- 18 Jun, 2021 17 commits
-
-
Andrej Shadura authored
Add a new "hash type" for invalid passwords, which is never equal to normal passwords, but nevertheless can be changed without being known by the user. This "invalid" password can only be set by directly setting the password hash type. When updating the password using update_password method, it will always be upgrade it to the strongest hash type, sha256crypt. To allow changing this "invalid" password to a normal one, stop requiring a non-empty current password in the password change dialog when changing a password from an "invalid" one. Don’t show the current password box either, as it is not used anyway in this case, making it better not to show it to avoid confusion. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Backports of upstream commits 5524ffcc and 362bdc3a moved some validation code into a validate method which was never called. A simple fix makes this code run again. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Some providers set username or nickname to an email address. For this reason, first collect the best possible user name we can find, and only then fix it to match our requirements. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
The generator requires Python 3 and pyyaml Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Create a Docker image with a Debian package built from the current Git source. This eliminates an extra round trip with a manual upload to OBS and the package getting published and fetched from apt repos. Unfortunately, doing this in a way compatible with what was previously done requires some non-trivial hacks. Since we want fairly recent OmniAuth gems, we install them from external sources directly into the resulting Docker image. ruby-faraday is used by the OAuth2 auth backend, but new versions require newer Ruby than what stretch has, so we preinstall it from packages to avoid pinning it. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
OmniAuth 2.x breaks CSRF, needs more investigation. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 15 Jun, 2021 1 commit
-
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 02 Jun, 2021 4 commits
-
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
Andrej Shadura authored
Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
- 27 May, 2021 18 commits
-
-
We already have a method for creating users with fake passwords. Let's use it. Cherry-picked from 86473a4b
-
Cherry-picked from 1c264f59
-
Cherry-pick from 7967fe46
-
Add basic tests for the new method. Cherry-picked from 51ac16ad
-
* Moves ldap related code into new method that handles creation of LDAP users * Cleans up setting attributes Cherry-picked from b6d9a59f
-
After a successful login OBS is updating user data fetched from the LDAP instance. This simplifies the code a bit. Cherry-picked from c349da0a
-
Searching a users works differently in LDAP mode. This splits out the LDAP related code. Cherry-picked from cde81ee1
-
When a user logs in to OBS we mark the last login. For unknown reasons we prevented the updated_at attribute to be updated when we run this operation. Since there is no good reason to do this, we drop the code. Cherry-picked from 6d0e5b20
-
ActiveModel::Dirty provides a nice set of helper methods to track and handle changes of attributes of a model. This allows us to remove a number of custom code that previously was taking care of this. Cherry-picked from 7453160b
-
and drop the two methods that were storing them before. Cherry-picked from a60da39a
-
Cherry-picked from 1b353118
-
Partially cherry-picked from 362bdc3a
-
DEPRECATION WARNING: Passing string to define callback is deprecated and will be removed in Rails 5.1 without replacement. Partially cherry-picked from 04bbd1d1
-
Was: [ci][api] Enable Rails/Validation rubocop cop Checks for the use of old-style attribute validation macros. Cherry-picked from 5524ffcc
-
Moves code that handles marking succeeded logins to a separate method. This DRYs the code a bit. Cherry-picked from: c311c8e7
-
Andrej Shadura authored
Non-logged-in users cannot directly access the login form, while they’re supposed to be able to do this so that they can log in. Without this, they can only use the JavaScript-powered form on the main page. Signed-off-by:
Andrej Shadura <andrew.shadura@collabora.co.uk>
-
When a user tries to view a project's meta config, the rails application actually recreates the XML from the database contents using the project model. It does this with the user id set in its context and applies normal ACL rules. This means that any data relating to a project the user does not have at least read access to is missing from the model's internal data structures, so <path…> elements that refer to unreadable projects result in a method call on nil and a 500 error in the web UI. This patch ameliorates that by checking that the relevant object actually exists in the model before calling an accessor method on it, and substituting 'HIDDEN' for the project's name if it does not. This does mean that the user SHOULD NOT try and save said meta config but that restriction is not enforced here. Gbp-Pq: Topic collabora Gbp-Pq: Name Suppress-a-500-error-in-the-web-UI-for-project-meta-confi.patch
-
The project model code path for this invalidates the cache before returning. Users now have different views of project meta config (references to inaccessible projects, which were not permitted at all before, are now elided to "HIDDEN" for users with insufficient access): This means that the code path which provides the meta config to osc must also invalidate the cache. It's not clear that this particular config should be cached at all. Possibly it should include the user context in the cache key instead but in any case this is the least invasive way to make sure osc returns the correct information for now. Gbp-Pq: Topic collabora Gbp-Pq: Name Invalidate-the-rails-cache-for-project-meta-xml-in-show_p.patch
-