MoinMoin: MoinMoinChat/Logs/moin-dev/2009-03-07

2009-03-07T00:08:53  *** grzywacz has quit IRC
2009-03-07T03:11:04  *** dimazest has joined #moin-dev
2009-03-07T04:01:09  *** dimazest_ has joined #moin-dev
2009-03-07T04:17:02  *** dimazest has quit IRC
2009-03-07T05:11:14  *** dimazest has joined #moin-dev
2009-03-07T05:27:47  *** dimazest_ has quit IRC
2009-03-07T05:35:19  *** dimazest_ has joined #moin-dev
2009-03-07T05:51:25  *** dimazest has quit IRC
2009-03-07T07:05:25  *** dimazest has joined #moin-dev
2009-03-07T07:22:31  *** dimazest_ has quit IRC
2009-03-07T07:55:30  *** dimazest_ has joined #moin-dev
2009-03-07T08:12:46  *** dimazest has quit IRC
2009-03-07T08:28:20  *** starGaming is now known as stargaming
2009-03-07T10:01:15  <ThomasWaldmann> TheSheep: modernized has (c) entries for Nir and me and nothing for you, wich is obviously wrong
2009-03-07T10:15:35  *** dimazest has joined #moin-dev
2009-03-07T10:32:07  *** dimazest_ has quit IRC
2009-03-07T10:50:22  <ThomasWaldmann> hmm, anon session disabling (default) doesn't work in 1.9
2009-03-07T11:06:43  *** grzywacz has joined #moin-dev
2009-03-07T12:09:42  *** dimazest_ has joined #moin-dev
2009-03-07T12:17:46  *** dimazest has quit IRC
2009-03-07T13:19:47  *** dimazest has joined #moin-dev
2009-03-07T13:37:13  *** dimazest_ has quit IRC
2009-03-07T13:54:05  * ThomasWaldmann found another unfinished mess
2009-03-07T15:09:43  <dreimark> moin
2009-03-07T15:10:22  <dreimark> pagetrail seems not to work wit cgi/http_auth. The len is wrong I have onlyone item in pagetrail
2009-03-07T15:24:15  <dreimark> hmm, seems the session files are not compatibel, after removing them I get now a valid trail
2009-03-07T16:00:59  <dreimark> in 1.9 WikiSandBox does not show the png file of the drawing
2009-03-07T16:01:38  <dreimark> http://master19.moinmo.in/WikiSandBox
2009-03-07T16:21:24  <dreimark> bbl
2009-03-07T16:47:43  <ThomasWaldmann> dreimark: if pagetrail is only 1 item long, that means that there is no session
2009-03-07T16:50:39  <ThomasWaldmann> and it looks like we currently have 2 sessions systems in the 1.9 source: the old one from 1.8 (inactive?) and the new one using werkzeug.contrib.session code and missing some features of the old one (active)
2009-03-07T16:57:10  *** dimazest has quit IRC
2009-03-07T16:57:10  *** ThomasWaldmann has quit IRC
2009-03-07T16:57:10  *** vpv has quit IRC
2009-03-07T16:57:10  *** dreimark has quit IRC
2009-03-07T16:57:10  *** nwp has quit IRC
2009-03-07T16:57:10  *** TheSheep has quit IRC
2009-03-07T16:57:10  *** stargaming has quit IRC
2009-03-07T16:57:10  *** waldi has quit IRC
2009-03-07T16:57:10  *** mitsuhiko has quit IRC
2009-03-07T16:57:10  *** xorAxAx has quit IRC
2009-03-07T16:58:13  *** ThomasWaldmann has joined #moin-dev
2009-03-07T16:58:13  *** dimazest has joined #moin-dev
2009-03-07T16:58:13  *** TheSheep has joined #moin-dev
2009-03-07T16:58:13  *** stargaming has joined #moin-dev
2009-03-07T16:58:13  *** dreimark has joined #moin-dev
2009-03-07T16:58:13  *** vpv has joined #moin-dev
2009-03-07T16:58:13  *** nwp has joined #moin-dev
2009-03-07T16:58:13  *** xorAxAx has joined #moin-dev
2009-03-07T16:58:13  *** mitsuhiko has joined #moin-dev
2009-03-07T16:58:13  *** waldi has joined #moin-dev
2009-03-07T16:58:13  *** irc.freenode.net sets mode: +o ThomasWaldmann
2009-03-07T17:00:37  <dreimark> ThomasWaldmann: after deleting the old sessio nfiles I have now a working pagetrail
2009-03-07T17:16:39  <ThomasWaldmann> it should be enough to just delete the cookie when manually testing
2009-03-07T17:17:05  <ThomasWaldmann> but maybe wait until after my next commit, I am currently doing a cleanup for the session stuff
2009-03-07T17:17:24  <ThomasWaldmann> MoinMoin.session seems to be unused
2009-03-07T17:18:10  <dreimark> I have no farm setup so I have no idea why I have cache files in data/cache/__common__/session
2009-03-07T17:18:37  <dreimark> they should only be written for the farm scope
2009-03-07T17:19:37  <ThomasWaldmann> ?
2009-03-07T17:20:12  <dreimark> if i search where __common__ is defined I get only caching.py
2009-03-07T17:20:17  <dreimark> lif scope == 'farm':
2009-03-07T17:20:22  <dreimark> return os.path.join(request.cfg.cache_dir, '__common__', arena)
2009-03-07T17:20:46  <ThomasWaldmann> each caching call can tell the scope of its data storage
2009-03-07T17:21:25  <ThomasWaldmann> btw, i added some session_dir cfg attr recently
2009-03-07T17:22:06  <dreimark> I know e.g. scope='farm' (unfort. I have no idea why my test system should have this)
2009-03-07T17:22:24  <dreimark> may be it is old, will do some new instances tests
2009-03-07T17:25:06  <ThomasWaldmann> i think it is ok to store the session cache on farm level. you still can override this if you don't want it.
2009-03-07T17:34:41  <ThomasWaldmann> logout is also borked
2009-03-07T17:35:03  <ThomasWaldmann> (you are still tracked by a anon session after you log out)
2009-03-07T17:35:25  <ThomasWaldmann> even if cookie lifetime for anon sessions is 0
2009-03-07T17:36:48  <dreimark> hmm the same sesion or a new one?
2009-03-07T17:40:18  <dreimark> it is the same session file
2009-03-07T17:41:38  <dreimark> but it's content is purged
2009-03-07T17:47:20  <ThomasWaldmann> still bad, because if anon cookie lifetime is 0, we do not want anon sessions
2009-03-07T17:47:38  <ThomasWaldmann> dreimark: did you ever use openid?
2009-03-07T18:03:52  *** dimazest_ has joined #moin-dev
2009-03-07T18:18:51  *** dimazest has quit IRC
2009-03-07T18:34:56  * ThomasWaldmann adds httponly flag to cookies
2009-03-07T19:35:55  <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4628:3c6980b5e938 1.9/MoinMoin/ (5 files in 5 dirs): (log message trimmed)
2009-03-07T19:35:55  <CIA-38> fix new session code. remove old session code. details below.
2009-03-07T19:35:55  <CIA-38> Removed the old 1.8 session code (MoinMoin.session):
2009-03-07T19:35:55  <CIA-38> * cfg.session_handler and session_id_handler are gone (use cfg.session_service)
2009-03-07T19:35:55  <CIA-38> * cfg.anonymous_session_lifetime is gone (use cfg.cookie_lifetime)
2009-03-07T19:35:59  <CIA-38> Fixed new 1.9 session code (MoinMoin.web.session):
2009-03-07T19:36:01  <CIA-38> * cfg.cookie_lifetime is now a tuple (anon, loggedin), giving the lifetime
2009-03-07T19:36:44  <ThomasWaldmann>    of the cookie in hours, accepting floats, for anon sessions and logged in
2009-03-07T19:36:44  <ThomasWaldmann>    sessions. Default is (0, 12). 0 means not to use a session cookie (== not to
2009-03-07T19:36:47  <ThomasWaldmann>    establish a session) and makes only sense for anon users.
2009-03-07T19:36:50  <ThomasWaldmann>  * cfg.cookie_httponly is new and defaults to True.
2009-03-07T19:36:52  <ThomasWaldmann>  * when logging out, the session cookie is deleted.
2009-03-07T19:36:55  <ThomasWaldmann>  * more debug logging
2009-03-07T19:37:43  <ThomasWaldmann> trail is still a bit broken for anon users without a real session
2009-03-07T20:08:18  <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4629:554e1d780e3b 1.9/MoinMoin/ (auth/openidrp.py user.py web/session.py): fixed anon session detection, optimized trail code
2009-03-07T21:24:39  * ThomasWaldmann hacked a modernized_cms
2009-03-07T21:24:45  <ThomasWaldmann> TheSheep: ^^
2009-03-07T21:49:34  <ThomasWaldmann> http://paste.pocoo.org/show/106885/
2009-03-07T22:22:19  <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4295:716dcfb00e8e 1.8/MoinMoin/theme/modernized_cms.py: added modernized_cms theme
2009-03-07T22:52:32  <dreimark> re
2009-03-07T22:53:29  <ThomasWaldmann> wb dreimark
2009-03-07T22:53:32  <dreimark> ThomasWaldmann: sorry I have not used openid yet.
2009-03-07T22:57:11  <dreimark> ThomasWaldmann:I have looked only at the comments above but  http cookie lifetime does not know floating point numbers
2009-03-07T22:58:04  <ThomasWaldmann> no problem, i make an int of it after calculating seconds
2009-03-07T22:58:13  <dreimark> ok
2009-03-07T23:10:09  <dreimark> ThomasWaldmann: why can I get the same session file for http_auth after I have closed a session.
2009-03-07T23:10:30  <CIA-38> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 4636:83483f4e26cb 1.9/MoinMoin/ (8 files in 5 dirs): merged moin/1.8
2009-03-07T23:10:38  <dreimark> I get it also with a new user. so i get the page trail from the previous user
2009-03-07T23:11:16  <ThomasWaldmann> you mean anon -> logged in?
2009-03-07T23:11:29  <dreimark> no user logged in by http_auth
2009-03-07T23:11:42  <dreimark> then browser closed means logout
2009-03-07T23:12:03  <dreimark> then created a nuew user for http_auth and logged in with that one
2009-03-07T23:12:15  <dreimark> he gets the session file of the previous user
2009-03-07T23:12:48  <ThomasWaldmann> did you clear the old cookies before testing?
2009-03-07T23:12:58  <dreimark> no, will redo
2009-03-07T23:13:25  <ThomasWaldmann> hmm, i guess i know the problem
2009-03-07T23:13:39  <ThomasWaldmann> current code clears the cookie on logout action
2009-03-07T23:13:51  <dreimark> http_auth has no logout
2009-03-07T23:14:01  <ThomasWaldmann> yes, therefore cookie stays
2009-03-07T23:14:21  <ThomasWaldmann> thus you will have a anon session
2009-03-07T23:17:05  <dreimark> verified after clearing old cookies. two users can get the same session
2009-03-07T23:18:14  <dreimark> not at the same time with one browser
2009-03-07T23:22:21  <dreimark> that's difficult the old session file had known the userid of the old user
2009-03-07T23:25:05  <dreimark> arg another problem by http_auth
2009-03-07T23:26:13  <dreimark> if you switch by superuser to another user you get in settings the possibility to change a password for that user
2009-03-07T23:26:23  <dreimark> and if you do so you run in a traceback
2009-03-07T23:30:13  <ThomasWaldmann> dreimark: you mean GivenAuth?
2009-03-07T23:31:57  <dreimark> I file a bug report currently
2009-03-07T23:34:41  <dreimark> http://moinmo.in/MoinMoinBugs/1.9http_auth_su_user_change_password
2009-03-07T23:36:06  <dreimark> the wiki becomes totally broken for the user afterwards
2009-03-07T23:36:26  <dreimark> every other page gives that traceback now
2009-03-07T23:40:12  <dreimark> killing the session file escapes
2009-03-07T23:43:24  <dreimark> (the traceback happens by su from user to user to user, clarified in the report)
2009-03-07T23:45:43  <ThomasWaldmann> add "userobj and" at the place where it crashes
2009-03-07T23:48:33  <dreimark> hmm, that stops now the su session
2009-03-07T23:49:30  <dreimark> clicking on change password changes the account to my account
2009-03-07T23:50:18  <ThomasWaldmann> i dont see yet how this all is related to changing a password
2009-03-07T23:51:03  <dreimark> there should be never a link to change a pssword for http_auth
2009-03-07T23:51:12  <dreimark> it isn't for the current user
2009-03-07T23:51:27  <ThomasWaldmann> and that bug lacks details
2009-03-07T23:51:30  <dreimark> but if he switches to another user he get's the password change form
2009-03-07T23:51:42  <dreimark> which detail?
2009-03-07T23:52:05  <ThomasWaldmann> auth config
2009-03-07T23:52:49  <ThomasWaldmann> and a user profile is just a user profile. the profile does not know how that user authenticates.
2009-03-07T23:56:06  <dreimark> hmm, if superuser itselfs can not change his password, why should he be able to change someone else password.
2009-03-07T23:56:52  <ThomasWaldmann> because he is currently logged in via http auth?
2009-03-07T23:57:24  <dreimark> sure but the config does not let an other user then not to login by http auth
2009-03-07T23:58:16  <dreimark> if someone comes to me hey I want a new password and I change it that way it won't work