Re: Code review and coverage marks
Hello, On Mon, 04 Aug 2014 16:56:46 -0500 Sean Farley wrote: > > It is inconvenient anyway, and the point is that Mailman lists seem > > to lose (a lot of?) feedback from newer generation. > My idea would be to take the best of both worlds: have an issue > tracker / pull request model such that commenting would be mirrored > on the mailing list (and replies would be threaded). This would allow > people like me to not leave their email client but also people like > you to use the web interface to reply. > This would hopefully allow new people to issue a pull request via the > web but reviewers to respond with the email clients. Also, vice versa: > mailing a patchbomb would initiate a pull request just like the web > client would. > This is still just a pipe dream, though. No work has been done on > this idea. I think we may borrow something from the Debian BTS. It has a great email interface, and I think that's something we must support, at least partially. -- Cheers, Andrew signature.asc Description: PGP signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: Code review and coverage marks
Hello, On Mon, 04 Aug 2014 19:45:40 -0500 Sean Farley wrote: > I'm unfamiliar with the Debian BTS interface (pointers welcomed) but > email is a must. Hell, maybe even the data model should be email > because it's that important to keep the email-based replies. https://www.debian.org/Bugs/ https://www.debian.org/Bugs/Reporting https://www.debian.org/Bugs/Developer -- Cheers, Andrew signature.asc Description: PGP signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: markdown version conflict
Hi Neal,
On 28 August 2014 13:52, Neal Becker wrote:
> But it doesn't work, because I already have a newer version of markdown
> pkg_resources.VersionConflict: (Markdown 2.3.1
> (/home/nbecker/.local/lib/python2.7/site-packages),
> Requirement.parse('markdown==2.2.1'))
From my experience, most of the libraries we use can be safely
upgraded (and dependencies changed from == to >=), but we don't yet do
it officially, as we need to be sure nothing breaks for our users.
Once we're able to determine the versions safe to use, and
automatically test that, we'll make the dependencies less strict.
Jelmer Vernooij is already working on that.
--
Cheers,
Andrew
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
VALS Semester of Code
Hello, As most of people probably haven't noticed, there's a programme out there called VALS Semester of Code. The idea is right the same as with Google Summer of Code, but students are paid back withuniversity credits. Hence less people are interested, probably — as far as I know, non-EU students can't apply, and I'm not sure students of which universities can (only of those which are partners of the programme? any of them? I couldn't yet find the answer). Anyway, participating in this programme probably doesn't hurt us, but would help us to formulate so tasks we need to do anyway, which is good for us :) Last night I followed a manual and have set up an account for Kallithea there, and also sent Mads as invitation to join as a project administrator. Now the problem is that the deadline for project ideas submission is September 12, 2014. So we need to formulate these project ideas before that date. References: [0]: http://semesterofcode.com/ [1]: http://osswatch.jiscinvolve.org/wp/2014/08/06/vals-semester-of-code-open-for-project-idea-submissions/ [2]: http://vps.semesterofcode.com/organisations/browse -- Cheers, Andrew signature.asc Description: PGP signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: VALS Semester of Code
Hello, On Wed, 10 Sep 2014 09:22:22 +0200 Andrew Shadura wrote: > Hence less people are interested, probably — as far as I > know, non-EU students can't apply, and I'm not sure students of which > universities can (only of those which are partners of the programme? > any of them? I couldn't yet find the answer). Anyway, participating in > this programme probably doesn't hurt us, but would help us to > formulate so tasks we need to do anyway, which is good for us :) According to [1], the programme is ‘open to any students so long as their University can provide supervision and recognition for what the student is doing.’ [1] https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1409&L=VALS-SOC&D=0&P=4124 -- Cheers, Andrew signature.asc Description: PGP signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: VALS Semester of Code
Hello, Organisers have decided[1] to move the organisation signup end date to midnight Tuesday 16th UTC, so that gives us few more days to generate cool ideas :) I have added two project ideas, and created the following wiki pages: https://bitbucket.org/conservancy/kallithea/wiki/Project%20Ideas/Pyramid%20port https://bitbucket.org/conservancy/kallithea/wiki/Project%20Ideas/Wiki Feel free to modify them or add anything totally new. References: [1] https://www.jiscmail.ac.uk/cgi-bin/webadmin?A2=ind1409&L=VALS-SOC&D=0&P=25962 -- Cheers, Andrew signature.asc Description: PGP signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Issue #75: Test issue, don't fix. (conservancy/kallithea)
New issue 75: Test issue, don't fix. https://bitbucket.org/conservancy/kallithea/issue/75/test-issue-dont-fix Andrew Shadura: Foo, bar ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Issue #76: HTML injections in file browser (conservancy/kallithea)
New issue 76: HTML injections in file browser https://bitbucket.org/conservancy/kallithea/issue/76/html-injections-in-file-browser Andrew Shadura: It is possible to inject HTML code by creating files with special names:  ``` #!html · ``` A repository patch to create such files attached. ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Fwd: Tasks for the Next Release
-- Forwarded message -- From: Andrew Shadura Date: 18 January 2015 at 11:31 Subject: Re: Tasks for the Next Release To: Sean Farley >From me: * Fix email templates. * Probably, finish the ellipsis patch. -- Cheers, Andrew -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: save multiple comments at once
On 27 January 2015 at 14:11, Nick Coghlan wrote: > On 27 January 2015 at 04:35, Mads Kiilerich wrote: >> I don't see the point in rst/md markup of comments. People should comment on >> content, not spend time making it look fancy > > In Gerrit, there are two specific aspects of MD rendering I regularly > find useful: monospace formatting of indented code snippets, and > bullet point formatting of bulleted lists. > > So those aren't about being fancy, they're about making the comments > easier to read. I agree. Md/RST is something that's generally useful and improves the readability. It should probably be a per-instance or per-repository setting, I guess. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: YUI remainders
Hello, On Sat, 07 Feb 2015 23:02:43 +0100 Mads Kiilerich wrote: > > However, there still remain several YUx calls in Kallithea. > It would be great to get the last Yahoo stuff replaced. I will just > note that the main missing parts are non-trivial. It is primary data > tables with widgets and and 'flot' plotting. I don't know if jQuery > has some obvious equivalent functionality or if we should use > something else. Flot itself doesn't depend on YUI, it actually originally is jQuery-based, and we use a YUI port of it. The actual issue with flot is that the porter has added some data scaling to the widget implementation, and we need to deal with that. -- Cheers, Andrew pgpMiopMrsm_r.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] templates: centre the feed icon vertially in the public journal
# HG changeset patch
# User Andrew Shadura
# Date 1424864441 -3600
# Wed Feb 25 12:40:41 2015 +0100
# Node ID 54ca0422017d790f16135b4da347850c68458c55
# Parent fc311d8c3997063a8c6020f4e8d32ca77be339e5
templates: centre the feed icon vertially in the public journal
diff --git a/kallithea/templates/journal/public_journal.html
b/kallithea/templates/journal/public_journal.html
--- a/kallithea/templates/journal/public_journal.html
+++ b/kallithea/templates/journal/public_journal.html
@@ -19,7 +19,7 @@
${_('Public Journal')}
-
+
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] docs: improve issue tracker integration docs
# HG changeset patch
# User Andrew Shadura
# Date 1424869587 -3600
# Wed Feb 25 14:06:27 2015 +0100
# Node ID 5b85679c832b1de3471ed3c62a555d22cbad0c33
# Parent 54ca0422017d790f16135b4da347850c68458c55
docs: improve issue tracker integration docs
diff --git a/docs/setup.rst b/docs/setup.rst
--- a/docs/setup.rst
+++ b/docs/setup.rst
@@ -448,16 +448,29 @@ uncomment following variables in the ini
issue_prefix = #
`issue_pat` is the regular expression that will fetch issues from commit
messages.
-Default regex will match issues in format of # eg. #300.
+Default regex matches issues in format of # eg. #300.
-Matched issues will be replace with the link specified as `issue_server_link`
-{id} will be replaced with issue id, and {repo} with repository name.
-Since the # is striped `issue_prefix` is added as a prefix to url.
-`issue_prefix` can be something different than # if you pass
-ISSUE- as issue prefix this will generate an url in format::
+Matched issues are be replaced with the link specified as `issue_server_link`
+{id} is replaced with issue id, and {repo} with repository name.
+Since the # is stripped away, `issue_prefix` is added as a prefix to url.
+`issue_prefix` doesn't necessarily need to be #, so if you set issue
+prefix to ISSUE- this will generate an URL in format::
https://myissueserver.com/example_repo/issue/300";>ISSUE-300
+If needed, more than one pattern can be specified by appending a unique suffix
to
+the variables. For example::
+
+issue_pat_wiki = (?:wiki-)(.+)
+issue_server_link_wiki = https://mywiki.com/{id}
+issue_prefix_wiki = WIKI-
+
+From now on, wiki pages can be referenced as wiki-some-id, and every such
reference
+will be transformed into::
+
+ https://mywiki.com/some-id";>WIKI-some-id
+
+
Hook management
---
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] templates: make the feed icon white, not yellow
# HG changeset patch # User Andrew Shadura # Date 1424869902 -3600 # Wed Feb 25 14:11:42 2015 +0100 # Node ID ec3e03b19634c951f5d20fa1bdd890fef94babef # Parent 5b85679c832b1de3471ed3c62a555d22cbad0c33 templates: make the feed icon white, not yellow diff --git a/kallithea/templates/journal/public_journal.html b/kallithea/templates/journal/public_journal.html --- a/kallithea/templates/journal/public_journal.html +++ b/kallithea/templates/journal/public_journal.html @@ -22,7 +22,7 @@ - + ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] docs: improve issue tracker integration docs
# HG changeset patch
# User Andrew Shadura
# Date 1424869587 -3600
# Wed Feb 25 14:06:27 2015 +0100
# Node ID 27dc7c640192200467740c7fbd9256972ddd9e20
# Parent 730768e621dcc5bd69c75e34958e90664e8b8162
docs: improve issue tracker integration docs
diff --git a/docs/setup.rst b/docs/setup.rst
old mode 100755
new mode 100644
--- a/docs/setup.rst
+++ b/docs/setup.rst
@@ -447,17 +447,33 @@ uncomment following variables in the ini
issue_server_link = https://myissueserver.com/{repo}/issue/{id}
issue_prefix = #
-`issue_pat` is the regular expression that will fetch issues from commit
messages.
-Default regex will match issues in format of # eg. #300.
+`issue_pat` is the regular expression describing which strings in
+commit messages will be treated as issue references. A match group in
+parentheses should be used to specify the actual issue id.
-Matched issues will be replace with the link specified as `issue_server_link`
-{id} will be replaced with issue id, and {repo} with repository name.
-Since the # is striped `issue_prefix` is added as a prefix to url.
-`issue_prefix` can be something different than # if you pass
-ISSUE- as issue prefix this will generate an url in format::
+The default expression matches issues in the format '#', e.g. '#300'.
+
+Matched issues are replaced with the link specified as `issue_server_link`
+{id} is replaced with issue id, and {repo} with repository name.
+Since the # is stripped away, `issue_prefix` is prepended to the link text.
+`issue_prefix` doesn't necessarily need to be #: if you set issue
+prefix to ISSUE- this will generate a URL in format::
https://myissueserver.com/example_repo/issue/300";>ISSUE-300
+If needed, more than one pattern can be specified by appending a unique suffix
to
+the variables. For example::
+
+issue_pat_wiki = (?:wiki-)(.+)
+issue_server_link_wiki = https://mywiki.com/{id}
+issue_prefix_wiki = WIKI-
+
+With these settings, wiki pages can be referenced as wiki-some-id, and every
+such reference will be transformed into::
+
+ https://mywiki.com/some-id";>WIKI-some-id
+
+
Hook management
---
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] docs: improve issue tracker integration docs
Hello, Thanks for the proofreading. I fixed the most obvious things, but haven't noticed the rest :) I'll post an updated version of the patch. -- Cheers, Andrew pgpybNU1AAEwK.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 1 of 1] changeset: don't crash on malformed whitespace parameter
# HG changeset patch
# User Andrew Shadura
# Date 1424965487 -3600
# Thu Feb 26 16:44:47 2015 +0100
# Node ID ec1aa401f1e2e25a0f4b43b7dddba12e11d96f17
# Parent c583bfc8785b96436e193aa1e2acc2820e436c7c
changeset: don't crash on malformed whitespace parameter
diff --git a/kallithea/controllers/changeset.py
b/kallithea/controllers/changeset.py
--- a/kallithea/controllers/changeset.py
+++ b/kallithea/controllers/changeset.py
@@ -75,7 +75,10 @@ def get_ignore_ws(fid, GET):
ig_ws_global = GET.get('ignorews')
ig_ws = filter(lambda k: k.startswith('WS'), GET.getall(fid))
if ig_ws:
-return int(ig_ws[0].split(':')[-1])
+try:
+return int(ig_ws[0].split(':')[-1])
+except ValueError:
+pass
return ig_ws_global
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 0 of 1] Bad input handling: discussion
In [1], Mads and I had a discussion on what to do with bad input we may sometimes receive. My idea is that we should use everything we know how to handle and ignore what we can't. Mads, if I understood him correctly, insists we should be conservative in what we accept and just complain if someone's trying to feed us something we can't handle. What's your opinion on this? [1]: https://bitbucket.org/conservancy/kallithea/commits/cc1ab5ef6686526b7aad8c0c190a5c2944e92ecf#Lkallithea/controllers/changeset.pyT78 -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH 0 of 1] Bad input handling: discussion
Hello, On Thu, 26 Feb 2015 21:06:36 +0100 Thomas De Schampheleire wrote: > I don't think Kallithea should crash or present 500 in cases where an > input is not what we expect. > In any case, '400 bad request' is better than '500 server error', as > also said by Mads in [1]. > > Whether or not we should ignore invalid input: my initial thought was > that it is good idea. However, from the link Mads provided in [1], it > seems there can be security issues with such behavior, in general. So > I'm not sure anymore what to do here, I'm not very familiar with this > area. > > What could be the reason for such invalid input, other than malicious > attempts? In this situation (I found "WS%3" in the real logs) this might be misinterpretation of some links by search engine bots or something like that. I'm not sure how failing on such input is better or worse than ignoring it. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: Kill RST
Hello, On Mon, 02 Mar 2015 10:35:36 -0800 Sean Farley wrote: > > - the average user does not need the features RST provides. > > > > So as far as I'm concerned, RST can be removed entirely. > > The same has been done in Unity's tree with commit > > https://bitbucket.org/Unity-Technologies/kallithea/commits/09286e5ca064de6930d5bdefb9df6708eda19976 > > > > However, I assume that some other people will find this too harsh, > > so we can think of compromises, for example: > Why not make RST 'just work'? i.e. if a user types plain text the > output is plain text. I think we need to: i) switch to some flavour of Markdown by default ii) let users choose the format of every comment they add: plain text, md, rst We can't detect the markup effectively because both rst and md *are* plain text (well, md more so). -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] middleware: use secure cookies over secure connections
Hello, On Thu, 05 Mar 2015 06:58:30 +0100 Thomas De Schampheleire wrote: > Then with this wrapper, can't we also change the cookie name to > append the port, as an alternative to my recent patch fixing it in > the config file? In theory, yes, but I'm not sure we should :) I'm not sure however, the port is the only thing to distinguish between different services. If it were me, I'd have different services running on the same port, but I'd had them available at different domains. Given that, I think your original patch might be better. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] middleware: use secure cookies over secure connections
Hello, On 5 March 2015 at 09:34, Thomas De Schampheleire wrote: >>> Then with this wrapper, can't we also change the cookie name to >>> append the port, as an alternative to my recent patch fixing it in >>> the config file? >> In theory, yes, but I'm not sure we should :) I'm not sure however, the >> port is the only thing to distinguish between different services. If it >> were me, I'd have different services running on the same port, but I'd >> had them available at different domains. Given that, I think your >> original patch might be better. > But if you use different domains, then the cookies would be unique, > correct? One cookie would be for example.com:80 with name > kallithea-80, and the other for otherexample.com:80 with name > kallithea-80. These cookies cannot collide, AFAIK. Okay, makes sense. > I think the same is true when using subdomains. At least, in RFC6265 I > don't see a mention about this not working. > The biggest disadvantage with my current patch is that we're using the > app_instance_secret that could be needed for some other purpose in the > future. True. I'll hack something around this today. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH 1 of 1] changeset: don't crash on malformed whitespace parameter
Hi, On 6 March 2015 at 15:38, Mads Kiilerich wrote: > So ... I would still suggest to raise HTTPBadRequest() instead. > If you insist, I will forward support requests to you ;-) I'm okay with Bad Request :) -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] middleware: use secure cookies over secure connections
Hi, On 6 March 2015 at 16:17, Mads Kiilerich wrote: >> Use our own wrapper around Beaker's SessionMiddleware class to >> give secure cookies over HTTPS connections. > It would also be nice to have a clear statement of what problem this is > solving. There was no way to flag cookies as "secure" when using https? In > which scenarios would that be a problem ... and how big? There's no way in Beaker to dynamically add secure flag depending on where the request comes from. We definitely don't want secure cookies when we don't have HTTPS, and when we do, we probably want secure cookies. > I assume it would be better to use plain Beaker for this ... but I assume > you have tried and researched and concluded that this was the best way to do > it? Please you share your findings - perhaps as a comment in > sessionmiddleware.py or in the commit message. Is it a bug or > not-yet-implemented feature or philosophical disagreement? It currently just accepts it as an always set option, so you can either enable it for all connections or disable in globally. >> +:created_on: March 04, 2015 >> +:author: andrewsh >> +:copyright: (c) 2015 Andrew Shadura >> +:license: GPLv3, see LICENSE.md for more details. >> +""" > Unless it already has been fixed / contributed upstream, the license of this > could perhaps be made compatible with upstream so they can take it back? There are just two lines of code worth copying upstream (questionable), so I don't think it's copyrightable. >> +super(SessionMiddleware, self).__init__(wrap_app, config, >> +environ_key, **kwargs) >> +self.options["secure"] = False >> +# self.options["httponly"] = True > I guess this either should be removed or have a comment to explain what the > purpose is and when it can be useful? This is a line of code I thought of including, but I'm not sure how it would interact with the rest of changes I have planned, so I just kept it here for the reference (or as an example of what else can be done here). -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH 3 of 3] docs/installation: clarify root privileges requirement for 'pip install'
Hello, On Sat, 14 Mar 2015 23:03:27 +0100 Mads Kiilerich wrote: > > +Note that this method requires root privileges. When installing as > > a regular +user, you can use:: > > + > > +pip install --user kallithea > > + > > +or (recommended) install Kallithea in a virtualenv (next section). > I think we should give a different advice. > > In my opinion, pip should only be used inside a virtualenv. Running > it as root is wrong. > > I don't know this --user option. How does it work ... if it does work? It really does work, it installs packages into ~/.local, which is useful if you just want to test things out, and if you do want to mix your system packages with locally installed ones. -- Cheers, Andrew pgpEjTZFjHbrl.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] website: emphasize source code location and contribution
Hi all, On 14 March 2015 at 20:54, Thomas De Schampheleire wrote: > # HG changeset patch > # User Thomas De Schampheleire > # Date 1426362759 -3600 > # Sat Mar 14 20:52:39 2015 +0100 > # Node ID fffcf8e1a17ac1e5501780b01a66817673f7abb6 > # Parent 5ca6989b8971b5f5d96dd9a723d5f60a0389af2c > website: emphasize source code location and contribution Just wanted to clarify: this has already been pushed ;) -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH 3 of 3] docs/installation: clarify root privileges requirement for 'pip install'
Hi, On 15 March 2015 at 14:06, Mads Kiilerich wrote: >> It really does work, it installs packages into ~/.local, which is >> useful if you just want to test things out, and if you do want to mix >> your system packages with locally installed ones. > How does it work? Will the global installation of pip hook into Python > startup and inject packages from .local in sys.path? How about executable > scripts - where are they placed? I think it's present there always. At least, I don't need to specify any option to load packages from ~/.local. Executable scripts are installed into ~/.local/bin. > Either way, I understand that pip --user still will install the packages in > a shared location. That will make it very hard to uninstall or "start over". > I guess it also makes it impossible for the a user to have more than one > Kallithea instance. It is very easy to do that. Just drop ~/.local, switch to another user or anything like that. > I think we need more clarification of pros and cons of the different options > before we start recommending more options. > > In my opinion, virtualenv is the only _real_ option. It makes pip simple and > managable so we know exactly where the dependencies for this app is > installed. Running pip without virtualenv (with or without --user) can > easily create situations that are very hard to recover from. I'm not a Python pro, but somehow I managed to never run into them :) -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH 3 of 3] docs/installation: clarify root privileges requirement for 'pip install'
Hi, On 16 March 2015 at 19:35, Thomas De Schampheleire wrote: >>It is very easy to do that. Just drop ~/.local, switch to another user >>or anything like that. > Switching to another user can hardly be called a graceful removal. > Deleting the directory just like that isn't possible if the user has > installed other > packages than kallithea with this method as he may want to keep these other > packages... Depends on your requirements. In my case, I have a separate user for Kallithea anyway, so it's much easier to recreate ~/.local than to play with virtualenv. As a benefit, it doesn't need any enabling or activation, it's always active. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 0 of 2] slight improvements to the templates -- in preparation to bigger changes
Hello, We misuse some markup, so I decided to change that even if it changes the appearance a bit. I doubt anyone would miss monospace font on the main page :) -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 1 of 2] template: remove unneeded from revision links
# HG changeset patch
# User Andrew Shadura
# Date 1426848939 -3600
# Fri Mar 20 11:55:39 2015 +0100
# Node ID b2ecf8a21929c129acb9681a0cf924746914dab0
# Parent bd85aa06b288ab632ea4103d40f68742d55a3b04
template: remove unneeded from revision links
diff --git a/kallithea/templates/data_table/_dt_elements.html
b/kallithea/templates/data_table/_dt_elements.html
--- a/kallithea/templates/data_table/_dt_elements.html
+++ b/kallithea/templates/data_table/_dt_elements.html
@@ -95,7 +95,7 @@
<%def name="revision(name,rev,tip,author,last_msg)">
%if rev >= 0:
- ${'r%s:%s' %
(rev,h.short_id(tip))}
+ ${'r%s:%s' %
(rev,h.short_id(tip))}
%else:
${_('No changesets yet')}
%endif
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 2 of 2] template: action buttons shouldn't have .btn-success unless we mean it
# HG changeset patch
# User Andrew Shadura
# Date 1426849012 -3600
# Fri Mar 20 11:56:52 2015 +0100
# Node ID 41aeb0a9ab615ccf672720bb218f2fb8cf21f58f
# Parent b2ecf8a21929c129acb9681a0cf924746914dab0
template: action buttons shouldn't have .btn-success unless we mean it
diff --git a/kallithea/templates/index_base.html
b/kallithea/templates/index_base.html
--- a/kallithea/templates/index_base.html
+++ b/kallithea/templates/index_base.html
@@ -17,12 +17,12 @@
%>
%if h.HasPermissionAny('hg.admin','hg.create.repository')() or
(group_admin or (group_write and create_on_write)):
%if c.group:
- ${_('Add Repository')}
+ ${_('Add Repository')}
%if h.HasPermissionAny('hg.admin')() or
h.HasRepoGroupPermissionAny('group.admin')(c.group.group_name):
${_(u'Add Repository Group')}
%endif
%else:
- ${_('Add Repository')}
+ ${_('Add Repository')}
%if h.HasPermissionAny('hg.admin')():
${_(u'Add Repository Group')}
%endif
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] stats: fix display when no data ready yet
# HG changeset patch
# User Andrew Shadura
# Date 1426950496 -3600
# Sat Mar 21 16:08:16 2015 +0100
# Node ID 91b44cf9fbb38b11cbb8779a7d0f2d603e68f6d0
# Parent 2c740f252808c6e8742fe1bb293fca816a889381
stats: fix display when no data ready yet
* jQ uses .append(), not .appendChild()
* when no data ready, display a nice message
* rephrase the message, the data isn't ready, not hasn't loaded yet
diff --git a/kallithea/controllers/summary.py b/kallithea/controllers/summary.py
--- a/kallithea/controllers/summary.py
+++ b/kallithea/controllers/summary.py
@@ -172,7 +172,7 @@ class SummaryController(BaseRepoControll
)
else:
c.no_data = True
-c.trending_languages = json.dumps({})
+c.trending_languages = json.dumps([])
c.enable_downloads = c.db_repo.enable_downloads
c.readme_data, c.readme_file = \
@@ -196,7 +196,7 @@ class SummaryController(BaseRepoControll
def statistics(self, repo_name):
if c.db_repo.enable_statistics:
c.show_stats = True
-c.no_data_msg = _('No data loaded yet')
+c.no_data_msg = _('No data ready yet')
else:
c.show_stats = False
c.no_data_msg = _('Statistics are disabled for this repository')
diff --git a/kallithea/templates/summary/summary.html
b/kallithea/templates/summary/summary.html
--- a/kallithea/templates/summary/summary.html
+++ b/kallithea/templates/summary/summary.html
@@ -383,8 +383,11 @@ summary = lambda n:{False:'summary-short
}
}
+if (data.length == 0) {
+tbl.innerHTML = "${_('No data ready yet')}";
+}
-$('#lang_stats').appendChild(tbl);
+$('#lang_stats').append(tbl);
$('#code_status_show_more').click(function(){
$('.stats_hidden').show();
$('#code_status_show_more').hide();
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] stats: use the correct element id for "show more" link handler
# HG changeset patch
# User Andrew Shadura
# Date 1426953352 -3600
# Sat Mar 21 16:55:52 2015 +0100
# Node ID c3a58da6dee99867d6b52f7d2d802f9af0004db4
# Parent a921eeab855df2c1e008dd202cf347638975ce01
stats: use the correct element id for "show more" link handler
diff --git a/kallithea/templates/summary/summary.html
b/kallithea/templates/summary/summary.html
--- a/kallithea/templates/summary/summary.html
+++ b/kallithea/templates/summary/summary.html
@@ -388,9 +388,9 @@ summary = lambda n:{False:'summary-short
}
$('#lang_stats').append(tbl);
-$('#code_status_show_more').click(function(){
+$('#code_stats_show_more').click(function(){
$('.stats_hidden').show();
-$('#code_status_show_more').hide();
+$('#code_stats_show_more').hide();
});
});
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] template: link the last revision in the file browser to the changeset
# HG changeset patch
# User Andrew Shadura
# Date 1426973024 -3600
# Sat Mar 21 22:23:44 2015 +0100
# Node ID 40168326214e69da0e109968eb8e89ad9df5028a
# Parent 6783369ad0dd687c709c756f03559437d9f01dad
template: link the last revision in the file browser to the changeset
diff --git a/kallithea/public/css/style.css b/kallithea/public/css/style.css
--- a/kallithea/public/css/style.css
+++ b/kallithea/public/css/style.css
@@ -2657,6 +2657,7 @@ BIN_FILENODE = 6
#compare_branches + .table .revision-link,
#compare_tags + .table .revision-link,
#compare_bookmarks + .table .revision-link,
+.table #files_data .revision-link,
#repos_list_wrap .revision-link,
#shortlog_data .revision-link {
font-weight: normal !important;
diff --git a/kallithea/templates/files/files_browser.html
b/kallithea/templates/files/files_browser.html
--- a/kallithea/templates/files/files_browser.html
+++ b/kallithea/templates/files/files_browser.html
@@ -97,9 +97,7 @@
%if node.is_file():
-
- ${h.show_id(node.last_changeset)}
-
+ ${h.show_id(node.last_changeset)}
%endif
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [oss-security] Dulwich security issue (fwd)
Hi, On 23 March 2015 at 15:41, Mads Kiilerich wrote: > I don't know. I guess all we can do is to inform all users that they > probably have it installed as a dependency and that they should upgrade. We > could perhaps make a "secure" version mandatory in next release. > > I can however not find the mentioned 0.9.9 anywhere, and pip only has a > 0.10.0 which also don't have any release notes and I don't know how > backwards compatible it is. PyPi has 0.9.9: https://pypi.python.org/pypi/dulwich/0.9.9 -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] spelling: use correct Git capitalisation where appropriate
# HG changeset patch
# User Andrew Shadura
# Date 1427123255 -3600
# Mon Mar 23 16:07:35 2015 +0100
# Node ID 7ed7830cca7a40a0a24a6aa8d39c0d306a09f582
# Parent 9c252005e5fd69efd579b410f1160b42b183c8cf
spelling: use correct Git capitalisation where appropriate
diff --git a/docs/usage/git_support.rst b/docs/usage/git_support.rst
--- a/docs/usage/git_support.rst
+++ b/docs/usage/git_support.rst
@@ -1,7 +1,7 @@
.. _git_support:
===
-GIT support
+Git support
===
diff --git a/kallithea/lib/diffs.py b/kallithea/lib/diffs.py
--- a/kallithea/lib/diffs.py
+++ b/kallithea/lib/diffs.py
@@ -453,8 +453,8 @@ class DiffProcessor(object):
LimitedDiffContainer(self.diff_limit,
self.cur_diff_size, _diff)
break
-else: # GIT binary patch (or empty diff)
-# GIT Binary patch
+else: # Git binary patch (or empty diff)
+# Git binary patch
if head['bin_patch']:
stats['ops'][BIN_FILENODE] = 'binary diff not shown'
chunks = []
diff --git a/setup.py b/setup.py
--- a/setup.py
+++ b/setup.py
@@ -98,7 +98,7 @@ data_files = []
package_data = {'kallithea': ['i18n/*/LC_MESSAGES/*.mo', ], }
description = ('Kallithea is a fast and powerful management tool '
- 'for Mercurial and GIT with a built in push/pull server, '
+ 'for Mercurial and Git with a built in push/pull server, '
'full text search and code-review.')
keywords = ' '.join([
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [oss-security] Dulwich security issue (fwd)
Hello, On 23 March 2015 at 16:00, Adi Kriegisch wrote: > I downloaded the source locally, applied the patch and installed within the > venv. Actually I hope Kallithea will soon be Debian packaged to make fixing > of issues like that easier... :) Actually, we've just got another person interested in creating a Debian package: welcome Elena, who's volunteered to help with it. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: 1st try - no repos found
Hello, On 25 March 2015 at 16:53, Neal Becker wrote: > I'm running into a problem. I'm using hg-3.3.2, and I have a repo using > obsolete markers. When I start kallithea, go to admin page, it says hg is > 3.1.2. I can't figure out where that comes from. I mv'd the hg in the > venv/bin, so kallithea would hopefully use my hg from /usr/bin, but that > didn't help. Sean has written some code to support obsoletion in Kallithea, you may find it at smf.io. It's about 6 patches, I've tested them and the mostly work, but they're not yet in our official branch. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: New commits on Our Own Kallithea
Hello, On Mon, 06 Apr 2015 22:33:12 +0200 Thomas De Schampheleire wrote: > Two remarks about this list: > 1. It seems only the last ten commits are shown, without indication > about this limit. Probably some limitation of the RSS feed (I scan it to generate the mail). > 2. The commit links point to 127.0.0.1. Is this due to a server > misconfiguration? Unfortunately, yes. I will fix that as soon as I get home. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] lib: remove ineffective html_escape implementation, use escape instead
# HG changeset patch
# User Andrew Shadura
# Date 1428965992 -7200
# Tue Apr 14 00:59:52 2015 +0200
# Node ID abeb4a96c92a913b61e2fcb9c9c87f4d02ea00a2
# Parent caef25781d8cb4b9e43e0def6b7a199c3f3cb462
lib: remove ineffective html_escape implementation, use escape instead
lib.helpers.html_escape scanned the whole string replacing HTML-unsafe
characters; webhelpers, however, use optimised implementation from markupsafe.
Also, formencode uses its own implementation, html_quote, which is used in
form validators. For uniformity, patch it to use escape function from
webhelpers.
diff --git a/kallithea/lib/compat.py b/kallithea/lib/compat.py
--- a/kallithea/lib/compat.py
+++ b/kallithea/lib/compat.py
@@ -566,3 +566,7 @@ else:
memo[id(self)] = result
result.__init__(deepcopy(tuple(self), memo))
return result
+
+import formencode.rewritingparser
+import webhelpers.html
+formencode.rewritingparser.html_quote = webhelpers.html.escape
diff --git a/kallithea/lib/helpers.py b/kallithea/lib/helpers.py
--- a/kallithea/lib/helpers.py
+++ b/kallithea/lib/helpers.py
@@ -89,19 +89,6 @@ def canonical_hostname():
parts = url('home', qualified=True).split('://', 1)
return parts[1].split('/', 1)[0]
-def html_escape(text, html_escape_table=None):
-"""Produce entities within text."""
-if not html_escape_table:
-html_escape_table = {
-"&": "&",
-'"': """,
-"'": "'",
-">": ">",
-"<": "<",
-}
-return "".join(html_escape_table.get(c, c) for c in text)
-
-
def shorter(text, size=20):
postfix = '...'
if len(text) > size:
diff --git a/kallithea/tests/functional/test_admin_users.py
b/kallithea/tests/functional/test_admin_users.py
--- a/kallithea/tests/functional/test_admin_users.py
+++ b/kallithea/tests/functional/test_admin_users.py
@@ -94,7 +94,7 @@ class TestAdminUsersController(TestContr
'_authentication_token':
self.authentication_token()})
msg = validators.ValidUsername(False,
{})._messages['system_invalid_username']
-msg = h.html_escape(msg % {'username': 'new_user'})
+msg = h.escape(msg % {'username': 'new_user'})
response.mustcontain("""%s""" % msg)
response.mustcontain("""Please enter a
value""")
response.mustcontain("""An email address
must contain a single @""")
diff --git a/kallithea/tests/functional/test_login.py
b/kallithea/tests/functional/test_login.py
--- a/kallithea/tests/functional/test_login.py
+++ b/kallithea/tests/functional/test_login.py
@@ -114,7 +114,7 @@ class TestLoginController(TestController
'lastname': 'test'})
msg = validators.ValidUsername()._messages['username_exists']
-msg = h.html_escape(msg % {'username': uname})
+msg = h.escape(msg % {'username': uname})
response.mustcontain(msg)
def test_register_err_same_email(self):
@@ -179,7 +179,7 @@ class TestLoginController(TestController
response.mustcontain('An email address must contain a single @')
msg = validators.ValidUsername()._messages['username_exists']
-msg = h.html_escape(msg % {'username': usr})
+msg = h.escape(msg % {'username': usr})
response.mustcontain(msg)
def test_register_special_chars(self):
@@ -240,7 +240,7 @@ class TestLoginController(TestController
)
msg = validators.ValidSystemEmail()._messages['non_existing_email']
-msg = h.html_escape(msg % {'email': bad_email})
+msg = h.escape(msg % {'email': bad_email})
response.mustcontain()
def test_forgot_password(self):
diff --git a/kallithea/tests/functional/test_my_account.py
b/kallithea/tests/functional/test_my_account.py
--- a/kallithea/tests/functional/test_my_account.py
+++ b/kallithea/tests/functional/test_my_account.py
@@ -181,7 +181,7 @@ class TestMyAccountController(TestContro
from kallithea.model import validators
msg = validators.ValidUsername(edit=False, old_data={})\
._messages['username_exists']
-msg = h.html_escape(msg % {'username': 'test_admin'})
+msg = h.escape(msg % {'username': 'test_admin'})
response.mustcontain(u"%s" % msg)
def test_my_account_api_keys(self):
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] lib: remove ineffective html_escape implementation, use escape instead
Hello, On Tue, 14 Apr 2015 01:00:58 +0200 Andrew Shadura wrote: > lib: remove ineffective html_escape implementation, use escape instead I meant inefficient, of course. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Kallithea 0.2.1
Kallithea 0.2.1 has been released. Kallithea is a GPLv3 source code management software for web-based hosting of Mercurial and Git repositories. This release is a bugfix release. It fixes a security issue we've discovered, and a few minor bugs we found in 0.2. For more information, see https://kallithea-scm.org/ or http://docs.kallithea-scm.org/ The summary of the changes since 0.2 release is below. security: Fix HTML and JavaScript injection — CVE-2015-1864 style: fix statistics so that the graph fits on the page setup: bump mercurial requirement to 2.9 contributors: update list of contributors since last release -- Cheers, Andrew pgpeuMSGr_Opn.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 1 of 2] config: load_environment option to skip db init
# HG changeset patch # User Andrew Shadura # Date 1429302082 -7200 # Fri Apr 17 22:21:22 2015 +0200 # Node ID d9615df6d46a9c80a0adb3d68e33f1fe091e8127 # Parent 1357a442697c14c8aee05f4cdf76e614350206f8 config: load_environment option to skip db init diff --git a/kallithea/config/environment.py b/kallithea/config/environment.py --- a/kallithea/config/environment.py +++ b/kallithea/config/environment.py @@ -44,7 +44,8 @@ log = logging.getLogger(__name__) def load_environment(global_conf, app_conf, initial=False, - test_env=None, test_index=None): + test_env=None, test_index=None, + config_only=False): """ Configure the Pylons environment via the ``pylons.config`` object @@ -88,6 +89,10 @@ def load_environment(global_conf, app_co # sets the c attribute access when don't existing attribute are accessed config['pylons.strict_tmpl_context'] = True + +if config_only: +return config + test = os.path.split(config['__file__'])[-1] == 'test.ini' if test: if test_env is None: ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 0 of 2] new commits push notification -- incomplete and not really working
Hello everyone, During the last few days I've been trying to develop a patch to implement email notifications about incoming commits. The final version of the patch working locally is here, but: i) it's hardcoded for one email address, i.e. it doesn't have any settings/UI ii) when I tried to use in on Our Own Kallithea, it broke the whole instance, presumably in the config initialisation code. Anyway, I decided to post it here so you comment and maybe fix it :) Thanks, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 2 of 2] hooks: add email notification on push
# HG changeset patch
# User Andrew Shadura
# Date 1429347340 -7200
# Sat Apr 18 10:55:40 2015 +0200
# Node ID bc84617f45acc13325d6086044e075ac36cda2fb
# Parent d9615df6d46a9c80a0adb3d68e33f1fe091e8127
hooks: add email notification on push
diff --git a/kallithea/lib/hooks.py b/kallithea/lib/hooks.py
--- a/kallithea/lib/hooks.py
+++ b/kallithea/lib/hooks.py
@@ -29,6 +29,9 @@ import os
import sys
import time
import binascii
+import traceback
+
+import pylons
from kallithea.lib.vcs.utils.hgcompat import nullrev, revrange
from kallithea.lib import helpers as h
@@ -38,7 +41,6 @@ from kallithea.lib.exceptions import HTT
from kallithea.lib.utils2 import safe_str, _extract_extras
from kallithea.model.db import Repository, User
-
def _get_scm_size(alias, root_path):
if not alias.startswith('.'):
@@ -163,6 +165,12 @@ def log_push_action(ui, repo, **kwargs):
:param repo: repo object containing the `ui` object
"""
+from pylons.i18n.translation import _get_translator
+from pylons.i18n.translation import _
+
+translator = _get_translator(pylons.config.get('lang'))
+pylons.translator._push_object(translator)
+
ex = _extract_extras()
action_tmpl = ex.action + ':%s'
@@ -199,6 +207,53 @@ def log_push_action(ui, repo, **kwargs):
kw.update(ex)
callback(**kw)
+send_emails = True
+if send_emails:
+from paste.deploy import appconfig
+import kallithea.lib.app_globals as app_globals
+from kallithea.config.environment import load_environment
+
+path, ini_name = os.path.split(ex['config'])
+conf = appconfig('config:%s' % ini_name, relative_to=path)
+pylons.config = load_environment(conf.global_conf, conf.local_conf,
config_only=True)
+
+
+from kallithea.lib.celerylib import tasks, run_task
+from kallithea.model.notification import EmailNotificationModel
+
+repo = Repository.get_by_repo_name(ex.repository)
+changesets = []
+for r in revs:
+cs = repo.scm_instance.get_changeset(r)
+changesets.append(cs)
+
+repo_url = '%(server_url)s/%(repository)s' % ex
+
+reg_type = EmailNotificationModel.TYPE_NEW_CHANGESETS
+
+try:
+txt_body = EmailNotificationModel().get_email_tmpl(reg_type,
+ 'txt',
+ username=ex.username,
+
repository=ex.repository,
+ changesets=changesets,
+ repo_url=repo_url,
+
server_url=ex.server_url)
+
+html_body = EmailNotificationModel().get_email_tmpl(reg_type,
+ 'html',
+ username=ex.username,
+
repository=ex.repository,
+ changesets=changesets,
+ repo_url=repo_url,
+
server_url=ex.server_url)
+run_task(tasks.send_email, ["kallithea-general@sfconservancy.org"],
+ _("%d new commits pushed to %s") % (len(revs),
ex.repository), txt_body, html_body)
+sys.stdout.write("Email notification sent\n")
+except Exception:
+sys.stdout.write(traceback.format_exc())
+raise
+
if ex.make_lock is not None and not ex.make_lock:
Repository.unlock(Repository.get_by_repo_name(ex.repository))
msg = 'Released lock on repo `%s`\n' % ex.repository
diff --git a/kallithea/model/notification.py b/kallithea/model/notification.py
--- a/kallithea/model/notification.py
+++ b/kallithea/model/notification.py
@@ -278,6 +278,7 @@ class EmailNotificationModel(BaseModel):
TYPE_REGISTRATION = Notification.TYPE_REGISTRATION
TYPE_PULL_REQUEST = Notification.TYPE_PULL_REQUEST
TYPE_PULL_REQUEST_COMMENT = Notification.TYPE_PULL_REQUEST_COMMENT
+TYPE_NEW_CHANGESETS = 'new_changesets'
TYPE_DEFAULT = 'default'
def __init__(self):
@@ -291,6 +292,7 @@ class EmailNotificationModel(BaseModel):
self.TYPE_DEFAULT: 'default',
self.TYPE_PULL_REQUEST: 'pull_request',
self.TYPE_PULL_REQUEST_COMMENT: 'pull_request_comment',
+self.TYPE_NEW_CHANGESETS: 'new_changesets'
}
self._subj_map = {
self.TYPE_CHANGESET_COMMENT: _('Comment on %(repo_name)s changeset
%(short_id)s on %(branch)s
Re: [PATCH PoC] hacks: the concept of python files that will be loaded and can monkeypatch Kallithea internals
Hehe, I have once built a similar thing for my unfinished OpenStreetMap editor, but in Tcl :) -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] pullrequest overview: fix 'my pullrequests' overview
Hello, On Tue, 21 Apr 2015 09:06:11 +0200 Thomas De Schampheleire wrote: > # HG changeset patch > # User Thomas De Schampheleire > # Date 1429599924 -7200 > # Tue Apr 21 09:05:24 2015 +0200 > # Branch stable > # Node ID 2f8b21e9b783429c9535583f11169c1d0c7bb44a > # Parent bd4f453a00553ed0ea3016596621106293acbf7d > pullrequest overview: fix 'my pullrequests' overview > > Commit bd4f453a0055 fixed the pager links on pullrequest overviews, > but broke the 'my pull requests' page due to insufficient testing and > incomplete Python understanding. Tested, merged, thanks! -- Cheers, Andrew pgpLapBQ4U6HR.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PoC] Bootstrap UI
Hello everyone, Last month I played with Bootstrap UI for Kallithea, and have achieved something. The archievement is actually very little one, there's loads of work ahead, and everyone's welcome to help. == What is the plan == The templates we use already support Bootstrap CSS to some extent, but they require some polishing to look better. However, just adding the Bootstrap CSS makes Kallithea look a bit Bootstrap-ish with lots of things broken, however :) There are two basic approaches to migrate to Bootstrap: *) throw away all CSS we have and write something from scratch — doesn't work well as the UI becomes unusable while the rewrite isn't finished *) combine both existing CSS and Bootstrap and convert the UI chunk by chunk, step by step — and here we also have two options: o) First Bootstrap CSS, then Kallithea CSS, so the latter overrides the former: - Benefits: Possible to override Bootstrap styling without lots of !important, possibly a bit cleaner CSS code - Disadvantage: Kallithea CSS redefines a lot of things completely from scratch, so this approach doesn't really work easily without throwing away half of the CSS code (UI breaks) o) First Kallithea CSS, then Bootstrap CSS, so the latter overrides the former: - Benefits: it's possible to convert things gradually - Disadvantages: lots of !important overrides where Kallithea CSS and Bootstrap CSS conflict, not easy to detect unused CSS code I chose the latter approach as showing the best results in the short term :) == What is already done == *) Bootstrap tooltip instead of custom ones — helps get rid of some YUI code too, yay! *) Bootstrap navbars and dropdown menus *) Bootstrap progressbar in the statistics *) Some parts of interface wear Bootstrap styling automagically without needing to be fine-tuned — but probably need fixing anyway. == What is broken == Many things, most notable being the changelog and many tables. == Where's the code == I plan to use changeset evolution to maintain a commit series which I will regularly rebase against the latest development branch. For it, I have set up a clone of Our Own Kallithea instance running the same code and the same database, but with Sean Farley's evolve patches applied, and with my own Bootstrap patches applied too. Today I will rebase the code and publish the link as a follow-up to this mail. == Comments, ideas? == Please ask me anything :) -- Cheers, Andrew pgpg3FhxlzoHn.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: kallithea: 21 new changesets
Hello, On Tue, 21 Apr 2015 13:32:54 + Our Own Kallithea wrote: > changeset: a5153bfe7595 > URL: > https://kallithea-scm.org/repos/kallithea/changeset/a5153bfe7595 > branch: default user:Sean Farley > date:Tue Feb 17 17:23:38 2015 -0800 Sorry for the noise, this was a "mispush" :) -- Cheers, Andrew pgpbkYOwVF4ns.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: kallithea: 21 new changesets
Hello, On Tue, 21 Apr 2015 15:37:55 +0200 Andrew Shadura wrote: > Hello, > > On Tue, 21 Apr 2015 13:32:54 + > Our Own Kallithea > > wrote: > > > changeset: a5153bfe7595 > > URL: > > https://kallithea-scm.org/repos/kallithea/changeset/a5153bfe7595 > > branch: default user:Sean Farley > > > > date:Tue Feb 17 17:23:38 2015 -0800 > > Sorry for the noise, this was a "mispush" :) > Just in the case you pulled anything while this was online, please run: hg strip a5153bfe75956a8c3fd41587e472490cd8bb3167 This is certainly *not* production-ready and *will* change very soon anyway. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] compat: import defaultdict from collections, sqlalchemy 0.8.0 dropped the shim
# HG changeset patch # User Andrew Shadura # Date 1429635852 -7200 # Tue Apr 21 19:04:12 2015 +0200 # Branch stable # Node ID 74b5e0318d4e961081daca2833c4ffe520e59e62 # Parent 7aef2c2289c8a1ee450d7f8624e731d7c89d99d3 compat: import defaultdict from collections, sqlalchemy 0.8.0 dropped the shim diff --git a/kallithea/model/comment.py b/kallithea/model/comment.py --- a/kallithea/model/comment.py +++ b/kallithea/model/comment.py @@ -28,7 +28,7 @@ Original author and date, and relevant c import logging from pylons.i18n.translation import _ -from sqlalchemy.util.compat import defaultdict +from collections import defaultdict from kallithea.lib.utils2 import extract_mentioned_users, safe_unicode from kallithea.lib import helpers as h ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] css: make 'add comment' button look more like a button
# HG changeset patch
# User Andrew Shadura
# Date 1429637769 -7200
# Tue Apr 21 19:36:09 2015 +0200
# Node ID fe9a1f5d259c186b7d9cd0c3e10aa99217a37fed
# Parent c7997c7ed325ddea499549a3d66dc5f006fcba33
css: make 'add comment' button look more like a button
diff --git a/kallithea/public/css/style.css b/kallithea/public/css/style.css
--- a/kallithea/public/css/style.css
+++ b/kallithea/public/css/style.css
@@ -4971,10 +4971,12 @@ table.code-difftable .code pre {
}
.add-bubble {
+position: relative;
display: none;
float: left;
width: 0px;
height: 0px;
+left: -8px;
}
tr.line.add td.code:hover .add-bubble,
@@ -4984,20 +4986,26 @@ tr.line.unmod td.code:hover .add-bubble
}
.add-bubble div {
-position: relative;
-left: -32px;
-width: 32px;
-height: 32px;
+background: #577632;
+width: 16px;
+height: 16px;
cursor: pointer;
+padding: 0 2px 2px 0;
+border: 1px solid #577632;
+border-radius: 3px;
}
.add-bubble div:before {
font-size: 14px;
-color: #577632;
+color: #ff;
font-family: "kallithea";
content: '\1f5ea';
}
+.add-bubble div:hover {
+transform: scale(1.2, 1.2);
+}
+
div.comment:target>.comment-wrapp {
border: solid 2px #ee0 !important;
}
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] css: make 'add comment' button look more like a button
Hello, On Tue, 21 Apr 2015 21:47:43 +0200 Thomas De Schampheleire wrote: > Do you happen to have a live preview or a before/after image? > There has been previous debate about what to do with this button, > where to place it, and in particular the fact that you can't click it > when moving the mouse from the left. This is also an issue tracked on > bitbucket. Here are some live previews: http://shadura.me/bubbles/ -- Cheers, Andrew pgp4cJ4LrluvO.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] Issue #126: Improve UX for setting a remote repo
Hello,
On Wed, 22 Apr 2015 11:52:59 +0100
Mads Kiilerich wrote:
> > +
> > +${h.submit(
> > +'remote_pull_%s' % c.repo_info.repo_name,
> > +_('Pull Changes from Remote Repo'),
> > +class_="btn btn-small",
> > +onclick="return confirm('"
> > ++ _('Confirm to pull changes from remote
> > repository.')
> > ++ "');")}
>
> Let's hope no languages use ' in the translation of that string ;-)
>
> I think the mix of python and javascript would be more readable with
> a % formatter ... and javascript and python are so close that %r
> might be better than manual quoting.
I can imagine at least Belarusian to use an apostrophe here… So it's
better to quote it somehow :)
--
Cheers,
Andrew
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 1 of 2] css: make 'add comment' button look more like a button (issue #77)
# HG changeset patch
# User Andrew Shadura
# Date 1429703987 -7200
# Wed Apr 22 13:59:47 2015 +0200
# Branch stable
# Node ID 539f3da5d965459d2221d10b6724585e60104f7d
# Parent 74b5e0318d4e961081daca2833c4ffe520e59e62
css: make 'add comment' button look more like a button (issue #77)
diff --git a/kallithea/public/css/style.css b/kallithea/public/css/style.css
--- a/kallithea/public/css/style.css
+++ b/kallithea/public/css/style.css
@@ -4931,7 +4931,7 @@ table.code-difftable .lineno a {
font: 11px Consolas, Monaco, Inconsolata, Liberation Mono, monospace
!important;
letter-spacing: -1px;
text-align: right;
-padding-right: 2px;
+padding-right: 8px;
cursor: pointer;
display: block;
width: 30px;
@@ -4957,7 +4957,7 @@ table.code-difftable .code td {
padding: 0;
}
table.code-difftable .code pre {
-margin: 0;
+margin: 0 0 0 12px;
padding: 0;
min-height: 17px;
line-height: 17px;
@@ -4965,33 +4965,43 @@ table.code-difftable .code pre {
}
.add-bubble {
+position: relative;
display: none;
float: left;
width: 0px;
height: 0px;
-}
-
-tr.line.add td.code:hover .add-bubble,
-tr.line.del td.code:hover .add-bubble,
-tr.line.unmod td.code:hover .add-bubble {
-display: inherit;
+left: -8px;
+box-sizing: border-box;
+}
+
+tr.line.add:hover td .add-bubble,
+tr.line.del:hover td .add-bubble,
+tr.line.unmod:hover td .add-bubble {
+display: block;
}
.add-bubble div {
-position: relative;
-left: -32px;
-width: 32px;
-height: 32px;
+background: #577632;
+width: 16px;
+height: 16px;
cursor: pointer;
+padding: 0 2px 2px 0.5px;
+border: 1px solid #577632;
+border-radius: 3px;
+box-sizing: border-box;
}
.add-bubble div:before {
font-size: 14px;
-color: #577632;
+color: #ff;
font-family: "kallithea";
content: '\e80c';
}
+.add-bubble div:hover {
+transform: scale(1.2, 1.2);
+}
+
div.comment:target>.comment-wrapp {
border: solid 2px #ee0 !important;
}
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 2 of 2] css: add text +/- markers to the diff to improve readability for colour blind (fixes #77)
# HG changeset patch
# User Andrew Shadura
# Date 1429705229 -7200
# Wed Apr 22 14:20:29 2015 +0200
# Branch stable
# Node ID a06804c28d744fb153c3e083277429094a134495
# Parent 539f3da5d965459d2221d10b6724585e60104f7d
css: add text +/- markers to the diff to improve readability for colour blind
(fixes #77)
diff --git a/kallithea/public/css/style.css b/kallithea/public/css/style.css
--- a/kallithea/public/css/style.css
+++ b/kallithea/public/css/style.css
@@ -4964,6 +4964,20 @@ table.code-difftable .code pre {
white-space: pre-wrap;
}
+table.code-difftable .del .code pre:before {
+content: "-";
+color: #55;
+}
+
+table.code-difftable .add .code pre:before {
+content: "+";
+color: #005500;
+}
+
+table.code-difftable .unmod .code pre:before {
+content: " ";
+}
+
.add-bubble {
position: relative;
display: none;
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PoC] Bootstrap UI
Hello, On Wed, 22 Apr 2015 14:45:53 +0200 Thomas De Schampheleire wrote: > Actually, somewhere on my TODO list is exactly that. The current CSS > code is so fragile, containing too much detail in the selectors, that > it is hard to reduce gradually. Throwing it away and starting from > scratch is a bit more intensive, but I think will yield the best > results. > And yes, the rewrite should be done in one go, but since you are now > planning on using a branch for a while to do the bootstrap > integration, that wouldn't really hurt now, would it? > This is also what Mads hinted on on at least one occasion: > https://bitbucket.org/conservancy/kallithea/issue/101/ui-consistent-font-sizes > "Yes, the whole styling should be redone from scratch." > Could I convince you to try this approach instead (possibly with help > from others) ? You just did :) This is my Bootstrap branch with "our" styling switched off *except* contextbar.css: https://kallithea-scm.org/bootstrap/ (Compare with https://codehost.me.uk which is my old branch but recoloured.) That's *quite* usable already, so we just need to port some useful snippets, and fix the template to actually use Bootstrap styles. -- Cheers, Andrew pgp8KRtHPDnvQ.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] compat: import defaultdict from collections, sqlalchemy 0.8.0 dropped the shim
> lgtm ... but why not just remove this redundant compat wrapper instead? Which is what I did. The wrapper was previously provided by SQLAlchemy for a reason I don't know. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH 2 of 2] css: add text +/- markers to the diff to improve readability for colour blind (fixes #77)
Hello, On Thu, 23 Apr 2015 16:56:55 +0200 Mads Kiilerich wrote: > I don't know how good or bad the colors are for the different kinds > of color blindness. Is it solving a real problem? I think it would be > a better help for color blind if we made sure that the deleted lines > were darker (and thus with lower contrast) and the context lines were > brighter (and thus with lower contrast) so the actually changed lines > stood out most clearly. I personally think colour/brightness coding is a good thing, but it should never be the only way of conveying useful information, which why having +/- is a good thing. > Anyway: Do we need to use yet another column of the precious > horizontal space for this purpose? Couldn't it reuse the new empty > column where the comment bubble might show up? Indeed, this is what I originally wanted to do. Decreasing the margin width might do. -- Cheers, Andrew pgp82HWMYE9hd.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[RFC] Search box
Hello, While playing with Bootstrap styling, I came across the following question: should we display a search box instead of a link to the search page? I first implemented a search box which appears after clicking "Search" button on the front page. When users type in the box, a dropdown appears, suggesting to search not only by file content (default), but also by commit messages or file names. I have also prepared different options regarding to the location of the box. GitHub places it on the left, Bitbucket places in on the right, GitLab doesn't have it at all. Here's a proof of concept of my "dynamic" search box: https://codehost.me.uk/ And here's comparison of different options: https://shadura.me/kallithea/search-box/ -- Cheers, Andrew pgpVpvscZLpag.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [RFC] Search box
Hello, On Thu, 23 Apr 2015 21:32:40 +0200 Andrew Shadura wrote: > Here's a proof of concept of my "dynamic" search box: > https://codehost.me.uk/ > And here's comparison of different options: > https://shadura.me/kallithea/search-box/ P.S. Disregard the colours, it's just a custom colour scheme for that particular site :) -- Cheers, Andrew pgpAOefX7R7PY.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH PoC] Use webassets and lesscpy to precompile LESS into CSS and (optionally) minify JavaScript
diff --git a/kallithea/config/environment.py b/kallithea/config/environment.py
--- a/kallithea/config/environment.py
+++ b/kallithea/config/environment.py
@@ -33,6 +33,7 @@ from kallithea.config.routing import mak
from kallithea.lib import helpers
from kallithea.lib.auth import set_available_permissions
+from kallithea.lib.lessfilter import LessFilter
from kallithea.lib.utils import repo2db_mapper, make_ui, set_app_settings,\
load_rcextensions, check_git_version, set_vcs_config
from kallithea.lib.utils2 import engine_from_config, str2bool
@@ -108,6 +109,29 @@ def load_environment(global_conf, app_co
if test_index:
create_test_index(TESTS_TMP_PATH, config, True)
+import webassets
+webassets.filter.register_filter(LessFilter)
+wa_env = webassets.Environment(paths['static_files'], '')
+wa_cache = os.path.join(app_conf['cache_dir'], 'webassets')
+if not os.path.exists(wa_cache):
+os.makedirs(wa_cache)
+
+wa_env.cache = wa_cache
+
+try:
+import jsmin
+js = webassets.Bundle('js/base.js',
+filters='jsmin', output='gen/packed.js')
+wa_env.register('js_all', js)
+wa_env['js_all'].urls()
+except ImportError:
+pass
+
+css = webassets.Bundle('css/kallithea.less',
+filters='lesscpy', output='gen/kallithea.css')
+wa_env.register('css_all', css)
+wa_env['css_all'].urls()
+
DbManage.check_waitress()
# MULTIPLE DB configs
# Setup the SQLAlchemy database engine
diff --git a/kallithea/lib/lessfilter.py b/kallithea/lib/lessfilter.py
new file mode 100644
--- /dev/null
+++ b/kallithea/lib/lessfilter.py
@@ -0,0 +1,15 @@
+from webassets.filter import Filter
+
+import lesscpy
+
+__all__ = ('LessFilter',)
+
+
+class LessFilter(Filter):
+"""LESS compiler filter
+"""
+
+name = 'lesscpy'
+
+def input(self, _in, out, **kw):
+out.write(lesscpy.compile(_in))
diff --git a/kallithea/public/css/kallithea.less
b/kallithea/public/css/kallithea.less
new file mode 100644
--- /dev/null
+++ b/kallithea/public/css/kallithea.less
@@ -0,0 +1,6 @@
+// main lesscss style sheet for lesscss_example
+
+@color: #ccc;
+@border: thin solid black;
+
+blockquote {background-color: @color; border: @border;}
diff --git a/setup.py b/setup.py
--- a/setup.py
+++ b/setup.py
@@ -57,6 +57,8 @@ requirements = [
"URLObject==2.3.4",
"Routes==1.13",
"dulwich>=0.9.9,<=0.9.9",
+"webassets>=0.10",
+"lesscpy>=0.10.2"
]
if sys.version_info < (2, 7):
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH PoC] Use webassets and lesscpy to precompile LESS into CSS and (optionally) minify JavaScript
Hello,
On Mon, 27 Apr 2015 12:12:10 +0200
Andrew Shadura wrote:
> diff --git a/kallithea/public/css/kallithea.less
> b/kallithea/public/css/kallithea.less new file mode 100644
> --- /dev/null
> +++ b/kallithea/public/css/kallithea.less
> @@ -0,0 +1,6 @@
> +// main lesscss style sheet for lesscss_example
> +
> +@color: #ccc;
> +@border: thin solid black;
> +
> +blockquote {background-color: @color; border: @border;}
This generates the following file as kallithea/public/gen/kallithea.css:
blockquote {
background-color: #cc;
border: thin solid black;
}
--
Cheers,
Andrew
pgpgrNJJ1IH8Q.pgp
Description: OpenPGP digital signature
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH PoC] Use webassets and lesscpy to precompile LESS into CSS and (optionally) minify JavaScript
Hello, On Mon, 27 Apr 2015 13:33:04 +0200 Mads Kiilerich wrote: > It would be nice to get some introduction to what that means and why > we would do it - perhaps also some assessment of the pros and cons. Well, probably. The idea is that some of the "static" resources we serve might not be very well editable as they're served, so we might want to precompile them. An example would be minifying JavaScript or assembling a CSS out of smaller CSS files or by using a macrolanguage like LESS. And using LESS will help us manage the CSS which is already quite large; meanwhile, Bootstrap also uses LESS, so if/when we start using it too, we may use classes Bootstrap provides more easily. WebAssets is a framework-agnostic module helping to arrange this sort of precompilation. This patch isn't directly usable as is, as I have hard-coded the resources, and I'd probably put them into a YAML file in the root directory instead in the final version. However, I decided to post it here so we can start discussing things :) -- Cheers, Andrew pgp8va7oKU8ub.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] diff view: fix tab width, move diff markers a bit to the left
# HG changeset patch
# User Andrew Shadura
# Date 1430825240 -7200
# Tue May 05 13:27:20 2015 +0200
# Node ID 7dca6303d91ddb98bcc62f085d5342609a4d40b2
# Parent 0c58b6dc55120dd609daf7f13b02f5c128292fb7
diff view: fix tab width, move diff markers a bit to the left
diff --git a/kallithea/public/css/style.css b/kallithea/public/css/style.css
--- a/kallithea/public/css/style.css
+++ b/kallithea/public/css/style.css
@@ -4971,15 +4971,27 @@ table.code-difftable .code pre {
table.code-difftable .del .code pre:before {
content: "-";
color: #55;
+float: left;
+left: -1em;
+position: relative;
+width: 0;
}
table.code-difftable .add .code pre:before {
content: "+";
color: #005500;
+float: left;
+left: -1em;
+position: relative;
+width: 0;
}
table.code-difftable .unmod .code pre:before {
content: " ";
+float: left;
+left: -1em;
+position: relative;
+width: 0;
}
.add-bubble {
@@ -4996,6 +5008,7 @@ tr.line.add:hover td .add-bubble,
tr.line.del:hover td .add-bubble,
tr.line.unmod:hover td .add-bubble {
display: block;
+z-index: 1;
}
.add-bubble div {
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 2 of 2] comments: remove line breaks after user mentions in comment previews
# HG changeset patch
# User Andrew Shadura
# Date 1430840340 -7200
# Tue May 05 17:39:00 2015 +0200
# Node ID 4347c8958b9442dac9744e3f4e1e2282ffa25ce7
# Parent 4a68442ad0a1898c08ea4a249b032bb73cd8c90e
comments: remove line breaks after user mentions in comment previews
diff --git a/kallithea/public/css/style.css b/kallithea/public/css/style.css
--- a/kallithea/public/css/style.css
+++ b/kallithea/public/css/style.css
@@ -4363,11 +4363,6 @@ div.comment-form {
margin-top: 20px;
}
-.comment-form strong {
-display: block;
-margin-bottom: 15px;
-}
-
.comment-form textarea {
width: 100%;
height: 100px;
@@ -4464,11 +4459,6 @@ div.comment-inline-form {
padding: 4px 0px 6px 0px;
}
-.comment-inline-form strong {
-display: block;
-margin-bottom: 15px;
-}
-
.comment-inline-form textarea {
width: 100%;
height: 100px;
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 1 of 2] rst: in @mention parser, escape spaces so they don't go to HTML
# HG changeset patch
# User Andrew Shadura
# Date 1430840290 -7200
# Tue May 05 17:38:10 2015 +0200
# Node ID 4a68442ad0a1898c08ea4a249b032bb73cd8c90e
# Parent 7dca6303d91ddb98bcc62f085d5342609a4d40b2
rst: in @mention parser, escape spaces so they don't go to HTML
This eliminates extra spaces around @mentions.
See
http://docutils.sf.net/docs/ref/rst/restructuredtext.html#character-level-inline-markup
diff --git a/kallithea/lib/markup_renderer.py b/kallithea/lib/markup_renderer.py
--- a/kallithea/lib/markup_renderer.py
+++ b/kallithea/lib/markup_renderer.py
@@ -193,6 +193,6 @@ class MarkupRenderer(object):
def wrapp(match_obj):
uname = match_obj.groups()[0]
-return ' **@%(uname)s** ' % {'uname': uname}
+return '\ **@%(uname)s**\ ' % {'uname': uname}
mention_hl = mention_pat.sub(wrapp, source).strip()
return cls.rst(mention_hl)
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] diff view: improve appearance of line numbers
# HG changeset patch
# User Andrew Shadura
# Date 1430842380 -7200
# Tue May 05 18:13:00 2015 +0200
# Node ID c49fd027ae6491270795db939dcd724d6e29b3fd
# Parent 4347c8958b9442dac9744e3f4e1e2282ffa25ce7
diff view: improve appearance of line numbers
* display the ellipsis just once and centered
* expand column width as needed to accomodate longer numbers
* enable box-sizing: border-box for the number links to
make it easier to set paddings
diff --git a/kallithea/lib/diffs.py b/kallithea/lib/diffs.py
--- a/kallithea/lib/diffs.py
+++ b/kallithea/lib/diffs.py
@@ -642,6 +642,7 @@ class DiffProcessor(object):
def as_html(self, table_class='code-difftable', line_class='line',
old_lineno_class='lineno old', new_lineno_class='lineno new',
+no_lineno_class='lineno',
code_class='code', enable_comments=False, parsed_lines=None):
"""
Return given diff as html table with customized css classes
@@ -693,6 +694,8 @@ class DiffProcessor(object):
change['old_lineno'])
cond_new = (change['new_lineno'] != '...' and
change['new_lineno'])
+no_lineno = (change['old_lineno'] == '...' and
+ change['new_lineno'] == '...')
if cond_old:
anchor_old_id = 'id="%s"' % anchor_old
if cond_new:
@@ -700,9 +703,10 @@ class DiffProcessor(object):
###
# OLD LINE NUMBER
###
-_html.append('''\t''' % {
+_html.append('''\t''' % {
'a_id': anchor_old_id,
-'olc': old_lineno_class
+'olc': no_lineno_class if no_lineno else
old_lineno_class,
+'colspan': 'colspan="2"' if no_lineno else ''
})
_html.append('''%(link)s''' % {
@@ -714,16 +718,17 @@ class DiffProcessor(object):
# NEW LINE NUMBER
###
-_html.append('''\t''' % {
-'a_id': anchor_new_id,
-'nlc': new_lineno_class
-})
+if not no_lineno:
+_html.append('''\t''' % {
+'a_id': anchor_new_id,
+'nlc': new_lineno_class
+})
-_html.append('''%(link)s''' % {
-'link': _link_to_if(True, change['new_lineno'],
-'#%s' % anchor_new)
-})
-_html.append('''\n''')
+_html.append('''%(link)s''' % {
+'link': _link_to_if(True, change['new_lineno'],
+'#%s' % anchor_new)
+})
+_html.append('''\n''')
###
# CODE
###
diff --git a/kallithea/public/css/style.css b/kallithea/public/css/style.css
--- a/kallithea/public/css/style.css
+++ b/kallithea/public/css/style.css
@@ -4906,7 +4906,6 @@ table.code-difftable td.code pre i {
table.code-difftable .lineno {
padding-left: 2px;
padding-right: 2px !important;
-text-align: right;
width: 30px;
-moz-user-select: none;
-webkit-user-select: none;
@@ -4915,20 +4914,24 @@ table.code-difftable .lineno {
border-top: 0px solid #CCC !important;
border-bottom: none !important;
vertical-align: middle !important;
+text-align: center;
}
table.code-difftable .lineno.new {
+text-align: right;
}
table.code-difftable .lineno.old {
+text-align: right;
}
table.code-difftable .lineno a {
color: #aaa !important;
font: 11px Consolas, Monaco, Inconsolata, Liberation Mono, monospace
!important;
letter-spacing: -1px;
-text-align: right;
+padding-left: 10px;
padding-right: 8px;
+box-sizing: border-box;
cursor: pointer;
display: block;
-width: 30px;
+width: 100%;
}
table.code-difftable .lineno-inline {
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH 1 of 2] rst: in @mention parser, escape spaces so they don't go to HTML
> I don't think I have seen this - can you > point at a "before" example? Perhaps > also describe it in the commit message. No link at the moment, but every time you type something like this: @username, have you seen it? it turns into: @username , have you seen it? So an extra space is inserted. It was inserted because otherwise rst parser might not recognise the markup (imagine @user1,@user2 which is replaced by **user1**,**user2** — that would be interpreted as user1**,**user2). -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] diff view: improve appearance of line numbers
Hello,
On Wed, 06 May 2015 01:52:16 +0200
Mads Kiilerich wrote:
> > * display the ellipsis just once and centered
> "instead of showing ellipsis in both the - and the + column" (I had
> to test to figure out what this meant)
Sure, I'll add this to the commit message.
> > * expand column width as needed to accomodate longer numbers
> Does that fix an issue? In which case? Related to the other changes?
This is actually a side effect of the change. I needed a link to fill
the table cell so I set width: 100%, which automagically made the
columns flexible.
> > * enable box-sizing: border-box for the number links to
> > make it easier to set paddings
> I have no idea about this. Is it related to the other changes? Which
> paddings were hard in which cases? How is it easier than before? Is
> it a trick we also could/should use elsewhere?
In short, border-box is what previously used to be known as IE quirks
mode box model. The difference is that width does include paddings and
borders (in the traditional W3C model it didn't). This simplified
calculations for some cases, but used to be non-standard for some time
until it was accepted by W3C. These days some popular CSS frameworks,
like Bootstrap, use box-sizing: border-box exclusively to implement
responsive design (it would require complicated CSS hacks otherwise).
Without setting this thing here I couldn't figure out how to properly
set internal spacing in the line number column which collapsed after I
used width: 100%.
> > -_html.append('''\t > class="%(nlc)s">''' % {
> > -'a_id': anchor_new_id,
> > -'nlc': new_lineno_class
> > -})
> > +if not no_lineno:
> > +_html.append('''\t > class="%(nlc)s">''' % {
> > +'a_id': anchor_new_id,
> > +'nlc': new_lineno_class
> > +})
> >
> > -_html.append('''%(link)s''' % {
> > -'link': _link_to_if(True,
> > change['new_lineno'],
> > -'#%s' % anchor_new)
> > -})
> > -_html.append('''\n''')
> > +_html.append('''%(link)s''' % {
> > +'link': _link_to_if(True,
> > change['new_lineno'],
> > +'#%s' % anchor_new)
> > +})
> > +_html.append('''\n''')
>
> It seems like it would be cleaner to have separate cases for with vs
> without line number.
Possibly.
> Slightly related thought:
> we need a way to link to and comment on binary files such - such as
> on
> https://kallithea-scm.org/repos/kallithea/changeset/4857d8f170d937383b8bde700494320fff80a88f
> .
> I guess these not-even-ellipses lines also need some treatment ... or
> perhaps just that the first one should have line number 0.
Agree.
More reading on box-sizing:
[0]: https://developer.mozilla.org/en-US/docs/Web/CSS/box-sizing
[1]: https://css-tricks.com/box-sizing/
[2]: http://learnlayout.com/box-sizing.html
[3]: http://blog.teamtreehouse.com/box-sizing-secret-simple-css-layouts
--
Cheers,
Andrew
pgp837lYS0pWK.pgp
Description: OpenPGP digital signature
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] diff view: improve appearance of line numbers
Hello, On Wed, 06 May 2015 16:52:08 +0200 Mads Kiilerich wrote: > Thanks for the clarification and the thoughts about how applicable it > is for our use. > Box-sizing seems to still be experimental and sems risky. Does it > work reliably across all the browsers we care about? How seriously > will it fail if it doesn't work? > I guess bootstrap added the necessary quirks to make it for their > case - we don't need additional quirks too? Indeed, adding -webkit- and -moz- prefixes might help with older browser versions. > Some of this would be nice to have in commit messages ... perhaps > except the education of me ;-) It would also be nice to have it split > it up in separate changes ... but perhaps without going to the smf > extreme ;-) > With these comments addressed, it looks good to me. Okay, I'll try to write something up. -- Cheers, Andrew pgpA_gNDOk4n0.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] diff view: improve appearance of line numbers
Hello, On Wed, 06 May 2015 16:52:08 +0200 Mads Kiilerich wrote: > Thanks for the clarification and the thoughts about how applicable it > is for our use. > > Box-sizing seems to still be experimental and sems risky. Does it > work reliably across all the browsers we care about? How seriously > will it fail if it doesn't work? Forgot to address this. At worst, the internal spacing would be incorrect, but otherwise it shouldn't look too bad. -- Cheers, Andrew pgpG6JIKdrEpi.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH v2] middleware: use secure cookies over secure connections
# HG changeset patch
# User Andrew Shadura
# Date 1425509877 -3600
# Wed Mar 04 23:57:57 2015 +0100
# Node ID c187c0a2bc0290e1f226e8cff342d836b0bcb42e
# Parent 572f62542047ded9f814af5db388dadec6425dc9
middleware: use secure cookies over secure connections
HTTP cookie spec defines secure cookies, which are transmitted only over secure
connections (HTTPS). Using them helps protect against some attacks, but cookies
shouldn't be made secure when we don't have HTTPS configured. As it is now, it's
left at user's discretion, but probably it's a good idea to force secure cookies
when they can be used.
In the current implementation, cookies are issued to users before they actually
try to log in, on the first page load. So if that happens over HTTPS, it's
probably safe to assume secure cookies can be used, and to default to normal
"insecure" cookies if HTTPS isn't available.
It's not easy to sneak into Beaker's internals, and it doesn't support selective
secureness, so we use our own wrapper around Beaker's SessionMiddleware class to
give secure cookies over HTTPS connections. Beaker's built-in mechanism for
secure cookies is forced to add the flag when needed only.
We also force httponly flag on cookies as we don't want javascripts to see them.
diff --git a/kallithea/config/middleware.py b/kallithea/config/middleware.py
--- a/kallithea/config/middleware.py
+++ b/kallithea/config/middleware.py
@@ -15,7 +15,6 @@
Pylons middleware initialization
"""
-from beaker.middleware import SessionMiddleware
from routes.middleware import RoutesMiddleware
from paste.cascade import Cascade
from paste.registry import RegistryManager
@@ -29,6 +28,7 @@ from pylons.wsgiapp import PylonsApp
from kallithea.lib.middleware.simplehg import SimpleHg
from kallithea.lib.middleware.simplegit import SimpleGit
from kallithea.lib.middleware.https_fixup import HttpsFixup
+from kallithea.lib.middleware.sessionmiddleware import SessionMiddleware
from kallithea.config.environment import load_environment
from kallithea.lib.middleware.wrapper import RequestWrapper
diff --git a/kallithea/lib/middleware/sessionmiddleware.py
b/kallithea/lib/middleware/sessionmiddleware.py
new file mode 100644
--- /dev/null
+++ b/kallithea/lib/middleware/sessionmiddleware.py
@@ -0,0 +1,75 @@
+# -*- coding: utf-8 -*-
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""
+kallithea.lib.middleware.sessionmiddleware
+~~
+
+session management middleware
+
+This file overrides Beaker's built-in SessionMiddleware
+class to automagically use secure cookies over HTTPS.
+
+Original Beaker SessionMiddleware class written by Ben Bangert
+
+:created_on: March 04, 2015
+:author: andrewsh
+:copyright: (c) 2015 Andrew Shadura
+:license: GPLv3, see LICENSE.md for more details.
+"""
+
+from beaker.session import SessionObject
+from beaker.middleware import SessionMiddleware as BeakerSessionMiddleware
+
+class SessionMiddleware(BeakerSessionMiddleware):
+def __init__(self, wrap_app, config=None, environ_key='beaker.session',
+**kwargs):
+"""
+Initialise the session middleware
+
+Call Beaker's original constructor to set the options, then
+unset secure option as we're handling that on our own and don't
+want Beaker to interfere.
+"""
+super(SessionMiddleware, self).__init__(wrap_app, config,
+environ_key, **kwargs)
+self.options["secure"] = False
+self.options["httponly"] = True
+
+def __call__(self, environ, start_response):
+"""
+This function's implementation is taken directly from Beaker,
+with HTTPS detection added. When accessed over HTTPS, force
+setting cookie's secure flag.
+"""
+options = dict(self.options)
+options["secure"] = environ['wsgi.url_scheme'] == 'https'
+session = SessionObject(environ, **options)
+if environ.get('paste.registry'):
+if environ['paste.registry'].reglist:
+environ['paste.registry'].re
[PATCH v3] middleware: use secure cookies over secure connections
# HG changeset patch
# User Andrew Shadura
# Date 1425509877 -3600
# Wed Mar 04 23:57:57 2015 +0100
# Node ID 8d660b29559be70b2edf7fc63b8307225f59520c
# Parent 572f62542047ded9f814af5db388dadec6425dc9
middleware: use secure cookies over secure connections
HTTP cookie spec defines secure cookies, which are transmitted only over secure
connections (HTTPS). Using them helps protect against some attacks, but cookies
shouldn't be made secure when we don't have HTTPS configured. As it is now, it's
left at user's discretion, but probably it's a good idea to force secure cookies
when they can be used.
In the current implementation, cookies are issued to users before they actually
try to log in, on the first page load. So if that happens over HTTPS, it's
probably safe to assume secure cookies can be used, and to default to normal
"insecure" cookies if HTTPS isn't available.
It's not easy to sneak into Beaker's internals, and it doesn't support selective
secureness, so we use our own wrapper around Beaker's SessionMiddleware class to
give secure cookies over HTTPS connections. Beaker's built-in mechanism for
secure cookies is forced to add the flag when needed only.
diff --git a/kallithea/config/middleware.py b/kallithea/config/middleware.py
--- a/kallithea/config/middleware.py
+++ b/kallithea/config/middleware.py
@@ -15,7 +15,6 @@
Pylons middleware initialization
"""
-from beaker.middleware import SessionMiddleware
from routes.middleware import RoutesMiddleware
from paste.cascade import Cascade
from paste.registry import RegistryManager
@@ -29,6 +28,7 @@ from pylons.wsgiapp import PylonsApp
from kallithea.lib.middleware.simplehg import SimpleHg
from kallithea.lib.middleware.simplegit import SimpleGit
from kallithea.lib.middleware.https_fixup import HttpsFixup
+from kallithea.lib.middleware.sessionmiddleware import SecureSessionMiddleware
from kallithea.config.environment import load_environment
from kallithea.lib.middleware.wrapper import RequestWrapper
@@ -60,7 +60,7 @@ def make_app(global_conf, full_stack=Tru
# Routing/Session/Cache Middleware
app = RoutesMiddleware(app, config['routes.map'])
-app = SessionMiddleware(app, config)
+app = SecureSessionMiddleware(app, config)
# CUSTOM MIDDLEWARE HERE (filtered by error handling middlewares)
if asbool(config['pdebug']):
diff --git a/kallithea/lib/middleware/sessionmiddleware.py
b/kallithea/lib/middleware/sessionmiddleware.py
new file mode 100644
--- /dev/null
+++ b/kallithea/lib/middleware/sessionmiddleware.py
@@ -0,0 +1,67 @@
+# -*- coding: utf-8 -*-
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+"""
+kallithea.lib.middleware.sessionmiddleware
+~~
+
+session management middleware
+
+This file overrides Beaker's built-in SessionMiddleware
+class to automagically use secure cookies over HTTPS.
+
+Original Beaker SessionMiddleware class written by Ben Bangert
+
+:created_on: March 04, 2015
+:author: andrewsh
+:copyright: (c) 2015 Andrew Shadura
+:license: GPLv3, see LICENSE.md for more details.
+"""
+
+from beaker.session import SessionObject
+from beaker.middleware import SessionMiddleware
+
+class SecureSessionMiddleware(SessionMiddleware):
+def __call__(self, environ, start_response):
+"""
+This function's implementation is taken directly from Beaker,
+with HTTPS detection added. When accessed over HTTPS, force
+setting cookie's secure flag.
+
+The only difference from that original code is that we switch
+the secure option on and off depending on the URL scheme (first
+two lines). To avoid concurrency issues, we use a local options
+variable.
+"""
+options = dict(self.options)
+options["secure"] = environ['wsgi.url_scheme'] == 'https'
+
+session = SessionObject(environ, **options)
+if environ.get('paste.registry'):
+if environ['paste.registry'].reglist:
+environ['paste.registry'].register(self.session, session)
+environ[self.environ_key] = session
+environ['beaker.get_sessi
Permissions and related (Was: Pull request #137: From Unity (conservancy/kallithea))
Hello, On Tue, 12 May 2015 00:44:41 - "kiilerix" wrote: > 149407d6dd5d by kiilerix: "admin: cleanup of naming of 'Default > Permissions'" > 1a955b112623 by kiilerix: "permissions: clarify the use of > "Permissions" - use "Show Permissions" for the o…" As we have discussed that already today, what I don't like about these changes is that they change one set of confusing names to another (Default Permissions and Permissions vs Permissions and Show Permissions). First of all, these two seem to be slightly different things (a list of objects and access rights to them vs what a user can do to a user group itself, for example). Second, I don't like that a non-action page (Show permissions) has a verb in the name, while a page where action is possible (editing), doesn't. I think that we need to reorganise these pages significantly. I suggest creating an Overview page where there will be read-only informations, probably, and other pages for editing stuff, but that also raises a question how to organise them properly… Thomas, do you have any ideas on this? -- Cheers, Andrew pgppoKfESa9a0.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] style: make the login page Bootstrap-ready
# HG changeset patch
# User Andrew Shadura
# Date 1431466361 -7200
# Tue May 12 23:32:41 2015 +0200
# Node ID 60b8288f777e5da27b7028ca6b98b1c7ddb4349a
# Parent 08c73fbea76d78033cb3e7877d4b21935650ac17
style: make the login page Bootstrap-ready
Change the template to use CSS classes names compatible with what
Bootstrap provides. That would allow the login page to have sane
appearance with Bootstrap CSS immediately.
The template changes also remove extra vertical space between
the ‘Log in’ button and extra links at the bottom for the sake
of having a simpler markup.
diff --git a/kallithea/public/css/style.css b/kallithea/public/css/style.css
--- a/kallithea/public/css/style.css
+++ b/kallithea/public/css/style.css
@@ -1871,7 +1871,7 @@ a.metatag[tag="license"]:hover {
padding: 20px;
}
-#login div.form div.fields div.field div.label {
+#login div.form div.form-horizontal div.form-group > label {
width: 173px;
float: left;
text-align: right;
@@ -1879,7 +1879,7 @@ a.metatag[tag="license"]:hover {
padding: 5px 0 0 5px;
}
-#login div.form div.fields div.field div.input input {
+#login div.form div.form-horizontal div.form-group div input {
background: #FFF;
border-top: 1px solid #b3b3b3;
border-left: 1px solid #b3b3b3;
@@ -1891,20 +1891,16 @@ a.metatag[tag="license"]:hover {
padding: 7px 7px 6px;
}
-#login div.form div.fields div.buttons {
-clear: both;
-overflow: hidden;
-border-top: 1px solid #DDD;
-text-align: right;
-margin: 0;
-padding: 10px 0 0;
+#login div.form .buttons {
+float: right;
}
#login div.form div.links {
clear: both;
overflow: hidden;
margin: 10px 0 0;
-padding: 0 0 2px;
+border-top: 1px solid #DDD;
+padding: 10px 0 0;
}
.user-menu {
@@ -3751,8 +3747,8 @@ div#legend_data, div#legend_container, d
}
#content div.box div.form div.fields,
-#login div.form,
-#login div.form div.fields,
+#login div.form-horizontal,
+#login div.form-horizontal div.form-group,
#register div.form,
#register div.form div.fields {
clear: both;
@@ -3762,7 +3758,7 @@ div#legend_data, div#legend_container, d
}
#content div.box div.form div.fields div.field div.label span,
-#login div.form div.fields div.field div.label span,
+#login div.form div.form-horizontal div.form-group div.label span,
#register div.form div.fields div.field div.label span {
height: 1%;
display: block;
@@ -3772,7 +3768,7 @@ div#legend_data, div#legend_container, d
}
#content div.box div.form div.fields div.field div.input input.error,
-#login div.form div.fields div.field div.input input.error,
+#login div.form div.form-horizontal div.form-group div.input input.error,
#register div.form div.fields div.field div.input input.error {
background: #FBE3E4;
border-top: 1px solid #e1b2b3;
@@ -3782,7 +3778,7 @@ div#legend_data, div#legend_container, d
}
#content div.box div.form div.fields div.field div.input input.success,
-#login div.form div.fields div.field div.input input.success,
+#login div.form div.form-horizontal div.form-group div.input input.success,
#register div.form div.fields div.field div.input input.success {
background: #E6EFC2;
border-top: 1px solid #cebb98;
@@ -3884,7 +3880,7 @@ div.box-right div.form div.fields div.bu
}
#content div.box div.action div.button,
-#login div.form div.fields div.field div.input div.link,
+#login div.form div.form-horizontal div.form-group div.input div.link,
#register div.form div.fields div.field div.input div.link {
text-align: right;
margin: 6px 0 0;
@@ -3953,7 +3949,7 @@ div.box-right div.form div.fields div.bu
padding: 0;
}
-#login div.form div.fields div.field,
+#login div.form div.form-horizontal div.form-group,
#register div.form div.fields div.field {
clear: both;
overflow: hidden;
@@ -3961,7 +3957,7 @@ div.box-right div.form div.fields div.bu
padding: 0 0 10px;
}
-#login div.form div.fields div.field span.error-message,
+#login div.form div.form-horizontal div.form-group span.error-message,
#register div.form div.fields div.field span.error-message {
height: 1%;
display: block;
@@ -3971,36 +3967,36 @@ div.box-right div.form div.fields div.bu
max-width: 320px;
}
-#login div.form div.fields div.field div.label label,
+#login div.form div.form-horizontal div.form-group label,
#register div.form div.fields div.field div.label label {
color: #000;
font-weight: 700;
}
-#login div.form div.fields div.field div.input,
+#login div.form div.form-horizontal div.form-group div,
#register div.form div.fields div.field div.input {
float: left;
margin: 0;
padding: 0;
}
-#login div.form div.fields div.field div.input input.large {
+#login div.form div.form-horizontal div.form-group div input.large {
width: 250px;
}
-#login div.form div.fields div.field div.checkbox,
+#login div.form div.form-horiz
[PATCH] auth: reduce code duplication by removing generate_api_key implemented in utils2
# HG changeset patch # User Andrew Shadura # Date 1431706047 -7200 # Fri May 15 18:07:27 2015 +0200 # Node ID 95bffe63997d40bfab5ae6b8d1a54859d6275471 # Parent 6e8effd028bf41a132aee02e52ffc0bf990dadf4 auth: reduce code duplication by removing generate_api_key implemented in utils2 diff --git a/kallithea/controllers/admin/users.py b/kallithea/controllers/admin/users.py --- a/kallithea/controllers/admin/users.py +++ b/kallithea/controllers/admin/users.py @@ -40,7 +40,7 @@ from kallithea.lib.exceptions import Def UserOwnsReposException, UserCreationError from kallithea.lib import helpers as h from kallithea.lib.auth import LoginRequired, HasPermissionAllDecorator, \ -AuthUser, generate_api_key +AuthUser import kallithea.lib.auth_modules.auth_internal from kallithea.lib import auth_modules from kallithea.lib.base import BaseController, render @@ -52,7 +52,7 @@ from kallithea.model.user import UserMod from kallithea.model.meta import Session from kallithea.lib.utils import action_logger from kallithea.lib.compat import json -from kallithea.lib.utils2 import datetime_to_time, safe_int +from kallithea.lib.utils2 import datetime_to_time, safe_int, generate_api_key log = logging.getLogger(__name__) diff --git a/kallithea/lib/auth.py b/kallithea/lib/auth.py --- a/kallithea/lib/auth.py +++ b/kallithea/lib/auth.py @@ -143,21 +143,6 @@ def get_crypt_password(password): def check_password(password, hashed): return KallitheaCrypto.hash_check(password, hashed) - -def generate_api_key(str_, salt=None): -""" -Generates API key from given string - -:param str_: -:param salt: -""" - -if salt is None: -salt = _RandomNameSequence().next() - -return hashlib.sha1(str_ + salt).hexdigest() - - class CookieStoreWrapper(object): def __init__(self, cookie_store): ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] auth: let users log in using their email address
# HG changeset patch # User Andrew Shadura # Date 1431709586 -7200 # Fri May 15 19:06:26 2015 +0200 # Node ID 1a7787acd1276557128ac6f8cd274b39c86ebbae # Parent 95bffe63997d40bfab5ae6b8d1a54859d6275471 auth: let users log in using their email address diff --git a/kallithea/controllers/login.py b/kallithea/controllers/login.py --- a/kallithea/controllers/login.py +++ b/kallithea/controllers/login.py @@ -121,9 +121,15 @@ class LoginController(BaseController): session.invalidate() c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated + +username = c.form_result['username'] +if '@' in username: +username = User.get_by_email(username).username +remember = c.form_result['remember'] + headers = self._store_user_in_session( -username=c.form_result['username'], -remember=c.form_result['remember']) +username=username, +remember=remember) raise HTTPFound(location=c.came_from, headers=headers) except formencode.Invalid, errors: defaults = errors.value diff --git a/kallithea/model/validators.py b/kallithea/model/validators.py --- a/kallithea/model/validators.py +++ b/kallithea/model/validators.py @@ -316,6 +316,9 @@ def ValidAuth(): password = value['password'] username = value['username'] +if '@' in username: +username = User.get_by_email(username).username + if not auth_modules.authenticate(username, password): user = User.get_by_username(username) if user and not user.active: ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH v2] auth: let users log in using their email address
# HG changeset patch # User Andrew Shadura # Date 1431709586 -7200 # Fri May 15 19:06:26 2015 +0200 # Node ID 93de511e84fe940786acf468789a77daed83a461 # Parent 95bffe63997d40bfab5ae6b8d1a54859d6275471 auth: let users log in using their email address diff --git a/kallithea/controllers/login.py b/kallithea/controllers/login.py --- a/kallithea/controllers/login.py +++ b/kallithea/controllers/login.py @@ -121,9 +121,15 @@ class LoginController(BaseController): session.invalidate() c.form_result = login_form.to_python(dict(request.POST)) # form checks for username/password, now we're authenticated + +username = c.form_result['username'] +if '@' in username: +username = User.get_by_email(username).username +remember = c.form_result['remember'] + headers = self._store_user_in_session( -username=c.form_result['username'], -remember=c.form_result['remember']) +username=username, +remember=remember) raise HTTPFound(location=c.came_from, headers=headers) except formencode.Invalid, errors: defaults = errors.value diff --git a/kallithea/model/validators.py b/kallithea/model/validators.py --- a/kallithea/model/validators.py +++ b/kallithea/model/validators.py @@ -316,6 +316,11 @@ def ValidAuth(): password = value['password'] username = value['username'] +if '@' in username: +user = User.get_by_email(username) +if user: +username = user.username + if not auth_modules.authenticate(username, password): user = User.get_by_username(username) if user and not user.active: ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] auth: let users log in using their email address
Hello, On Fri, 15 May 2015 23:52:27 +0200 Mads Kiilerich wrote: > On 05/15/2015 07:06 PM, Andrew Shadura wrote: > > # HG changeset patch > > # User Andrew Shadura > > # Date 1431709586 -7200 > > # Fri May 15 19:06:26 2015 +0200 > > # Node ID 1a7787acd1276557128ac6f8cd274b39c86ebbae > > # Parent 95bffe63997d40bfab5ae6b8d1a54859d6275471 > > auth: let users log in using their email address > Nice and simple - thanks! > This will however crash if the user specifies an invalid email > address. Noted — and fixed. > This feature also seems a bit half-baked when it only is for web > login. Hg/git login should work the same way. Possibly, but I think that would be a good think to work on in a next patch. > FWIW: The only other place where users have to care about their (and > others) "login" is in @mention. It would be nice to be able to > specify email addresses there too. @usern...@example.com should work > in the scanner (regexp) and auto completer. Some users would perhaps > prefer to avoid exposing their email address so it should perhaps be > configurable somehow ... but I'm pretty sure we already expose email > addresses in other places so such a "privacy" option would be a > separate feature. Well, this is something I'm not so sure about… Mentions should rather work with Real Names (autocompleting them to the login names, possibly expanding to a Real Name on display), but I don't think autocompletion should be done to email addresses. But let's address that later on, it's a bigger topic on its own. -- Cheers, Andrew pgpuRCBj29ntM.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] privacy: on password reset, don't tell strangers if email is valid or not
# HG changeset patch # User Andrew Shadura # Date 1431787037 -7200 # Sat May 16 16:37:17 2015 +0200 # Node ID 388a6eada55925cb55cd2368e47a6115d833b4c1 # Parent 93de511e84fe940786acf468789a77daed83a461 privacy: on password reset, don't tell strangers if email is valid or not Password reset form might be used to check if users with specific email addresses have accounts in the system by requesting their password to be reset. It's probably not a good idea to give this sort of information to complete strangers. diff --git a/kallithea/model/forms.py b/kallithea/model/forms.py --- a/kallithea/model/forms.py +++ b/kallithea/model/forms.py @@ -202,7 +202,7 @@ def PasswordResetForm(): class _PasswordResetForm(formencode.Schema): allow_extra_fields = True filter_extra_fields = True -email = All(v.ValidSystemEmail(), v.Email(not_empty=True)) +email = v.Email(not_empty=True) return _PasswordResetForm ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] privacy: on password reset, don't tell strangers if email is valid or not
Hello, On Sat, 16 May 2015 16:37:42 +0200 Andrew Shadura wrote: > Password reset form might be used to check if users with specific > email addresses have accounts in the system by requesting their > password to be reset. It's probably not a good idea to give this sort > of information to complete strangers. Obviously, there's still a similar issue with login and registration forms, but those issues are to be dealt separately. Login form is one which isn't hard to fix, registration form is something slightly different though. -- Cheers, Andrew pgpccvSKruRG4.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] privacy: don't tell users what is the reason for a failed login
# HG changeset patch
# User Andrew Shadura
# Date 1431788631 -7200
# Sat May 16 17:03:51 2015 +0200
# Node ID cb911e90e205bdb18fc2e2bd66549ea388d00413
# Parent 388a6eada55925cb55cd2368e47a6115d833b4c1
privacy: don't tell users what is the reason for a failed login
Makes it harder for strangers to probe the instance for presence of
certain users. This can make it harder to break in, as it is now
harder to tell is a username or a password are wrong, so bruteforcing
should probably take a bit longer if you don't know what exactly are
you doing.
diff --git a/kallithea/model/validators.py b/kallithea/model/validators.py
--- a/kallithea/model/validators.py
+++ b/kallithea/model/validators.py
@@ -305,9 +305,7 @@ def ValidPasswordsMatch(passwd='new_pass
def ValidAuth():
class _validator(formencode.validators.FancyValidator):
messages = {
-'invalid_password': _(u'invalid password'),
-'invalid_username': _(u'invalid user name'),
-'disabled_account': _(u'Your account is disabled')
+'invalid_auth': _(u'Invalid user name or password')
}
def validate_python(self, value, state):
@@ -325,16 +323,15 @@ def ValidAuth():
user = User.get_by_username(username)
if user and not user.active:
log.warning('user %s is disabled' % username)
-msg = M(self, 'disabled_account', state)
+msg = M(self, 'invalid_auth', state)
raise formencode.Invalid(msg, value, state,
-error_dict=dict(username=msg)
+error_dict=dict(username=' ',password=msg)
)
else:
log.warning('user %s failed to authenticate' % username)
-msg = M(self, 'invalid_username', state)
-msg2 = M(self, 'invalid_password', state)
+msg = M(self, 'invalid_auth', state)
raise formencode.Invalid(msg, value, state,
-error_dict=dict(username=msg, password=msg2)
+error_dict=dict(username=' ',password=msg)
)
return _validator
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] privacy: don't tell users what is the reason for a failed login
Hello, On Sat, 16 May 2015 17:04:06 +0200 Andrew Shadura wrote: > raise formencode.Invalid(msg, value, state, > -error_dict=dict(username=msg, password=msg2) > +error_dict=dict(username=' ',password=msg) > ) > return _validator I forgot to comment on this. This dict specifies which fields should be assigned what error messages. If I pass msg as both, the same error message is displayed twice, which is a bit ugly (even though it can be solved using CSS, probably). If I pass just one, the other field isn't highlighted. I haven't found a way in formencode to just highlight a field without adding an error message to it, so I have worked it around this way. -- Cheers, Andrew pgpoOKTNSm85m.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH PoC] secure password reset implementation
# HG changeset patch
# User Andrew Shadura
# Date 1431821238 -7200
# Sun May 17 02:07:18 2015 +0200
# Node ID 8d43a8174c960779437c2d8de7a0906a8cd14128
# Parent cb911e90e205bdb18fc2e2bd66549ea388d00413
secure password reset implementation
This is a better implementation of password reset function, which
doesn't involve sending a new password to the user's email address
in clear text, and at the same time doesn't require state storing.
The idea behind is to generate a token which is dependent on the
user state at the time before the password change takes place,
so the token is one-time and can't be reused, and also to bind the
token the the session.
The token is calculated as SHA1 hash of the following:
* user's identifier (number, not a name)
* timestamp
* hashed user's password
* session identifier
* per-application secret
We use numeric user's identifier, as it's fixed and doesn't change,
so renaming users doesn't affect the mechanism. Timestamp is added
to make it possible to limit the token's validness (currently not
implemented), and we don't want users to be able to fake that field
easily. Hashed user's password is needed to prevent using the token
again once the password has been changed. Session identifier is
an additional security measure to ensure someone else stealing the
token can't use it. Finally, per-application secret is just another
way to make it harder for an attacker to guess all values in an
attempt to generate a valid token.
When the token is generated, an anonymous user is directed to a
confirmation page where the timestamp and the usernames are already
preloaded, so the user needs to specify the token. User can either
click the link in the email if it's really them reading it, or to type
the token manually (note: email template needs to be improved).
Using the right token in the same session as it was requested directs
the user to a password change form, where the user is supposed to
specify a new password (twice, of course). Upon completing the form
(which is POSTed) the password change happens and a notification
mail is sent.
diff --git a/kallithea/controllers/login.py b/kallithea/controllers/login.py
--- a/kallithea/controllers/login.py
+++ b/kallithea/controllers/login.py
@@ -43,7 +43,8 @@ from kallithea.lib.auth_modules import i
from kallithea.lib.base import BaseController, render
from kallithea.lib.exceptions import UserCreationError
from kallithea.model.db import User, Setting
-from kallithea.model.forms import LoginForm, RegisterForm, PasswordResetForm
+from kallithea.model.forms import \
+LoginForm, RegisterForm, PasswordResetForm, PasswordResetConfirmationForm
from kallithea.model.user import UserModel
from kallithea.model.meta import Session
@@ -241,12 +242,12 @@ class LoginController(BaseController):
error_dict = {'recaptcha_field': _msg}
raise formencode.Invalid(_msg, _value, None,
error_dict=error_dict)
-UserModel().reset_password_link(form_result)
+redirect_link = UserModel().reset_password_link(form_result)
h.flash(_('Your password reset link was sent'),
category='success')
-return redirect(url('login_home'))
+return redirect(redirect_link)
-except formencode.Invalid, errors:
+except formencode.Invalid as errors:
return htmlfill.render(
render('/password_reset.html'),
defaults=errors.value,
@@ -258,17 +259,49 @@ class LoginController(BaseController):
return render('/password_reset.html')
def password_reset_confirmation(self):
-if request.GET and request.GET.get('key'):
+if request.GET:
+c.data = dict(
+username = request.GET.get('username'),
+timestamp = request.GET.get('timestamp'),
+token = request.GET.get('token')
+)
+if c.data['token']:
+try:
+log.debug("data = %s" % c.data)
+if UserModel().reset_password_confirm(c.data):
+return render('/password_reset_confirmation.html')
+else:
+h.flash(_('Invalid password reset token'),
+category='error')
+return redirect(url('reset_password'))
+except Exception as e:
+log.error(e)
+return redirect(url('reset_password'))
+else:
+return render('/password_reset_confirmatio
Re: [PATCH PoC] secure password reset implementation
Hello, On Sun, 17 May 2015 02:07:40 +0200 Andrew Shadura wrote: > # HG changeset patch > # User Andrew Shadura > # Date 1431821238 -7200 > # Sun May 17 02:07:18 2015 +0200 > # Node ID 8d43a8174c960779437c2d8de7a0906a8cd14128 > # Parent cb911e90e205bdb18fc2e2bd66549ea388d00413 > secure password reset implementation Somehow `hg email` still didn't let me write an intro email, so here's just a note that this implementation is the result of a discussion we had with Mads during the hackweek we had in Copenhagen. -- Cheers, Andrew pgpWe4Fx2Uag2.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH v2] auth: let users log in using their email address
Hello, On Sun, 17 May 2015 01:50:56 +0200 Mads Kiilerich wrote: > > diff --git a/kallithea/controllers/login.py > > b/kallithea/controllers/login.py --- > > a/kallithea/controllers/login.py +++ > > b/kallithea/controllers/login.py @@ -121,9 +121,15 @@ class > > LoginController(BaseController): session.invalidate() > > c.form_result = > > login_form.to_python(dict(request.POST)) # form checks for > > username/password, now we're authenticated + > > +username = c.form_result['username'] > > +if '@' in username: > > +username = User.get_by_email(username).username > > This will still fail if the username not is a valid email address? No, as this code will never be executed (input rejected by a validator first). Correct me if I'm wrong, but if I read the code correctly, the check here will have no effect (which is why I haven't added it). -- Cheers, Andrew pgpyAIKCx4Boy.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH v2] auth: let users log in using their email address
Hello, On Sun, 17 May 2015 03:12:20 +0200 Mads Kiilerich wrote: > > Correct me if I'm wrong, but if I read the code correctly, the check > > here will have no effect (which is why I haven't added it). > Ok. The explanation explains it. The code do however seem fragile and > non-obvious when reading it. An extra check or a clear comment would > help. So adding a comment — and you're fine with the change? :) > Next, my first thought is whether the form validation check somehow > should rewrite the login ... but that also seems wrong. > My next (and correct?) thought is that it is wrong to use form > validation for login check. As your patches shows, it is ok that the > login process _not_ is user friendly. How about dropping the login > form validation of usernames/password first (perhaps except for > "non-empty")? What's your thought? Yes, that didn't seem very right to me. I think the first thing to remove is tooShort check, authentication part is probably something to be improved separately. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: Adding global and per-repo settings to Kallithea
Hello, On Tue, 19 May 2015 14:04:23 +0200 Thomas De Schampheleire wrote: > I would like to get some clarification/discussion on adding new > settings to Kallithea, both global and per-repo settings. > For global settings, there is a 'settings' table that has one row per > setting, each setting having a name, value and type. > This is a nice and simple implementation. > However, it seems that when new settings have been added in the past, > there was always a database migration associated with it. This > migration is not that big of a deal, but still doesn't seem necessary > to me. > When a setting is not present in the database, the default should be > applied instead (at runtime, without changing the db). When a setting > is first changed, the database is updated with the right setting. > Alternatively, the setting is defaulted in the database when it is > first used and found to be missing from the database. > Does this make sense to you? Do you agree that a database migration is > not necessary? It does to me. Mads, what's your opinion? > Regarding per-repo settings: is this currently implemented in some > way? If so how? If not, how should we best implement this? > In the repositories table, there are several columns that could be > considered as per-repo setting, but it is not very nice to keep adding > columns for every new per-repo setting. > Such columns include landing_revision, enable_locking, ... We (me and Mads) have discussed about this a lot during last week's hackathon in Copenhagen. Here's an excerpt from our notes: * Per Repo settings * https://bitbucket.org/conservancy/kallithea/pull-request/39/allow-to-enable-or-disable-hooks-on-a-per/diff * using an association table makes it easy to reuse … but perhaps complex to maintain? * simple db migration step, avoids duplicating whole db ... * requirements: * admin - repo defaults indicates existing per repo settings: private, stats, locking, downloads (boolean fields on repository in database) * hg settings & extensions per repo (instead of manual .hg/hgrc editing) … and there is probably a case for similar git settings * per repo hooks and hook parameters - also git * notify per repo (but that might just be a hook) * theming? (not really, but perhaps, one day …) * other global config? * some kind of fancy group inheritance … but not in first milestone * stored today * bools on repos * settings table - 99% really global (perhaps except stylify_metatags, dashboard_items, repository_fields) * ui table, 1:1 database representation of mercurial config, contains stuff we want to make per repo, not much else … except git coverage * easy solution * add a nullable repo field to the ui table * need a way to distinguish between VCS-specific stuff and our own; see what TortoiseHg does and do the same? Perhaps, use a [kallithea] section? I'm not sure how legible it is, but there are some ideas there :) -- Cheers, Andrew pgp4M2EQNxml8.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH PoC] secure password reset implementation
Hello,
On Tue, 19 May 2015 17:10:46 +0200
Mads Kiilerich wrote:
> > The idea behind is to generate a token which is dependent on the
> > user state at the time before the password change takes place,
> > so the token is one-time and can't be reused, and also to bind the
> > token the the session.
> >
> > The token is calculated as SHA1 hash of the following:
> >
> > * user's identifier (number, not a name)
> > * timestamp
> > * hashed user's password
> > * session identifier
> > * per-application secret
> >
> > We use numeric user's identifier, as it's fixed and doesn't change,
> > so renaming users doesn't affect the mechanism. Timestamp is added
> > to make it possible to limit the token's validness (currently not
> > implemented),
> Please just hardcode something like 24 hours.
Okay, I will.
> > and we don't want users to be able to fake that field
> > easily. Hashed user's password is needed to prevent using the token
> > again once the password has been changed. Session identifier is
> > an additional security measure to ensure someone else stealing the
> > token can't use it. Finally, per-application secret is just another
> > way to make it harder for an attacker to guess all values in an
> > attempt to generate a valid token.
> Are you or others aware of "standard" ways of handling password
> resets? Something that indicates we are doing it correctly or that we
> can reuse?
I looked at what other frameworks do, and from what I saw it seems they
do more or less the same thing.
> > def password_reset_confirmation(self):
> > -if request.GET and request.GET.get('key'):
> > +if request.GET:
> > +c.data = dict(
> > +username = request.GET.get('username'),
> > +timestamp = request.GET.get('timestamp'),
> > +token = request.GET.get('token')
> > +)
> > +if c.data['token']:
> > +try:
> > +log.debug("data = %s" % c.data)
> > +if UserModel().reset_password_confirm(c.data):
> > +return
> > render('/password_reset_confirmation.html')
> > +else:
> > +h.flash(_('Invalid password reset token'),
> > +category='error')
> > +return redirect(url('reset_password'))
> > +except Exception as e:
> > +log.error(e)
> > +return redirect(url('reset_password'))
> I don't like the pattern of redirecting on serious internal errors
> and have been trying to get rid of it in other places. I think it
> generally is much better to just show an error message so the error
> can be fixed ... and the user easily can use back to go back and
> retry.
Okay, I will fail with 500 or a better code (if applicable) here.
> > @@ -296,10 +300,19 @@ class UserModel(BaseModel):
> >
> > user_email = data['email']
> > user = User.get_by_email(user_email)
> > +timestamp = int(time.time())
> > if user:
> > log.debug('password reset user found %s' % user)
> > +token = hashlib.sha1('%s%s%s%s%s' % (user.user_id,
> > + timestamp,
> > + user.password,
> > + session.id,
> > +
> > config.get('app_instance_uuid'))
> > +).hexdigest()
>
> Now we are reinventing crypto. That is dangerous. One thing: One
> thing is that hashes could give conflicts in the hash but we should
> make sure that we never got "collisions" in the input string - such
> collisions could perhaps be used as attacks. Perhaps use \n as
> delimiter of the fields?
Well, none of the data we use here is accepted directly from user
(except timestamp — when verifying the token; I should probably
validate it before using). From what I saw in similar cases elsewhere
(for example, OAuth 1.0), sometimes the data is escaped to avoid
collisions.
> The computation should probably be moved to a function so it can be
> reused.
Agree.
> > +
> > +
> > +%if c.data['username']:
> > +${_('You are about to reset password for the user %s')
> > % c.data['username']}
> Reset _the_ password
> We should however not reveal the username - at most the email address
> the user provided. We should also make sure the same message is
> shown, no matter if the address is recognized or not.
Well, yes, you're right. I shouldn't do email → username conversion.
> But there is no information about any code in the email - there is
> only a URL?
> We should either explicitly show the code in the mail or just ask the
> user to click the link in the mail and not show the "code" input
> field.
The template isn't perfect, that's the problem :) The idea that you
receive an email with a link (with token) and a token sepa
Re: [PATCH PoC] secure password reset implementation
> By the way, for the record to others: We will need a similar scheme > for verifying email addresses configured by users. I will work on that when I have this feature done. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] privacy: don't tell users what is the reason for a failed login
Hello, On Tue, 19 May 2015 17:15:30 +0200 Mads Kiilerich wrote: > I think the current implementation is wrong when it does any kind of > login verification in the user friendly form code. The authentication > should be done explicitly in the controller. (That would also make > the email login simpler.) I agree. > So while this patch makes it less wrong, I still think it is a bit > pointless. But meanwhile, are you okay with pushing those? -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] utils: return 'never' when the age is None
# HG changeset patch
# User Andrew Shadura
# Date 1432232093 -7200
# Thu May 21 20:14:53 2015 +0200
# Node ID 3737e67c7cbb89750dd8b3b5f76a003678792f3f
# Parent 8d43a8174c960779437c2d8de7a0906a8cd14128
utils: return 'never' when the age is None
diff --git a/kallithea/lib/utils2.py b/kallithea/lib/utils2.py
--- a/kallithea/lib/utils2.py
+++ b/kallithea/lib/utils2.py
@@ -371,6 +371,9 @@ def age(prevdate, show_short_version=Fal
deltas = {}
future = False
+if prevdate is None:
+return _(u'never')
+
if prevdate > now:
now, prevdate = prevdate, now
future = True
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: [PATCH] utils: return 'never' when the age is None
Hello, On Fri, 22 May 2015 02:58:09 +0200 Mads Kiilerich wrote: > On 05/21/2015 08:15 PM, Andrew Shadura wrote: > > # HG changeset patch > > # User Andrew Shadura > > # Date 1432232093 -7200 > > # Thu May 21 20:14:53 2015 +0200 > > # Node ID 3737e67c7cbb89750dd8b3b5f76a003678792f3f > > # Parent 8d43a8174c960779437c2d8de7a0906a8cd14128 > > utils: return 'never' when the age is None > As far as I understand, this can never happen "from scratch" - only > from updates. That should be mentioned in the commit message. > Anyway, I think it would be much better to fix missing db upgrade > steps by adding the missing steps to the latest db upgrade step (in a > non-destructive way, of course). I'm not so sure about this… We have the column declared as accepting NULLs, so we should probably have a way of displaying this valid value. Itself it doesn't break anything, so it's possible there's no need to change the upgrade procedure. -- Cheers, Andrew pgpnuvnUHdYgF.pgp Description: OpenPGP digital signature ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] spelling: IP address, IPv4, IPv6
# HG changeset patch
# User Andrew Shadura
# Date 1432641306 -7200
# Tue May 26 13:55:06 2015 +0200
# Node ID 86d6bfb6ca037549192e5217ce84c799210b57dd
# Parent c142eac083a2239e1ccf1cc4a5c5712b0559541c
spelling: IP address, IPv4, IPv6
diff --git a/kallithea/controllers/admin/users.py
b/kallithea/controllers/admin/users.py
--- a/kallithea/controllers/admin/users.py
+++ b/kallithea/controllers/admin/users.py
@@ -479,7 +479,7 @@ class UsersController(BaseController):
try:
user_model.add_extra_ip(id, ip)
Session().commit()
-h.flash(_("Added ip %s to user whitelist") % ip,
category='success')
+h.flash(_("Added IP address %s to user whitelist") % ip,
category='success')
except formencode.Invalid, error:
msg = error.error_dict['ip']
h.flash(msg, category='error')
diff --git a/kallithea/i18n/be/LC_MESSAGES/kallithea.po
b/kallithea/i18n/be/LC_MESSAGES/kallithea.po
--- a/kallithea/i18n/be/LC_MESSAGES/kallithea.po
+++ b/kallithea/i18n/be/LC_MESSAGES/kallithea.po
@@ -1007,7 +1007,7 @@ msgstr "ÐÑ Ð½Ðµ можаÑе ÑÑдаÐ
#: kallithea/controllers/admin/users.py:482
#, python-format
-msgid "Added ip %s to user whitelist"
+msgid "Added IP address %s to user whitelist"
msgstr "ÐÐ°Ð´Ð°Ð´Ð·ÐµÐ½Ñ IP %s Ñ Ð±ÐµÐ»Ñ ÑпÑÑ ÐºÐ°ÑÑÑÑаÑа"
#: kallithea/controllers/admin/users.py:488
@@ -1015,7 +1015,7 @@ msgid "An error occurred during ip savin
msgstr "ÐдбÑлаÑÑ Ð¿Ð°Ð¼Ñлка пÑÑ Ð·Ð°Ñ
Ð°Ð²Ð°Ð½Ð½Ñ IP"
#: kallithea/controllers/admin/users.py:502
-msgid "Removed ip address from user whitelist"
+msgid "Removed IP address from user whitelist"
msgstr "ÐÑÐ´Ð°Ð»ÐµÐ½Ñ IP %s з белага ÑпÑÑÑ ÐºÐ°ÑÑÑÑаÑа"
#: kallithea/lib/auth.py:745
@@ -2041,8 +2041,8 @@ msgid "Revisions %(revs)s are already pa
msgstr "Ð ÑвÑзÑÑ %(revs)s Ñжо ÑклÑÑÐ°Ð½Ñ Ñ pull-request ÑÑ
маÑÑÑ ÑÑÑалÑÐ²Ð°Ð½Ñ ÑÑаÑÑÑ"
#: kallithea/model/validators.py:817
-msgid "Please enter a valid IPv4 or IpV6 address"
-msgstr "ÐÐ°Ð»Ñ Ð»Ð°Ñка, ÑвÑдзÑÑе ÑÑÐ½Ñ IPv4 ÑÑ IpV6
адÑаÑ"
+msgid "Please enter a valid IPv4 or IPv6 address"
+msgstr "ÐÐ°Ð»Ñ Ð»Ð°Ñка, ÑвÑдзÑÑе ÑÑÐ½Ñ IPv4 ÑÑ IPv6
адÑаÑ"
#: kallithea/model/validators.py:818
#, python-format
@@ -3117,7 +3117,7 @@ msgstr "ÐÐ°Ð·Ð²Ð¾Ð»ÐµÐ½Ñ Ð»ÑбÑÑ IP
#: kallithea/templates/admin/permissions/permissions_ips.html:32
#: kallithea/templates/admin/users/user_edit_ips.html:42
-msgid "New ip address"
+msgid "New IP address"
msgstr "ÐÐ¾Ð²Ñ IP-адÑаÑ"
#: kallithea/templates/admin/permissions/permissions_perms.html:1
diff --git a/kallithea/i18n/cs/LC_MESSAGES/kallithea.po
b/kallithea/i18n/cs/LC_MESSAGES/kallithea.po
--- a/kallithea/i18n/cs/LC_MESSAGES/kallithea.po
+++ b/kallithea/i18n/cs/LC_MESSAGES/kallithea.po
@@ -998,7 +998,7 @@ msgstr ""
#: kallithea/controllers/admin/users.py:482
#, python-format
-msgid "Added ip %s to user whitelist"
+msgid "Added IP address %s to user whitelist"
msgstr ""
#: kallithea/controllers/admin/users.py:488
@@ -1006,7 +1006,7 @@ msgid "An error occurred during ip savin
msgstr ""
#: kallithea/controllers/admin/users.py:502
-msgid "Removed ip address from user whitelist"
+msgid "Removed IP address from user whitelist"
msgstr ""
#: kallithea/lib/auth.py:745
@@ -2005,7 +2005,7 @@ msgid "Revisions %(revs)s are already pa
msgstr ""
#: kallithea/model/validators.py:817
-msgid "Please enter a valid IPv4 or IpV6 address"
+msgid "Please enter a valid IPv4 or IPv6 address"
msgstr ""
#: kallithea/model/validators.py:818
@@ -3070,7 +3070,7 @@ msgstr ""
#: kallithea/templates/admin/permissions/permissions_ips.html:32
#: kallithea/templates/admin/users/user_edit_ips.html:42
-msgid "New ip address"
+msgid "New IP address"
msgstr ""
#: kallithea/templates/admin/permissions/permissions_perms.html:1
diff --git a/kallithea/i18n/de/LC_MESSAGES/kallithea.po
b/kallithea/i18n/de/LC_MESSAGES/kallithea.po
--- a/kallithea/i18n/de/LC_MESSAGES/kallithea.po
+++ b/kallithea/i18n/de/LC_MESSAGES/kallithea.po
@@ -1024,7 +1024,7 @@ msgstr "Sie können diesen Benutzer nich
#: kallithea/controllers/admin/users.py:482
#, python-format
-msgid "Added ip %s to user whitelist"
+msgid "Added IP address %s to user whitelist"
msgstr "Die IP-Adresse %s wurde zur Nutzerwhitelist hinzugefügt"
#: kallithea/controllers/admin/users.py:488
@@ -1032,7 +1032,7 @@ msgid "An error occurred during ip savin
msgstr "Währe
Re: Making pytest the standard test suite (instead of nose)
Hello,
On Sun, 31 May 2015 12:57:05 +0200
Thomas De Schampheleire wrote:
> I've been using pytest for a while now, and think we should consider
> making it the default test suite instead of nose.
Meanwhile, neither nose nor pytest work for me at the moment, for
different reasons. Nose doesn't work properly as I'm running a bit
newer Pylons which broke nose as we use it, and pytest gives me this:
== ERRORS
==
ERROR
collecting _
/usr/lib/python2.7/dist-packages/py/_path/common.py:332: in visit
for x in Visitor(fil, rec, ignore, bf, sort).gen(self):
/usr/lib/python2.7/dist-packages/py/_path/common.py:378: in gen
for p in self.gen(subdir):
/usr/lib/python2.7/dist-packages/py/_path/common.py:368: in gen
if p.check(dir=1) and (rec is None or rec(p))])
/usr/lib/python2.7/dist-packages/_pytest/main.py:632: in _recurse
ihook.pytest_collect_directory(path=path, parent=self)
/usr/lib/python2.7/dist-packages/_pytest/main.py:162: in __getattr__
plugins = self.config._getmatchingplugins(self.fspath)
/usr/lib/python2.7/dist-packages/_pytest/config.py:692: in _getmatchingplugins
self._conftest.getconftestmodules(fspath)
/usr/lib/python2.7/dist-packages/_pytest/config.py:521: in getconftestmodules
mod = self.importconftest(conftestpath)
/usr/lib/python2.7/dist-packages/_pytest/config.py:545: in importconftest
raise ConftestImportFailure(conftestpath, sys.exc_info())
E ConftestImportFailure:
(local('/home/andrew/projects/kallithea-test-fix/kallithea/tests/conftest.py'),
(,
ImportMismatchError('kallithea.tests.conftest',
'/home/andrew/projects/kallithea-test-fix/build/lib.linux-i686-2.7/kallithea/tests/conftest.py',
local('/home/andrew/projects/kallithea-test-fix/kallithea/tests/conftest.py')),
))
= short test
summary info ==
ERROR
= 1 error in 30.37
seconds =
Any ideas how to deal with this?
--
Cheers,
Andrew
pgp1vRq7LJyuF.pgp
Description: OpenPGP digital signature
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
Re: Making pytest the standard test suite (instead of nose)
Hello,
On Tue, 2 Jun 2015 08:49:28 +0200
Andrew Shadura wrote:
> > I've been using pytest for a while now, and think we should consider
> > making it the default test suite instead of nose.
> Meanwhile, neither nose nor pytest work for me at the moment, for
> different reasons. Nose doesn't work properly as I'm running a bit
> newer Pylons which broke nose as we use it, and pytest gives me this:
> ...
> ImportMismatchError('kallithea.tests.conftest',
> '/home/andrew/projects/kallithea-test-fix/build/lib.linux-i686-2.7/kallithea/tests/conftest.py',
> local('/home/andrew/projects/kallithea-test-fix/kallithea/tests/conftest.py')),
> ))
> ...
> Any ideas how to deal with this?
Thomas, maybe you can suggest anything I can try?
--
Cheers,
Andrew
pgpWY3XZTD1Fo.pgp
Description: OpenPGP digital signature
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH 1 of 3 v2] privacy: on password reset, don't tell strangers if email is valid or not
# HG changeset patch # User Andrew Shadura # Date 1431787037 -7200 # Sat May 16 16:37:17 2015 +0200 # Node ID 9b7a12fef6f4922730fb9e690e0567a6a4b32473 # Parent d7f13c2a28bacccdab00745a8dccf39fa4c40e31 privacy: on password reset, don't tell strangers if email is valid or not Password reset form might be used to check if users with specific email addresses have accounts in the system by requesting their password to be reset. It's probably not a good idea to give this sort of information to complete strangers. diff --git a/kallithea/model/forms.py b/kallithea/model/forms.py --- a/kallithea/model/forms.py +++ b/kallithea/model/forms.py @@ -202,7 +202,7 @@ def PasswordResetForm(): class _PasswordResetForm(formencode.Schema): allow_extra_fields = True filter_extra_fields = True -email = All(v.ValidSystemEmail(), v.Email(not_empty=True)) +email = v.Email(not_empty=True) return _PasswordResetForm ___ kallithea-general mailing list kallithea-general@sfconservancy.org http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH v2] tests: update password reset form test to employ only a simple @ check
# HG changeset patch
# User Andrew Shadura
# Date 1433675592 -7200
# Sun Jun 07 13:13:12 2015 +0200
# Node ID 8cedad478da7d4644634b0a33c89a0ea56eca8c2
# Parent 9b7a12fef6f4922730fb9e690e0567a6a4b32473
tests: update password reset form test to employ only a simple @ check
diff --git a/kallithea/tests/functional/test_login.py
b/kallithea/tests/functional/test_login.py
--- a/kallithea/tests/functional/test_login.py
+++ b/kallithea/tests/functional/test_login.py
@@ -293,15 +293,13 @@ class TestLoginController(TestController
self.assertEqual(ret.admin, False)
def test_forgot_password_wrong_mail(self):
-bad_email = 'usern...@wrongmail.org'
+bad_email = 'username%wrongmail.org'
response = self.app.post(
url(controller='login', action='password_reset'),
{'email': bad_email, }
)
-msg = validators.ValidSystemEmail()._messages['non_existing_email']
-msg = h.html_escape(msg % {'email': bad_email})
-response.mustcontain()
+response.mustcontain('An email address must contain a single @')
def test_forgot_password(self):
response = self.app.get(url(controller='login',
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
[PATCH] admin: reenable update checks
# HG changeset patch
# User Andrew Shadura
# Date 1433851102 -7200
# Tue Jun 09 13:58:22 2015 +0200
# Branch stable
# Node ID c670a49f595d5f03f924338adbe0de3fdd7853f6
# Parent 9c067ee8d368b7890f3cababc9bdfbf31ab8bfe7
admin: reenable update checks
URL is hardcoded here and users of older versions may have
invalid update URLs in their databases.
diff --git a/kallithea/controllers/admin/settings.py
b/kallithea/controllers/admin/settings.py
--- a/kallithea/controllers/admin/settings.py
+++ b/kallithea/controllers/admin/settings.py
@@ -491,7 +491,7 @@ class SettingsController(BaseController)
defaults = Setting.get_app_settings()
defaults.update(self._get_hg_ui_settings())
_update_url = defaults.get('update_url', '')
-_update_url = "" # FIXME: disabled
+_update_url = "https://kallithea-scm.org/api/v1/info/versions"; #
FIXME: don't hardcode
_err = lambda s: '%s' % (s)
try:
___
kallithea-general mailing list
kallithea-general@sfconservancy.org
http://lists.sfconservancy.org/mailman/listinfo/kallithea-general
