This adds the new "queryable store" API, that allows complex
queries and is backed by SQLite. This new API can be used
for entities annotated with the new QueryableType annotation.
This uses 'RetryingTest' from junit jupiter to retry integration tests
that are known to fail from time to time. We explicitly mark single
tests in contrast to set a global retry to be able to trace those,
whenever this is intended.
To still support the editor plugin, a new field in the
browse command results is needed to indicate, whether
such a result or rather the requested revision can be
modified by a new commit.
This is the case, when
- for Subversion repositories either the new 'head' or the
latest revision has been requested, or
- for Git and HG when a branch (or the default by specifying
no concrete revision) has been used.
This fixes the following security issue: If a user creates a new repository in a namespace this user had no permission to read any repository from, the user gets OWNER permissions on this namespace and all other permissions are removed from this namespace.
Pushed-by: Rene Pfeuffer<rene.pfeuffer@cloudogu.com>
Co-authored-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
Committed-by: René Pfeuffer<rene.pfeuffer@cloudogu.com>
This uses 'RetryingTest' from junit jupiter to retry integration tests that are known to fail from time to time. We explicitly mark single tests in contrast to set a global retry to be able to trace those, whenever this is intended.
To do so, we have to update to the latest version of JUnit. Unfortunately, this brought a new behaviour for the @TempDir annotation: In contrast to the former behaviour where for one test all annotated parameters got the same directory, in the new version the parameters get different directories assigned. This led to the need of some consolidation between @BeforeEach methods and the related tests.
Committed-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
The sshd dependency in version 2.8.0 that came with SvnKIT
1.10.10 may cause an injection failure in bouncy castle
due to incompatible sshd versions on server startup when
the ssh plugin is installed (the ssh plugin uses version
2.9.0 of apache sshd).
Committed-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Introduce tailwind as new frontend styling library to replace bulma in the longer run. Also create the first new ui library `ui-buttons` which will be the new standard for buttons ins SCM-Manager. In this library we reconsidered which types of buttons should be used to create a clean and consistent ui.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
If a mirrored git repository uses LFS, SCM-Manager will now also load the binaries, so that the mirrored repository can be used without missing LFS files.
This change allows our ui libraries to be built separately. It is therefore to utilize different build tools for individual projects, as well as using build caches for the local build.
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Upgrades svnkit to the latest patch version 1.10.3-scm2
developed in scm-manager/svnkit-patches#2.
This should fix errors regarding spaces in filenames
in svn with external tools like Fisheye or the svnkit
command line client (#2002).
To make SCM-Manager more accessible and to make it easier using scripts against the server, we created a command line interface. This command line interface can be used to perform the default actions like create, modify and delete repositories. It is also very flexible and can be extended by plugins.
The CLI already supports internationalization, help texts, input validation, loose and table-like templates and nested subcommands. Check the cli guidelines to learn how add new cli commands.
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
* Update lock files
* Replace usage of org.apache.commons.lang3 with guava
* Update vulnerable version of cron-utils
Update cron-util from version 9.1.3 to 9.1.6.
Version 9.1.6 fixes an arbitrary code execution
vulnerability (CVE-2021-41269).
SCM-Manager is not affected by this issue,
because it is related to the el parsing
of an annotation which we don't use.
Enable gradle dependency locking for all subprojects. This change allows us to use dependency ranges, without loosing reproducible builds.
It also makes it easier for third party services such as snyk to detect dependencies and their versions.
Sets the HEAD for new Git repositories to the default branch (this is 'main' for the default configuration).
This change led to errors in unit tests, that depended on the 'master' branch.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
When SCM-Manager is used behind a reverse proxy like
Nginx it may be the case, that lfs PUT requests are
buffered by the reverse proxy and will be sent to the
SCM-Manager after the whole file has been received. Due
to the expiration time of 5 minutes for the authentivation
token that had been requested by Git before the upload
has been started, this request from the proxy to
SCM-Manager fails if the upload from the client to the
reverse proxy took longer than these 5 minutes.
To solve this, we make this expiration time configurable,
so that whenever you have very large files or small
bandwidth the expiration timeout can be increased.
With the migration to gradle we lost the JUnit 5 integration tests. This is fixed here. In addition we have to adapt the AnonymousAccessITCase to the change, that the anonymous access is disabled when creating the default test data.
Migrates the existing e2e tests towards a cucumber bdd-style and utilizes the integration-test-runner package.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
