fix: Fix jetty crashing when redirecting HTTP to HTTPS
Jetty 9.3 changed the `setHandler` on the ServletContextHandler to no
longer automatically detect SecurityHandler, SessionHandler, etc. It
simply passes on the setHandler request to the ContextHandler class
(with a warning logged). So make sure to explicitly use the method
`setSecurityHandler` to set the ContraintSecurityHandler responsible
for the http -> https redirection.
Merge branch 'jvanhercke-jgit-default-charset' into master
This branch mostly records the commit from PR #1253, so we have it in
the code base. The changes are immediately undone, because the update
to JGit version 4.8.0, as proposed in PR #1252, renders the whole
patching of JGit obsolete.
The update is done now, against reservations in that PR, because we
guess that potential issues have been found and fixed by now. JGit
is updated to the last version on the major version 4 line: 4.11.9.
Also, since upstream JGit is at v6 by now, more updates will have to
happen later on anyways.
To make the protection against illegal character sets complete, an
additional fix for Bugtraq is included, that protects against exceptions
from bugtraq should it encounter an `encoding` that cannot be handled.
deps: Update JGit to 4.11.9.201909030838-r and other dependencies
Update JGit, and also update other dependencies where the 4.11 JGit
version uses newer versions than we do:
commond-codec updated to 1.9
commons-compress updated to 1.15
gson updated to 2.8.2
bugtraq: Catch exceptions from bugtraq and show message
Catch all exceptions, and not just IOExceptions, from bugtraq formatter.
If an exception is caught, ignore the bugtraq handling of the commit
message and show the plain message. Way better then not showing anything
just because something broke in bugtraq.
bugtraq: Fallback to UTF-8 if commit encoding is unsupported
Reading the encoding of a commit can result in a Unsupported- or
IllegalCharsetException. This happens when for whatever reason the
commit has an encoding recorded that the system doesn't understand.
Instead of completely failing, fallback to UTF-8.
Remove workaround for JGit crashing on 'utf-9' etc
Updating JGit fixed the issue that a commit in a repo with an unknown
character set throws an exception. This would crash the RepositoryManager.
The extra handling, which patches JGit classes during runtime is completely
removed.
ci: Delete nightly build artefact after testing the container
Leave the artefact until after the container has been built and tested.
In case the test fails the artefact can be still downloaded to analyse
what might have caused the container build or test to fail.
This brings back in a change that was implemented in a pull request
from 2017, but got lost in the chaos of multiple pull requests from
intermingling branches.
This does not only provide feedback when a SSH key cannot be parsed,
but it also does so in a way that the warning goes away when a correct
key is added. Admittedly, I have no idea how to properly do this with
a Wicket FeedbackMessage, all I could find on Google was highly
complicated.
Not only does this bring back (or really in) the fix for issue #1226,
but it also fixes #984.
Replace key feedback with label instead of FeedbackMessage
Since it is a pest to get rid of a Wicket FeedbackMessage in an AJAX target,
change the code to use an extra label that can provide feedback if the
key could not be parsed or was empty.
The Github 'checkout' action was updated from v1 to v3. But the behaviour
changed between the two which broke this workflow.
The old action would clone other repositories not into the workspace
but parallel to the workspace. The new version does every clone/checkout
relative to the workspace. That means that where previously the
gitblit-docker repository would be cloned in parallel to the workspace
which is gitblit/gitblit, it is now cloned into the gitblit/gitblit
directory path.
So remove all the references to `../gitblit-docker`. The files are in
the current directory now.
authority: Fix null pointer crash for deleted users
When a user had a certificate, i.e. an entry in the Gitblit Authority
database, but the user was deleted from the Gitblit database, then the
Authority application crashes upon loading. This patch prevents the
crash. The deleted user is no longer shown in the Authority. But the
database entry still is kept. This should be improved to show deleted
users and give the possibility to delete them from the Authority's
database.
This fixes #1359
Update Guice to 5.1.0. This version is compatible with Java 17.
The gitblit patch of the servlet extension was ported to Guice 5.1.0,
too.
The update of Guice requires an update of the Guava version, too.
Thus Guava is updated to 27.0.1-jar.
ci: Update action versions in nightly build workflow
Versions are updated for various actions that have a new version which
uses NodeJS 16.
One action has no updated version available yet:
`e1himself/goss-installation-action`
But an issue exists mentioning that it needs an update.
The workflow runs started issuing warnings because NodeJS 12 was
deprecated. Actions need to get updated to newer versions that use
NodeJS 16. This commit updates the `actions/checkout` and the
`actions/setup-java` actions to the latest version in the workflow that
builds on every push.
The new setup-java action requires the distribution to be specified,
since multiple JDK distributions are supported now. We chose Eclipse's
Temurin here which is the successor to AdoptOpenJDK, which we use for
development.
Since we now do not generate a DSA host key file anymore, but keep it in
the list of potential keys so that existing keys still work, it can
happen that the files for DSA (and Ed25519) are getting loaded but they
do not exist. This results in an error in the log.
So instead check if the file exists and only try to load files that
exist. This prevents from errors (which are none) being spammed in the
log.
Create new host keys, one with ECDSA and one with Ed25519 algorithms.
For the Ed25519 currently the EdDSA library from i2p is used. This
requires some quirks, compared to a modern BouncyCastle. But the SSHD
library used cannot use BouncyCastle yet for Ed25519.
No DSA key is generated anymore, but we still support existing ones.
The version 1.69 is chosen instead of 1.70, because the moxie build
would not download the jars, trying to download `...1.7.jar` instead.
Three class deprecations are fixed. `PEMWriter` and `X509Extension`
are replaced with their drop-in replacements `JcaPEMWriter` and
`Extension`. The `PasswordFinder` deprecation note says that "it is
no longer used". It also was never used in Gitblit's code, so it is
removed from the key par provider class.
Instead of adding another setting and having to explain how the new one
and the existing `requireClientCertificates` setting are interdependent,
let's use the existing setting and add new values.
It is changed from a boolean to a string, with the values `required`,
`optional` and `disabled`. To keep backward compatibility with the old
values, the `true` value is mapped to `required` and the `false` value
is mapped to `optional`.
This also removes the additional Set. What changes is that the order of
the repositories is kept, but the resulting list will have user and team
permissions intertwined.