- Feb 02, 2020
-
-
Lukas Fleischer authored
Signed-off-by:Lukas Fleischer <lfleischer@archlinux.org>
-
Lukas Fleischer authored
Addresses FS#64983. Signed-off-by: -
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
Support secondary email addresses that can be used to recover an account in case access to the primary email address is lost. Reset keys for an account are always sent to both the primary and the backup email address. Signed-off-by: -
Lukas Fleischer authored
In addition to supporting email addresses in the reset key form, also support user names. The reset key is then sent to the email address in the user's profile. Signed-off-by:
-
- Jan 30, 2020
-
-
Lukas Fleischer authored
-
Lukas Fleischer authored
Since commits daee20c6 (Require current password when setting a new one, 2020-01-30) and 8fc8898f (Require password when deleting an account, 2020-01-30), changing a password and deleting an account require the current password. Extend this to all other profile changes. Signed-off-by:
-
Lukas Fleischer authored
Further reduce the attack surface in case of a stolen session ID. Signed-off-by: -
Lukas Fleischer authored
When changing the password of an account, instead of asking for the old password of the account, ask for the password of the currently logged in user. This allows privileged users to edit other accounts without knowing their passwords. Signed-off-by: -
Lukas Fleischer authored
Rollback an accidental change that sneaked into commit daee20c6 (Require current password when setting a new one, 2020-01-30). Signed-off-by:
-
Lukas Fleischer authored
Since commit eeaa1c3a (Separate text from footer in notification emails, 2020-01-04), information about unsubscribing from notifications is added in a signature block. Fix the test cases accordingly. Signed-off-by:
-
Lukas Fleischer authored
Since commit eeaa1c3a (Separate text from footer in notification emails, 2020-01-04), information about unsubscribing from notifications is added in a signature block. However, the code to format the email body trimmed the RFC 3676 signature delimiter, replacing "-- " by "--". Fix this by adding a special case for signature delimiters. Signed-off-by:
-
Lukas Fleischer authored
Prevent from easily taking over an account by changing the password with a stolen session ID. Fixes FS#65325. Signed-off-by:
-
- Jan 06, 2020
-
-
Signed-off-by:
-
- Dec 11, 2019
-
-
Lukas Fleischer authored
The Git repository URLs are not meant to be visited using a web browser. Copy the link to the clipboard instead. Signed-off-by:
-
- Nov 24, 2019
-
-
Lukas Fleischer authored
The SQLite schema is generated automatically from the main schema and used in the test suite. Signed-off-by:
-
- Nov 23, 2019
-
-
Lukas Fleischer authored
Since commit a66c7fa6 (notify.py: Use a/an correctly when sending request notifications, 2019-08-09), the body of notification emails sent when filing orphan requests refers to "an orphan request" instead of "a orphan request". Signed-off-by:
-
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
We support multiple database backends. Don't require Python modules for all backends to be installed. Signed-off-by: -
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
Verify that the update hook exists and is executable before running Git to prevent from broken repositories when permissions are broken. Signed-off-by:
-
- Nov 02, 2019
-
-
Lukas Fleischer authored
There's no need to use permanent storage for rate limiting information; try to keep it in memory if caching is enabled. From experiments with our live setup, this reduces the number of INSERT/DELETE operations per second from 15 to almost 0. Disk writes on the server hosting the AUR are reduced by 90% (from ~3MB/s to ~300kB/s). Signed-off-by:
-
- Nov 01, 2019
-
-
Lukas Fleischer authored
Signed-off-by:
-
- Oct 27, 2019
-
-
Lukas Fleischer authored
Limit the display to two decimal points for packages with a popularity of at least 0.2. Suggested-by:
Allan McRae <allan@archlinux.org> Signed-off-by:
-
- Oct 19, 2019
-
-
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
Signed-off-by: -
Lukas Fleischer authored
Signed-off-by:
-
- Oct 09, 2019
-
-
Lukas Fleischer authored
Signed-off-by:
-
- Oct 07, 2019
-
-
Lukas Fleischer authored
The TTL for package details can be much longer than for generic values since they never change. Note that when an update is pushed via Git, all packages belonging to that package base are deleted and new packages are created. Signed-off-by: -
Lukas Fleischer authored
Cache more package details if the global caching mechanism is enabled. Signed-off-by:
-
- Oct 06, 2019
-
-
Lukas Fleischer authored
Cache the results of the extended fields computation if the global caching mechanism is enabled. Signed-off-by: -
Lukas Fleischer authored
The package provider and dependency queries are quite CPU-intensive and usually yield rather small result sets. Cache these values if the global caching mechanism is enabled. Signed-off-by:
-
- Oct 05, 2019
-
-
Lukas Fleischer authored
With the previous implementation, unlucky users could have their CAPTCHA be invalidated by a single account creation while filling out their account registration form. Make this more robust by allowing up to five account registrations before rejecting a CAPTCHA salt. Signed-off-by: -
Lukas Fleischer authored
Add a CAPTCHA to protect against automated account creation. The CAPTCHA changes whenever three new accounts are registered. Signed-off-by:
-
- Aug 19, 2019
-
-
Will no longer send notifications about "a orphan request", but determine whether to use a/an based on the first character of the request type. Signed-off-by:
Lars Rustand <rustand.lars@gmail.com> Signed-off-by:
-
- Aug 18, 2019
-
-
Eli Schwartz authoredIn commit 3578e77a we implemented listing of comments from the account details page , but this was intended to only be available to TUs and Devs. As the comment says: "display the comment list if they're a TU/dev" The credential checking code, however, set this credential for all users, contrary to the intention of the commit. In order to preserve the ability to list a person's own comments, also declare the allowed uids based on the profile being viewed.
-
- Jul 30, 2019
-
-
Since 09cb61ab (schema: Remove invalid default values for TEXT columns, 2017-04-15) the PackageRequests.ClosureComment field no longer has a default value. Signed-off-by:
Johannes Löthberg <johannes@kyriasis.com> Signed-off-by:
-
- Jun 30, 2019
-
-
Signed-off-by:
Michael Straube <michael.straube@posteo.de> Signed-off-by:
-
- May 25, 2019
-
-
Lukas Fleischer authored
VCS packages should not be flagged out-of-date when the package version does not match the most recent commit. Implements FS#62733. Signed-off-by: -
Lukas Fleischer authored
Signed-off-by:
-
