Instead of directly connecting to LDAP and attempting to bind
usernames/password, authenticate users through an OAuth2 flow to
Keycloak.
This has the advantage of reusing the same SSO we already have for
Gerrit, Buildkite, ...
However, much of panettone's functionality makes assumptions about
LDAP being used. As a result there are some warts introduced by
this (for now):
* Since LDAP DNs are used as primary keys for users, we have to
construct fake DNs based on LDAP usernames
It might be sensible to migrate this to the UUIDs used by Keycloak
eventually.
* LDAP is part of the serving path for issues (for fetching user
information), however panettone no longer has a way to fetch
arbitrary user information unless it is persisted in its database.
To work around this, we construct a "fake" user based only on its
DN (i.e. only the username is going to be "correct") and use that to
serve issues.
* Email notifications no longer work (panettone can not access email
addresses)
Some of these need to be worked around by persisting some of that
information in the panettone database instead, as we don't want to
give the service the ability to access arbitrary user information
anymore.
We can probably do this with the user settings feature that already
exists and populate it on launch, but as of this commit email and
displayName functionality is simply broken.
Change-Id: Id32bf5e09d67f0f1e883024c6e013eb342f03b05
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5772
Reviewed-by: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Don't render the <ol class="issue-history"> when we have nothing to put
in it, which is the case when there's no issue history and the user is
not logged in. This avoids an awkward-looking double bottom border on
issues with no comments for unauthenticated users.
Change-Id: I1c6aac40e4ba93e9428a0da589c67582b1589c17
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5445
Autosubmit: grfn <grfn@gws.fyi>
Tested-by: BuildkiteCI
Reviewed-by: tazjin <tazjin@tvl.su>
Instead of managing Postgres connections on our own, use the
`with-connection` postmodern function with pooling enabled as a route
decorator.
This should resolve at least some of the issues from b/113 with
leaking connections, and an unreported issue with connections being
reused while transactions are in progress.
Change-Id: I1ed68667a3240900de1ae69df37d2d3018caf204
Reviewed-on: https://cl.tvl.fyi/c/depot/+/5198
Tested-by: BuildkiteCI
Reviewed-by: eta <tvl@eta.st>
Autosubmit: tazjin <tazjin@tvl.su>
(who:html-mode) needs to be set at macro expansion time to properly take
effect which wasn't the case before, but is ensured now by
:compile-toplevel. :load-toplevel ensures that who inside the repl will
behave the same.
Since the :html5 behavior is now actually used, we need to adjust some
of the test cases to account for the different :html5 escaping mode.
Change-Id: I4dfe1d2db38da6a2486fde86596f7e5f50ed8b9f
Reviewed-on: https://cl.tvl.fyi/c/depot/+/4885
Tested-by: BuildkiteCI
Reviewed-by: grfn <grfn@gws.fyi>
Issue bodies tend to be very long, so displaying the full diff whenever
the issue is updated takes up a lot of visual room and is very hard to
read. Specifically for this field, this changes the display to only show
"updated the body of this issue", hiding the previous and new values.
At some point in the future, I'd love to have some CSS fun with active
anchor links to have an "expanded" view that *does* display the previous
and new value, but for now this should be fine - the data isn't gone,
after all!
Fixes: b/111
Change-Id: I0188540188729142e0b9205ff5cc9ea576c4edb6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3142
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
7aebba7, which added anchor links to comments, also incorrectly added
only the *key* for the `:id` attribute to the `li` element for
issue *events*, swallowing up the next form (which happened to be the
username) as the value. this adds a *proper* value for the `:id`
attribute, bringing back the actual display of the username.
Fixes: b/97
Change-Id: I33ee628ddfd4a291e069980512fcc5f74014aac4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3141
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
The accessor function to get the ID of the `model:issue-not-found`
condition is `not-found-id`, not `id`! Also, add a missing space to the
title.
Fixes: b/127
Change-Id: I91c71feaf1fe877e6a14453a9e75cf27d56fee31
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3140
Reviewed-by: sterni <sternenseemann@systemli.org>
Tested-by: BuildkiteCI
This reverts commit 77c09076ec.
Reason for revert: It doesn't work - attempting to request any of the pages now gives:
[ERROR]] No keys match in SWITCH. Testing against
"text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9"
with EQUAL.
Change-Id: Ic4c795fd2a971003a6823a3b68ddee9a03b9f7c9
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3061
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Allow specifying an `Accept: application/json` header to the index and
show issue routes, to request that those pages be returned as JSON.
Change-Id: Ic225139fc9e7fdce0da98984df4ca987685dafe0
Reviewed-on: https://cl.tvl.fyi/c/depot/+/3043
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Emails for (re)opening and closing where send out with the user's DN in
the subject which is probably not what we want.
Using displayname-if-known is probably not necessary as there is not
really a case where (not *user*) wouldn't justify a 500 in this context.
Change-Id: Id12d3d9619f42eb5337c2d3482b7c1646b5d6a81
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2911
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
drakma ignores the :external-format-in parameter if :want-stream is t:
> If want-stream is true, the message body is NOT read and instead
> the (open) socket stream is returned as the first return value.
> If the sixth value of HTTP-REQUEST is true, the stream should be
> closed (and not be re-used) after the body has been read. The
> stream returned is a flexi-stream with a chunked stream as its
> underlying stream. If you want to read binary data from this
> stream, read from the underlying stream which you can get with
> FLEXI-STREAM-STREAM.
Since it doesn't return a plain CL stream which would just work with
SBCL, we need to set the external format on the resulting flexi-stream.
Fixes b/107.
Change-Id: I6e3178123c0927ef21fabf8118d9d357c8afbd42
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2869
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: glittershark <grfn@gws.fyi>
Move the common part (encoding/decoding json and connecting to cheddar)
into request-markdown-from-cheddar. The two render-markdown
implementations are now only thin wrappers around that function.
Change-Id: I81bb34b684af44228dcad02fca541082e6d060ce
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2868
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Add a little bit more information to issue notification emails,
including the IDs of issues and links to the issues themselves.
Change-Id: Ia54209f936a37c6dbdb60ebff5bb8c1034cffc9a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2809
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Send notifications both to IRC and email when issues are reopened after
being closed
Change-Id: I3a63419c6547ac28eeaafbe212a2a01a5fc2b5af
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2808
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Send notification emails to the same group of users who receive
notifications on issue comments when issues are marked as closed. This
also takes the opportunity to generalize issue notification emails a
bit, and lay the groundwork for (but not implement) explicit issue
subscriber lists.
Change-Id: Ie2572ed3ad0207d415b4c362438f772925e7a2c5
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2807
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
Add a user settings page, with a single checkbox that allows disabling
receiving all email notifications.
Change-Id: Ibef2a497cd59f93b695ff8b9cd36047e514e00c2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2806
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
When a user posts a comment on an issue, send email
notifications (respecting the enable-email-notifications setting) to the
author of that issue and all the other users who have commented on that
issue. Since the oauth & gmail API stuff that the relay does is slow,
this happens in a background thread.
Change-Id: Ic00c265deab1030d9ba64c29c9f56314dd179141
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2805
Tested-by: BuildkiteCI
Reviewed-by: sterni <sternenseemann@systemli.org>
Reviewed-by: tazjin <mail@tazj.in>
When sending irc notifications, insert a zero-width space after the
first character of the username of the author of issues, to prevent that
user from receiving a ping.
Fixes: b/95
Change-Id: Ibcacb45129b2cb99b587744eb61f4f1dbc0060d6
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2693
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
* Fix find-user-by-dn raising an error condition if the search returns
no results, return nil instead.
* Adopt strategy of defaulting to “someone” as displayname if lookup
fails for all usage of displaynames in panettone.
I've tested this change for issues and comments created by missing
users. Adjusting the displayname seems to fix all 500 being created
by missing users both logged out and logged in.
Change-Id: I0a84eb0631c4a49f1664bed6d03afa60dce6eb47
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2448
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
This is achieved by implementing a simple markdown renderer in CL which
has the following limitations:
* Only supports inline `code`, *emphasize 1*, _emphasize 2_ and
~~strikethrough~~.
* Does not support nested markup.
This allows for a relatively simple renderer which doesn't need to parse
markdown into a in-memory data structure first. The rendered result is
directly written to a stream to integrate well with cl-who which is also
reused for rendering tags and xml-escaping strings.
Fixes#90.
Change-Id: Ice88ed770b1fab6365f3b93e8663e25077befa0b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2389
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Reviewed-by: tazjin <mail@tazj.in>
I checked all :value attributes in panettone.lisp and wrapped them with
who:escape-string if its value comes from user-influenced places. Static
values or values from panettone internals are left as is.
I did not do a comprehensive check for other places where something
similar could happen though.
Fixes#92.
Change-Id: I134acc0d2f025f173588b37c19a93589365e879b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2401
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Send an irc notification when issues are marked closed, in a similar
format to the notifications sent when new issues are created.
Change-Id: I2fdde33f0dedc223a5c2265eed778161938f8e9a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2126
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This reverts commit e1067b1497.
The original issue here was misusing ISSUE-ID instead of ID, but also
the associated username for the message should've been CN instead of DN
Change-Id: I1629c0cb7597ff2ee2867f27870378eecdafe126
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2125
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
This reverts commit 2e2bdf9c6c.
Reason for revert: this is not working, and is resulting in newly created issues just showing a blank page (b/74)
Change-Id: I3f06afc52d6c5289269402fc75bb32ad9c376bf4
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2082
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
- The new PANETTONE.IRC package contains the SEND-IRC-NOTIFICATION function,
which opens a new TCP socket to irccat (if it's running and configured) in
order to announce the creation of new issues.
- The IRCCATHOST and IRCCATPORT environment variables must be set for this to
work.
- Additionally, the ISSUECHANNEL environment variable may be used to direct
announcements at a given channel (otherwise it'll just use the first one).
Change-Id: I429a66f24d0f80ed10db173d6af7105fb1d3d023
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2077
Tested-by: BuildkiteCI
Reviewed-by: glittershark <grfn@gws.fyi>
Wrap all ldap access in a macro that automatically reconnects and
retries operations that fail due to a connection error, to handle the
case where the ldap server restarts while we still have an open
connection.
Fixes: #44
Change-Id: I4859cf509106e480f97fed17e7f08e0eea909352
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1871
Tested-by: BuildkiteCI
Reviewed-by: eta <eta@theta.eu.org>
The absence of the navbar containing the "all issues" and "log out"
links from the top of the page has been a common complaint - initially I
disagreed, but after some time thinking about it I've come around. This
adds the same nav - with the "All Issues" link and the "Log Out" link -
to the top of every page, and also fixes a bug where query params would
prevent the "All Issues" link from being hidden on the "All Issues"
page, which looked especially weird when they were right next to each other.
Change-Id: I1d07175fa07aee057ddd140a6864d01342fbb7ef
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1868
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Tested-by: BuildkiteCI
The default was really annoyingly short - 90 days feels perfectly fine
for what we want, though we may want to increase even further.
Fixes: #19
Change-Id: I917abd95c4925f8491cd2be7cd87d91bb6621153
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1867
Tested-by: BuildkiteCI
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Load a SESSION_SECRET env var and set it as the hunchentoot session
secret if present, so that restarting panettone doesn't destroy all
sessions due to the secret getting regenerated.
Refs: #19
Change-Id: Ia2c633fa998e128ecece66e824df01c430da8235
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1866
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Tested-by: BuildkiteCI
This reverts commit 3115113854.
Reason for revert: this is causing all issues to return a 404 - reverting until we can get it working.
Change-Id: I5f3c5ec3b24f245a1f7ef12645200d16ed0f1b35
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1721
Tested-by: BuildkiteCI
Reviewed-by: edef <edef@edef.eu>
Passing a nil issue to this was breaking because you can't get the id of
nil. I am too used to clojure.
Change-Id: Icf76cbb23d902ec59fa97c21b134936fa40eb43e
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1593
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Allow editing both the subject and the body of issues, recording events
indicating the edit and displaying those events in the issue history.
Fixes: #14
Change-Id: I9ed05271ce9bf6bda4e56f15e249c0f28c862b27
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1517
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Events - which are interleaved with comments - don't have bodies, so
they can't be converted to markdown.
Change-Id: Iba818b95dab59cae5a08c8b4eca94955e11e584b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1509
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Use the new cheddar markdown endpoint to render issue bodies and comment
bodies as JSON. I've checked, and this *also* appears to be XSS
safe (yay)
Change-Id: Ib4b19fd581b0cf40ba03f5d13443535d17df6632
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1500
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
Display the history of an issue (which currently is just opening and
closing) inline with the issue's comments on the issue show page
Change-Id: Id167bceef765cb4c24e86983d1dcd6624d0e5956
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1497
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Log in the database, in a way that will generalize to tracking edit
history as well, when users change the status of an issue. To facilitate
easily knowing who is currently authenticated (without introducing a
circular dependency) the authentication-relaated code has also been
factored out into its own package, which is nice because we want to
replace that sooner rather than later anyway.
Fixes: #13
Change-Id: I65a544fab660ed1c295ee8f6b293e0d4945a8203
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1496
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Even if the user fails to log in, maintain the original-uri param if
present, so that if they eventually succeed at logging in they still get
where they were originally trying to get.
Change-Id: I2faa5eced002ab899c803cf19095cea76897d92d
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1499
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Add an original-uri query param to the target of the Log In link
pointing at the current URL, so that when the user eventually
successfully logs in they are redirected to the page they were
originally on
Fixes: #21
Change-Id: I75ed7b75fa00b1b09c8b26bf4dcf5bc6b6d7f53a
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1498
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Now that we've migrated over all the data to postgresql, we can get rid
of cl-prevalence as a dependency from Panettone along with all code that
mentions it.
Change-Id: I945f50a88fea5770aac5b4a058342b8269c0bea2
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1495
Reviewed-by: kanepyork <rikingcoding@gmail.com>
Reviewed-by: tazjin <mail@tazj.in>
Tested-by: BuildkiteCI
I have been. Very tired.
Change-Id: Iab9d21e53630be092080cc73196da90534b06553
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1490
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Switch from cl-prevalence to postgres (via postmodern) as the storage
backend for panettone. The first time the application starts up after
this commit, it will (idempotently) initialize the db schema and migrate
over all data from the prevalence snapshot to the database - the plan is
then to get rid of the prevalence classes and dependency once that's
deployed.
Change-Id: I4f35707efead67d8854f1c224ef67f8471620453
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1467
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
Reviewed-by: eta <eta@theta.eu.org>
The default hunchentoot behavior is to log all local variables when
logging lisp backtraces - this is nice for debugging, but means that if
we hit an error when checking for auth with the ldap server we log the
password provided by the user. No good! Let's just turn off logging of
backtraces for now.
Change-Id: Ibc4242e3e0f974ac53fffc482d3724b0547425ab
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1471
Reviewed-by: glittershark <grfn@gws.fyi>
Tested-by: BuildkiteCI
Make the site responsive, by making all the hard :widths we were using
into :max-widths, and adding a viewport meta tag.
Change-Id: I02f054f81ff57fbd1c4603b179b2104367f03e3b
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1415
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
- who:html-mode needs to be html5 rather than HTML5 apparently, even
though the documentation says otherwise
- wrap content in an :html tag with the :lang "en" attribute
Fixes: #22
Change-Id: I58ff8947d17ac02659e4c8d98155f57127ec7005
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1421
Tested-by: BuildkiteCI
Reviewed-by: isomer <isomer@tvl.fyi>
Make auth optional on the index, closed-issues, and view-issue pages,
and only render the various buttons (close issue, new issue, make
comment, etc.) if the user is authenticated.
Fixes: #5
Change-Id: I0a2aaf4a7cc4c5ef0494cc183410f00d2a3b7e06
Reviewed-on: https://cl.tvl.fyi/c/depot/+/1414
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>