auth: refactor to introduce @LoginRequired(allow_default_user=True) and deprecate @NotAnonymous()
It was error prone that @LoginRequired defaulted to allow anonymous users (if 'default' user is enabled). See also 245b4e3abf39.
Refactor code to make it more explicit and safe by default: Deprecate @NotAnonymous by making it the default of @LoginRequired. That will make it safe by default.
To preserve same functionality, set allow_default_user=True in all the cases where @LoginRequired was *not* followed by @NotAnonymous or other permission checks - that was done with some script hacks: sed -i 's/@LoginRequired(\(..*\))/@LoginRequired(\1, allow_default_user=True)/g' `hg mani` sed -i 's/@LoginRequired()/@LoginRequired(allow_default_user=True)/g' `hg mani` perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)\n\s*\@NotAnonymous\(\)/\@LoginRequired()/g' `hg mani` perl -0pi -e 's/\@LoginRequired\(allow_default_user=True\)(\n\s*\@Has(Repo)?Permission)/\@LoginRequired()\1/g' `hg mani`
It has been reviewed that all uses of allow_default_user=True are in places where the there indeed wasn't any checking for default user before. These may or may not be correct, but now they are explicit and can be spotted and fixed.
The few remaining uses of @NotAnonymous should probably be removed somehow.
css: use pseudo-content trick to prevent diff line numbers from being pasted to text
When copy-pasting a diff from Chrome to a text editor, line numbers (on separate lines) would be pasted as well. Even though 'user-select: none' prevents text from being visually selected, in Chrome, the text still gets copied to the clipboard when the user for example presses ctrl-c. (It worked in Firefox.)
Instead, don't put the line numbers directly in the DOM, but put them in a data attribute and render them as :before. That will give the same rendering as before but prevent it from being copied.
(Firefox will however still add empty lines - that is how <pre> is hardcoded to be rendered when pasting to text.)
setup-db: print completion message to avoid confusion (issue #303)
There are cases where the last message of setup-db is a warning, giving the impression that the overall command failed which may not actually be the case.
For example, when git is not installed, warnings are given, but they are not an actual error. Kallithea will work fine for Mercurial repositories.
To avoid any confusion, print a completion message at the end. Any real errors will abort the command and not make it this far.
Instead of using a hack, that removes the 'set' parameter from the request, don't give the submit button a name and therefore don't submit the parameter in the first place.
tests: git changeset authors need to have the format 'username <user@example.com>'
New verions of dulwich caused tests like test_compare_forks_on_branch_extra_commits_git to fail because of this. Since this is fixed now, re-allow dulwich versions 0.18.6 and newer.
login: fix crash when entering non-ASCII password for login (Issue #300)
Avoid errors like UnicodeEncodeError: 'ascii' codec can't encode characters in position X: ordinal not in range(128) when the user enters non-ASCII passwords for existing internal accounts in the login prompt.
The password forms have "always" rejected non-ASCII passwords with Invalid characters (non-ASCII) in password
less: base .metatag styling on Bootstrap .label styling
Metatags kind of are and kind of look like labels, except some differences: Labels use smaller but bold font. The sizing is also different, as labels are not inline-block and will not expand the line height but might overflow into previous/next line, especially if these also have labels.
We still keep the custom colors for font and background.
Alternatively, we could put the "label" class in the markup and just let the metatag markup set the colors, similar to what Bootstrap "label-*" does.
style: fix changeset tag container - fix vertical alignment of right aligned tags
Tags and comment count were not aligned with the line text at all, and a solid background were hiding the separator lines and made it look even more messy.
extra-container and comments-container are now simplified with top right positioning and less margin tweaking.
Minimal changes to the tags - just touching some external sizing so it fits in the container: line-height and margin.
- use default font weight for footer - it doesn't need special attention and doesn't have to be bold - use class selector for the footer instead of ID selector - add comment for the styling that is removing margin below footer
less: run lessc with --relative-urls so relative paths are rewritten
25e079891ff5 broke select2 - it did for example no longer display the search symbol in the input field. The css had a relative path to 'select2.png' which no longer was correct when the literal reference moved to style.css .
Bootstrap had the same issue with '../fonts/glyphicons-halflings-regular.*' ... but we do not rely much on that.
As a quick fix, just adjust the relative reference and keep pointing at the original location.
A next step might be to copy files around in a cross platform compliant way, reliably at the right point in the development/build/install process.
MANIFEST: only include bootstrap from node_modules when packaging or installing
With the 'less' source folder placed under 'public', the whole folder happened to be fully included in source distribution and installed. *If* 'npm install' has been run, 'kallithea/public/less/node_modules/' will contain both build/development tools ('less' and dependencies) and the source of Bootstrap.
We do want Bootstrap source to be included so it automatically gets 'vendored', but we don't want all the build tools.
We thus prune the whole 'node_modules' directory, but add 'node_modules/bootstrap' back in.
This is exactly what it is. It might seem a bit fragile: There is no verification that it only is the 'bootstrap' directory that should be added back in, and there is no verification that it actually is present and included.
- there are no #quick_login .links elements - there are no #quick_login .buttons elements - there are no #quick_login .form-group elements - there are no #quick_login .unread elements - there are no #quick_login .notifications elements - color is already set on #quick_login * - background and padding is already set for all dropdown menus - h4 already has margin-bottom 10px
less: use default Bootstrap styling for buttons, customized with variables
The gradient styling of buttons is dropped, but we still use grey buttons (using the average color from the gradient) instead of the Bootstrap default of white buttons.
less: build custom Bootstrap from bootstrap.less instead of using plain upstream version
- add current version of bootstrap to package.json dependencies - import bootstrap.less in main.less - remove bootstrap.css from root.html (the file will be removed later)
When the whole list is made scrollable, the graph can no longer be positioned absolute. Instead, make it relative so it scrolls with the content ... and 0 height (with the graph overflowing) so the table content will be shown next to the overflowing graph.
less: change markup and styling for the logo shown in the top left corner
Based on work by Dominik Ruf, but in this changeset, the goal is just to improve markup and styling while keeping exactly the same look and feel. In that process, it also fixes some browser specific issues that gave odd spacing/positioning.
All styling (especially the logo image URL) is moved to CSS/LESS, using background-image styling instead of an img tag.
The logo image is made a :before on the site branding text and will usually have to align with this text, so we use inline-block to align to the baseline.
We set the right amount of negative margin-bottom so the image can go below the baseline.
We use a "big enough" negative margin-top to allow the image to bleed outside the line height and into the 12px top padding.
We assume the background image doesn't need cropping or panning and do thus not set background-size, background-position, or background-repeat.
less: simplify positioning of the +/- symbols on diff lines
As before, we place the +/- symbols in the pre:before so they default to the same font and styling as the line content.
Instead of giving the pre a wide left margin and put the :before out there using negative positing and visible overflow, just give the :before a fixed width on all lines.
Commit 30d61922f24eb144190052818c3fc6a24562f42b (auth: fix crash on invalid bcrypt password) left a debug print statement of the user's password in plaintext and its hashed equivalent.
- remove unnecessary float: left for .reviewer_status - remove unnecessary height and padding for .reviewers_member - there is no .email_entry, .ip_entry, .pullrequests_section_head, .pr-desc - remove unnecessary margin for .msg-div
- #legend_data default padding is fine - #legend_container border: none is unnecessary - #legend_choices is invisible - #legend_container width: auto is unnecessary - with many commiters less padding and height is actually better - there is no .legend ul
<a> already use @brand-primary color and I think it is actually beneficial if the two other non-link elements look a bit different. (blackish default .panel-heading color)
The two non-link elements thus already have a different non-link look and don't need the opacity.