Re: Integrating npm front-end with Kallithea

On 8 November 2017 at 14:42, Mads Kiilerich <m...@kiilerich.com> wrote: > On 11/08/2017 01:44 PM, Andrew Shadura wrote: >> >> On 8 November 2017 at 12:37, Mads Kiilerich <m...@kiilerich.com> wrote: >>> >>> On 11/08/2017 08:53 AM, Andrew Shadura wrote:

Re: Integrating npm front-end with Kallithea

On 8 November 2017 at 03:46, Mads Kiilerich wrote: > Hello, Community > > Big parts of Dominik's front-end work around introducing Bootstrap has > landed. Thanks! > > The next step require a bit of an architectural decision. I would like to > share it here to get

Re: WebApp Error: ValueError: '12d262c861ecacc5cf381198e923ab71b70046eb' is not in list

Hi, On 19 July 2017 at 20:09, Dominik Ruf <dominik...@gmail.com> wrote: > Andrew Shadura <and...@shadura.me> schrieb am Mi., 19. Juli 2017 um 18:59 > Uhr: >> >> On 19 July 2017 at 18:48, Dominik Ruf <dominik...@gmail.com> wrote: >> > Okay thanks. I'll

Re: Future JavaScript charts library

On 4 August 2017 at 14:14, Dominik Ruf wrote: > Hi all, > > the top entry on our 'roadmap' is killing the last remaining parts of YUI. > I'm now nearly ready to create a pull request that replaces YUI autocomplete > with a select2 solution. > AFAIS this leaves YUI flot (used

Call for translations for for Kallithea 0.9

Hello everyone, As you're probably aware, we're planning to release Kallithea 0.9 soon. Unfortunately though, many of our translations are out of date and need to be updated to match our current UI strings. If you care about translation of Kallithea in your language and can help, please don't

Kallithea 0.3.3 released

Hello everyone, A new stable bugfix release of Kallithea, 0.3.3, has just been released. It brings a number of bug fixes that had already been applied on the stable branch for too long, support for Mercurial 4.2, and a few other minor changes. As always, the release is available from PyPi:

Re: Eating our own dog food

On 17 July 2017 at 10:29, Dominik Ruf wrote: > I tried to push my latest (rebased) bootstrap changesets to > kallithea-incoming, > but I got 403 Forbidden :-( Try now. -- Cheers, Andrew ___ kallithea-general mailing list

[PATCH] git: don't show errors when two heads are unrelated

# HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1499563683 18000 # Sat Jul 08 20:28:03 2017 -0500 # Node ID 2e81b5a48ffb50115e25b9b9eedb959aeedcecda # Parent cf3d4094791c2108392d7f76d958cd08a9c523f3 git: don't show errors when two heads are unrelated When two

Re: The future of this project

On 13/06/17 10:04, Marcin Kuźmiński wrote: > Hi All, > > Given the opportunity of this email thread, i'd like to pitch in the > open-source version of RhodeCode CE again. > > - A fully functional, free AGPL v3.0 software > - based on a modern web framework - Pyramid > - we had almost 20 releases

[PATCH v2] git: add references for Git pull request heads

# HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1492258239 -7200 # Sat Apr 15 14:10:39 2017 +0200 # Node ID 977c0cfec8c00806d4331ebf402ce492657cf34a # Parent a1f8bf0428c5a3123da9c3ba2dbd8ada50be0b0e git: add references for Git pull request heads When a pull r

Re: [RFC PATCH] auth: detect password hashing algorithm when storing and checking passwords

On 10/04/17 02:00, Mads Kiilerich wrote: >> I don't know anything about the status of bcrypt on Windows. Dominik, >> could >> you please verify what is it? Does bcrypt work at all on Windows? Does it >> work effeciently enough? Are there any issues? > > I agree we could assume that bcrypt also

[RFC PATCH] auth: detect password hashing algorithm when storing and checking passwords

for SHA256 authentication completely and add a bit of code to force users to change their passwords to passwords with different SHA256 hashes. Any thoughts on this? # HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1491588381 -7200 # Fri Apr 07 20:06:21 2017 +0200 # N

Re: [PATCH] pygmentsutils: don't fail if an extension doesn't speficy EXTRA_LEXERS

On 5 April 2017 at 02:16, Mads Kiilerich wrote: > That's a lot of checking before doing. I wonder if it would be cleaner to do > something like: > > _lexer_name = getattr(kallithea.EXTENSIONS, 'EXTRA_LEXERS', > {}).get(extension) > if _lexer_name is not None: > ... > > If

[PATCH] pygmentsutils: don't fail if an extension doesn't speficy EXTRA_LEXERS

# HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1491317675 -7200 # Tue Apr 04 16:54:35 2017 +0200 # Node ID 860e1f4e02146a9f5731ed426f6f36419e2f4110 # Parent f58ed40c9a72ce0b72fa7ce4f8b7da843430bc57 pygmentsutils: don't fail if an extension doesn't speficy EXTRA_

Patchwork instance

Hello everyone, I’m just letting you know I have set up a Patchwork instance at http://patchwork.kallithea-scm.org/project/kallithea/list/ All patches submitted to this list will appear there along with their comments. The patches aren’t yet marked as accepted automatically when merged, but

[PATCH 1 of 2] setup: don't constrain docutils version

# HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1484423808 -3600 # Sat Jan 14 20:56:48 2017 +0100 # Node ID 15b013ad9029d572633c5e915a36058ab6fa53aa # Parent 1ab38cd7270481c09e1adbef0d84d8d9dbef37f4 setup: don't constrain docutils version Docutils maintains

[PATCH 2 of 2] setup: bump babel version to <2.4

# HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1484423997 -3600 # Sat Jan 14 20:59:57 2017 +0100 # Node ID 4a89c7f8144cef73e46df738be45c5b2e5667224 # Parent 15b013ad9029d572633c5e915a36058ab6fa53aa setup: bump babel version to <2.4 Babel versions up to 2.3.

[PATCH] style: fix the CSS selector referring to the notification box

# HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1484154619 -3600 # Wed Jan 11 18:10:19 2017 +0100 # Node ID 555c69e38194c708415f36410d40e5fb9c6a506b # Parent c419161d7812f6edf3c6a962a7233e08c3b9b3b5 style: fix the CSS selector referring to the notificati

Re: [PATCH stable] diff: don't cut binary diff parsing short

On 02/01/17 23:20, Mads Kiilerich wrote: > On 01/02/2017 07:17 PM, Andrew Shadura wrote: >> diff: don't cut binary diff parsing short >> >> With binary diffs, user might want to see something more meaningful >> than just 'Binary file', for example, an image diff. Howev

[PATCH stable] diff: don't cut binary diff parsing short

kallithea/lib/diffs.py | 7 +-- 1 files changed, 1 insertions(+), 6 deletions(-) # HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1483380766 -3600 # Mon Jan 02 19:12:46 2017 +0100 # Branch stable # Node ID ee8c9993a3aacb371fc5e59addc9434008290679 #

Git support in Kallithea

Hi, On 24 October 2016 at 19:08, Sathishkumar Duraisamy wrote: > Can you add me to the project Speaking of which… I think it was you who offered some help with Git support. Have you done anything so far? I have played with it, had some ideas, but haven't had enough

Re: Improved issue/task management

On 24 October 2016 at 09:57, Dominik Ruf wrote: > Can you add me to the Project? > Eventhough it says the Project is looking for people, I can't find a way to > join. Oddly, I haven't found a way to do that :) -- Cheers, Andrew

Re: Improved issue/task management

Hi, On 23 October 2016 at 13:38, Dominik Ruf wrote: > A quick web search lead me to taiga.io. I don't know if anybody already > knows it, but it seems it supports my requirements above and it is open > source. It also has a simple wiki which would allow as to completely get

Re: Connecting Kallithea and RhodeCode

[Cc'ed Kallithea mailing list] Hi Dmitry, On 31/08/16 19:30, Dmitry Konchalenkov wrote: > Hi Andrew, > > My name is Dmitry, I recently joined RhodeCode. I saw your email on the > Mailing List of Kallithea and decided to reach out to you directly, hope > it is appropriate. Well, actually I find

Re: Certificate expired today

On 4 July 2016 at 14:00, Andrew Shadura <and...@shadura.me> wrote: > On 4 July 2016 at 12:56, Dominik Ruf <dominik...@gmail.com> wrote: >> The certificate for https://kallithea-scm.org expired today. > > Known issue, working on that. I've put a replacement certif

Re: Certificate expired today

On 4 July 2016 at 12:56, Dominik Ruf wrote: > The certificate for https://kallithea-scm.org expired today. Known issue, working on that. -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org

Re: Some questions about kallithea(long running tasks progress and used web technologies)

On 14 June 2016 at 09:45, Eugene Chekanskiy wrote: > First of all - I an new to kallithea and want to say big thanks to everyone > who are developing this product, my first impression is very positive, > kallithea has almost everything that I need. > And now - questions: >

Re: Using changeset obsoletion with Kallithea

On 29/05/16 21:01, Thomas De Schampheleire wrote: > On Sun, May 29, 2016 at 12:53 PM, Andrew Shadura <and...@shadura.me> wrote: >> Hello everyone, >> >> I've been using and advocating use of changeset obsoletion for quite a >> while now, and tried to use

Re: Using changeset obsoletion with Kallithea

On 29 May 2016 at 12:53, Andrew Shadura <and...@shadura.me> wrote: > With obsoletion, no changesets are stripped. Instead, a new changeset is > created, along with an obsoletion marker: > > → A → B → C⇒→ A → B ⇢ C > ↘ C’ > > (C’ ob

Using changeset obsoletion with Kallithea

Hello everyone, I've been using and advocating use of changeset obsoletion for quite a while now, and tried to use it when submitting pull requests to Kallithea as well, but I noticed very few people seem to understand how it works, and some people seem to be a bit wary about it, so I thought it

Re: Future plans for DB schema changes

On 18 May 2016 at 15:11, Søren Løvborg wrote: > The changesets marked [4.0] are (more or less) ready and proposed for > inclusion in the upcoming 4.0 release. Even though they don't contain > complete Alembic support, and do not actually define any Alembic > migration scripts,

Re: Future plans for DB schema changes

On 16 May 2016 at 11:08, Mads Kiilerich wrote: > On 05/16/2016 12:02 PM, Dominik Ruf wrote: >> >> Hello all, >> >> I wanted to ask what to future plan for DB schema changes are. > > > We have very little confidence in the existing database migration > functionality. Even

Re: systemd startup script

On 6 May 2016 at 16:32, Andrew Shadura <and...@shadura.me> wrote: > On 6 May 2016 at 15:38, Nagy Ákos <nagy.a...@codespring.ro> wrote: >> This script can start celeryd and kallithea in same unit, but because >> celeryd can't run as daemon and I don't know how to run in

Re: systemd startup script

On 6 May 2016 at 15:38, Nagy Ákos wrote: > This script can start celeryd and kallithea in same unit, but because > celeryd can't run as daemon and I don't know how to run in background, > termination with time out: You don't need to do anything special to run it in the

Re: systemd startup script

On 06/05/16 14:25, Nagy Ákos wrote: > 2016. 05. 06. 14:58 keltezéssel, Georges Racinet írta: >> Hi, >> >> On 05/06/2016 01:51 PM, Nagy Ákos wrote: >>> Hi, >>> >>> I wrote a systemd startus script, and test it on Ubuntu 16.04. >>> I try to create a pull request, but i'm not familiar with it. >> I'm

Re: Kallithea 0.3.2 released

On 04/05/16 09:52, Nagy Ákos wrote: > 2016. 05. 02. 20:23 keltezéssel, Andrew Shadura írta: >> Hello everyone, >> >> A new stable bugfix release of Kallithea, 0.3.2, has just been released. >> It fixed a number of bugs, improves the documentation a bit, and >>

Kallithea 0.3.2 released

Hello everyone, A new stable bugfix release of Kallithea, 0.3.2, has just been released. It fixed a number of bugs, improves the documentation a bit, and importantly, fixes CVE-2016-3691 and CVE-2016-3114. Please upgrade! As always, the release is available from PyPi:

[SECURITY ISSUES] CVE-2016-3691 and CVE-2016-3114

Hello everyone, We've discovered the following security issues in Kallithea. CVE-2016-3114: Privilege escalation === The vulnerability that allowed logged-in users to edit or delete open pull requests associated with any repository to which they had read access,

Re: kallithea-scm.org is down

Hi Dominik, On 08/04/16 11:25, Dominik Ruf wrote: > kallithea-scm.org is down for a while now. > Can somebody look at this? Unfortunately, the VPS provider's network went down. I filed a support request, but there haven't been any news from them yet :( -- Cheers, Andrew signature.asc

Re: Git pull requests don't support updates yet.

re not updated when we commit further in the same branch. This seems to be very important for git workflow. >> >> What and where are possible changes required to implement this feature. If anyone working on this feature, please give your branch/repo link, I would like to join to implement this.

Re: Git pull requests don't support updates yet.

I'm very sorry, my mobile GMail-fu is far from being perfect. I hope you have received my messages :-) -- Cheers, Andrew ___ kallithea-general mailing list kallithea-general@sfconservancy.org

Fwd: Re: Git pull requests don't support updates yet.

-- Cheers, Andrew -- Forwarded message -- From: "Andrew Shadura" <and...@shadura.me> Date: 6 Apr 2016 22:06 Subject: Re: Git pull requests don't support updates yet. To: "Mads Kiilerich" <m...@kiilerich.com> Cc: Hi again, On 6 Apr 2016 21:58

Kallithea 0.3.1 released

Hello everyone, A stable bugfix release of Kallithea, 0.3.1, has just been released. This release brings a bunch of bug fixes, support for Mercurial 3.7.x and Python 2.7.11, and translation updates. Please note that the recommended way to install Kallithea is using pip. Instead of ./setup.py

Re: Markdown support

On 27 February 2016 at 16:54, Angel Ezquerra wrote: > Is there a way to use markdown, rather than RST, in Kallithea? My team > has used markdown quite a bit already, and they like it, but they do > not have experience with RST. Currently, RST is disabled in the

Re: [PATCH] auth: support both old and new python-pam API

On 25/02/16 14:51, Søren Løvborg wrote: >> Any feedback, anyone? :) > Looks reasonable to me. I assume you verified that it works under both > old and new versions with the new service argument? Yes, I did (manually), and I also ran tests automatically using my drone.io account. -- Cheers,

Re: [PATCH] auth: support both old and new python-pam API

On 24/02/16 14:10, Andrew Shadura wrote: > # HG changeset patch > # User Andrew Shadura <and...@shadura.me> > # Date 1456317153 -3600 > # Wed Feb 24 13:32:33 2016 +0100 > # Node ID 9e0c363ed9eaf72fe0faf0da4a80065dc2faf8da > # Parent 05a85a6cecba5c8caeb7996590365d5d

Re: Kallithea CI

On 24/02/16 14:51, Dominik Ruf wrote: > I mean when using KALLITHEA_NO_TMP_PATH=1. Oh, right. > None of your successful runs used KALLITHEA_NO_TMP_PATH=1, did they? Yes, that's right. > When I use KALLITHEA_NO_TMP_PATH=1 I need the changes from >

[PATCH] auth: support both old and new python-pam API

# HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1456317153 -3600 # Wed Feb 24 13:32:33 2016 +0100 # Node ID 9e0c363ed9eaf72fe0faf0da4a80065dc2faf8da # Parent 05a85a6cecba5c8caeb7996590365d5d9bc523c9 auth: support both old and new python-pam API python-p

Re: Kallithea CI

On 24/02/16 12:50, Dominik Ruf wrote: > It is definitely broken. > But with this fix > https://bitbucket.org/domruf/kallithea/commits/7f963eb6354952dad842ba6ea16 > 67dc5b77b6dd3 > the tests pass on my personal linux machine. > > I think the problem on drone.io is the that drone.io prevents the

Re: Kallithea CI

On 24/02/16 11:12, Dominik Ruf wrote: > So our setup show different kind of problems. > > I don't use the KALLITHEA_NO_TMP_PATH=1 option. > Maybe you should add something like "sleep 60" after starting the test > instance because it takes a while until the repositories and the DB is > setup.

Re: Kallithea CI

On 22/02/16 22:26, Thomas De Schampheleire wrote: >>> http://article.gmane.org/gmane.comp.version-control.kallithea/3 >>> But it never went anywhere. So I make an new proposal. >>> >>> Basically the idea is to create a CI server that runs all the tests and >>> makes the currently failed tests

Re: [PATCH v3] auth: let users log in using their email address

On 30/01/16 16:46, Andrew Shadura wrote: > Hello, > > I have re-implemented the old patch I submitted in May, doing it at a > different level. Also, this time I'm submitting it as a pull request at Ook: > > https://kallithea-scm.org/repos/kallithea/pull-request/18/ I have

Re: New commits on Our Own Kallithea

On 01/02/16 01:10, Our Own Kallithea wrote: > > db: always match user emails case insensitively This commit removes > case-sensitive email matching. It also adds a couple of tests which > fail, to demonstrate... > >

[PATCH v3] auth: let users log in using their email address

Hello, I have re-implemented the old patch I submitted in May, doing it at a different level. Also, this time I'm submitting it as a pull request at Ook: https://kallithea-scm.org/repos/kallithea/pull-request/18/ -- Cheers, Andrew ___

Re: Proposal for TurboGears2 port

On 28/01/16 00:09, Alessandro Molina wrote: >> > Well I can work on a proof of concept and have a version of Kallithea >> > running on TG, but as I don't know much of the codebase and what should be >> > the expected behaviour it will still require much work from the Kallithea >> > team to port

Re: Kallithea meeting at FOSDEM 2016?

On 24/12/15 13:46, Thomas De Schampheleire wrote: >> Anyway: if you four will be at FOSDEM and be willing to spend some > time on Kallithea, I will try to make it too. > > I was not envisioning meeting for one hour and then saying goodbye. For > me, the sessions at FOSDEM are entirely optional

Re: Kallithea meeting at FOSDEM 2016?

On 22/12/15 11:54, Thomas De Schampheleire wrote: > FOSDEM is a free-and-open-source-software conference held each year in > Brussels, Belgium. Upcoming edition is on January 30 (Saturday) and 31 > (Sunday), 2016. [1] > > I'm wondering if there is any interest in having a meeting with > Kallithea

Re: SVN Repository

Hello Andrea, On 16/11/15 12:53, Andrea Taini wrote: > Our Organization is considering Kallithea as Software versioning > management System, because of its multi-model repository, that can deal > with .git, Mercurial and (probably) Subversion. This is very nice to hear, I hope you're going to

Kallithea 0.3 released

Hello everyone, Since 0.2, we have had two stable releases fixing important security and stability issues. This release, 0.3, brings more changes, new functionality, improvements and bugfixes. Thanks to our translators at Weblate, we've made significant progress in localisation Kallithea, and our

[SECURITY ISSUE] CVE-2015-5285: HTTP header injection

kallithea-scm.org/security/cve-2015-5285.html> [3] Mercurial changeset fixing the issue <https://kallithea-scm.org/repos/kallithea/changeset/38d1c99cd0005c1df5a37692615356c918dbe068> [4] Zero Science Lab <http://www.zeroscience.mk/en/> -- Cheers, Andrew Shadura on b

setup.py issues a warning

Hello everyone, I tried to install the latest Kallithea (stable branch) into a virtualenv, and noticed it doesn't work anymore for me. I created a new virtualenv from scratch (see logs): (env)$ ./setup.py /usr/lib/python2.7/distutils/dist.py:267: UserWarning: Unknown distribution option:

Re: [PATCH] login: strip possible prefix from came_from if it's present

On 16/09/15 21:34, Mads Kiilerich wrote: >> >> Also, reject came_from URL not belonging to our application. > > It seems to be that the problem is that we put the absolute URL > (url.current()) in came_from; instead we should use PATH_INFO which is > relative to SCRIPT_NAME. Putting a bogus URL

[PATCH] login: strip possible prefix from came_from if it's present

# HG changeset patch # User Andrew Shadura <and...@shadura.me> # Date 1442411574 -7200 # Wed Sep 16 15:52:54 2015 +0200 # Node ID 69ea9fc01a602f290b9e78b7cd057a899fa5ff37 # Parent 889ff0f436c8b57f5962e204e699cbabc6d33aac login: strip possible prefix from came_from if it's present

[PATCH v2] auth: secure password reset implementation

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431821238 -7200 # Sun May 17 02:07:18 2015 +0200 # Node ID c4ad7e6deed43b0f725b60b37ae1d2161eead200 # Parent e84c2738fbd84569492c56e5a9361ee94af5d420 auth: secure password reset implementation This is a better

Re: [PATCH] privacy: don't tell users what is the reason for a failed login

On 31 July 2015 at 15:53, Mads Kiilerich m...@kiilerich.com wrote: privacy: don't tell users what is the reason for a failed login I changed my mind enough to push this one ;-) \o/ :) -- Cheers, Andrew ___ kallithea-general mailing list

[PATCH 1 of 6] graph: show obsolete changesets with an 'X'

# HG changeset patch # User Sean Farley sean.michael.far...@gmail.com # Date 1404884154 18000 # Wed Jul 09 00:35:54 2014 -0500 # Node ID 011e77e80ae34ba9a19b8591c78959feee5934b9 # Parent 82faecc2132459bf0ba2717f2178ce6b3672e268 graph: show obsolete changesets with an 'X' diff --git

[PATCH 0 of 6] Evolve support patches from Sean

Hello everyone, I'm submitting the some of the patches Sean Farley wrote a while ago to support changeset obsoletion and evolution. I've been using them for a while and they don't seem to break stuff. There were more patches, but some of them didn't work always right and also seem obsolete

[PATCH 4 of 6] templates/changeset: display successor changesets

# HG changeset patch # User Sean Farley sean.michael.far...@gmail.com # Date 1406668550 18000 # Tue Jul 29 16:15:50 2014 -0500 # Node ID 28e4930d9bc2593c6e2b43629dc8b1f9122a7a5e # Parent b08991c9389cbc64e5145b71629079fa7059fa6c templates/changeset: display successor changesets diff --git

[PATCH 2 of 6] graph: draw edges to obsolete changesets as dashed

# HG changeset patch # User Sean Farley sean.michael.far...@gmail.com # Date 1404932959 18000 # Wed Jul 09 14:09:19 2014 -0500 # Node ID 1d08fb9cd850269f7f771e54f3e9496d49fcb102 # Parent 011e77e80ae34ba9a19b8591c78959feee5934b9 graph: draw edges to obsolete changesets as dashed diff --git

Re: [PATCH] secure password reset implementation

On 23/07/15 15:53, Mads Kiilerich wrote: On 07/19/2015 03:35 PM, Andrew Shadura wrote: # HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431821238 -7200 # Sun May 17 02:07:18 2015 +0200 # Node ID 98cb64feddfb89f106f66763462061fd2ca3f412 # Parent

[PATCH] secure password reset implementation

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431821238 -7200 # Sun May 17 02:07:18 2015 +0200 # Node ID 98cb64feddfb89f106f66763462061fd2ca3f412 # Parent f103b1a2383bc4fba5d28f9732ba832025e3bf00 secure password reset implementation This is a better implementation

Fwd: GitHub “pull request ” is proprietary, incom patible with Git ‘requ est-pull ’

It turns out the way I tried to forward this email didn't work well. -- Forwarded message -- From: Simon McVittie s...@debian.org Date: 17 July 2015 at 01:13 Subject: Re: GitHub “pull request ” is proprietary, incom patible with Git ‘requ est-pull ’ To:

Fwd: Re: GitHub “pull request ” is proprietary, incom patible with Git ‘requ est-pull ’

Hi, We have discussed something similar, but for Mercurial and bundles. It turns out a Git implementation is *almost* ready. -- Cheers, Andrew ---BeginMessage--- On 16/07/15 18:14, Ian Jackson wrote: Can you point me at the server code, or configuration that handled your push ?

Kallithea 0.2.2

Kallithea 0.2.2 has been released. Kallithea is a GPLv3 source code management software for web-based hosting of Mercurial and Git repositories. This release is a stable bugfix release. It fixes issues we've discovered since the release 0.2.1. Important changes are security improvements which

Re: [PATCH] comments: remove dysfunctional comment bubble on compare and file views (issue #84)

Hey, On 18 June 2015 at 09:01, Thomas De Schampheleire patrickdeping...@gmail.com wrote: I just sent another approach, using the surrounding commentable-diff idea. The patch turns out to be very small, indeed much better than the first approach. Let me know what you think... I like it! :)

[PATCH] admin: reenable update checks

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1433851102 -7200 # Tue Jun 09 13:58:22 2015 +0200 # Branch stable # Node ID c670a49f595d5f03f924338adbe0de3fdd7853f6 # Parent 9c067ee8d368b7890f3cababc9bdfbf31ab8bfe7 admin: reenable update checks URL is hardcoded here

[PATCH 1 of 3 v2] privacy: on password reset, don't tell strangers if email is valid or not

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431787037 -7200 # Sat May 16 16:37:17 2015 +0200 # Node ID 9b7a12fef6f4922730fb9e690e0567a6a4b32473 # Parent d7f13c2a28bacccdab00745a8dccf39fa4c40e31 privacy: on password reset, don't tell strangers if email is valid

[PATCH v2] tests: update password reset form test to employ only a simple @ check

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1433675592 -7200 # Sun Jun 07 13:13:12 2015 +0200 # Node ID 8cedad478da7d4644634b0a33c89a0ea56eca8c2 # Parent 9b7a12fef6f4922730fb9e690e0567a6a4b32473 tests: update password reset form test to employ only a simple @ check

Re: Making pytest the standard test suite (instead of nose)

Hello, On Tue, 2 Jun 2015 08:49:28 +0200 Andrew Shadura and...@shadura.me wrote: I've been using pytest for a while now, and think we should consider making it the default test suite instead of nose. Meanwhile, neither nose nor pytest work for me at the moment, for different reasons. Nose

Re: Making pytest the standard test suite (instead of nose)

Hello, On Sun, 31 May 2015 12:57:05 +0200 Thomas De Schampheleire patrickdeping...@gmail.com wrote: I've been using pytest for a while now, and think we should consider making it the default test suite instead of nose. Meanwhile, neither nose nor pytest work for me at the moment, for

[PATCH] spelling: IP address, IPv4, IPv6

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1432641306 -7200 # Tue May 26 13:55:06 2015 +0200 # Node ID 86d6bfb6ca037549192e5217ce84c799210b57dd # Parent c142eac083a2239e1ccf1cc4a5c5712b0559541c spelling: IP address, IPv4, IPv6 diff --git a/kallithea/controllers

Re: [PATCH] privacy: don't tell users what is the reason for a failed login

Hello, On Tue, 19 May 2015 17:15:30 +0200 Mads Kiilerich m...@kiilerich.com wrote: I think the current implementation is wrong when it does any kind of login verification in the user friendly form code. The authentication should be done explicitly in the controller. (That would also make

[PATCH] utils: return 'never' when the age is None

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1432232093 -7200 # Thu May 21 20:14:53 2015 +0200 # Node ID 3737e67c7cbb89750dd8b3b5f76a003678792f3f # Parent 8d43a8174c960779437c2d8de7a0906a8cd14128 utils: return 'never' when the age is None diff --git a/kallithea/lib

Re: [PATCH PoC] secure password reset implementation

By the way, for the record to others: We will need a similar scheme for verifying email addresses configured by users. I will work on that when I have this feature done. -- Cheers, Andrew ___ kallithea-general mailing list

Re: [PATCH PoC] secure password reset implementation

Hello, On Tue, 19 May 2015 17:10:46 +0200 Mads Kiilerich m...@kiilerich.com wrote: The idea behind is to generate a token which is dependent on the user state at the time before the password change takes place, so the token is one-time and can't be reused, and also to bind the token the

[PATCH] privacy: on password reset, don't tell strangers if email is valid or not

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431787037 -7200 # Sat May 16 16:37:17 2015 +0200 # Node ID 388a6eada55925cb55cd2368e47a6115d833b4c1 # Parent 93de511e84fe940786acf468789a77daed83a461 privacy: on password reset, don't tell strangers if email is valid

Re: [PATCH] privacy: on password reset, don't tell strangers if email is valid or not

Hello, On Sat, 16 May 2015 16:37:42 +0200 Andrew Shadura and...@shadura.me wrote: Password reset form might be used to check if users with specific email addresses have accounts in the system by requesting their password to be reset. It's probably not a good idea to give this sort

Re: [PATCH] privacy: don't tell users what is the reason for a failed login

Hello, On Sat, 16 May 2015 17:04:06 +0200 Andrew Shadura and...@shadura.me wrote: raise formencode.Invalid(msg, value, state, -error_dict=dict(username=msg, password=msg2) +error_dict=dict(username=' ',password=msg

[PATCH] privacy: don't tell users what is the reason for a failed login

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431788631 -7200 # Sat May 16 17:03:51 2015 +0200 # Node ID cb911e90e205bdb18fc2e2bd66549ea388d00413 # Parent 388a6eada55925cb55cd2368e47a6115d833b4c1 privacy: don't tell users what is the reason for a failed login Makes

Re: [PATCH PoC] secure password reset implementation

Hello, On Sun, 17 May 2015 02:07:40 +0200 Andrew Shadura and...@shadura.me wrote: # HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431821238 -7200 # Sun May 17 02:07:18 2015 +0200 # Node ID 8d43a8174c960779437c2d8de7a0906a8cd14128 # Parent

Re: [PATCH v2] auth: let users log in using their email address

Hello, On Sun, 17 May 2015 01:50:56 +0200 Mads Kiilerich m...@kiilerich.com wrote: diff --git a/kallithea/controllers/login.py b/kallithea/controllers/login.py --- a/kallithea/controllers/login.py +++ b/kallithea/controllers/login.py @@ -121,9 +121,15 @@ class

[PATCH PoC] secure password reset implementation

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431821238 -7200 # Sun May 17 02:07:18 2015 +0200 # Node ID 8d43a8174c960779437c2d8de7a0906a8cd14128 # Parent cb911e90e205bdb18fc2e2bd66549ea388d00413 secure password reset implementation This is a better implementation

[PATCH] auth: let users log in using their email address

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431709586 -7200 # Fri May 15 19:06:26 2015 +0200 # Node ID 1a7787acd1276557128ac6f8cd274b39c86ebbae # Parent 95bffe63997d40bfab5ae6b8d1a54859d6275471 auth: let users log in using their email address diff --git a/kallithea

[PATCH] style: make the login page Bootstrap-ready

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1431466361 -7200 # Tue May 12 23:32:41 2015 +0200 # Node ID 60b8288f777e5da27b7028ca6b98b1c7ddb4349a # Parent 08c73fbea76d78033cb3e7877d4b21935650ac17 style: make the login page Bootstrap-ready Change the template to use

Re: [PATCH 1 of 2] rst: in @mention parser, escape spaces so they don't go to HTML

I don't think I have seen this - can you point at a before example? Perhaps also describe it in the commit message. No link at the moment, but every time you type something like this: @username, have you seen it? it turns into: @username , have you seen it? So an extra space is

[PATCH 1 of 2] rst: in @mention parser, escape spaces so they don't go to HTML

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1430840290 -7200 # Tue May 05 17:38:10 2015 +0200 # Node ID 4a68442ad0a1898c08ea4a249b032bb73cd8c90e # Parent 7dca6303d91ddb98bcc62f085d5342609a4d40b2 rst: in @mention parser, escape spaces so they don't go to HTML

Re: [PATCH PoC] Use webassets and lesscpy to precompile LESS into CSS and (optionally) minify JavaScript

Hello, On Mon, 27 Apr 2015 12:12:10 +0200 Andrew Shadura and...@shadura.me wrote: diff --git a/kallithea/public/css/kallithea.less b/kallithea/public/css/kallithea.less new file mode 100644 --- /dev/null +++ b/kallithea/public/css/kallithea.less @@ -0,0 +1,6 @@ +// main lesscss style sheet

[PATCH PoC] Use webassets and lesscpy to precompile LESS into CSS and (optionally) minify JavaScript

diff --git a/kallithea/config/environment.py b/kallithea/config/environment.py --- a/kallithea/config/environment.py +++ b/kallithea/config/environment.py @@ -33,6 +33,7 @@ from kallithea.config.routing import mak from kallithea.lib import helpers from kallithea.lib.auth import

[RFC] Search box

Hello, While playing with Bootstrap styling, I came across the following question: should we display a search box instead of a link to the search page? I first implemented a search box which appears after clicking Search button on the front page. When users type in the box, a dropdown appears,

[PATCH] css: make 'add comment' button look more like a button

# HG changeset patch # User Andrew Shadura and...@shadura.me # Date 1429637769 -7200 # Tue Apr 21 19:36:09 2015 +0200 # Node ID fe9a1f5d259c186b7d9cd0c3e10aa99217a37fed # Parent c7997c7ed325ddea499549a3d66dc5f006fcba33 css: make 'add comment' button look more like a button diff --git

  1   2   >