses #725, 527 and includes #1224
commit 6c061651fb95212ae242dbca06c8d9ef80146201
Merge: f365daa3 40ee9653
Author: Martin Spielmann <mail@martinspielmann.de>
Date: Sat Nov 4 13:19:08 2017 +0100
Merge remote-tracking branch 'collapsible/ticket/527' into 725_nested_repos
commit f365daa3b1d6be135365f9b11bdece320beabf4e
Author: Martin Spielmann <mail@martinspielmann.de>
Date: Sat Nov 4 13:10:24 2017 +0100
first working version of tree model
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When symbolic links under the base repository folder point to repositories
outside the base repository folder, the forming of relative repository
names failed and resulted in NullPointerExceptions.
Create the relative path by not following symbolic links, i.e. the link
name is taken as is and not resolved to the external path.
This also changes the whole `exactPath` method to work on Paths, instead
of Files.
Fixes #891 and fixes #837.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
server.httpTimeout
setting to allow cloning big repositories over HTTP. This change fixes the java.util.concurrent.TimeoutException issue described in https://groups.google.com/d/topic/gitblit/UvDC48NpmF4/discussion .
|
| |\ \
| | |
| | | |
1226 sshkey form feedback
|
| | | | |
|
| | | |
| | |
| | |
| | | |
This reverts commit 51b9b7f9016899bbf8a39f6bc33a916a3d2b3838.
|
| |/ /
| |
| |
| |
| | |
This reverts commit c3e317a28899915036517c3a05a2b883796f633d.
Was added by mistake here. Should go into own branch to be able to merge with upstream using separate PR
|
| | |
| |
| |
| | |
if key is empty of can not be parsed, form did provide any feedback to
user before
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Check if tickets need to be reindexed when the server starts. This is the
case if no ticket index exists. In that case the ticket index is built.
This is done during the start of the `ITicketService`.
For this the interface of `ITicketService` needed to change. The `start`
method was defined abstract and the specific ticket services had to
implement it. None does any real starting stuff in it.
The `start` method is now final. It calls a new abstract method `onStart`
which the specific ticket services need to implement. In the existing
implementations I just changed `start` to `onStart`.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Change from the index version of a repository index being stored in a config
file to also using index directories with the version in the name. For that,
`LuceneRepoIndexStore` is added, which adds the fixed `lucene` part to the path.
It also gives out the location of the `lucene.conf` file, which is now stored in
the index directory. This way it is automatically deleted when the directory is
deleted.
I believe that it should also provide means to store branch aliases and tips,
i.e. hide the config file completely. But this isn't implemented with this
commit, the `LuceneService` is still aware that a config file is used.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to be able to update the index definition, the ticket index
is assigned a version number, 2. This way the definiton can be updated
and compatability with existing index files can be checked.
The actual index is stored in a directory of name `indexVersion_codecVersion`.
This wayit is veriy easy to check if an index of a certain version exists on the
filesystem. It allows to have multiple indexes of different versions present,
so that a downgrade of the software is possible without having to reindex
again. Of coure, this is only possible if no new tickets were created since these
would be missing in the old index.
A new class `LuceneIndexStore` is introduced, which abstracts away the versioned
index directory. The idea is, that this provides one place to keep the Lucene
codec version and to allow to code compatibility rules into this class, so that
older indices can still be used if they are compatible.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In order to support sorting, Lucene 5 needs DocValue fields in an index.
So in order to make the ticket index work, i.e. show any tickets on the
tickets page, the ticket index needs to be changed, adding a DocValues
field.
The DocValuesFields are implemented for the current index, which does not
use multiple values for a field. Should at any time in the future an
existing numeric field get multiple values stored in a document, then
the index needs to know that and use SortedNumeric DocValues and SortFields
instead.
|
| | |
| |
| |
| |
| | |
Also replace deprecated `search` method with the one without a filter
argument, since the filter isn't used anyhow.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Update the link target to the query parser syntax page of the 5.5 version.
Refactor the `LuceneSearchPage` to use an `ExternalLink` for the link
to the lucene page, so that the link target is kept and updated in the
Java code. Move the link out of the language files. This was way too
cumbersome to update the link target (which is probably why no one ever
did).
The query help text is changed to contain a variable:
`gb.queryHelp = here be some ${querySyntax} help`, which is replaced by
Wicket with a link.
The link text is a new lange file property: `gb.querySyntax`.
|
| | | |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| | |
X-Forwarded-Host can contain port number and it is added twice in that situation
This fix just prevent adding port number if it is already there
|
| | | |
|
| |\ \
| | |
| | | |
List branches from only one repository if a repository name is given
|
| | | |
| | |
| | |
| | |
| | |
| | | |
e.g.: https://localhost:8443/rpc/?req=LIST_REPOSITORY_BRANCHES&name=repo.git
Fix #1184
|
| | | | |
|
| | | | |
|
