| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| | |
Extract the creation of the in-memory servers and the interceptor
code to a base class that LDAP related unit tests can extend to
have the servers available.
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Introduce our own wrapper `SecureRandom` around `java.security.SecureRandom`.
This a) makes sure that the PRNG is seeded on creation and not when
random bytes are retrieved, and
b) uses a static instance in the `UserModel` so that lags do not occur
during operation due to potentially seeding getting blocked on Unix
when reading from the system's entropy pool. To keep the random data
still secure, the static instance will reseed all 24 hours, also a
functionality of the wrapper class.
This fixes #1063 and extends and closes PR #1116
|
| |\ \ \
| |_|/
|/| | |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The regular expression used for user mentions used to work
only inside sentences. Also, since it tested for whitespace, the
whitespace would get replaced, too, which would join lines together.
Instead the new regex uses boundary matchers to match against
word boundaires. As these are not capturing only the actual user
mention can be captured and is then replaced. Also, this way the
regex can ignore punctuation like in "@jim, look at this."
Since Gibtlit now requires Java 7 we can use named capture groups.
This makes the use of a centrally defined regular expression much
safer. The (admittedly only) group to capture the user name is named
"user" and can be referenced by this name. By using the name instead
of a group number, the regex could be changed without the code using
it breaking because the group number changed.
A simple test is added for user mentions, which unfortunately
has to deal with the full markdown replacement, too.
Fixes #985
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The canAdmin permission is set on a LDAP user, when the user is listed
in `realm.ldap.admins` or is a member of a team listed in `realm.ldap.admins`.
This leads to inconsistent and surprising behaviour on the EditUser page
when clicking the "can admin" checkbox. Also, the "can admin" checkbox
is disabled, but not checked, for teams that are listed as admin teams.
The new behaviour implemented in this patch makes users and teams from
LDAP match local ones. That means:
* LDAP teams that are listed in `realm.ldap.admins` get the canAdmin
property set if teams are maintained in LDAP.
* LDAP users that are listed in `realm.ldap.admins` get the canAdmin
property set if teams are maintained in LDAP.
* LDAP users do not get the canAdmin property set, if they are only a
member of a team listed in `realm.ldap.admins`.
* The `supportsRoleChanges` method for users and teams of the
`LdapAuthProvider` unconditially returns false if teams are
maintained in LDAP, not only for users and teams listed in
`realm.ldap.admins`.
* Therefore, for all LDAP users and teams the "can admin" checkbox
is always disabled if teams are maintained in LDAP.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Add access restrictions to the LDAP test server instances.
New modes used a test parameters are ANONYMOUS, DS_MANAGER and USR_MANAGER.
ANONYMOUS can bind anonymously and access users and groups.
In DS_MANAGER the server requires authentication and will only allow
the DIRECTORY_MANAGER user to search for users and groups.
In USR_MANAGER only the user can search groups, the USER_MANAGER, which
is used to bind in this mode, can not.
A third server instance is created because I did fear side effects should
the tests be run in parallel, had I tried to configure the access
restriction in Before.
|
| |/
|
|
|
|
|
| |
Instantiate two LDAP servers, one that allows anonymous access, and
one that requires authentication for all operations.
The JUnit test is parameterized to run all tests with both instances.
It uses different settings for each mode.
|
| |
|
|
| |
+ Multiple commits in a single push
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+ Supports referencing:
+ Tickets from other tickets via comments
+ Tickets from commits on any branch
+ Common TicketLink class used for both commits and tickets
+ TicketLink is temporary and persisted to ticket as a Reference
+ Support deletion of ticket references
+ Rebasing patchsets/branches will generate new references
+ Deleting old patchsets/branches will remove the relevant references
+ Substantial testing of use cases
+ With and without patchsets, deleting, amending
+ BranchTicketService used during testing to allow end-to-end ref testing
+ Relocated common git helper functions to JGitUtils
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
+ GitLFS client support
+ FilestoreModel now parses meta file
+ Read meta heading from cache if available
+ Authentication based on accept headers for browser view filestore login
+ PathModel & PathChangeModel now understands filestore items
+ Zip & Rar downloads contain include filestore items
+ Filestore servlet returns LFS JSON error only if accepted by client
+ DiffStat now knows repository to allow identification of filestore items
+ Filestore items identified and returned via view, raw & blob links on
blame, commitDiff, commit and Tree pages
|
| |
|
|
|
| |
+ Adds standard logging for all authentication providers
+ Updates help page to use default GitBlit SSH port
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
+ Metadata maintained in append-only JSON file providing complete audit
history.
+ Filestore menu item
+ Lists filestore items
+ Current size and availability
+ Link to GitBlit Filestore help page (top right)
+ Hooks into existing repository permissions
+ Uses default repository path for out-of-box operation with Git-LFS
client
+ accessRestrictionFilter now has access to http method and auth header
+ Testing for servlet and manager
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | |
| |
| |
| | |
Adding the possibility to define authentication method order for ssh
|
| |/
|
|
| |
if the webapp container can fill it.
|
| | |
|
| |
|
|
| |
whitespace
|
| |
|
|
| |
Empty folders are automatically skipped when browsing repository tree (similar to github "folder jumping" feature).
|
| |
|
|
|
|
|
|
|
| |
+ Severity indicated via new character indicator and color of ticket icon on ticket list
+ Priority indicated via new priority icon and color on ticket list
+ Indexed as integers to provide sorting and maintain language neutral
index
+ Colours and indicator text controlled through CSS classes priority-<x> & severity-<x>
+ UITicketTest created to generate tickets of all types to ease debugging
|
| |\ |
|
| | | |
|
| | | |
|
| | | |
|
| |\| |
|
| | | |
|
| |\| |
|
| | | |
|
| | | |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is a fairly functional variation of Gitblit with one notable
exception:
The security filters are not working properly.
This is a design flaw in Guice that I have reported upstream [1]. The
general idea is that Guice-Servlet filters are not properly wrapping the
ServletRequest. This has historically been a problem for Guice-Servlet
servlets but Google has fixed most of those issues. Unfortunately, all
the same flaws reported against the servlet delegation also exist in
Guice-Servlet filter delegation. :(
[1]: https://code.google.com/p/google-guice/issues/detail?id=807
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| |/ |
|
