Adds a "file lock" command that can be used to mark files as locked by a specific user. This command is implemented for git using a store to keep the locks.
Additionally, the Git LFS locking API is implemented.
To display locks, the scm-manager/scm-file-lock-plugin can be used.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Clears the external group cache whenever a user gets logged out by the logout rest method or the user gets deleted.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Adds an internal api call to determine a email address for a DisplayUser instance
in class EMail. This was available only for the User class before, but there is no
reason, why this should be limited.
Additionally one can also set the author for the merge command as DisplayUser,
which will trigger the fallback mechanisms for the email address, if it is missing.
This is introduced to make merge commits possible for users without email addresses
in the review plugin (scm-manager/scm-review-plugin#149).
Bind mapper implementations automatically to related mappers using the annotation processor. With this change it is not longer required to bind mapper explicitly using mapper modules which reduces some boilerplate code.
The working copy pool has to be a singleton, because
otherwise there could be multiple instances with their
own caches and therefore no reuse and maybe more relevant
working directories that will never be deleted.
The IndexOptions api has several problems:
- It is possible to open the same index with different options, which could lead to scoring problems
- If the index is already opened from another task, the options are ignored and the one from the opening task are used
- The analyzer which is derived from the options is used for every field which has not configured a specific analyzer
- This change removes the options api completely.
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Id's can now be combined with more than just a repository. It is now possible to build a more complex Id such as Comment -> Pull request -> Repository. The id's now bound to a specific type. This makes it harder to accidentally use a id within an index of the wrong type.
Before this change the search uses a single index which distinguishes types (repositories, users, etc.) with a field (_type).
But it has turned out that this could lead to problems, in particular if different types have the same field and uses different analyzers for those fields. The following links show even more problems of a combined index:
https://www.elastic.co/blog/index-vs-typehttps://www.elastic.co/guide/en/elasticsearch/reference/6.0/removal-of-types.html
With this change every type becomes its own index and the SearchEngine gets an api to modify multiple indices at once to remove all documents from all indices, which are related to a specific repository, for example.
The search uses another new api to coordinate the indexing, the central work queue.
The central work queue is able to coordinate long-running or resource intensive tasks. It is able to run tasks in parallel, but can also run tasks which targets the same resources in sequence. The queue is also persistent and can restore queued tasks after restart.
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
The original proxy configuration implementation only used the global configuration if the local proxy configuration was not provided (i.e. null). This PR adds the corner case where a local configuration is provided, but disabled. In this case, the global proxy configuration will be used as a fallback as well.
Reduce log level of `could not create token from authentication header from warn to debug, because it is normal that these message is logged if multiple SchemeBasedWebTokenGenerator are registered.
Fixes#1772
Apply proxy support for jGit by extracting the required functionality from the DefaultAdvancedHttpClient into its own class HttpURLConnectionFactory. This new class is now used by the DefaultAdvancedHttpClient and jGit.
The HttpURLConnection also fixes proxy server authentication, which was non functional in DefaultAdvancedHttpClient.
The proxy support for SVNKit is implemented by using the provided method of the BasicAuthenticationManager.
For mercurial the support is configured by writing the required settings to a temporary hgrc file.
* Introduce RepositoryCoordinates
RepositoryCoordinates will be used for the enrichment of the embedded repositories of search result hits. This is required, because if we used the normal repository for the enrichment, we would get a lot of unrelated enrichers would be applied.
* Add builder method to HalEnricherContext
With the new builder method it is possible to add an object to the context with an interface as key.
* Add enricher support for embedded repository by applying enricher for RepositoryCoordinates
* Use embedded repository for avatars
The Search api is now simpler, because it provides useful defaults. Only if you want to deviate from the defaults, you can set these values. This is mostly reached by using the builder pattern. Furthermore it is now possible to configure an analyzer per field. The default analyzer is still the one which is derived from the index options, but it is possible to configure a new indexer with the analyzer attribute of the indexed annotation. The attribute allows the configuration for code, identifiers and path. The current implementation uses the same analyzer code, identifiers and path. The new implemented splits tokens on more delimiters as the default analyzer e.g.: dots, underscores etc.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Expose an api which makes it easy to detect the content type of files. The api is based on the spotter api, but does not expose spotter classes.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Add a dedicated search page with more results and different types.
Users and groups are now indexed along with repositories.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Introduces a maximum size for the simple workdir cache. On cache overflow workdirs are evicted using an LRU strategy.
Furthermore parallel requests for the same repository will now block until the workdir is released.
The search link of the index resource is now an array of links instead of single templated link.
The array contains one link for each searchable type.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
We introduced a new annotation '@IndexedType' which gets collected by the scm-annotation-processor. All classes which are annotated are index and searchable. This opens the search api for plugins.
Add a powerful search engine based on lucene to the scm-manager api.
The api can be used to index objects, simply by annotating them and add them to an index.
The first indexed object is the repository which could queried by quick search in the header.
Using a default user with a default password has the implicit risk, that this user is not changed and therefore this system can be compromised. With this change, SCM-Manager does not create the default user with the default password on startup any more, but it shows an initial form where the initial values for the administration user have to be entered by the user. To secure this form, a random token is created on startup and printed in the log.
To implement this form, the concept of an InitializationStep is introduced. This extension point can be implemented to offer different setup tasks. The creation of the administration user is the first implementation, others might be things like first plugin selections or the like.
Frontend components are selected by the name of these initialization steps, whose names will be added to the index resource
(whichever is active at the moment) and will be show accordingly.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Clear more caches if GPG key was added or deleted. It seems quite difficult to find the right way to invalidate partial caches so for now we keep purging everything.
Maybe we could add an API to efficiently find out what parts of the cache can be removed.
Fixes#1668
Add list of emergency contacts to global configuration. This user will receive e-mails and notification if some serious system error occurs like repository health check failed.
In the release of version 2.0.0 of SCM-Manager, the health checks had been neglected. This makes them visible again in the frontend and adds the ability to trigger them. In addition there are two types of health checks: The "normal" ones, now called "light checks", that are run on startup, and more intense checks run only on request.
As a change to version 1.x, health checks will no longer be persisted for repositories.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Validate filepath and filename to prevent path traversal in modification
command and provide validations for editor plugin.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Allow all UTF-8 characters except URL identifiers as user and group names and for namespaces.
Fixes#1513
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Capture metrics about the lifetime of working copies used, for example, by the merge and modify commands. Working copies are internal repository clones that can place a large load on the server. Therefore, these metrics can be helpful in identifying sources of large server load.
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Expose metrics about:
- User login attempts
- Failed user logins
- User logouts
- General successful accesses to SCM-Manager via any authentication realm
- General failed accesses to SCM-Manager
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Collect guava cache statistics as metrics using micrometer. We replaced the own counter implementation of guava statistics with the guava internal caching statistics.
