Add security notifications in SCM-Manager to inform running instances about known security issues. These alerts can be core or plugin specific and will be shown to every user in the header.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Users, groups, repositories and repository roles have been sorted in the rest layer by default if no other sort option was given. In the layers "below" (aka the manager classes or the dao), the collections have been unsorted. This led to the effect, that the autocomplete resource, which did not sort all values beforehand, returned unsorted results. As a sideeffect, direct matches for an input could occur at a random position or not at all (as reported in #1695), when there were enough other matches.
With this pull request the databases for users, groups, repositories and repository roles will use instances of TreeMap instead of LinkedHashMap internally, so that these values are sorted implicitly (by id respectively name for users, groups and repository roles and namespace/name for repositories).
Due to this change the default sort applied in the rest layer could be removed.
Changes the "namespace" input in the repository creation form or the "rename repository" dialog to an
autocomplete input. Of course this is only available for the "custom" namespace strategy.
Updated spotter to version 4 in order to get prism syntax mode for detected coding languages.
Expose syntax modes of coding languages as headers on content endpoint and as fields on diff dto.
Remove leading line break on search result fragments.
Use mark instead of span or strong for highlighted search results.
Add option to use syntax highlighting in TextHitField component.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Allows scm-manager instances to authenticate with the configured plugin center. If the default plugin center is used, a myCloudogu account is used for authentication which in turn enables downloading special myCloudogu plugins directly through the plugin administration page.
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
Co-authored-by: Matthias Thieroff <93515444+mthieroff@users.noreply.github.com>
Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
When the ResourceLinks class could not access the
scmPathInfoStore due to an invalid request scope
(that is outside http requests), this might
lead to confusion due to messages from guice. We
try to "fix" these by using an own explanation to
what probably went wrong and how to mitigate this.
Fix access to ScmPathInfoStore as Provider to prevent injection errors. Errors might happen, if beans using ScmPathInfoStore (like the BranchLinkProvider) are injected in beans that are singletons or that have be created outside of request scope otherwise. We do so knowing that this might lead to runtime errors (eg. when links shall be build in a thread that has no request scope). We have decided nonetheless that injection errors on startup are worse for plugin developers, that may have no clue how to solve injection problems.
Enrich branch overview with more details like last committer and ahead/behind commits. Since calculating this information is pretty intense, we request it in chunks to prevent very long loading times. Also we cache the results in frontend and backend.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Fixes edge cases for "move" in the modify command, like
- reject backslashes in validation
- add overwrite option
- check for invalid source and target options
This is an update to the implementation of "move" in #1859.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Adds a "file lock" command that can be used to mark files as locked by a specific user. This command is implemented for git using a store to keep the locks.
Additionally, the Git LFS locking API is implemented.
To display locks, the scm-manager/scm-file-lock-plugin can be used.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Clears the external group cache whenever a user gets logged out by the logout rest method or the user gets deleted.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Bind mapper implementations automatically to related mappers using the annotation processor. With this change it is not longer required to bind mapper explicitly using mapper modules which reduces some boilerplate code.
* Introduce RepositoryCoordinates
RepositoryCoordinates will be used for the enrichment of the embedded repositories of search result hits. This is required, because if we used the normal repository for the enrichment, we would get a lot of unrelated enrichers would be applied.
* Add builder method to HalEnricherContext
With the new builder method it is possible to add an object to the context with an interface as key.
* Add enricher support for embedded repository by applying enricher for RepositoryCoordinates
* Use embedded repository for avatars
The Search api is now simpler, because it provides useful defaults. Only if you want to deviate from the defaults, you can set these values. This is mostly reached by using the builder pattern. Furthermore it is now possible to configure an analyzer per field. The default analyzer is still the one which is derived from the index options, but it is possible to configure a new indexer with the analyzer attribute of the indexed annotation. The attribute allows the configuration for code, identifiers and path. The current implementation uses the same analyzer code, identifiers and path. The new implemented splits tokens on more delimiters as the default analyzer e.g.: dots, underscores etc.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Expose an api which makes it easy to detect the content type of files. The api is based on the spotter api, but does not expose spotter classes.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Add a dedicated search page with more results and different types.
Users and groups are now indexed along with repositories.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
The search link of the index resource is now an array of links instead of single templated link.
The array contains one link for each searchable type.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
We introduced a new annotation '@IndexedType' which gets collected by the scm-annotation-processor. All classes which are annotated are index and searchable. This opens the search api for plugins.
Add a powerful search engine based on lucene to the scm-manager api.
The api can be used to index objects, simply by annotating them and add them to an index.
The first indexed object is the repository which could queried by quick search in the header.
Using a default user with a default password has the implicit risk, that this user is not changed and therefore this system can be compromised. With this change, SCM-Manager does not create the default user with the default password on startup any more, but it shows an initial form where the initial values for the administration user have to be entered by the user. To secure this form, a random token is created on startup and printed in the log.
To implement this form, the concept of an InitializationStep is introduced. This extension point can be implemented to offer different setup tasks. The creation of the administration user is the first implementation, others might be things like first plugin selections or the like.
Frontend components are selected by the name of these initialization steps, whose names will be added to the index resource
(whichever is active at the moment) and will be show accordingly.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Add list of emergency contacts to global configuration. This user will receive e-mails and notification if some serious system error occurs like repository health check failed.
Simplifies the class RepositoryTypeSupportChecker. There is no need to fall back to the super type Type`.
So we do not need to manually check for type safety.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
The embedded avatar object of the repository avatar plugin
leads to an exception without this configuration, when
a repository json object is deserialized. This happens
for example when the description of a repository should
be modified.
In the release of version 2.0.0 of SCM-Manager, the health checks had been neglected. This makes them visible again in the frontend and adds the ability to trigger them. In addition there are two types of health checks: The "normal" ones, now called "light checks", that are run on startup, and more intense checks run only on request.
As a change to version 1.x, health checks will no longer be persisted for repositories.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
This fixes responses with complete stack traces for
requests with invalid urls, for example such containing
backslash ('') in the query parameter part (eg. q=search).
In this case the response contains an error object due to
this error, and requesting the uri info would trigger the
same error a second time, only that now the exception mapper
would not catch the error again. So we check whether we have
an error object before trying to create an enricher context.
Expose metrics about:
- User login attempts
- Failed user logins
- User logouts
- General successful accesses to SCM-Manager via any authentication realm
- General failed accesses to SCM-Manager
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
With this pull request, diffs for Git are loaded in chunks. This means, that for diffs with a lot of files only a part of them are loaded. In the UI a button will be displayed to load more. In the REST API, the number of files can be specified. This only works for diffs, that are delivered as "parsed" diffs. Currently, this is only available for Git.
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Add search for files to the sources view. The search is only for finding file paths. It does not search any file metadata nor the content. Results get a rating, where file names are rated higher than file paths. The results are sorted by the score and the first 50 results are displayed.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
