Cloning repositories with LFS data via ssh requires the creation of access tokens using a subject authenticated with an already scoped token (the first scoped token is created by the ssh lfs authentication command; with this token the further requests are issued which will create further tokens for the individual lfs download requests). This failed, because such a creation was rejected without further checks. Now we test, whether the requested scope is permitted by the current scope.
This adds the possibility to load files managed by lfs to the repository import of git repositories.
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
The pending queue is updated after all the plugins to be installed are collected, and then we already may have duplicate entries. Because of this we check right on the collecting step if the plugin was already added during this single action.
If a POST request is submitted to the rest api for repostory permissions, the regex validator ignores the name field if it is null, which leads to an internal server error and breaks any further attempts to interact with that repository. An additional not-null constraint resolves this problem.
We stumbled upon errors accessing index from plugins which were not yet initialized. To prevent this errors we use our own No-Op IndexReader for missing indices.
Adds a new button to repository settings to allow users to manually delete and re-create search indices. The actual re-indexing is happening in plugins that subscribe to the newly created event.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Adds the CLI commands that are available to handle repository permissions on repositories for namespaces.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
First, we make "encryptPassword" in the PasswordService
idempotent, so that the method will not change the password
when the method is called with an already encrypted string.
Then, in the user manager, we will always call this method
to encrypt the password, if this is not already the case.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Passwords should be checked when created or changed in the frontend just as they are in the backend for REST and CLI.
Also extend the password validation to allow upto 1024 characters instead of 32.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Branches that have already been checked as valid should not be displayed as faulty on branch overview.
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Adds a new initialization step after setting up the initial administration account that allows administrators to initialize the instance with a selection of plugin sets.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
Co-authored-by: Eduard Heimbuch <eduard.heimbuch@cloudogu.com>
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Unit tests which deal with translated text need to be specific about
the language the test should use. Otherwise system default gets used
which may lead to problems. Also line endings may be a problem on
different OS.
This fixes two of the above issues.
Translate CLI parameter exceptions to german. We explictly do not translate the default english exceptions to custom ones since the default messages are more specific/helpful.
This limits the scope of all cli related classes, so that
they cannot be used outside of cli context and therefore
cannot confuse other developers.
Secondly, we rename RepositoryCommandDto to
RepositoryCommandBean, because we have no data transfers
here and the name might be confusing otherwise.
To make SCM-Manager more accessible and to make it easier using scripts against the server, we created a command line interface. This command line interface can be used to perform the default actions like create, modify and delete repositories. It is also very flexible and can be extended by plugins.
The CLI already supports internationalization, help texts, input validation, loose and table-like templates and nested subcommands. Check the cli guidelines to learn how add new cli commands.
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Fixes an error that arises, when a plugin with search
indices for repositories is removed and later on a repository
is deleted. This led to a null pointer exception in the
SearchableTypeResolver, but only because an "illegal" index
detail without proper type was given as a parameter. This
type cannot be resolved any longer due to the removed plugin.
We therefore can simply filter these index details.
Collapses a folder in code view which only has another folder as its only child. This lets you access a sub-folder which has content directly instead of navigating down the folder tree by clicking every folder separately.
Co-authored-by: René Pfeuffer <rene.pfeuffer@cloudogu.com>
* Update lock files
* Replace usage of org.apache.commons.lang3 with guava
* Update vulnerable version of cron-utils
Update cron-util from version 9.1.3 to 9.1.6.
Version 9.1.6 fixes an arbitrary code execution
vulnerability (CVE-2021-41269).
SCM-Manager is not affected by this issue,
because it is related to the el parsing
of an annotation which we don't use.
If the plugin center authentication fails,
the plugins are fetched without authentication
and a warning is displayed on the plugin page.
Co-authored-by: Konstantin Schaper <konstantin.schaper@cloudogu.com>
On Windows it is much more necessary to close files to avoid locked files which prevent deleting a temporary file or folder. Also paths need to be handled differently because of the drive letter and colon appearing on Windows.
Add security notifications in SCM-Manager to inform running instances about known security issues. These alerts can be core or plugin specific and will be shown to every user in the header.
Co-authored-by: Matthias Thieroff <matthias.thieroff@cloudogu.com>
Co-authored-by: Philipp Ahrendt <philipp.ahrendt@cloudogu.com>
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
Users, groups, repositories and repository roles have been sorted in the rest layer by default if no other sort option was given. In the layers "below" (aka the manager classes or the dao), the collections have been unsorted. This led to the effect, that the autocomplete resource, which did not sort all values beforehand, returned unsorted results. As a sideeffect, direct matches for an input could occur at a random position or not at all (as reported in #1695), when there were enough other matches.
With this pull request the databases for users, groups, repositories and repository roles will use instances of TreeMap instead of LinkedHashMap internally, so that these values are sorted implicitly (by id respectively name for users, groups and repository roles and namespace/name for repositories).
Due to this change the default sort applied in the rest layer could be removed.
Changes the "namespace" input in the repository creation form or the "rename repository" dialog to an
autocomplete input. Of course this is only available for the "custom" namespace strategy.
Fix syntax highlighting on non highlighted fields. Fix ellipsis on new lines in code syntax highlighting. Fix ellipsis on content start or end in non code fields.
Co-authored-by: Sebastian Sdorra <sebastian.sdorra@cloudogu.com>
