Files @ 8b47181750a8
Branch filter:

Location: kallithea/docs/usage/vcs_notes.rst

8b47181750a8 3.9 KiB text/prs.fallenstein.rst Show Annotation Show as Raw Download as Raw
Mads Kiilerich
login: fix incorrect CSRF rejection of "Reset Your Password" form (Issue #350)

htmlfill would remove the CSRF token from the form when substituting the query
parameters, causing password reset to break.

By default, htmlfill will clear all input fields that doesn't have a new
"default" value provided. It could be fixed by setting force_defaults to False
- see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html . It could
also be fixed by providing the CSRF token in the defaults to be substituted in
the form.

Instead, refactor password_reset_confirmation to have more explicitly safe
handling of query parameters. Replace htmlfill with the usual template
variables.

The URLs are generated in kallithea/model/user.py send_reset_password_email()
and should only contain email, timestamp (integer as digit string) and a hex
token from get_reset_password_token() .
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
.. _vcs_notes:

===================================
Version control systems usage notes
===================================

.. _importing:


Importing existing repositories
-------------------------------

There are two main methods to import repositories in Kallithea: via the web
interface or via the filesystem. If you have a large number of repositories to
import, importing them via the filesystem is more convenient.

Importing via web interface
^^^^^^^^^^^^^^^^^^^^^^^^^^^

For a small number of repositories, it may be easier to create the target
repositories through the Kallithea web interface, via *Admin > Repositories* or
via the *Add Repository* button on the entry page of the web interface.

Repositories can be nested in repository groups by first creating the group (via
*Admin > Repository Groups* or via the *Add Repository Group* button on the
entry page of the web interface) and then selecting the appropriate group when
adding the repository.

After creation of the (empty) repository, push the existing commits to the
*Clone URL* displayed on the repository summary page. For Git repositories,
first add the *Clone URL* as remote, then push the commits to that remote.  The
specific commands to execute are shown under the *Existing repository?* section
of the new repository's summary page.

A benefit of this method particular for Git repositories, is that the
Kallithea-specific Git hooks are installed automatically.  For Mercurial, no
hooks are required anyway.

Importing via the filesystem
^^^^^^^^^^^^^^^^^^^^^^^^^^^^

The alternative method of importing repositories consists of creating the
repositories in the desired hierarchy on the filesystem and letting Kallithea
scan that location.

All repositories are stored in a central location on the filesystem. This
location is specified during installation (via ``db-create``) and can be reviewed
at *Admin > Settings > VCS > Location of repositories*. Repository groups
(defined in *Admin > Repository Groups*) are represented by a directory in that
repository location. Repositories of the repository group are nested under that
directory.

To import a set of repositories and organize them in a certain repository group
structure, first place clones in the desired hierarchy at the configured
repository location.
These clones should be created without working directory. For Mercurial, this is
done with ``hg clone -U``, for Git with ``git clone --bare``.

When the repositories are added correctly on the filesystem:

* go to *Admin > Settings > Remap and Rescan* in the Kallithea web interface
* select the *Install Git hooks* checkbox when importing Git repositories
* click *Rescan Repositories*

This step will scan the filesystem and create the appropriate repository groups
and repositories in Kallithea.

*Note*: Once repository groups have been created this way, manage their access
permissions through the Kallithea web interface.


Mercurial-specific notes
------------------------


Working with subrepositories
^^^^^^^^^^^^^^^^^^^^^^^^^^^^

This section explains how to use Mercurial subrepositories_ in Kallithea.

Example usage::

    ## init a simple repo
    hg init mainrepo
    cd mainrepo
    echo "file" > file
    hg add file
    hg ci --message "initial file"

    # clone subrepo we want to add from Kallithea
    hg clone http://kallithea.local/subrepo

    ## specify URL to existing repo in Kallithea as subrepository path
    echo "subrepo = http://kallithea.local/subrepo" > .hgsub
    hg add .hgsub
    hg ci --message "added remote subrepo"

In the file list of a clone of ``mainrepo`` you will see a connected
subrepository at the revision it was cloned with. Clicking on the
subrepository link sends you to the proper repository in Kallithea.

Cloning ``mainrepo`` will also clone the attached subrepository.

Next we can edit the subrepository data, and push back to Kallithea. This will
update both repositories.


.. _subrepositories: http://mercurial.aragost.com/kick-start/en/subrepositories/
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.