Derived off of original work done by Leonidas Spyropoulos
at !503

This revision of that original work finishes off the inconsistencies
mentioned in the original MR and adds a small bit of testing for more
regression checks.

Fixes: #360



Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

in addition, remove cookie expiration for AURREMEMBER --
we don't really care about a session time for this cookie, it merely
acts as a flag given out on login to remember what the user selected

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Closes #351



Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

Leon Möller authored Aug 12, 2022 and Leon Möller committed Aug 16, 2022

While the flagger is allowed to unflag a package, the link to do so is
hidden from them. Fix by adding the flagger to the unflag list.

Fix #380

Found along with the previous commit to be a security hole in our
implementation. This commit resolves an issue regarding comment editing.

Signed-off-by: Kevin Morris <kevr@0cost.org>

This addresses a severe security issue, which is omitted from this
git message for obscurity purposes.

Otherwise, it allows co-maintainers to see the keyword form when
viewing a package they co-maintain.

Closes #378



Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

This was incorrectly using the particular Package record's name
to format options.snapshot_uri in order to produce URLPath.

It should, instead, use the PackageBase record's name, which
this commit resolves.

Bug reported by thomy2000

Closes #382



Signed-off-by: Kevin Morris <kevr@0cost.org>

Brings in: 9497f6e6


Closes #512

Thanks, jelle!

Signed-off-by: Kevin Morris <kevr@0cost.org>

Redis's get() method can return None which makes an RPC request error
out:

  File "/srv/http/aurweb/aurweb/ratelimit.py", line 103, in check_ratelimit
    requests = int(requests.decode())
AttributeError: 'NoneType' object has no attribute 'decode'

Pulled from Transifex on 08/12/2022 - 08/13/2022.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Signed-off-by: Kevin Morris <kevr@0cost.org>

With this commit, it is advised to `rm ./data/root_ca.crt ./data/*.pem`,
as new certificates and a root CA will be generated while utilizing the
step volume.

Closes #367



Signed-off-by: Kevin Morris <kevr@0cost.org>

This reverts commit 6c7e2749.

Once again, this does actually cause issues with foreign keys.
Removing it for now and will revisit this.

This reverts commit 952c2478.

The issue found was actually:
- If `./aur.git` exists within the aurweb repository locally,
  it also ends up in the destination, stopping the aurweb_git_data
  volume from being mounted properly.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Speeds up SSHPubKeys.PubKey searches in a larger database.

Fixed form of the original commit which was reverted,
1a7f6e1f



Signed-off-by: Kevin Morris <kevr@0cost.org>

This reverts commit 1a7f6e1f.

This commit broke account creation in some way. We'd still like to
do this, but we need to ensure it does not intrude on other facets.

Extra: We should really work out how this even passed tests; it
should not have.

Speeds up SSHPubKeys.PubKey searches in a larger database.

Signed-off-by: Kevin Morris <kevr@0cost.org>

Closes #374



Signed-off-by: Kevin Morris <kevr@0cost.org>

Jelle van der Waa authored Aug 02, 2022 and Jelle van der Waa committed Aug 10, 2022

Show a plain maintainer text for non logged in users like the submitted,
last packager.

Closes #373

Signed-off-by: Kevin Morris <kevr@0cost.org>

Fixes: #354



Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

Remove all extra whitespace when parsing Keywords to ensure we don't add
empty keywords in the DB.

Closes: #332



Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

Jelle van der Waa authored Jul 31, 2022 and Jelle van der Waa committed Aug 02, 2022

Since Python 3.9 list/dict can be used as type hint.

Signed-off-by: Hugo Osvaldo Barrera <hugo@whynothugo.nl>

Closes: #368



Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

Closes: #364
Signed-off-by: Leonidas Spyropoulos <artafinde@archlinux.org>

All of these vendor prefixes are already supported by all browsers for
quite a while.

For our development setup we run a redis container without a
username/password. Redis recently set protected mode by default which
disallows this, turn it off as it has no security implication.