You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@allura.apache.org by br...@apache.org on 2018/05/01 15:39:01 UTC

allura git commit: [#8201] redact email addresses from within any place a commit shows up on the web

Repository: allura
Updated Branches:
  refs/heads/db/8201 [created] 52d07fc82


[#8201] redact email addresses from within any place a commit shows up on the web


Project: http://git-wip-us.apache.org/repos/asf/allura/repo
Commit: http://git-wip-us.apache.org/repos/asf/allura/commit/52d07fc8
Tree: http://git-wip-us.apache.org/repos/asf/allura/tree/52d07fc8
Diff: http://git-wip-us.apache.org/repos/asf/allura/diff/52d07fc8

Branch: refs/heads/db/8201
Commit: 52d07fc824c855d4bc845eeaed6740e22456e78c
Parents: cd89d37
Author: Dave Brondsema <da...@brondsema.net>
Authored: Tue May 1 11:38:41 2018 -0400
Committer: Dave Brondsema <da...@brondsema.net>
Committed: Tue May 1 11:38:41 2018 -0400

----------------------------------------------------------------------
 Allura/allura/controllers/repository.py               |  2 +-
 Allura/allura/lib/helpers.py                          | 10 ++++++++++
 Allura/allura/templates/widgets/repo/log.html         |  2 +-
 Allura/allura/templates/widgets/repo/revision.html    |  4 ++--
 Allura/allura/templates/widgets/repo/tree_widget.html |  2 +-
 Allura/allura/tests/test_helpers.py                   | 12 +++++++++++-
 Allura/development.ini                                |  2 ++
 7 files changed, 28 insertions(+), 6 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/controllers/repository.py
----------------------------------------------------------------------
diff --git a/Allura/allura/controllers/repository.py b/Allura/allura/controllers/repository.py
index 84c0baa..2c24dbe 100644
--- a/Allura/allura/controllers/repository.py
+++ b/Allura/allura/controllers/repository.py
@@ -272,7 +272,7 @@ class RepoRootController(BaseController, FeedController):
             url = c.app.repo.url_for_commit(Object(_id=oid))
             msg_split = ci.message.splitlines()
             if msg_split:
-                msg = msg_split[0]
+                msg = h.hide_private_info(msg_split[0])
             else:
                 msg = "No commit message."
             result.append(dict(

http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/lib/helpers.py
----------------------------------------------------------------------
diff --git a/Allura/allura/lib/helpers.py b/Allura/allura/lib/helpers.py
index c0fe667..32a57e5 100644
--- a/Allura/allura/lib/helpers.py
+++ b/Allura/allura/lib/helpers.py
@@ -1314,3 +1314,13 @@ def slugify(name, allow_periods=False):
                                     .encode('ascii', 'ignore')))
                   ))
     return slug, slug.lower()
+
+
+email_re = re.compile(r'(([a-z0-9_]|\-|\.)+)@([\w\.-]+)', re.IGNORECASE)
+
+
+def hide_private_info(message):
+    if asbool(tg.config.get('hide_private_info', 'true')) and message:
+        return email_re.sub(r'\1@...', message)
+    else:
+        return message

http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/templates/widgets/repo/log.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/repo/log.html b/Allura/allura/templates/widgets/repo/log.html
index d2f884c..90899c0 100644
--- a/Allura/allura/templates/widgets/repo/log.html
+++ b/Allura/allura/templates/widgets/repo/log.html
@@ -54,7 +54,7 @@
                 {%- if commit.committed.email != commit.authored.email %},
                 pushed by {{ email_link(commit.committed.email, commit.committed.name) }}
                 {% endif %}
-                {{g.markdown_commit.convert(commit.message)}}
+                {{ h.hide_private_info(g.markdown_commit.convert(commit.message)) }}
                 {% if commit.rename_details %}
                     <div>
                       <b>renamed from</b>

http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/templates/widgets/repo/revision.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/repo/revision.html b/Allura/allura/templates/widgets/repo/revision.html
index 6511deb..1d32953 100644
--- a/Allura/allura/templates/widgets/repo/revision.html
+++ b/Allura/allura/templates/widgets/repo/revision.html
@@ -19,8 +19,8 @@
 {% from 'allura:templates/jinja_master/lib.html' import email_gravatar, abbr_date with context %}
 <div class="commit-details">
     <div class="commit-message">
-        <div class="first-line">{{g.markdown_commit.convert(h.really_unicode(value.message.split('\n')[0]))}}</div>
-        {{g.markdown_commit.convert(h.really_unicode('\n'.join(value.message.split('\n')[1:])))}}
+        <div class="first-line">{{ h.hide_private_info(g.markdown_commit.convert(h.really_unicode(value.message.split('\n')[0]))) }}</div>
+        {{ h.hide_private_info(g.markdown_commit.convert(h.really_unicode('\n'.join(value.message.split('\n')[1:])))) }}
     </div>
     <div class="commit-details">
 

http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/templates/widgets/repo/tree_widget.html
----------------------------------------------------------------------
diff --git a/Allura/allura/templates/widgets/repo/tree_widget.html b/Allura/allura/templates/widgets/repo/tree_widget.html
index c619b94..3cb0f9e 100644
--- a/Allura/allura/templates/widgets/repo/tree_widget.html
+++ b/Allura/allura/templates/widgets/repo/tree_widget.html
@@ -65,7 +65,7 @@
       <td>
         <a href="{{dirent.last_commit.href}}">
           {{dirent.last_commit.shortlink}}
-          {{dirent.last_commit.summary}}
+          {{ h.hide_private_info(dirent.last_commit.summary) }}
         </a>
       </td>
     </tr>

http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/allura/tests/test_helpers.py
----------------------------------------------------------------------
diff --git a/Allura/allura/tests/test_helpers.py b/Allura/allura/tests/test_helpers.py
index 68dd7e3..d228c8c 100644
--- a/Allura/allura/tests/test_helpers.py
+++ b/Allura/allura/tests/test_helpers.py
@@ -644,4 +644,14 @@ class TestRateLimit(TestCase):
             h.rate_limit(self.key_comment, 21, start_date)
             h.rate_limit(self.key_comment, 49, start_date)
             with assert_raises(exc.RatelimitError):
-                h.rate_limit(self.key_comment, 50, start_date)
\ No newline at end of file
+                h.rate_limit(self.key_comment, 50, start_date)
+
+
+def test_hide_private_info():
+    assert_equals(h.hide_private_info(None), None)
+    assert_equals(h.hide_private_info(''), '')
+    assert_equals(h.hide_private_info('foo bar baz@bing.com'), 'foo bar baz@...')
+    assert_equals(h.hide_private_info('some <1...@2.com>\nor asdf+asdf.f@g.f.x'), 'some <1...@...>\nor asdf+asdf.f@...')
+
+    with h.push_config(h.tg.config, hide_private_info=False):
+        assert_equals(h.hide_private_info('foo bar baz@bing.com'), 'foo bar baz@bing.com')

http://git-wip-us.apache.org/repos/asf/allura/blob/52d07fc8/Allura/development.ini
----------------------------------------------------------------------
diff --git a/Allura/development.ini b/Allura/development.ini
index 1831128..93afe93 100644
--- a/Allura/development.ini
+++ b/Allura/development.ini
@@ -576,6 +576,8 @@ lcd_timeout = 60
 ; Allowing exceedingly high values may have a performance impact
 limit_param_max = 500
 
+; Hide private info (email addresses) in places like commit messages, since they cannot be edited.
+hide_private_info = true
 
 
 ;