##// END OF EJS Templates
release: Merge default into stable for release preparation
marcink -
r3294:4cc76f67 merge stable
parent child
Show More
@@ -0,0 +1,105
1 .. _config-saml-duosecurity-ref:
2
3
4 SAML 2.0 with Duo Security
5 --------------------------
6
7 **This plugin is available only in EE Edition.**
8
9 |RCE| supports SAML 2.0 Authentication with Duo Security provider. This allows
10 users to log-in to RhodeCode via SSO mechanism of external identity provider
11 such as Duo. The login can be triggered either by the external IDP, or internally
12 by clicking specific authentication button on the log-in page.
13
14
15 Configuration steps
16 ^^^^^^^^^^^^^^^^^^^
17
18 To configure Duo Security SAML authentication, use the following steps:
19
20 1. From the |RCE| interface, select
21 :menuselection:`Admin --> Authentication`
22 2. Activate the `Duo Security` plugin and select :guilabel:`Save`
23 3. Go to newly available menu option called `Duo Security` on the left side.
24 4. Check the `enabled` check box in the plugin configuration section,
25 and fill in the required SAML information and :guilabel:`Save`, for more details,
26 see :ref:`config-saml-duosecurity`
27
28
29 .. _config-saml-duosecurity:
30
31
32 Example SAML Duo Security configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
35 Example configuration for SAML 2.0 with Duo Security provider::
36
37 *option*: `enabled` => `True`
38 # Enable or disable this authentication plugin.
39
40 *option*: `cache_ttl` => `0`
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
43
44 *option*: `debug` => `True`
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
46
47 *option*: `entity_id` => `http://rc-app.com/dag/saml2/idp/metadata.php`
48 # Identity Provider entity/metadata URI.
49 # E.g. https://duo-gateway.com/dag/saml2/idp/metadata.php
50
51 *option*: `sso_service_url` => `http://rc-app.com/dag/saml2/idp/SSOService.php?spentityid=http://rc.local.pl/_admin/auth/duosecurity/saml-metadata`
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
53 # E.g. https://duo-gateway.com/dag/saml2/idp/SSOService.php?spentityid=<metadata_entity_id>
54
55 *option*: `slo_service_url` => `http://rc-app.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://rc-app.com/dag/module.php/duosecurity/logout.php`
56 # SLO (SingleLogout) endpoint URL of the IdP.
57 # E.g. https://duo-gateway.com/dag/saml2/idp/SingleLogoutService.php?ReturnTo=http://duo-gateway.com/_admin/saml/sign-out-endpoint
58
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
61
62 *option*: `name_id_format` => `sha-1`
63 # The format that specifies how the NameID is sent to the service provider.
64
65 *option*: `signature_algo` => `sha-256`
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
67
68 *option*: `digest_algo` => `sha-256`
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
70
71 *option*: `cert_dir` => `/etc/saml/`
72 # Optional directory to store service provider certificate and private keys.
73 # Expected certs for the SP should be stored in this folder as:
74 # * sp.key Private Key
75 # * sp.crt Public cert
76 # * sp_new.crt Future Public cert
77 #
78 # Also you can use other cert to sign the metadata of the SP using the:
79 # * metadata.key
80 # * metadata.crt
81
82 *option*: `user_id_attribute` => `PersonImmutableID`
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from DuoSecurity for example via duo_username
85
86 *option*: `username_attribute` => `User.username`
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
88
89 *option*: `email_attribute` => `User.email`
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
91
92
93 Below is example setup from DUO Administration page that can be used with above config.
94
95 .. image:: ../images/saml-duosecurity-service-provider-example.png
96 :alt: DUO Security SAML setup example
97 :scale: 50 %
98
99
100 Below is an example attribute mapping set for IDP provider required by the above config.
101
102
103 .. image:: ../images/saml-duosecurity-attributes-example.png
104 :alt: DUO Security SAML setup example
105 :scale: 50 % No newline at end of file
@@ -0,0 +1,18
1 .. _config-saml-generic-ref:
2
3
4 SAML 2.0 Authentication
5 -----------------------
6
7
8 **This plugin is available only in EE Edition.**
9
10 RhodeCode Supports standard SAML 2.0 SSO for the web-application part.
11
12 Please check for reference two example providers:
13
14 .. toctree::
15
16 auth-saml-duosecurity
17 auth-saml-onelogin
18
@@ -0,0 +1,106
1 .. _config-saml-onelogin-ref:
2
3
4 SAML 2.0 with One Login
5 -----------------------
6
7 **This plugin is available only in EE Edition.**
8
9 |RCE| supports SAML 2.0 Authentication with OneLogin provider. This allows
10 users to log-in to RhodeCode via SSO mechanism of external identity provider
11 such as OneLogin. The login can be triggered either by the external IDP, or internally
12 by clicking specific authentication button on the log-in page.
13
14
15 Configuration steps
16 ^^^^^^^^^^^^^^^^^^^
17
18 To configure OneLogin SAML authentication, use the following steps:
19
20 1. From the |RCE| interface, select
21 :menuselection:`Admin --> Authentication`
22 2. Activate the `OneLogin` plugin and select :guilabel:`Save`
23 3. Go to newly available menu option called `OneLogin` on the left side.
24 4. Check the `enabled` check box in the plugin configuration section,
25 and fill in the required SAML information and :guilabel:`Save`, for more details,
26 see :ref:`config-saml-onelogin`
27
28
29 .. _config-saml-onelogin:
30
31
32 Example SAML OneLogin configuration
33 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
34
35 Example configuration for SAML 2.0 with OneLogin provider::
36
37 *option*: `enabled` => `True`
38 # Enable or disable this authentication plugin.
39
40 *option*: `cache_ttl` => `0`
41 # Amount of seconds to cache the authentication and permissions check response call for this plugin.
42 # Useful for expensive calls like LDAP to improve the performance of the system (0 means disabled).
43
44 *option*: `debug` => `True`
45 # Enable or disable debug mode that shows SAML errors in the RhodeCode logs.
46
47 *option*: `entity_id` => `https://app.onelogin.com/saml/metadata/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx`
48 # Identity Provider entity/metadata URI.
49 # E.g. https://app.onelogin.com/saml/metadata/<onelogin_connector_id>
50
51 *option*: `sso_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-post/sso/xxxxxx`
52 # SSO (SingleSignOn) endpoint URL of the IdP. This can be used to initialize login
53 # E.g. https://app.onelogin.com/trust/saml2/http-post/sso/<onelogin_connector_id>
54
55 *option*: `slo_service_url` => `https://customer-domain.onelogin.com/trust/saml2/http-redirect/slo/xxxxxx`
56 # SLO (SingleLogout) endpoint URL of the IdP.
57 # E.g. https://app.onelogin.com/trust/saml2/http-redirect/slo/<onelogin_connector_id>
58
59 *option*: `x509cert` => `<CERTIFICATE_STRING>`
60 # Identity provider public x509 certificate. It will be converted to single-line format without headers
61
62 *option*: `name_id_format` => `sha-1`
63 # The format that specifies how the NameID is sent to the service provider.
64
65 *option*: `signature_algo` => `sha-256`
66 # Type of Algorithm to use for verification of SAML signature on Identity provider side
67
68 *option*: `digest_algo` => `sha-256`
69 # Type of Algorithm to use for verification of SAML digest on Identity provider side
70
71 *option*: `cert_dir` => `/etc/saml/`
72 # Optional directory to store service provider certificate and private keys.
73 # Expected certs for the SP should be stored in this folder as:
74 # * sp.key Private Key
75 # * sp.crt Public cert
76 # * sp_new.crt Future Public cert
77 #
78 # Also you can use other cert to sign the metadata of the SP using the:
79 # * metadata.key
80 # * metadata.crt
81
82 *option*: `user_id_attribute` => `PersonImmutableID`
83 # User ID Attribute name. This defines which attribute in SAML response will be used to link accounts via unique id.
84 # Ensure this is returned from OneLogin for example via Internal ID
85
86 *option*: `username_attribute` => `User.username`
87 # Username Attribute name. This defines which attribute in SAML response will map to an username.
88
89 *option*: `email_attribute` => `User.email`
90 # Email Attribute name. This defines which attribute in SAML response will map to an email address.
91
92
93
94 Below is example setup that can be used with OneLogin SAML authentication that can be used with above config..
95
96 .. image:: ../images/saml-onelogin-config-example.png
97 :alt: OneLogin SAML setup example
98 :scale: 50 %
99
100
101 Below is an example attribute mapping set for IDP provider required by the above config.
102
103
104 .. image:: ../images/saml-onelogin-attributes-example.png
105 :alt: OneLogin SAML setup example
106 :scale: 50 % No newline at end of file
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
1 NO CONTENT: new file 100644, binary diff hidden
NO CONTENT: new file 100644, binary diff hidden
@@ -0,0 +1,81
1 |RCE| 4.15.0 |RNS|
2 ------------------
3
4 Release Date
5 ^^^^^^^^^^^^
6
7 - 2018-12-10
8
9
10 New Features
11 ^^^^^^^^^^^^
12
13 - Authentication: Added SAML 2.0 Authentication, with support of OneLogin and DUO Security.
14 - Core: add debug mode that switches logging to debug.
15 It's no longer required to reconfigure all logging. A `debug=true` set in .ini file
16 does it automatically.
17
18
19 General
20 ^^^^^^^
21
22 - Authentication: rename oauth to external identity as it would now be serving both
23 oAuth and SAML.
24 - Authentication: allow setting extern type with registration.
25 This will allow external identity plugins to define proper externs instead of always
26 using "rhodecode" one.
27 - Authentication: show if plugin is activated and enabled in the list.
28 - Authentication: add better logging for ldap related attributes to help track
29 LDAP connection problems more easily.
30 - Visual: add change logo header template
31 - UI: updated error pages style to be consistent with other pages.
32 - Utils: updated request generation so ishell can run some automation scripts.
33 - Docs: updated documentation for SVN 1.10 Wandisco repositories.
34 - System info: expose base_url set in .ini file.
35 - Style: update pygments template styling.
36 - Style: updated li style and markdown style.
37 - Dependencies: added python-saml library.
38 - Dependencies: bumped hgsubversion to 1.9.3 release.
39 - Dependencies: bumped gevent to 1.3.7 release.
40 - Dependencies: bumped lxml to 4.2.5 release.
41 - Dependencies: bumped gevent to 1.3.7 release.
42 - Dependencies: bumped alembic to 1.0.5 release.
43 - Dependencies: bumped peppercorn to 0.6 release.
44 - Dependencies: bumped pyotp to 2.2.7 release.
45 - Dependencies: bumped deform to 2.0.7 release
46 - Dependencies: bumped py-gfm to 0.1.4 release.
47 - Dependencies: bumped colander to 1.5.1 release
48 - Dependencies: bumped appenlight-client to 0.6.26 release.
49 - Dependencies: bumped bleach to 3.0.2 release.
50 - Dependencies: bumped pygments to 2.3.0
51
52
53 Security
54 ^^^^^^^^
55
56 - Mercurial: support evolve sub-commands when checking for permissions.
57 Those defaulted to write, while only read is required for evolve.
58 - auth/security: enforce that external users cannot reset their password.
59 External users don't use RhodeCode passwords, so resetting them shouldn't be allowed.
60
61
62 Performance
63 ^^^^^^^^^^^
64
65 - Markdown: use lazy loaded markdown initialization to speed up app startup.
66 - Gevent: changed DNS resolver to ares for better stability on long running processes.
67
68
69 Fixes
70 ^^^^^
71
72 - Default Reviewers: use target repo owner as default reviewer in case of CE edition.
73 - LDAP: ensure the proper cert files and dirs are set.
74 It's also now possible to specify custom paths for those.
75 - Markdown: fixed auto checkbox generation from markdown code
76
77
78 Upgrade notes
79 ^^^^^^^^^^^^^
80
81 - LDAP cert dirs No newline at end of file
@@ -0,0 +1,175
1 # This code allows override the integrations templates. Put this into the __init__.py
2 # file of rcextensions
3
4
5 # EMAIL
6 from rhodecode.integrations import email
7 email.REPO_PUSH_TEMPLATE_HTML = email.Template('''
8 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
9 <html xmlns="http://www.w3.org/1999/xhtml">
10 <head>
11 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
12 <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
13 <title>${subject}</title>
14 <style type="text/css">
15 /* Based on The MailChimp Reset INLINE: Yes. */
16 #outlook a {padding:0;} /* Force Outlook to provide a "view in browser" menu link. */
17 body{width:100% !important; -webkit-text-size-adjust:100%; -ms-text-size-adjust:100%; margin:0; padding:0;}
18 /* Prevent Webkit and Windows Mobile platforms from changing default font sizes.*/
19 .ExternalClass {width:100%;} /* Force Hotmail to display emails at full width */
20 .ExternalClass, .ExternalClass p, .ExternalClass span, .ExternalClass font, .ExternalClass td, .ExternalClass div {line-height: 100%;}
21 /* Forces Hotmail to display normal line spacing. More on that: http://www.emailonacid.com/forum/viewthread/43/ */
22 #backgroundTable {margin:0; padding:0; line-height: 100% !important;}
23 /* End reset */
24
25 /* defaults for images*/
26 img {outline:none; text-decoration:none; -ms-interpolation-mode: bicubic;}
27 a img {border:none;}
28 .image_fix {display:block;}
29
30 body {line-height:1.2em;}
31 p {margin: 0 0 20px;}
32 h1, h2, h3, h4, h5, h6 {color:#323232!important;}
33 a {color:#427cc9;text-decoration:none;outline:none;cursor:pointer;}
34 a:focus {outline:none;}
35 a:hover {color: #305b91;}
36 h1 a, h2 a, h3 a, h4 a, h5 a, h6 a {color:#427cc9!important;text-decoration:none!important;}
37 h1 a:active, h2 a:active, h3 a:active, h4 a:active, h5 a:active, h6 a:active {color: #305b91!important;}
38 h1 a:visited, h2 a:visited, h3 a:visited, h4 a:visited, h5 a:visited, h6 a:visited {color: #305b91!important;}
39 table {font-size:13px;border-collapse:collapse;mso-table-lspace:0pt;mso-table-rspace:0pt;}
40 table td {padding:.65em 1em .65em 0;border-collapse:collapse;vertical-align:top;text-align:left;}
41 input {display:inline;border-radius:2px;border-style:solid;border: 1px solid #dbd9da;padding:.5em;}
42 input:focus {outline: 1px solid #979797}
43 @media only screen and (-webkit-min-device-pixel-ratio: 2) {
44 /* Put your iPhone 4g styles in here */
45 }
46
47 /* Android targeting */
48 @media only screen and (-webkit-device-pixel-ratio:.75){
49 /* Put CSS for low density (ldpi) Android layouts in here */
50 }
51 @media only screen and (-webkit-device-pixel-ratio:1){
52 /* Put CSS for medium density (mdpi) Android layouts in here */
53 }
54 @media only screen and (-webkit-device-pixel-ratio:1.5){
55 /* Put CSS for high density (hdpi) Android layouts in here */
56 }
57 /* end Android targeting */
58
59 </style>
60
61 <!-- Targeting Windows Mobile -->
62 <!--[if IEMobile 7]>
63 <style type="text/css">
64
65 </style>
66 <![endif]-->
67
68 <!--[if gte mso 9]>
69 <style>
70 /* Target Outlook 2007 and 2010 */
71 </style>
72 <![endif]-->
73 </head>
74 <body>
75 <!-- Wrapper/Container Table: Use a wrapper table to control the width and the background color consistently of your email. Use this approach instead of setting attributes on the body tag. -->
76 <table cellpadding="0" cellspacing="0" border="0" id="backgroundTable" align="left" style="margin:1%;width:97%;padding:0;font-family:sans-serif;font-weight:100;border:1px solid #dbd9da">
77 <tr>
78 <td valign="top" style="padding:0;">
79 <table cellpadding="0" cellspacing="0" border="0" align="left" width="100%">
80 <tr><td style="width:100%;padding:7px;background-color:#202020" valign="top">
81 <a style="color:#eeeeee;text-decoration:none;" href="${instance_url}">
82 ${'RhodeCode'}
83 </a>
84 </td></tr>
85 <tr>
86 <td style="padding:15px;" valign="top">
87 % if data['push']['commits']:
88 % for commit in data['push']['commits']:
89 <a href="${commit['url']}">${commit['short_id']}</a> by ${commit['author']} at ${commit['date']} <br/>
90 ${commit['message_html']} <br/>
91 <br/>
92 % endfor
93 % else:
94 No commit data
95 % endif
96 </td>
97 </tr>
98 </table>
99 </td>
100 </tr>
101 </table>
102 <!-- End of wrapper table -->
103 <p><a style="margin-top:15px;margin-left:1%;font-family:sans-serif;font-weight:100;font-size:11px;color:#666666;text-decoration:none;" href="${instance_url}">
104 ${'This is a notification from RhodeCode. %(instance_url)s' % {'instance_url': instance_url}}
105 </a></p>
106 </body>
107 </html>
108 ''')
109
110
111 # JIRA (EE ONLY)
112 from rc_integrations import jira_tracker
113
114 jira_tracker.COMMENT_TEMPLATE_PULL_REQUEST = jira_tracker.Template('''
115 ${action} by ${author} (status: ${status}). \n
116 pull-request: ${url}
117 ''')
118
119
120 jira_tracker.COMMENT_TEMPLATE_COMMIT = jira_tracker.Template('''
121 Commit `${short_id}` by ${author} on `${branch}` branch references this issue. \n
122 ${url}\n
123
124 ## MODIFICATION add custom COMMIT message to the comment
125 ${commit['message']}
126 ''')
127
128
129 jira_tracker.COMMENT_TEMPLATE_COMMIT_WITH_STATUS = jira_tracker.Template('''
130 Commit `${short_id}` by ${author} on `${branch}` branch changed this issue. \n
131 '{url}\n
132
133 ## MODIFICATION add custom COMMIT message to the comment
134 ${commit['message']}
135 ''')
136
137
138 # REDMINE (EE ONLY)
139 from rc_integrations import redmine_tracker
140
141 redmine_tracker.COMMENT_TEMPLATE_COMMIT = redmine_tracker.Template('''
142 Commit `${short_id}` by ${author} on `${branch}` branch references this issue. \n
143 commit: ${url}\n
144
145 ## MODIFICATION add custom COMMIT message to the comment
146 message:
147 ```
148 ${commit['message']}
149 ```
150
151 ''')
152
153 redmine_tracker.COMMENT_TEMPLATE_COMMIT_WITH_STATUS = redmine_tracker.Template('''
154 Commit `${short_id}` by ${author} on `${branch}` branch changed this issue. \n
155 commit: ${url}\n
156
157 ## MODIFICATION add custom COMMIT message to the comment
158 message:
159 ```
160 ${commit['message']}
161 ```
162
163 ''')
164
165 redmine_tracker.COMMENT_TEMPLATE_PULL_REQUEST = redmine_tracker.Template('''
166 ${action} by ${author} (status: ${status}). \n'
167 ${url}\n
168
169 ## MODIFICATION add custom COMMIT message to the comment
170 message:
171 ```
172 ${commit['message']}
173 ```
174
175 ''')
@@ -0,0 +1,91
1 # Example to validate commit message or author using some sort of rules
2
3
4 @has_kwargs({
5 'server_url': 'url of instance that triggered this hook',
6 'config': 'path to .ini config used',
7 'scm': 'type of version control "git", "hg", "svn"',
8 'username': 'username of actor who triggered this event',
9 'ip': 'ip address of actor who triggered this hook',
10 'action': '',
11 'repository': 'repository name',
12 'repo_store_path': 'full path to where repositories are stored',
13 'commit_ids': 'pre transaction metadata for commit ids',
14 'hook_type': '',
15 'user_agent': 'Client user agent, e.g git or mercurial CLI version',
16 })
17 @has_kwargs({
18 'server_url': 'url of instance that triggered this hook',
19 'config': 'path to .ini config used',
20 'scm': 'type of version control "git", "hg", "svn"',
21 'username': 'username of actor who triggered this event',
22 'ip': 'ip address of actor who triggered this hook',
23 'action': '',
24 'repository': 'repository name',
25 'repo_store_path': 'full path to where repositories are stored',
26 'commit_ids': 'pre transaction metadata for commit ids',
27 'hook_type': '',
28 'user_agent': 'Client user agent, e.g git or mercurial CLI version',
29 })
30 def _pre_push_hook(*args, **kwargs):
31 """
32 Post push hook
33 To stop version control from storing the transaction and send a message to user
34 use non-zero HookResponse with a message, e.g return HookResponse(1, 'Not allowed')
35
36 This message will be shown back to client during PUSH operation
37
38 Commit ids might look like that::
39
40 [{u'hg_env|git_env': ...,
41 u'multiple_heads': [],
42 u'name': u'default',
43 u'new_rev': u'd0befe0692e722e01d5677f27a104631cf798b69',
44 u'old_rev': u'd0befe0692e722e01d5677f27a104631cf798b69',
45 u'ref': u'',
46 u'total_commits': 2,
47 u'type': u'branch'}]
48 """
49 import re
50 from .helpers import extra_fields, extract_pre_commits
51 from .utils import str2bool
52
53 # returns list of dicts with key-val fetched from extra fields
54 repo_extra_fields = extra_fields.run(**kwargs)
55
56 # optionally use 'extra fields' to control the logic per repo
57 should_validate = str2bool(repo_extra_fields.get('validate_author', True))
58
59 # optionally store validation regex into extra fields
60 validation_regex = repo_extra_fields.get('validation_regex', '')
61
62 def validate_commit_message(commit_message, message_regex=None):
63 """
64 This function validates commit_message against some sort of rules.
65 It should return a valid boolean, and a reason for failure
66 """
67
68 if "secret_string" in commit_message:
69 msg = "!!Push forbidden: secret string found in commit messages"
70 return False, msg
71
72 if validation_regex:
73 regexp = re.compile(validation_regex)
74 if not regexp.match(message):
75 msg = "!!Push forbidden: commit message does not match regexp"
76 return False, msg
77
78 return True, ''
79
80 if should_validate:
81 # returns list of dicts with key-val fetched from extra fields
82 commit_list = extract_pre_commits.run(**kwargs)
83
84 for commit_data in commit_list:
85 message = commit_data['message']
86
87 message_valid, reason = validate_commit_message(message, validation_regex)
88 if not message_valid:
89 return HookResponse(1, reason)
90
91 return HookResponse(0, '')
@@ -1,5 +1,5
1 [bumpversion]
1 [bumpversion]
2 current_version = 4.14.1
2 current_version = 4.15.0
3 message = release: Bump version {current_version} to {new_version}
3 message = release: Bump version {current_version} to {new_version}
4
4
5 [bumpversion:file:rhodecode/VERSION]
5 [bumpversion:file:rhodecode/VERSION]
@@ -5,25 +5,20 done = false
5 done = true
5 done = true
6
6
7 [task:rc_tools_pinned]
7 [task:rc_tools_pinned]
8 done = true
9
8
10 [task:fixes_on_stable]
9 [task:fixes_on_stable]
11 done = true
12
10
13 [task:pip2nix_generated]
11 [task:pip2nix_generated]
14 done = true
15
12
16 [task:changelog_updated]
13 [task:changelog_updated]
17 done = true
18
14
19 [task:generate_api_docs]
15 [task:generate_api_docs]
20 done = true
16
17 [task:updated_translation]
21
18
22 [release]
19 [release]
23 state = prepared
20 state = in_progress
24 version = 4.14.1
21 version = 4.15.0
25
26 [task:updated_translation]
27
22
28 [task:generate_js_routes]
23 [task:generate_js_routes]
29
24
@@ -7,18 +7,20 About
7
7
8 ``RhodeCode`` is a fast and powerful management tool for Mercurial_ and GIT_
8 ``RhodeCode`` is a fast and powerful management tool for Mercurial_ and GIT_
9 and Subversion_ with a built in push/pull server, full text search,
9 and Subversion_ with a built in push/pull server, full text search,
10 pull requests and powerful code-review system. It works on http/https and
10 pull requests and powerful code-review system. It works on http/https, SSH and
11 has a few unique features like:
11 has a few unique features like:
12
12
13 - plugable architecture
13 - plugable architecture from Pyramid web-framework.
14 - advanced permission system with IP restrictions
14 - advanced permission system with IP restrictions, inheritation, and user-groups.
15 - rich set of authentication plugins including LDAP,
15 - rich set of authentication plugins including LDAP, ActiveDirectory, SAML 2.0,
16 ActiveDirectory, Atlassian Crowd, Http-Headers, Pam, Token-Auth.
16 Atlassian Crowd, Http-Headers, Pam, Token-Auth, OAuth.
17 - live code-review chat
17 - live code-review chat, and reviewer rules.
18 - full web based file editing
18 - full web based file editing.
19 - unified multi vcs support
19 - unified multi vcs support.
20 - snippets (gist) system
20 - snippets (gist) system.
21 - integration with all 3rd party issue trackers
21 - integration framework for Slack, CI systems, Webhooks.
22 - integration with all 3rd party issue trackers.
23
22
24
23 RhodeCode also provides rich API, and multiple event hooks so it's easy
25 RhodeCode also provides rich API, and multiple event hooks so it's easy
24 integrable with existing external systems.
26 integrable with existing external systems.
@@ -1,10 +1,11
1
1
2
2
3 ################################################################################
3 ################################################################################
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 ################################################################################
5 ################################################################################
6
6
7 [DEFAULT]
7 [DEFAULT]
8 ## Debug flag sets all loggers to debug, and enables request tracking
8 debug = true
9 debug = true
9
10
10 ################################################################################
11 ################################################################################
@@ -414,6 +415,7 search.location = %(here)s/data/index
414 ########################################
415 ########################################
415 ## channelstream enables persistent connections and live notification
416 ## channelstream enables persistent connections and live notification
416 ## in the system. It's also used by the chat system
417 ## in the system. It's also used by the chat system
418
417 channelstream.enabled = false
419 channelstream.enabled = false
418
420
419 ## server address for channelstream server on the backend
421 ## server address for channelstream server on the backend
@@ -490,14 +492,6 appenlight.request_keys_blacklist =
490 ## (by default the client ignores own entries: appenlight_client.client)
492 ## (by default the client ignores own entries: appenlight_client.client)
491 appenlight.log_namespace_blacklist =
493 appenlight.log_namespace_blacklist =
492
494
493
494 ################################################################################
495 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
496 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
497 ## execute malicious code after an exception is raised. ##
498 ################################################################################
499 #set debug = false
500
501 # enable debug style page
495 # enable debug style page
502 debug_style = true
496 debug_style = true
503
497
@@ -1,11 +1,12
1
1
2
2
3 ################################################################################
3 ################################################################################
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
4 ## RHODECODE COMMUNITY EDITION CONFIGURATION ##
5 ################################################################################
5 ################################################################################
6
6
7 [DEFAULT]
7 [DEFAULT]
8 debug = true
8 ## Debug flag sets all loggers to debug, and enables request tracking
9 debug = false
9
10
10 ################################################################################
11 ################################################################################
11 ## EMAIL CONFIGURATION ##
12 ## EMAIL CONFIGURATION ##
@@ -389,6 +390,7 search.location = %(here)s/data/index
389 ########################################
390 ########################################
390 ## channelstream enables persistent connections and live notification
391 ## channelstream enables persistent connections and live notification
391 ## in the system. It's also used by the chat system
392 ## in the system. It's also used by the chat system
393
392 channelstream.enabled = false
394 channelstream.enabled = false
393
395
394 ## server address for channelstream server on the backend
396 ## server address for channelstream server on the backend
@@ -466,14 +468,6 appenlight.request_keys_blacklist =
466 appenlight.log_namespace_blacklist =
468 appenlight.log_namespace_blacklist =
467
469
468
470
469 ################################################################################
470 ## WARNING: *THE LINE BELOW MUST BE UNCOMMENTED ON A PRODUCTION ENVIRONMENT* ##
471 ## Debug mode will enable the interactive debugging tool, allowing ANYONE to ##
472 ## execute malicious code after an exception is raised. ##
473 ################################################################################
474 set debug = false
475
476
477 ###########################################
471 ###########################################
478 ### MAIN RHODECODE DATABASE CONFIG ###
472 ### MAIN RHODECODE DATABASE CONFIG ###
479 ###########################################
473 ###########################################
@@ -524,6 +518,7 vcs.scm_app_implementation = http
524 ## Push/Pull operations hooks protocol, available options are:
518 ## Push/Pull operations hooks protocol, available options are:
525 ## `http` - use http-rpc backend (default)
519 ## `http` - use http-rpc backend (default)
526 vcs.hooks.protocol = http
520 vcs.hooks.protocol = http
521
527 ## Host on which this instance is listening for hooks. If vcsserver is in other location
522 ## Host on which this instance is listening for hooks. If vcsserver is in other location
528 ## this should be adjusted.
523 ## this should be adjusted.
529 vcs.hooks.host = 127.0.0.1
524 vcs.hooks.host = 127.0.0.1
@@ -3,19 +3,19
3 Anonymous Users
3 Anonymous Users
4 ---------------
4 ---------------
5
5
6 By default, |RCM| provides |repo| access for registered users only. It can be
6 By default, |RCE| provides |repo| access for registered users only. It can be
7 configured to be **world-open** in terms of read and write permissions. This
7 configured to be **world-open** in terms of read and write permissions. This
8 configuration is called "Anonymous Access" and allows |RCM| to be used as a
8 configuration is called "Anonymous Access" and allows |RCE| to be used as a
9 public hub where unregistered users have access to your |repos|.
9 public hub where unregistered users have access to your |repos|.
10
10
11 Anonymous access is useful for open source projects, universities,
11 Anonymous access is useful for open source projects, universities,
12 or if running inside a restricted internal corporate network to serve
12 or if running inside a restricted internal corporate network to serve
13 documents to all employees. Anonymous users get the default user permission
13 documents to all employees. Anonymous users get the default user permission
14