front-end: use 'bin' path for node commands instead of '.bin'
license-checker is using relative paths for importing other modules - that worked fine when .bin/license-checker was a symlink, but not on filesystems without symlinks support:
git: make sure _check_url only accept the protocols accepted by is_valid_repo_uri
Avoid unnecessary flexibility, ambiguity, and complexity.
The file protocol was never used. But when cloning existing managed repos, is_valid_repo_url would be skipped and _check_url would be called with absolute paths.
repo_groups: fix select of parent group when adding repo group
h.select was passed a list of repo groups where group_id was integer, but parent_group in the request was a string - thus no match.
Do as in repos controller create_repository (and in error handling): leave it to htmlfill to patch up the generated HTML using defaults ... but make sure we always have a default.
repos: extra HTML escaping of repo and repo group names shown in DataTables
These names will already have been "slugged" and can thus not contain anything that can be used for any attack. But let's be explicitly safe and escape them anyway.
raw_name without escaping would cause XSS *if* it was possible to create unsafe repo names.
just_name must be escaped in order to make search work correctly - for example if searching for '<' ... *if* it was possible for names to contain that.
model: remove unused 'subject' parameter of NotificationModel.create()
The subject of emails is determined with EmailNotificationModel._subj_map, based on the notification type. The 'subject' parameter passed to NotificationModel.create is completely unused.
Remove this parameter and update its callers, removing code that is now no longer used.
model/comment: extract notification-related code into a separate method
Preparation for grouping with _get_notification_data next, and keeping clear separation between creating the comment itself, and creating the notification.
Problem introduced in 9a0c41175e66: When iterating the headers dict and setting "msg[key] = value", it wasn't replacing the header but performing add_header so we sometimes ended up with two From headers.
It is also a general problem that while the headers dict only can contain each key once, it can contain entries that only differ in casing and thus will fold to the same message header, making it possible to end up adding duplicate headers.
"msg.replace_header(key, value)" is not a simple solution to the problem: it will raise KeyError if no such previous key exists.
Now, make the problem more clear by explicitly using add_header.
Avoid the duplication problem by deleting the key (no matter which casing) before invoking add_header. Delete promises that "No exception is raised if the named field isn’t present in the headers".
front-end: use 'bin' path for node commands instead of '.bin'
license-checker is using relative paths for importing other modueles - that worked fine when .bin/license-checker was a symlink, but not on filesystems without symlinks support:
hooks: move the vcs hook entry points and setup code out of lib
Mercurial hooks are running in a process that already has been initialized, so they invoke the hooks lib directly. Git hooks are binaries and need a lot of initialization before they can do the same. Move this extra setup code elsewhere.
Having this high level code in bin is perhaps also not ideal, but it also doesn't seem that bad: that is where other command line entry points invoke make_app.
(It seems like it could be adventageous to somehow use "real" bin commands for hooks ... but for now we use the home-made templates.)
Note: As a side effect of this change, all git hooks *must* be re-installed when upgrading.
git: detect existing symlink hooks before overwriting - only update plain files
If the existing hook is a symlink, the hook is not what we put in place, and we should stay away - no matter if it points at something that looks like a Kallithea hook.
*If* there should be circular dependencies, importing 'from' another module could fail because the module at that time only was partially imported. That had to be worked around by importing at runtime instead of globally.
Instead, try to always import whole modules. (But we should still try to avoid cycles.)
It might be a good idea, but then we should use it much more consistently ... and it should probably be done differently. Let's keep it simple and be consistent.
lib: move locale.py to locales.py to avoid shadowing of standard module
"Fix" spurious problem, seen for example as:
$ python kallithea/lib/annotate.py Traceback (most recent call last): File ".../lib64/python3.8/site-packages/mercurial/encoding.py", line 107, in <module> encoding = locale.getpreferredencoding().encode('ascii') or b'ascii' AttributeError: module 'locale' has no attribute 'getpreferredencoding'
That happened when something in some other module tried to import stdlib locale ... but somehow would pick up the kallithea locale module and things would fail.
Stay out of that kind of trouble by using a name that doesn't collide.
diffs: remove unused argument enable_comments and class no-comment
enable_comments was only used to set/not-set the 'no-comment' CSS class. While this class was emitted, no CSS rule nor any JavaScript logic was actually using it. Last real usage of that class was removed with commit e87baa8f1c5bd2488aefc23b95c0db3a04bc8431.
Cleanup the code by not emitting 'no-comment' and remove the 'enable_comments' flag.
style: mark failed comment submissions with red panel heading
Make it more obvious to the user that a comment submission failed: mark the panel of the failed comment as "panel-danger" so the color of the comment panel heading changes to red.
Previously, only the user and comment text would fade a bit.
lib/diffs: make sure that trailing tabs are indicated
Between the initial submission and final version of commit f79c40759d6f, changes were made that turn out to be incorrect. The changes assume that the later match on trailing tabs will 'win' from the plain 'tab' match. However, Python 're' documentation says:
As the target string is scanned, REs separated by '|' are tried from left to right. When one pattern completely matches, that branch is accepted. This means that once A matches, B will not be tested further, even if it would produce a longer overall match. In other words, the '|' operator is never greedy. https://docs.python.org/3.8/library/re.html
As a result, a trailing tab is seen as a plain tab and not highlighted in a special way.
Unify the tab handling to make it unambiguous how they should be parsed.
The change diff mainly shows re group numbers shifting.
It is checked earlier that git_command is one of two string constants, and with py3, things are much simpler and we don't have to consider string coersion.
use.py: import re import sys for fn in sys.argv[1:]: with open(fn) as f: s = f.read() s = re.sub(r'''(<script>)('use strict';)\n( *)''', r'''\1\n\3\2\n\3''', s) with open(fn, 'w') as f: f.write(s)
python use.py $(hg loc 'kallithea/templates/**.html')
config: move WSGI middleware apps from lib to config
These middlewares are full WSGI applications - that is not so lib-ish. The middleware is referenced from the application in config - that seems like a good place for them to live.
config: move various py templates to kallithea/templates/py/
For some reason, we had some python templates in kallithea/config . kallithea.config is mainly the TG entry point, and thus a high level controller thing - not a place to store templates.
Instead, use the templates directory and introduce a new py subdirectory.
With git hook templates in a templates directory, there is no need for tmpl in the name.
routing: move config.routing to kallithea.controllers
Routing doesn't belong in config. Having it there caused unfortunate dependencies.
We do routing the old way. If we did it the new way, it would be defined in the root controller. But for now, we just place it next to the root controller.