middleware: allow git and hg users to use email address instead of the username
This commit also replaces __get_user('default') with a call to a more widely used User.get_default_user() function, and removes no longer really used __get_user() methods from both SimpleHg and SimpleGit.
auth: authenticate using either username or email address
Use User.get_by_username_or_email() in get_user. In authenticate(), update username if get_user succeeds.
The point of this change is that the web login is a complex thing that includes, apart the authentication itself, form validation and a bunch of other things.
This change on its own makes it possible to authenticate a user using its email address, but that on its own isn't enough for web login or git/hg auth.
db: match case-insensitively using func.lower, not ilike
ilike() uses SQL ILIKE operator internally, which means it interprets '%' and '_' in the match pattern as wildcards. Instead of ilike(), it's better to turn both operands to the lower case and compare them.
This also unbreaks the test case introduced in 13d0fe6f751a.
This commit removes case-sensitive email matching. It also adds a couple of tests which fail, to demonstrate a defect in the current implementation (using ILIKE matching instead of case-insensitive equality comparison).
pullrequests: show tags in lists of included and available changesets
Further improvement: Also show bookmarks and other names (preferably by using some helper function/template instead of duplicating code). It would perhaps also be better to avoid using floating.
The table is populated on database creation, and assumed to be populated so many places in the code, we're unlikely to even reach this point if it's empty. (E.g. web.push_ssl must be defined to push/pull/fetch both Mercurial and Git repositories.)
Only newly created objects (and objects explicitly expunged) need to be added to the SQLAlchemy session; any object returned from a database query is already in the session.
comments: change comment formatting to plain text instead of rst
There might be value in enabling rich markup (especially if it is markdown instead of rst) ... or it might be a waste of time. We might revisit that later.
But either way: Changing to plain text makes it more feasible to do markup of hashes and issues - for now that is more important than rtf.
Eventually this function should support and auto detect multiple formats and is thus not named for a specific format. But for now it is plain text only.
This kind of markup can quite easily and safely support additional magic markup. It is much harder to do that on top of a richer markup format; it must essentially be done in a single pass, with both all the various regexps and the rst formatting done in a single pass.
auth: Fix bug where usernames are not consistently capitalized when using crowd login
If you try to log in to Kallithea via the Crowd auth module then the capitalization of your username in Kallithea changes on every login based on how you capitalized it in the login form.
E.g. Log in with "TestDude", username is entered as "TestDude" then log in again, but this time as "tesTduDe", and your username gets changed to "tesTduDe". etc.
Fix for this is to use the 'name' field returned from Crowd when saving the username. This way the username is always capitalized identically to the record in Crowd.
auth: Fix tomcat throwing '505 HTTP Version Not Supported' when trying to log in to Atlassian Crowd with usernames that contain spaces
If you try to log in to Kallithea via the Crowd auth module, and the username contains a space, it fails. Tomcat on the Crowd server gives error '505 HTTP Version Not Supported'.
Further investigation showed that the username was not being quoted. E.g. for the user 'test account', the REST URL should contain 'test%20account' but actually was containing 'test account'. When Tomcat received this HTTP request it interprets the word 'account' as the HTTP version because of the space. This obviously isn't a valid HTTP version.
This bug is fixed by using urllib2.quote on the username to ensure that special characters are correctly quoted. After making that change on my local install, the user 'test account' was able to log in successfully.
db: make sure all (non-primary) columns have nullable set explicitly
The default of nullable=True is rarely good for us so nullable should always be specified unless there is a reason to allow nullable ... and if the default is fine, xplicit is better than implicit.
The declared nulliness of some fields are changed where it seems like code already enforced it.
Some fields are marked as FIXME when they need (trivial?) data conversion to convert NULLs to default values.
tests: cleanup of unicode in test_create_non_ascii repository test
Repository names are generally conceptually unicode. Prepare for future changes by explicitly encoding repo_name as utf8 before appending a utf8 string.
Drop test_create_non_ascii - test_delete_non_ascii contains exactly the same test.
middleware: decode the repo_name received from http header to unicode
The middlewares seemed to make the incorrect assumption that the headers contained unicode. Or to put it differently: They relied on the Python default encoding to be able to convert to unicode instead of using safe_unicode. It would thus fail if running with LANG=C.
Instead, utilize that the header actually contains str_repo_name and explicitly decode that to unicode.
db: fix unknown exception type in commit error handling
efce61aac33d was a blind fix. It failed because `from sqlalchemy import *` doesn't import exc and the new except clause would thus fail. It also failed because the session has to be rolled back after a commit failure.
Now, rework it to fix these issues.
Note that we are able to detect whether the commit failed for valid reasons ... but we can't use that information to much ...
auth: fail pam and internal authentication attempts if no username is provided (Issue #180)
When the Mercurial client communicates with a server over HTTP, it will always first try to perform operations unauthenticated before providing credentials. Authentication attempts without credentials is usually pointless and will just slow operations down.
Some authentication plugins (such as LDAP) already skipped these unauthenticated requests. Now, do the same for other authentication plugions.
Other authentication plugins also skip if no password is provided ... but that doesn't seem necessary.
diff: get collapse target via .attr instead of .prop
Commit 3f017db297c4 was not fully tested and broke collapse/expand of diffs on changesets. $button is not a link with a target and the target can thus not be retrieved with .prop('target'); $button is just a span that happens to have a custom attribute with the name 'target'.
We thus revert back to the old way of retrieving it with .attr('target'). (It would perhaps be even better to use data attributes and name it data-target and use .data('target') ...)