You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2018/05/01 15:39:01 UTC
allura git commit: [#8201] redact email addresses from within any
place a commit shows up on the web
Repository: allura
Updated Branches:
refs/heads/db/8201 [created] 52d07fc82
[#8201] redact email addresses from within any place a commit shows up on the web
Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/52d07fc8
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/52d07fc8
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/52d07fc8
Branch: refs/heads/db/8201
Commit: 52d07fc824c855d4bc845eeaed6740e22456e78c
Parents: cd89d37
Author: Dave Brondsema <da...@brondsema.net>
Authored: Tue May 1 11:38:41 2018 -0400
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Tue May 1 11:38:41 2018 -0400
----------------------------------------------------------------------
Allura/allura/controllers/repository.py | 2 +-
Allura/allura/lib/helpers.py | 10 ++++++++++
Allura/allura/templates/widgets/repo/log.html | 2 +-
Allura/allura/templates/widgets/repo/revision.html | 4 ++--
Allura/allura/templates/widgets/repo/tree_widget.html | 2 +-
Allura/allura/tests/test_helpers.py | 12 +++++++++++-
Allura/development.ini | 2 ++
7 files changed, 28 insertions(+), 6 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/controllers/repository.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/repository.py b/Allura/allura/controllers/repository.py
index 84c0baa..2c24dbe 100644
--- a/Allura/allura/controllers/repository.py
+++ b/Allura/allura/controllers/repository.py
@@ -272,7 +272,7 @@ class RepoRootController(BaseController, FeedController):
url = c.app.repo.url_for_commit(Object(_id=oid))
msg_split = ci.message.splitlines()
if msg_split:
- msg = msg_split[0]
+ msg = h.hide_private_info(msg_split[0])
else:
msg = "No commit message."
result.append(dict(
http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/lib/helpers.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/helpers.py b/Allura/allura/lib/helpers.py
index c0fe667..32a57e5 100644
--- a/Allura/allura/lib/helpers.py
+++ b/Allura/allura/lib/helpers.py
@@ -1314,3 +1314,13 @@ def slugify(name, allow_periods=False):
.encode('ascii', 'ignore')))
))
return slug, slug.lower()
+
+
+email_re = re.compile(r'(([a-z0-9_]|\-|\.)+)@([\w\.-]+)', re.IGNORECASE)
+
+
+def hide_private_info(message):
+ if asbool(tg.config.get('hide_private_info', 'true')) and message:
+ return email_re.sub(r'\1@...', message)
+ else:
+ return message
http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/templates/widgets/repo/log.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/repo/log.html b/Allura/allura/templates/widgets/repo/log.html
index d2f884c..90899c0 100644
--- a/Allura/allura/templates/widgets/repo/log.html
+++ b/Allura/allura/templates/widgets/repo/log.html
@@ -54,7 +54,7 @@
{%- if commit.committed.email != commit.authored.email %},
pushed by {{ email_link(commit.committed.email, commit.committed.name) }}
{% endif %}
- {{g.markdown_commit.convert(commit.message)}}
+ {{ h.hide_private_info(g.markdown_commit.convert(commit.message)) }}
{% if commit.rename_details %}
<div>
<b>renamed from</b>
http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/templates/widgets/repo/revision.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/repo/revision.html b/Allura/allura/templates/widgets/repo/revision.html
index 6511deb..1d32953 100644
--- a/Allura/allura/templates/widgets/repo/revision.html
+++ b/Allura/allura/templates/widgets/repo/revision.html
@@ -19,8 +19,8 @@
{% from 'allura:templates/jinja_master/lib.html' import email_gravatar, abbr_date with context %}
<div class="commit-details">
<div class="commit-message">
- <div class="first-line">{{g.markdown_commit.convert(h.really_unicode(value.message.split('\n')[0]))}}</div>
- {{g.markdown_commit.convert(h.really_unicode('\n'.join(value.message.split('\n')[1:])))}}
+ <div class="first-line">{{ h.hide_private_info(g.markdown_commit.convert(h.really_unicode(value.message.split('\n')[0]))) }}</div>
+ {{ h.hide_private_info(g.markdown_commit.convert(h.really_unicode('\n'.join(value.message.split('\n')[1:])))) }}
</div>
<div class="commit-details">
http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/templates/widgets/repo/tree_widget.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/repo/tree_widget.html b/Allura/allura/templates/widgets/repo/tree_widget.html
index c619b94..3cb0f9e 100644
--- a/Allura/allura/templates/widgets/repo/tree_widget.html
+++ b/Allura/allura/templates/widgets/repo/tree_widget.html
@@ -65,7 +65,7 @@
<td>
<a href="{{dirent.last_commit.href}}">
{{dirent.last_commit.shortlink}}
- {{dirent.last_commit.summary}}
+ {{ h.hide_private_info(dirent.last_commit.summary) }}
</a>
</td>
</tr>
http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/tests/test_helpers.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_helpers.py b/Allura/allura/tests/test_helpers.py
index 68dd7e3..d228c8c 100644
--- a/Allura/allura/tests/test_helpers.py
+++ b/Allura/allura/tests/test_helpers.py
@@ -644,4 +644,14 @@ class TestRateLimit(TestCase):
h.rate_limit(self.key_comment, 21, start_date)
h.rate_limit(self.key_comment, 49, start_date)
with assert_raises(exc.RatelimitError):
- h.rate_limit(self.key_comment, 50, start_date)
\ No newline at end of file
+ h.rate_limit(self.key_comment, 50, start_date)
+
+
+def test_hide_private_info():
+ assert_equals(h.hide_private_info(None), None)
+ assert_equals(h.hide_private_info(''), '')
+ assert_equals(h.hide_private_info('foo bar baz@bing.com'), 'foo bar baz@...')
+ assert_equals(h.hide_private_info('some <1...@2.com>\nor asdf+asdf.f@g.f.x'), 'some <1...@...>\nor asdf+asdf.f@...')
+
+ with h.push_config(h.tg.config, hide_private_info=False):
+ assert_equals(h.hide_private_info('foo bar baz@bing.com'), 'foo bar baz@bing.com')
http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index 1831128..93afe93 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -576,6 +576,8 @@ lcd_timeout = 60
; Allowing exceedingly high values may have a performance impact
limit_param_max = 500
+; Hide private info (email addresses) in places like commit messages, since they cannot be edited.
+hide_private_info = true
;