Passwords should be checked when created or changed in the frontend just as they are in the backend for REST and CLI.
Also extend the password validation to allow upto 1024 characters instead of 32.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
If a mirrored git repository uses LFS, SCM-Manager will now also load the binaries, so that the mirrored repository can be used without missing LFS files.
Normally, all resources (like the hg process) will be released after
the stream of the diff. But this may lead to errors, when
DiffCommandBuilder#getContent is used and other commands are used
afterwards.
So with this we introduce a new interface method in the DiffCommand
that can be implemented without closing resources. This method is
used for the computation of the diff as string.
We use this to distinguish between the computation of diffs as a
stream like in rest calls, and the computation as a single string
result that may we followed by other commands using the same context.
Adds a new initialization step after setting up the initial administration account that allows administrators to initialize the instance with a selection of plugin sets.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
To make SCM-Manager more accessible and to make it easier using scripts against the server, we created a command line interface. This command line interface can be used to perform the default actions like create, modify and delete repositories. It is also very flexible and can be extended by plugins.
The CLI already supports internationalization, help texts, input validation, loose and table-like templates and nested subcommands. Check the cli guidelines to learn how add new cli commands.
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
* Throw more specific exception if compared revisions are ambiguous.
* Add changelog entry
* Move changelog entry in intended folder
* Small typo
Co-authored-by: Florian Scholdei <florian.scholdei@cloudogu.com>
Add feedback button and form. This feedback form can be used to provide direct feedback to the SCM-Manager Team.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Collapses a folder in code view which only has another folder as its only child. This lets you access a sub-folder which has content directly instead of navigating down the folder tree by clicking every folder separately.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Enable gradle dependency locking for all subprojects. This change allows us to use dependency ranges, without loosing reproducible builds.
It also makes it easier for third party services such as snyk to detect dependencies and their versions.
A request with a sortBy would have lead to a null pointer exception,
when at least one value for the objects is null. This adds checks to
avoid these exceptions. With this, null values are considered to be
less than non-null values.
Add security notifications in SCM-Manager to inform running instances about known security issues. These alerts can be core or plugin specific and will be shown to every user in the header.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Updated spotter to version 4 in order to get prism syntax mode for detected coding languages.
Expose syntax modes of coding languages as headers on content endpoint and as fields on diff dto.
Remove leading line break on search result fragments.
Use mark instead of span or strong for highlighted search results.
Add option to use syntax highlighting in TextHitField component.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Allows scm-manager instances to authenticate with the configured plugin center. If the default plugin center is used, a myCloudogu account is used for authentication which in turn enables downloading special myCloudogu plugins directly through the plugin administration page.
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Co-authored-by: Matthias Thieroff <93515444+mthieroff@users.noreply.github.com>
Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
Enrich branch overview with more details like last committer and ahead/behind commits. Since calculating this information is pretty intense, we request it in chunks to prevent very long loading times. Also we cache the results in frontend and backend.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Fixes edge cases for "move" in the modify command, like
- reject backslashes in validation
- add overwrite option
- check for invalid source and target options
This is an update to the implementation of "move" in #1859.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Update Gradle to 7.3. in order to profit from the performance improvement and to prepare for dependency lockfiles. Due to the upgrade to 7.x we had to use a license plugin which supports Gradle 7.
On Windows the path after moving files was not recognized correctly by git, hg and svn. The move resulted in a deletion without adding new files. Therefore we now change the path to unix style before adding files whenever we detect a non unix style file separator.
On windows unit tests are failing because junit checks if all @tempdir directries are empty and can be deleted after test run.
But due to opened file handles (not closed resource streams) Windows keeps files, which are "in use".
Linux is less strict in this area.
Additionally I want highlight that XMLStreamReaderImpl/XMLStreamWriterImpl from apache.xerces library (in OpenJDK11 at least) which are picked at runtime as xml parser implementation - they don't close associated resources.
BTW, I thing that relying on some runtime (sometimes - unpredictable) dependencies - is bad practice, but this it up to separate topic.
Additional fix: in IOUtil is file is locked (due to permissions or opened handle) - it will undlessly try-and-retry to delete it until end of the world, on windows.
dds a move/rename functionality to the modify command. This currently only works for absolute destination paths and does not work with backslashes. If the destination path does not exist, it is created. The action fails if the target file already exists.
Adds a "file lock" command that can be used to mark files as locked by a specific user. This command is implemented for git using a store to keep the locks.
Additionally, the Git LFS locking API is implemented.
To display locks, the scm-manager/scm-file-lock-plugin can be used.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Clears the external group cache whenever a user gets logged out by the logout rest method or the user gets deleted.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Adds an internal api call to determine a email address for a DisplayUser instance
in class EMail. This was available only for the User class before, but there is no
reason, why this should be limited.
Additionally one can also set the author for the merge command as DisplayUser,
which will trigger the fallback mechanisms for the email address, if it is missing.
This is introduced to make merge commits possible for users without email addresses
in the review plugin (scm-manager/scm-review-plugin#149).
Bind mapper implementations automatically to related mappers using the annotation processor. With this change it is not longer required to bind mapper explicitly using mapper modules which reduces some boilerplate code.
The working copy pool has to be a singleton, because
otherwise there could be multiple instances with their
own caches and therefore no reuse and maybe more relevant
working directories that will never be deleted.
