| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check if tickets need to be reindexed when the server starts. This is the
case if no ticket index exists. In that case the ticket index is built.
This is done during the start of the `ITicketService`.
For this the interface of `ITicketService` needed to change. The `start`
method was defined abstract and the specific ticket services had to
implement it. None does any real starting stuff in it.
The `start` method is now final. It calls a new abstract method `onStart`
which the specific ticket services need to implement. In the existing
implementations I just changed `start` to `onStart`.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Change from the index version of a repository index being stored in a config
file to also using index directories with the version in the name. For that,
`LuceneRepoIndexStore` is added, which adds the fixed `lucene` part to the path.
It also gives out the location of the `lucene.conf` file, which is now stored in
the index directory. This way it is automatically deleted when the directory is
deleted.
I believe that it should also provide means to store branch aliases and tips,
i.e. hide the config file completely. But this isn't implemented with this
commit, the `LuceneService` is still aware that a config file is used.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to be able to update the index definition, the ticket index
is assigned a version number, 2. This way the definiton can be updated
and compatability with existing index files can be checked.
The actual index is stored in a directory of name `indexVersion_codecVersion`.
This wayit is veriy easy to check if an index of a certain version exists on the
filesystem. It allows to have multiple indexes of different versions present,
so that a downgrade of the software is possible without having to reindex
again. Of coure, this is only possible if no new tickets were created since these
would be missing in the old index.
A new class `LuceneIndexStore` is introduced, which abstracts away the versioned
index directory. The idea is, that this provides one place to keep the Lucene
codec version and to allow to code compatibility rules into this class, so that
older indices can still be used if they are compatible.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
In order to support sorting, Lucene 5 needs DocValue fields in an index.
So in order to make the ticket index work, i.e. show any tickets on the
tickets page, the ticket index needs to be changed, adding a DocValues
field.
The DocValuesFields are implemented for the current index, which does not
use multiple values for a field. Should at any time in the future an
existing numeric field get multiple values stored in a document, then
the index needs to know that and use SortedNumeric DocValues and SortFields
instead.
|
| |
|
|
|
| |
Also replace deprecated `search` method with the one without a filter
argument, since the filter isn't used anyhow.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update the link target to the query parser syntax page of the 5.5 version.
Refactor the `LuceneSearchPage` to use an `ExternalLink` for the link
to the lucene page, so that the link target is kept and updated in the
Java code. Move the link out of the language files. This was way too
cumbersome to update the link target (which is probably why no one ever
did).
The query help text is changed to contain a variable:
`gb.queryHelp = here be some ${querySyntax} help`, which is replaced by
Wicket with a link.
The link text is a new lange file property: `gb.querySyntax`.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
With localizations, there can be longer text then 13em so there is a line break.
This fix prevent this line breaking and thus every line has normal height again.
|
| |
|
|
|
| |
X-Forwarded-Host can contain port number and it is added twice in that situation
This fix just prevent adding port number if it is already there
|
| | |
|
| |\
| |
| | |
List branches from only one repository if a repository name is given
|
| | |
| |
| |
| |
| |
| | |
e.g.: https://localhost:8443/rpc/?req=LIST_REPOSITORY_BRANCHES&name=repo.git
Fix #1184
|
| | | |
|
| | | |
|
| |/ |
|
| |
|
|
| |
as well
|
| |\
| |
| | |
Set list of offered SSH authentication methods.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make the SSH authentication methods used by the server configurable,
so that for example password authentication can be turned off.
For this, a `git.sshAuthenticationMethods` setting is added which is a space
separated list of authentication method names. Only the methods listed will
be enabled in the server.
This is modeled after the option of the same name from sshd_config, but it
does not offer listing multiple required methods. It leaves the door open,
though, for a later extension to support such a multi-factor authentication.
Since this also includes Kerberos authentication with GSS API, this obsoletes
the `git.sshWithKrb5` property. The latter is removed. Instead, to enable
Kerberos5 authentication, add the method name `gssapi-with-mic` to the
authentication methods list.
|
| | |
| |
| | |
Update to web app 3.0 xsd
|
| | |
| |
| |
| |
| | |
Update to web.xml, fix to #1132
Fixes to namespace to fix xml parse error, where strict validation required
|
| |\ \
| | |
| | | |
Update UserManager to support construction of IUserServices with IRuntimeManager as a constructor parameter
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | | |
IRuntimeManager as a parameter
|
| |/ / |
|
| | | |
|
| |\ \
| | |
| | | |
LDAP SSH key manager
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some public key mangers may be read-only, i.e. not allow to add or
delete keys, or to change the key comment or assigned permissions.
In such a case the respective commands should not be available on the
SSH shell and the SSH Keys panel should also not offer the possibility.
The `IPublicKeyManager` gets three new methods, modelled after the
`AuthenticationManager`:
`supportsWritingKeys`, `supportsCommentChanges` and
`supportsPermissionChanges`. They return true if a key manager allows for
keys to be written or updated.
For example the existing `FileKeyManager` will return true for all three
since it allows to store and update keys in a file.
The new `LdapKeyManager` returns false since it only accesses LDAP and
can not add or update any keys in the directory.
A future key manager might get keys from an LDAP directory but still
keep comments and permissions for it in a local copy.
If writing of keys is not supported:
* the welcome shell does not suggest adding a key,
* the `SshKeysDispatcher` does not offer the "add", "remove", "comment" and
"permission" commands, and
* the SSH keys panel hides the "delete" button in the key list, and the
"Add Key" form.
The hiding of the "Add key" form is not perfect since the surrounding
div is still shown, but I don't know how to hide it and it didn't look
too bad, either.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
The `SshKeysDispatcher` tests that use the keys list command are failing
on Windows because they assume a Unix line ending after each key. But
the command will use a system line ending. So this fix uses system line
endings in the reference string for the assert, too.
In addition, two `assertTrue(false)´ are replaced with a proper `fail`.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | | |
Instead of using fixed ports for the listeners of the in-memory
LDAP server, let the listeners select ports and then save them in
the authentication mode instance. This way we prevent port collisions,
which especially showed up under Windows.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add new class `LdapPublicKeyManager` which retrieves public SSH keys
from LDAP.
The attribute can be configured with the new configuration option
`realm.ldap.sshPublicKey`. The setting can be a simple attribute name,
like `sshPublicKey`, or an attribute name and a prefix for the value,
like `altSecurityIdentities:SshKey`, in which case attributes are selected
that have the name `altSecurityIdentities` and whose values start with
`SshKey:`.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Extract the inner class `LdapConnection` from the `LdapAuthProvider`
into a separate class, so that it can be used from multiple classes
that have to connect to an LDAP directory.
The new class is placed into the new package `com.gitblit.ldap`, since
it isn't specific to authentication.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Extract the creation of the in-memory servers and the interceptor
code to a base class that LDAP related unit tests can extend to
have the servers available.
|
| | | |
| | |
| | |
| | |
| | | |
Fixes the build that was broken by cherry-picking commit 2be2c2,
which resulted in an import collision on the `SecureRandom` class.
|
| |\ \ \
| | | |
| | | | |
Secure cookies
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
So far for session cookies the secure property was only set when no
HTTP port was opened. This changes to also set it when HTTP is redirected
to the HTTPS port.
|
| | | |/
| |/|
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Mark the user authentication cookie to be only used for HTTP, making
it inaccessible for JavaScript engines.
If only HTTPS is used and no HTTP (i.e. also if HTTP is redirected to
HTTPS) then mark the user cookie to be sent only over secure connections.
|
| |\ \ \ |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Introduce our own wrapper `SecureRandom` around `java.security.SecureRandom`.
This a) makes sure that the PRNG is seeded on creation and not when
random bytes are retrieved, and
b) uses a static instance in the `UserModel` so that lags do not occur
during operation due to potentially seeding getting blocked on Unix
when reading from the system's entropy pool. To keep the random data
still secure, the static instance will reseed all 24 hours, also a
functionality of the wrapper class.
This fixes #1063 and extends and closes PR #1116
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | | |
generate user cookies
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
The regular expression used for user mentions used to work
only inside sentences. Also, since it tested for whitespace, the
whitespace would get replaced, too, which would join lines together.
Instead the new regex uses boundary matchers to match against
word boundaires. As these are not capturing only the actual user
mention can be captured and is then replaced. Also, this way the
regex can ignore punctuation like in "@jim, look at this."
Since Gibtlit now requires Java 7 we can use named capture groups.
This makes the use of a centrally defined regular expression much
safer. The (admittedly only) group to capture the user name is named
"user" and can be referenced by this name. By using the name instead
of a group number, the regex could be changed without the code using
it breaking because the group number changed.
A simple test is added for user mentions, which unfortunately
has to deal with the full markdown replacement, too.
Fixes #985
|
| | | | | | |
|
| | | |/ /
| |/| | |
|
| |\ \ \ \
| | |_|/
| |/| | |
Set "can admin" permission on LDAP users and teams correctly
|
