summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* 📖docs: Add update of service scripts in upgrade GO documentationFlorian Zschocke2020-04-051-0/+22
| | | | Also: release notes.
* 🏃 run: Fix Linux service scripts to use classpath and classFlorian Zschocke2020-04-053-9/+9
| | | | | | | Update the service scripts to use `-cp` and specify the GitBlitServer class, instead of the `-jar` parameter. Fixes #1333
* 🏃run: Use quotes around class path in scriptsFlorian Zschocke2020-04-055-5/+5
| | | | | | | | | While most systems will not need the class path passed to the JVM with the `-cp` parameter to be in quotes, apparently some exist where that will not work without the quotes, e.g. FreeBSD. So always use quotes for the class path in all scripts. Issue #1333
* Change tests in shell scripts to be more compatible with Bourne shellFlorian Zschocke2020-04-052-2/+2
| | | | | This is needed for the scripts to work in Alpine Linux, which comes with a Bourne shell.
* Delete password from memory in AuthenticationManagerFlorian Zschocke2020-04-054-31/+125
| | | | | | Zero out the password to remove it from memory after use. This is only a first step, implementing it for one method: `AuthenticationManager.authenticate(String, char[], String)`.
* 🦟 fix: Password hash upgrade kills existing passwordsFlorian Zschocke2020-04-052-21/+38
| | | | | | | | | | The upgrade of a MD5 stored password hash to a PBKDF password hash destroys the stored password. The has check zeroes out the password that is tested, so that the new hash is built over the zeroed out value. This fix prevents that an also adds a check to the test. Fixes #1335
* docu: Fix typoFlorian Zschocke2020-04-041-1/+1
|
* Add Twitter link to site overview and built-in docs.Florian Zschocke2020-01-271-0/+1
|
* Site: Remove link to Bintray update notificationsFlorian Zschocke2020-01-271-2/+1
|
* Add deployment of a release to GitHubFlorian Zschocke2020-01-271-0/+66
| | | | | | | | | | | | Add Ant tasks and macros to deploy binaries to GitHub, using GitHub's releases. Adds an Awk script to extract GH flavoured markdown release notes from the release.moxie file. Adds `ok.sh` to the repository so that it is readily available. This is a Bourne shell GitHub API client, used to create a release on GitHub and upload the binaries.
* Correct issue in FAQ page to link to GitHub issue.Florian Zschocke2019-11-181-1/+1
|
* Update test file with MD hashed passwordFlorian Zschocke2019-11-111-1/+2
| | | | | | | | | With the feature of passwords getting automatically upgraded to a hashed version, the default `admin` password in the test-users file will get stored as MD5 hashed during test execution. Commit this change, so that the file isn't always showing up as changed.
* Fix user preferences selecting the wrong preferred locale.Florian Zschocke2019-11-112-46/+28
| | | | | | | | | | | Due to a wrong comparison, when loading the preferred locale in the user preferences page, in cases like `zh_CN` or `de_DE` the wrong locale would be chosen. As with too many things, the code is duplicated on the `UserPage` and the `EditUserPage`. And they differ. So extract the choosing of the preferred language for display into a method in the (more up-to-date) `UserPage` and call that from the `EditUserPage`.
* Guard docs pages against bad URLsFlorian Zschocke2019-11-112-0/+9
| | | | | | | | If, for example, an external site links to a docs page or a specific doc page, and the branch that link points to is no longer existing, an internal error happens due to a NPE. The NPE is guarded against and a No Docs page is returned.
* Add `clone.bundle` as known command, but reject it as not implemented.Florian Zschocke2019-11-113-3/+32
|
* Fix NPE when no action can be parsed from the URLFlorian Zschocke2019-11-113-30/+99
| | | | | | | | | | | | Renames `static final` variables according to convention to be in all upper case. That makes it easier to see that in an `equals` comparison the final variable should come first as it will not trigger a NPE. Also strip parameters from the URL when extracting the repository name from it. Parameters can not be part of a repository name, and this way an empty repository name can be detected. Fixes #1092
* :book: Fix link to LDAP sample data LDIF file in setup.Florian Zschocke2019-11-101-1/+1
|
* In SSH tests ignore an external SSH toolFlorian Zschocke2019-11-101-0/+55
| | | | | | | | | | | | | | The SshDaemonTest would fail under Windows. That is because JGit looks at the `GIT_SSH` environment variable. If it is set, the tool the variable is pointing to is used for the SSH connection. This is a problem when it is set to "Plink" under Windows, because Plink will not recognize the server key and will not find it in the registry, cached as a known host. Since a test can/should not add the key to the registry but simply wants to ignore it, but there is no way to tell Plink to do so, the tests would fail. This patch filters the `GIT_SSH` environment variable from JGit's `SystemReader`, so that the internal SSH client is used.
* Update SSHD dependency to version 1.2.0.Florian Zschocke2019-11-104-4/+18
|
* Update SSHD dependency to version 1.1.0.Florian Zschocke2019-11-105-13/+20
|
* Ignore the `RedisTicketService` tests until they are fixed.Florian Zschocke2019-11-101-0/+3
| | | | | Currently the tests cannot run as no Redis is available. Needs to be fixed at some time.
* Remove Launcher from Manager and Federation Client.Florian Zschocke2019-11-082-168/+3
| | | | | They will need to be called with the classpath and main class now, instead of simply using the Jar.
* Fix NullpointerException when stopping GitBlit Server.Florian Zschocke2019-11-071-5/+7
| | | | | | | | When GitBlit server did not start properly, is running but couldn't start the `PluginManager`, then stopping the server via the `--stop` argument on the command line resulted in a NullpointerException. Which left the server running. Now this is prevented and the server will actually shut down.
* For Java 9+ define the classpath instead of using a Launcher.Florian Zschocke2019-11-0713-334/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The (moxie and other) Launcher do not work with Java 9 and later anymore. It used to dynamically extend the classpath, misusing an internal interface of the `URLClassLoader`. This is no longer possible since Java 9, which closed that path and does not offer any way to dynamically extend the classpath during runtime. So the choice is between providing one large Jar with everything in it, providing a Jar that has the Jars in `ext` listed explicitly in its manifest, and specifying the classpath on the command line where the `ext` directory can be added and all contained jar files will be put on the classpath. The motivation for the Launcher class was to be able to simply drop new jar files into a directory and they will be picked up at the application start, without having to specify a classpath. We opt for solution three here. This way jar files can still be dropped into the ext directory, albeit the directory needs to be added to the classpath on the command line. Unfortunately using a wildcard is not possible in the manifest file. We change the calls in the script files accordingly. This seems like a good compromise, since no one will run the application manually typing the whole commandline anyway. This also does away with the splash screen, by the way. Again, doesn't seem like a big loss, as I don't think it was ever shown for the Authority. Personally, I am not convinced that it is the best way, because I don't really think that the use case of dropping whatever jar files into the `ext` directory is a valid one that happened a lot. This does not yet fix the client programs, which still use a Launcher. Maybe for them a all-in-one Jar is a better solution. Fixes #1262 Fixes #1294
* Report Java versions used during build and server start.Florian Zschocke2019-11-071-0/+4
| | | | | | | | | | | | | | With three versions about to be supported right now it is getting more important to know which Java version is used when building and testing Gitblit, and which Java version is used to run Gitblit. So have the Moxie build report the javac version, and the JVM version that Moxie is running on. These might be different. The `GitBlitServer` will print the Java version and vendor, so that it gets visible if a user would paste a log output for analysis.
* Merge branch 'pingunaut-1166_more_secure_password_hashes' into master.Florian Zschocke2019-11-0611-57/+1340
|\
| * Add more PasswordHash tests with strings beyond iso-8859-1.Florian Zschocke2019-11-061-1/+31
| |
| * Use the new PasswordHash classes.Florian Zschocke2019-11-0512-374/+185
| | | | | | | | | | | | Integrate the `PasswordHash` class and subclass in the user and password editing and authentication. Replaces the old code and the previous `SecurePasswordHashingUtils` class.
| * Add support for PBKDF2 to PasswordHashFlorian Zschocke2019-11-053-15/+507
| | | | | | | | | | | | | | | | Integrate the work of pingunaut to add support for PBKDF2 password hashing. A new class `PasswordHashPbkdf2` is added, which builds on his `SecurePasswordHashUtils` class, but makes it a subclass of `PasswordHash`. This will replace the original class when integrating the new PasswordHash way into GitBlit.
| * Add a PasswordHash class as a central place to deal with password hashes.Florian Zschocke2019-11-052-0/+640
| | | | | | | | | | | | | | | | | | | | | | | | Instead of having to deal with the implementation details of hashing and verifying passwords in multiple places, have a central unit be responsible for it. Otherwise we need to edit three different places when adding a new hashing scheme. With this class adding a new hashing scheme just requires creating a new subclass of `PasswordHash` and registering its type in the enum `PasswordHash.Type`. The rest of the code will use a common interface for all hashing schemes and doesn't need to be changed when a new one is added.
| * fix commentMartin Spielmann2017-01-071-1/+1
| |
| * Replaced duplicated strings by using constantMartin Spielmann2017-01-072-4/+4
| |
| * Update AuthenticationManager to update weakly stored passwords on loginMartin Spielmann2017-01-073-10/+61
| |
| * Added possibility to use secure hashes to store passwordsMartin Spielmann2017-01-017-7/+266
| | | | | | | | Addresses #1166
* | encoded email's sender name with utf-8.william2019-06-161-1/+1
| |
* | Set default to `expanded` for collapsible repo groups.Florian Zschocke2019-06-151-14/+15
| | | | | | | | | | | | | | | | | | | | Move the new property `web.collapsibleRepositoryGroups` into the `web` section, close to the list type property. Set the default to be `expanded`, so that the new feature is visible but the list is still the full list like before. Add new value `tree` to the description of the property `web.repositoryListType`.
* | Remove "folding outlines" and sort repositories before subfolders.Florian Zschocke2019-06-153-19/+22
| | | | | | | | | | | | | | | | Remove guard rails at the left to get a cleaner look. To make it easier to determine which repositories belong to which folder, display the repositories first, then the subfolder. Decreased indentation a little.
* | Add support nested groups on the Repositories pageFlorian Zschocke2019-06-157-13/+642
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fix for #725. Also covers #527. This is a squashed commit of the following commits, merging and closing pull request #1267: commit 55fee41769ffab1aff59344fe117d481687aa743 Author: Martin Spielmann <mail@martinspielmann.de> Date: Mon Nov 6 17:19:53 2017 +0100 declared local variable final to fix travis build commit 131e4d14a48c2a3fdce621fa54637de50684d040 Author: Martin Spielmann <mail@martinspielmann.de> Date: Mon Nov 6 14:11:55 2017 +0100 fix formatting (use tab for identation) commit 8da5f6d5967894f157251c320928acdab3a451e7 Author: Martin Spielmann <mail@martinspielmann.de> Date: Mon Nov 6 13:45:39 2017 +0100 Add repositoryListType tree. Addresses #725, 527 and includes #1224 commit 6c061651fb95212ae242dbca06c8d9ef80146201 Merge: f365daa3 40ee9653 Author: Martin Spielmann <mail@martinspielmann.de> Date: Sat Nov 4 13:19:08 2017 +0100 Merge remote-tracking branch 'collapsible/ticket/527' into 725_nested_repos commit f365daa3b1d6be135365f9b11bdece320beabf4e Author: Martin Spielmann <mail@martinspielmann.de> Date: Sat Nov 4 13:10:24 2017 +0100 first working version of tree model
* | collapsible group repositoriesybosy2019-06-155-3/+106
| |
* | Escape folder names in JGitUtils to allow special characters. Fixes #999Martin Spielmann2019-06-101-3/+3
| |
* | Fix revLog test that broke due to changes in the hello-world repository.Florian Zschocke2019-06-102-3/+5
| |
* | Create unit tests for special characters in path namesFlorian Zschocke2019-06-103-3/+19
| | | | | | | | | | | | | | Create a regression test for issue #999. Add directories with '[]' ans '()' in the name to the hello-world repository, so that they can be used in unit tests for repository paths with special characters.
* | Null-safe compare for ticket milestones without due dateFritz Schrogl2019-06-101-2/+14
| |
* | Do not resolve symbolic links to repositories.Florian Zschocke2019-06-102-7/+133
| | | | | | | | | | | | | | | | | | | | | | | | | | | | When symbolic links under the base repository folder point to repositories outside the base repository folder, the forming of relative repository names failed and resulted in NullPointerExceptions. Create the relative path by not following symbolic links, i.e. the link name is taken as is and not resolved to the external path. This also changes the whole `exactPath` method to work on Paths, instead of Files. Fixes #891 and fixes #837.
* | Zips of recreated hello-world.git and all external repositories for testing.chirontt2019-06-0712-46/+142
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This hello-world.git repo is created using the native Git for Windows software. Various test classes in the GitBlitSuite test suite require the presence of the hello-world.git repo in github.com/git/ which has been missing, hence causing many test failures in the suite. This recreation of the hello-world.git repo aims to conform to the many test cases' requirements in the suite, and to be checked in as part of the gitblit repo, thus eliminates the requirement of a remote hello-world.git repo during the test run. The repo is now stored is a zip ball in the new src/test/data folder. The hello-world repo's various commit IDs were hard-coded in various test classes. These commit IDs, which must now have new values in the recreated repo, are now extracted out to the src/test/data/hello-world.properties file. The gitblit's build.xml is modified to generate the HelloworldKeys.java file containing the hello-world.properties file's key strings, in similar fashion as the existing generation of the com.gitblit.Keys.java file. And these key strings in HelloworldKeys.java are now used in the various test classes, thus eliminating the hard-coding of the hello-world repo's commit IDs in the test code. During the test run by GitBlitSuite test suite, some repos from GitHub were cloned and became part of the test data. These repos are now zipped to be part of gitblit repo itself, thus eliminating the network fetch at the start of test run which can be slow, especially with the JGit repo cloning which is huge and time consuming. The cloned JGit repo is now zipped and checked in to gitblit, along with the other 4 repos (hello-world, ambition, gitective and ticgit). They will be unzipped during the test suite run and be available in the local file system, thus avoiding the need for some network fetch. Special note on the zipped JGit repo: this repo is big (and growing all the time on GitHub), and takes up about 32MB of disk space after cloning from GitHub. I've made it smaller by resetting HEAD back to a commit of 5 years ago (with git reset --hard <commitId> command), to put it back to roughly where/when the tests were written for it (which is not quite, because there are tons of commit history since which can't be removed.) The local JGit repo is then garbage-collected (with git gc --prune --aggressive) to reduce its size to about 19MB. Zipped it is still 17MB. This is a lot of MBs for a few tests. So the JGit repo is not included in this commit. Fixes #1275
* | Fix for various test failures.chirontt2019-06-079-90/+112
| | | | | | | | | | | | | | | | | | | | | | | | Most of failures were due to temporary test repos, users and/or teams being left behind after the test run, and these left-over stuff in $baseFolder/data/git caused assertion errors in many tests in subsequent test runs. This fix tries to delete those left-over stuff at the end of each test, mainly in their @Afterclass code blocks. PushLogTest.java is deleted as it doesn't work, and has been superseded with better tests in various protocol test suites (GitServletTest, GitDaemonTest, SshDaemonTest, etc.)
* | Rename the setting to httpIdleTimeoutSebastiano Pilla2017-06-032-4/+4
| |
* | Adds theSebastiano Pilla2017-06-012-3/+10
| | | | | | | | | | | | server.httpTimeout setting to allow cloning big repositories over HTTP. This change fixes the java.util.concurrent.TimeoutException issue described in https://groups.google.com/d/topic/gitblit/UvDC48NpmF4/discussion .
* | Merge pull request #1239 from pingunaut/1226_sshkey_form_feedbackJames Moger2017-05-221-1/+1
|\ \ | | | | | | 1226 sshkey form feedback
| * | Remove unused codeMartin Spielmann2017-05-221-4/+0
| | |