summaryrefslogtreecommitdiffstats
path: root/src/main
Commit message (Collapse)AuthorAgeFilesLines
* Update some outdated, and sometimes wrong, logger format stringsFlorian Zschocke2023-10-2410-130/+95
|
* Merge pull request #1456 from flaix/sha256Florian Zschocke2023-10-151-31/+76
|\ | | | | Add SHA-256 hash calculation to StringUtils
| * Add function to calculate SHA-256 has sum to StingUtils.Florian Zschocke2023-10-151-0/+22
| |
| * Refactor StringUtils to provide message digest in common functionFlorian Zschocke2023-10-151-31/+54
| | | | | | | | | | | | | | | | | | | | The calculation of a MD5 and SHA-1 sum are all message digest implementations. Instead or replicating the same code over and over again, provide a common function for message digest calculation which can do this for different algorithms based on the algorithm name passed as a parameter. Then replace the existing `getMD5` and `getSHA1` functions by calling the common function passing the respective algorithm name.
* | Fix single quotes in MessageFormat patterns.Egor Shchegolkov2023-10-143-5/+5
|/
* Update Git clients list on empty repository pageFlorian Zschocke2023-10-1214-24/+24
| | | | | | | | | | | | The page shown for an empty repository lists suggestions for Git clients, mostly GUI ones, and links to their web pages. The TortoiseGit client entry is removed since the URL is no longer valid. The excellent client Fork is added to the closed source clients section. This commit also cleans up some other entries, fixing broken tags, escaping ampersands and removing outdated or wrong information.
* Improve Chinese translation of "fork"Florian Zschocke2023-10-091-17/+17
| | | | | | | The currently used translation of "fork" is ambiguous, using the same word as for "branch". Fixes #1448
* Adjust URLs to gitblit.github.io to point to gitblit-org.github.ioFlorian Zschocke2023-04-031-1/+1
| | | | | Adjust other references to the old 'gitblit' organisation on Github to point to the new 'gitblit-org' organisation.
* Merge pull request #1425 from srp-gmbh/jenkins_access_tokenFlorian Zschocke2022-12-091-1/+5
|\ | | | | Add support for Jenkins Git plugin access token, fixes #1423
| * Add support for Jenkins access token fixes #1423Tino Desjardins2022-09-031-1/+5
| |
* | Adjust path after moving from "gitblit" to "gitblit-org" on GithubFlorian Zschocke2022-12-092-2/+2
| |
* | fix: Fix broken pushes to ticketsFlorian Zschocke2022-12-073-8/+10
| | | | | | | | | | | | | | The update of JGit broke pushes to tickets. The ReceiveCommand now requires all three arguments, oldId, newId and name, to be not null. The ticket code handling pushes to tickets left name and old id as null in certain cases. This is fixed by always providing values.
* | fix: Fix incorrect text being copied by copy button on tickets pageFlorian Zschocke2022-12-061-1/+1
| | | | | | | | The merge step for using `pt` added the wrong text to the copy button.
* | Add french version of Empty Repository pageFlorian Zschocke2022-12-051-0/+60
| | | | | | | | Donated by @piradix
* | fix: Fix broken _de language fileFlorian Zschocke2022-12-051-2/+2
| | | | | | | | | | This fixes incorrect encodings in the _de language file which makes the pages crash.
* | fix: Correct misaligned images in primary repository URL displayFlorian Zschocke2022-12-051-2/+2
| | | | | | | | | | | | Adding style element `max-width:inherit` as suggested by @piradix, which makes the access restriction icon be part of the URL box again. This fixes #1437
* | Remove clippy.swf and update documentationFlorian Zschocke2022-12-032-1/+5
| | | | | | | | | | | | | | | | The `clippy.swf` Flash program is no longer needed and can be deleted. The configuration property is now incorrectly named, but we keep the name and update the documentation. Maybe it could be completely deleted one day, when the clipboard.js solution is known to work and be universally supported.
* | Replace SWF clippy with clipboard.js on ticket pageFlorian Zschocke2022-12-032-19/+12
| | | | | | | | | | The ticket page also has some copy-to-clipboard buttons, which get updated to work with JS instead of SWF.
* | Add a "Copied" tooltip to the copy-to-clipboard buttonFlorian Zschocke2022-12-035-12/+256
| | | | | | | | | | | | | | This is not the ideal version, since the height is too low for the tooltip used for the drop-down menus. Probably has something to do with the container or something. But at least something is there now, even if not the most beautiful.
* | Replace SWF clippy with clipboardjs on repository pageFlorian Zschocke2022-11-204-25/+35
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Shockwave Flash is dead. But Gitblit still uses it to copy the repository URLs to the clip board. Which doesn't work anymore since no browser uses Flash anymore, so this has degraded disgracefully. Instead, we can use JavaScript to copy directly to the clipboard, now that there are APIs for it. So replace the use of clippy.swf on the repository page with clipboard.js[1]. This right now only has the functionality to copy to clipboard but now visual feedback, yet. This addresses GH issue #1241. [1] https://clipboardjs.com
* | Fix issue with not serialisable ed25519 SSH keysFlorian Zschocke2022-11-162-1/+32
| | | | | | | | | | | | | | | | | | Adding Ed25519 keys brings the problem that with the library currently used, the PublicKey instance of that key is not serialisable. This results in an exception when wicket tries to cache the UsersPage. So change the SshKeysPanel so that the PublicKey object is removed from the `SshKey` when the panel is detached. It can be regenerated from the raw key data.
* | deps: Update Jetty to version 9.4.49.v20220914Florian Zschocke2022-11-131-10/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This updates Jetty to the latest 9.x version as of writing. The 9.x is still running on Java 8. The update needs two code changes. `SessionManager` was replaced with `SessionHandler`. This was documented in the Jetty documentation. Adding the `GitblitContext` to the `WebAppContext` will result in two instances getting created, because the code was changed that prevents instantiation the same listener class multiple times. (The second time is when the web.xml is read.) Instead, it must be added to the servlet handler of the `WebAppContext`. This results in properly adhering to the changed internal startup flow. Updating Jetty also resolves #1409.
* | fix: Fix jetty crashing when redirecting HTTP to HTTPSFlorian Zschocke2022-11-111-1/+1
| | | | | | | | | | | | | | | | | | Jetty 9.3 changed the `setHandler` on the ServletContextHandler to no longer automatically detect SecurityHandler, SessionHandler, etc. It simply passes on the setHandler request to the ContextHandler class (with a warning logged). So make sure to explicitly use the method `setSecurityHandler` to set the ContraintSecurityHandler responsible for the http -> https redirection.
* | bugtraq: Catch exceptions from bugtraq and show messageFlorian Zschocke2022-11-111-3/+3
| | | | | | | | | | | | | | Catch all exceptions, and not just IOExceptions, from bugtraq formatter. If an exception is caught, ignore the bugtraq handling of the commit message and show the plain message. Way better then not showing anything just because something broke in bugtraq.
* | bugtraq: Fallback to UTF-8 if commit encoding is unsupportedFlorian Zschocke2022-11-111-1/+15
| | | | | | | | | | | | | | Reading the encoding of a commit can result in a Unsupported- or IllegalCharsetException. This happens when for whatever reason the commit has an encoding recorded that the system doesn't understand. Instead of completely failing, fallback to UTF-8.
* | Remove workaround for JGit crashing on 'utf-9' etcFlorian Zschocke2022-11-112-159/+0
| | | | | | | | | | | | | | Updating JGit fixed the issue that a commit in a repo with an unknown character set throws an exception. This would crash the RepositoryManager. The extra handling, which patches JGit classes during runtime is completely removed.
* | Add wrapper class to return a default encodingJan Vanhercke2022-11-092-2/+145
| | | | | | | | | | Unknown encodings may cause gitblit to fail to start. This modification injects a wrapper class in the JGit internal to fake a valid return value.
* | Update Bugtraq to v0.4Florian Zschocke2022-11-074-12/+116
| | | | | | | | Sync with upstream @ https://github.com/mstrap/bugtraq
* | Replace key feedback with label instead of FeedbackMessageFlorian Zschocke2022-11-013-6/+18
| | | | | | | | | | | | Since it is a pest to get rid of a Wicket FeedbackMessage in an AJAX target, change the code to use an extra label that can provide feedback if the key could not be parsed or was empty.
* | Add feedback to SSH Key Form. #1226Martin Spielmann2022-11-014-1/+9
| | | | | | | | | | if key is empty of can not be parsed, form did provide any feedback to user before
* | authority: Fix null pointer crash for deleted usersFlorian Zschocke2022-11-011-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | When a user had a certificate, i.e. an entry in the Gitblit Authority database, but the user was deleted from the Gitblit database, then the Authority application crashes upon loading. This patch prevents the crash. The deleted user is no longer shown in the Authority. But the database entry still is kept. This should be improved to show deleted users and give the possibility to delete them from the Authority's database. This fixes #1359
* | fix: Fix null pointer exception in FileSettingsFlorian Zschocke2022-10-311-0/+3
| | | | | | | | | | Fix a null pointer access in the `toString` method for a freshly created `FileSettings`.
* | Skip SSH host key files that do not existFlorian Zschocke2022-10-251-0/+6
| | | | | | | | | | | | | | | | | | | | Since we now do not generate a DSA host key file anymore, but keep it in the list of potential keys so that existing keys still work, it can happen that the files for DSA (and Ed25519) are getting loaded but they do not exist. This results in an error in the log. So instead check if the file exists and only try to load files that exist. This prevents from errors (which are none) being spammed in the log.
* | Add SSH host keys with ECDSA and Ed25519Florian Zschocke2022-10-252-14/+115
| | | | | | | | | | | | | | | | | | Create new host keys, one with ECDSA and one with Ed25519 algorithms. For the Ed25519 currently the EdDSA library from i2p is used. This requires some quirks, compared to a modern BouncyCastle. But the SSHD library used cannot use BouncyCastle yet for Ed25519. No DSA key is generated anymore, but we still support existing ones.
* | format: Cleanup formatting and whitespacesFlorian Zschocke2022-10-251-23/+41
| |
* | Update BouncyCastle to version 1.69Florian Zschocke2022-10-253-40/+18
| | | | | | | | | | | | | | | | | | | | | | The version 1.69 is chosen instead of 1.70, because the moxie build would not download the jars, trying to download `...1.7.jar` instead. Three class deprecations are fixed. `PEMWriter` and `X509Extension` are replaced with their drop-in replacements `JcaPEMWriter` and `Extension`. The `PasswordFinder` deprecation note says that "it is no longer used". It also was never used in Gitblit's code, so it is removed from the key par provider class.
* | Merge pull request #1428 from urkle/fix-ptFlorian Zschocke2022-10-221-7/+7
|\ \ | | | | | | Correct is/is not usage in pt.py to not be used with the value is a literal
| * | Correct is/is not usage in pt.py to not be used with the value is a literalEdward Rudd2022-10-101-7/+7
| |/ | | | | | | - new python 3 versions warn/errors about this usage
* | Update dependency MINA SSHD to version 1.7.0Florian Zschocke2022-10-091-3/+6
| |
* | upgrade to sshd 1.6.0, add eddsa dependency, upgrade jgit to 4.1.2ricardop2022-10-084-20/+29
|/ | | | | | | | | (cherry picked from commit d8fbdda2ab3fa48e92bdf37399d4b75c48409c5c@rpardini:master) # Conflicts: # .classpath # build.moxie # src/test/java/com/gitblit/tests/SshUnitTest.java
* Use existing setting but with new valuesFlorian Zschocke2022-08-143-11/+43
| | | | | | | | | | | Instead of adding another setting and having to explain how the new one and the existing `requireClientCertificates` setting are interdependent, let's use the existing setting and add new values. It is changed from a boolean to a string, with the values `required`, `optional` and `disabled`. To keep backward compatibility with the old values, the `true` value is mapped to `required` and the `false` value is mapped to `optional`.
* Merge branch 'disable-client-certs' of github.com:oddeirik/gitblit into ↵Florian Zschocke2022-08-142-3/+15
|\ | | | | | | oddeirik-disable-client-certs
| * Add setting to explicitly enable or disable optional client certificates.Odd Eirik Nes2016-10-172-3/+15
| |
* | Rewrite fix without the additional ListFlorian Zschocke2022-08-071-17/+10
| | | | | | | | | | | | This also removes the additional Set. What changes is that the order of the repositories is kept, but the resulting list will have user and team permissions intertwined.
* | fix user effective permission display if users is in multiple groups with ↵kaspars.kurms2022-08-071-0/+13
| | | | | | | | different permissions
* | Fix: if statement without curly bracesQuentin2022-08-021-1/+2
| |
* | Changed tab to space conversionQuentin2022-08-021-1/+8
| | | | | | | | | | Tabs are not always 4 spaces large. It completes the line to the 4th character.
* | pages: Fix link for GitExtension, which moved to GithubFlorian Zschocke2022-04-0913-13/+13
| |
* | fix: Fix StoredUserConfig not escaping control charactersFlorian Zschocke2022-03-131-3/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The `StoredUserConfig` only escaped the escape character, i.e. backslash. But it does not escape control characters like tab or newline. This introduces a vulnerability where an attacker can create new entries in their user account and create new accounts. In addition, other characters are also not properly handled. Field values with a comment character need to be quoted. This only happens for the `#` character and only when the value starts with it. Also the quote is note escaped in values. This change completely rewrites the `escape` method of `StoredUserConfig`. It takes care of properly escaping characters that need escaping for the git configuration file format. This fixes #1410
* | fix: Fix StoredUserConfig handling null subsectionsFlorian Zschocke2022-03-131-2/+7
| | | | | | | | | | | | | | | | | | | | Te `StoredUserConfig` did not handle sections without a subsection. When the subsection did not exist, i.e. was `null`, then the subsection name would be set to the string "null". This is not how the config file format works. It should create a `[SECTIONNAME]` entry instead. This fix handles a `null` subsection correctly, by handling it as a section without a subsection.