2005-12-01T00:29:10 *** xorAxAx changes topic to "MoinMoin Developer Channel - User or third-party issues should go to #moin. Note that you are publicly logged here: http://moinmoin.wikiwikiweb.de/MoinMoinChat/Logs/moin-dev"
2005-12-01T01:14:21 *** _keturn has joined #moin-dev
2005-12-01T02:25:39 <_keturn> I'm new to this arch thing. Can I use baz with the moin source, or only tla?
2005-12-01T02:25:55 *** lida has joined #moin-dev
2005-12-01T02:28:08 <ThomasWaldmann> _keturn: baz should work
2005-12-01T02:30:02 <ThomasWaldmann> we never tried committing with it, but checking src out should be no problem
2005-12-01T02:35:11 <lida> Hi Thomas! I made new patch for auth / user_autocreate: http://moinmoin.wikiwikiweb.de/DavidLinke/TestingUserAutocreate - I hope it is ok now.
2005-12-01T02:36:04 <ThomasWaldmann> did you test it for http auth?
2005-12-01T02:36:30 <lida> Yes
2005-12-01T02:36:52 <ThomasWaldmann> and it worked for changing the username?
2005-12-01T02:38:17 <lida> you cannot change the username - if you save the userprefs the new name is shown first. But if you load another page you are again theold one ;-)
2005-12-01T02:39:00 * ThomasWaldmann rereads the patch to get WHY :)
2005-12-01T02:39:06 <lida> But to solve that I need to know the type of auth in userform code
2005-12-01T02:42:26 <ThomasWaldmann> u = user.User(request, auth_username=username)
2005-12-01T02:42:26 <ThomasWaldmann> + if u.name != username: # name changed within moin?
2005-12-01T02:43:02 <ThomasWaldmann> i am not sure this can be the case without a bug in moinmoin code.
2005-12-01T02:43:39 <_keturn> I did `baz register-archive http://arch.thinkmo.de/2003-archives`, and it accepted that, but any commands that follow die with "Invalid archive given"
2005-12-01T02:43:50 <_keturn> while the tla commands work fine.
2005-12-01T02:44:27 <ThomasWaldmann> _keturn: i think i had similar troubles a while ago.
2005-12-01T02:45:00 <ThomasWaldmann> iirc, it was because baz and tla used slightly different formats for the same file :|
2005-12-01T02:45:52 <ThomasWaldmann> but if you have tla working, why dont you use just that?
2005-12-01T02:46:14 <_keturn> I guess I will.
2005-12-01T02:46:35 <ThomasWaldmann> (at least as long as we use it. :)
2005-12-01T02:47:27 <ThomasWaldmann> I found Mercurial to be quite nice. It just misses some rename support, but after it gets that, we might switch.
2005-12-01T02:48:54 <ThomasWaldmann> lida: do i need both patches now?
2005-12-01T02:50:03 <lida> You just need the new (long) one. I.e. no changes in user.py!
2005-12-01T02:50:44 <ThomasWaldmann> the problem i see is that the username is the link between http auth and moin user profile
2005-12-01T02:51:10 <ThomasWaldmann> so if you manage to change it, this link breaks
2005-12-01T02:52:01 <ThomasWaldmann> it could be a bug in moin why this worked in your test
2005-12-01T02:52:02 <lida> I avoid to break the link.
2005-12-01T02:52:14 <ThomasWaldmann> how?
2005-12-01T02:52:41 <_keturn> we use darcs here. The UI (and/or emacs integration) needs some help, but it's alright.
2005-12-01T02:53:21 <ThomasWaldmann> _keturn: as we are python geeks, we prefer a py solution :)
2005-12-01T02:53:58 <ThomasWaldmann> so either hg or bzr
2005-12-01T02:57:03 <lida> For a request from userprefs I use the auth_username to look up the profile and ignore the name - if name is wrong it is replaced by the auth_username. Should be save - or I do not see your point.
2005-12-01T02:58:40 <ThomasWaldmann> at some point the userform code should change the name in the profile and do a save()
2005-12-01T02:59:03 <ThomasWaldmann> and i ask myself how this is avoided
2005-12-01T03:00:23 <ThomasWaldmann> http get UserPreferences -> get the form with the http auth username
2005-12-01T03:01:17 <ThomasWaldmann> then change username in form -> http post -> http auth -> userform code evaluating the form -> save() ?
2005-12-01T03:01:41 <_keturn> anyway, back to topic, I am tackling OpenIDSupport. Presumably this involves adding a function like those in auth, which take a request and return a User instance?
2005-12-01T03:02:22 <ThomasWaldmann> _keturn: maybe. I had a short look at openid, but didnt do any work yet.
2005-12-01T03:03:19 <ThomasWaldmann> but maybe that's not all, iirc it also needs some form stuff
2005-12-01T03:03:30 <_keturn> redirect stuff, actually
2005-12-01T03:04:34 <ThomasWaldmann> btw, fabi worked on some interwiki auth, maybe we have to check whether that can be done openid like rather
2005-12-01T03:05:08 <_keturn> user will need to submit their openID in a forum, then <stuff happens>, and later the browser gets redirected *back* to the wiki and it may at that point be authenticated
2005-12-01T03:06:17 <ThomasWaldmann> it would be great if that <stuff happening> could be at another moin wiki
2005-12-01T03:06:52 <_keturn> I'm looking at auth.interwiki, and that has one case where it opens an xmlrpc back-channel, and another case where it says "pass # XXX"
2005-12-01T03:06:53 <ThomasWaldmann> maybe check the code we have and evaluate it against openid
2005-12-01T03:07:16 <ThomasWaldmann> that code is not finished, i am not sure it even works
2005-12-01T03:07:36 <lida> Thomas, I looked at the user-file. The name is temporarily changed when I save usr pref and set back to auth name at the next request. This is wrong. The wrong name should be avoided. But in the userform-code I do not know auth and so I do nt know if a name-change or an email-change is allowed or not.
2005-12-01T03:08:04 <ThomasWaldmann> lida: this is maybe possible only due to a bug in moin.
2005-12-01T03:08:39 <_keturn> oop, bus to catch, be back another day
2005-12-01T03:08:40 <ThomasWaldmann> we dont remove the old username -> id mapping from the user dict immediately
2005-12-01T03:08:49 <ThomasWaldmann> _keturn: cu :)
2005-12-01T03:09:11 <ThomasWaldmann> but this is a bug and we shouldnt build on it
2005-12-01T03:09:45 <ThomasWaldmann> so it looks like we need more framework stuff for auth
2005-12-01T03:10:43 <lida> Yes probably. There was also a note in the code that there is room for improvement ;-)
2005-12-01T03:11:28 <ThomasWaldmann> maybe we need a list of user attributes that gets set by auth module
2005-12-01T03:11:58 <ThomasWaldmann> and we have to avoid changing members of that list in userform code
2005-12-01T03:13:00 <lida> Sounds good.
2005-12-01T03:13:37 <lida> I may continue to look at it - but not now. It is getting late. Besides, during the day I am cut off from IRC.
2005-12-01T03:13:38 <ThomasWaldmann> and maybe not even offer form fields or not editable form fields for those
2005-12-01T03:14:16 <ThomasWaldmann> i think i have a look today evening
2005-12-01T03:14:41 <ThomasWaldmann> ssh tunnels rule :)
2005-12-01T03:14:54 <ThomasWaldmann> but sometimes are disallowed :)
2005-12-01T03:19:22 <lida> I probably could have IRC - but have to get other thinks done... - unfortunatey ;-) I'll be back tomorrow.
2005-12-01T03:20:16 *** lida has quit IRC
2005-12-01T05:45:59 * ThomasWaldmann has some uncommitted auth stuff in workdir. it still has bugs as you see when saving userprefs on mm site.
2005-12-01T05:46:07 <ThomasWaldmann> will debug more later...
2005-12-01T08:03:53 *** nwp_ has quit IRC
2005-12-01T08:05:06 *** nwp_ has joined #moin-dev
2005-12-01T08:40:14 *** Fabi has joined #moin-dev
2005-12-01T10:10:06 *** Fabi has quit IRC
2005-12-01T10:20:13 *** starshine_away is now known as starshine
2005-12-01T10:37:00 *** starshine is now known as starshine_away
2005-12-01T13:25:25 *** Fabi has joined #moin-dev
2005-12-01T18:31:30 *** starshine_away is now known as starshine
2005-12-01T18:39:39 <ThomasWaldmann> moin
2005-12-01T18:41:12 * starshine waves a sleepy hello :)
2005-12-01T18:41:51 * ThomasWaldmann was 2h on the road for what normally takes 15mins 8-|
2005-12-01T19:03:57 *** moinBot` has joined #moin-dev
2005-12-01T19:04:16 *** moinBot has quit IRC
2005-12-01T19:38:49 <_keturn> auth.moin_cookie looks dangerous to me. Anyone who can find your ID can login as you without any other credentials?
2005-12-01T19:43:14 <xorAxAx> _keturn: yep, has been like that for 5 years now
2005-12-01T19:43:45 <xorAxAx> .oO(we should obscure the code again to make it more secure)
2005-12-01T19:43:58 <xorAxAx> _keturn: so never expose the ID yourself and use SSL if necessary
2005-12-01T19:45:17 <_keturn> it's essentially putting your password in a cookie in a way you can't change. :-/
2005-12-01T19:45:44 <xorAxAx> yeah, but the attack vectors are not that much different than with session based auth
2005-12-01T19:46:00 <xorAxAx> this doesnt mean that we wont transition to sessions
2005-12-01T20:07:13 <_keturn> ok, adding openid logins doesn't look too hard, just so long as it's okay for me to add another attribute to the user data.
2005-12-01T20:24:03 *** starshine is now known as starshine_away
2005-12-01T21:01:42 <_keturn> Is there anything in the test suite to help check the content of pages? i.e. "fail unless page contains an input elment with name foo" kind of thing.
2005-12-01T21:02:09 <xorAxAx> i dont think so
2005-12-01T21:02:48 <xorAxAx> its very untypical for the test suite to pass in a release anyway (if the tests arent disabled before hand)
2005-12-01T21:04:55 <_keturn> heh.
2005-12-01T21:05:32 <_keturn> sweet. the tests just *died*, didn't even finish.
2005-12-01T21:57:57 <ThomasWaldmann> _keturn: jfyi, i am changing auth stuff slightly right now
2005-12-01T21:59:58 <ThomasWaldmann> the User() constructor gets 2 addtl. kw args: User(...., auth_method='http', auth_attribs=('name', 'password'))
2005-12-01T22:00:24 <xorAxAx> ThomasWaldmann: what is auth_method?
2005-12-01T22:00:56 <ThomasWaldmann> the name of the auth function calling the constructor
2005-12-01T22:01:49 <ThomasWaldmann> so moin will "know" later, what authentified the user
2005-12-01T22:02:36 <ThomasWaldmann> it is stored in user object as .auth_method
2005-12-01T22:03:53 <ThomasWaldmann> auth_attribs are the names of the user obj attributes which are made up by the auth method and shouldnt be modified by forms
2005-12-01T22:09:27 <xorAxAx> nwp_: ping
2005-12-01T22:09:41 <nwp_> xorAxAx: pong
2005-12-01T22:09:51 <xorAxAx> nwp_: read above
2005-12-01T22:09:56 <nwp_> ah
2005-12-01T22:10:58 <nwp_> ThomasWaldmann: that still won't help with the problem we were talking about before, btw
2005-12-01T22:11:59 <nwp_> (about e.g. LDAP explicitly failing and cookie then succeeding)
2005-12-01T22:16:56 <ThomasWaldmann> yes, we need more changes
2005-12-01T22:17:13 <ThomasWaldmann> i try to get that first change working meanwhile :)
2005-12-01T22:17:34 <xorAxAx> of course without any tests :)
2005-12-01T22:18:31 <ThomasWaldmann> sure
2005-12-01T22:18:54 <xorAxAx> i mean "unit testing code"
2005-12-01T22:45:35 <_keturn> ok, the test that is crashing the test suite is PackageTests, and its call to installPackage is raising an AttributeError ("'RequestCLI' object has no attribute 'theme'",)
2005-12-01T22:45:48 <_keturn> why that crashes the test suite I have no idea
2005-12-01T22:47:29 <ThomasWaldmann> version?
2005-12-01T22:48:21 <_keturn> moin--main--1.5 with Debian etch python2.3 and python2.4
2005-12-01T22:50:57 <xorAxAx> _keturn: tom broke it ;-)
2005-12-01T22:51:00 <_keturn> the same error crashes parser.wiki testEscapeInGetTextFormatedLink
2005-12-01T22:53:31 <_keturn> and testEscapeInGetTextFormatted. that seems to be all, the test suite finishes after I skip those.
2005-12-01T22:54:15 <_keturn> with 52 failures and 13 errors.
2005-12-01T22:54:45 <xorAxAx> yeah, just 52 failures.
2005-12-01T22:55:52 <xorAxAx> its really nice that i cannot test my own code because somebody else broke it completly
2005-12-01T22:56:01 <xorAxAx> and as he doesnt mind, i think i have to track this down
2005-12-01T22:56:13 <xorAxAx> _keturn: have you found out why unittest crashes?
2005-12-01T22:56:17 <xorAxAx> without any info
2005-12-01T22:56:47 *** ChanServ has quit IRC
2005-12-01T22:56:51 <xorAxAx> or, how did you find out that its that attributeerror?
2005-12-01T22:58:57 <_keturn> I found the attributeerror by putting a pdb.set_trace() in the test and stepping through until something nasty happened. I haven't figured out why the test harness doesn't catch it right.
2005-12-01T22:59:19 <xorAxAx> ah, the way how real men [tm] would have done it :-)
2005-12-01T22:59:48 <xorAxAx> did you know that there is a gdb x frontend that works with pdb?
2005-12-01T23:01:12 <_keturn> ddd? last time I tried it it didn't work especially well with pdb. but maybe it got better.
2005-12-01T23:01:45 <xorAxAx> i just have read it, i havent tried it. maybe they didnt test enough
2005-12-01T23:05:03 * xorAxAx tries to trace through it using komodo
2005-12-01T23:15:00 *** ChanServ has joined #moin-dev
2005-12-01T23:15:00 *** irc.freenode.net sets mode: +o ChanServ
2005-12-01T23:16:57 <xorAxAx> hmmm!
2005-12-01T23:17:10 * xorAxAx guesses - output redirection
2005-12-01T23:17:16 <ThomasWaldmann> _keturn: the cli theme stuff is fixed in current
2005-12-01T23:19:16 <_keturn> xorAxAx: yeah, it might be output redirection, the tests really are finishing but no more output gets sent
2005-12-01T23:19:35 <xorAxAx> but - i cannot find at least one of our files
2005-12-01T23:19:45 <xorAxAx> as they should go to data/error.log
2005-12-01T23:26:17 <_keturn> I think I am using current. Am I not?
2005-12-01T23:26:26 * xorAxAx updates to current
2005-12-01T23:28:31 * xorAxAx could reproduce it
2005-12-01T23:28:36 <xorAxAx> of course it was not fixed :)
2005-12-01T23:28:47 <xorAxAx> so debugging continues ...
2005-12-01T23:30:31 <xorAxAx> %-)
2005-12-01T23:30:46 <xorAxAx> the unittest output stream gets changed to the request instance
2005-12-01T23:30:48 <xorAxAx> hell weird
2005-12-01T23:34:09 <xorAxAx> hmm, that is correct and expected
2005-12-01T23:36:13 <xorAxAx> HA!
2005-12-01T23:36:15 <xorAxAx> found it
2005-12-01T23:37:05 <xorAxAx> i simply removed the stream kwarg in the testrunner init line in MoinMoin._tests
2005-12-01T23:37:46 <xorAxAx> its never save to use request.write for errors because request.write could be redirected at any point
2005-12-01T23:38:25 <_keturn> yeah, that seems to make it so the tests don't mysteriously disappear
2005-12-01T23:38:52 <xorAxAx> and that redirect request pattern is used very often in the codebase
2005-12-01T23:39:57 <_keturn> but now I get lots of cli theme errors.
2005-12-01T23:40:10 <xorAxAx> yep
2005-12-01T23:40:27 <xorAxAx> because the formatter is needed for i18n. but the formatter needs a theme which is not loaded
2005-12-01T23:40:50 <xorAxAx> because thomas removed it from requestbase.__init__
2005-12-01T23:41:12 <xorAxAx> and he added a workaround in moin_dump
2005-12-01T23:41:22 <xorAxAx> which is obviously wrong - it needs to go into requestcli
2005-12-01T23:41:25 <xorAxAx> ThomasWaldmann: do you agree?
2005-12-01T23:44:19 <_keturn> ah, thanks, that's enough to at least make my own tests go
2005-12-01T23:53:19 <xorAxAx> nice, i reduced the tests to 54 plain failures
2005-12-01T23:54:30 <xorAxAx> and no error
2005-12-01T23:54:31 <xorAxAx> s
MoinMoin: MoinMoinChat/Logs/moin-dev/2005-12-01 (last edited 2007-10-29 19:06:44 by localhost)