MoinMoinChat/Logs/moin-dev/2005-12-01

2005-12-01T00:29:10  *** xorAxAx changes topic to "MoinMoin Developer Channel - User or third-party issues should go to #moin. Note that you are publicly logged here: http://moinmoin.wikiwikiweb.de/MoinMoinChat/Logs/moin-dev"
2005-12-01T01:14:21  *** _keturn has joined #moin-dev
2005-12-01T02:25:39  <_keturn> I'm new to this arch thing.  Can I use baz with the moin source, or only tla?
2005-12-01T02:25:55  *** lida has joined #moin-dev
2005-12-01T02:28:08  <ThomasWaldmann> _keturn: baz should work
2005-12-01T02:30:02  <ThomasWaldmann> we never tried committing with it, but checking src out should be no problem
2005-12-01T02:35:11  <lida> Hi Thomas! I made new patch for auth / user_autocreate: http://moinmoin.wikiwikiweb.de/DavidLinke/TestingUserAutocreate - I hope it is ok now.
2005-12-01T02:36:04  <ThomasWaldmann> did you test it for http auth?
2005-12-01T02:36:30  <lida> Yes
2005-12-01T02:36:52  <ThomasWaldmann> and it worked for changing the username?
2005-12-01T02:38:17  <lida> you cannot change the username - if you save the userprefs the new name is shown first. But if you load another page you are again theold one ;-)
2005-12-01T02:39:00  * ThomasWaldmann rereads the patch to get WHY :)
2005-12-01T02:39:06  <lida> But to solve that I need to know the type of auth in userform code
2005-12-01T02:42:26  <ThomasWaldmann>              u = user.User(request, auth_username=username)
2005-12-01T02:42:26  <ThomasWaldmann> +            if u.name != username: # name changed within moin?
2005-12-01T02:43:02  <ThomasWaldmann> i am not sure this can be the case without a bug in moinmoin code.
2005-12-01T02:43:39  <_keturn> I did `baz register-archive http://arch.thinkmo.de/2003-archives`, and it accepted that, but any commands that follow die with "Invalid archive given"
2005-12-01T02:43:50  <_keturn> while the tla commands work fine.
2005-12-01T02:44:27  <ThomasWaldmann> _keturn: i think i had similar troubles a while ago.
2005-12-01T02:45:00  <ThomasWaldmann> iirc, it was because baz and tla used slightly different formats for the same file :|
2005-12-01T02:45:52  <ThomasWaldmann> but if you have tla working, why dont you use just that?
2005-12-01T02:46:14  <_keturn> I guess I will.
2005-12-01T02:46:35  <ThomasWaldmann> (at least as long as we use it. :)
2005-12-01T02:47:27  <ThomasWaldmann> I found Mercurial to be quite nice. It just misses some rename support, but after it gets that, we might switch.
2005-12-01T02:48:54  <ThomasWaldmann> lida: do i need both patches now?
2005-12-01T02:50:03  <lida> You just need the new (long) one. I.e. no changes in user.py!
2005-12-01T02:50:44  <ThomasWaldmann> the problem i see is that the username is the link between http auth and moin user profile
2005-12-01T02:51:10  <ThomasWaldmann> so if you manage to change it, this link breaks
2005-12-01T02:52:01  <ThomasWaldmann> it could be a bug in moin why this worked in your test
2005-12-01T02:52:02  <lida> I avoid to break the link.
2005-12-01T02:52:14  <ThomasWaldmann> how?
2005-12-01T02:52:41  <_keturn> we use darcs here.  The UI (and/or emacs integration) needs some help, but it's alright.
2005-12-01T02:53:21  <ThomasWaldmann> _keturn: as we are python geeks, we prefer a py solution :)
2005-12-01T02:53:58  <ThomasWaldmann> so either hg or bzr
2005-12-01T02:57:03  <lida> For a request from userprefs I use the auth_username to look up the profile and ignore the name - if name is wrong it is replaced by the auth_username. Should be save - or I do not see your point.
2005-12-01T02:58:40  <ThomasWaldmann> at some point the userform code should change the name in the profile and do a save()
2005-12-01T02:59:03  <ThomasWaldmann> and i ask myself how this is avoided
2005-12-01T03:00:23  <ThomasWaldmann> http get UserPreferences -> get the form with the http auth username
2005-12-01T03:01:17  <ThomasWaldmann> then change username in form -> http post -> http auth -> userform code evaluating the form -> save() ?
2005-12-01T03:01:41  <_keturn> anyway, back to topic, I am tackling OpenIDSupport.  Presumably this involves adding a function like those in auth, which take a request and return a User instance?
2005-12-01T03:02:22  <ThomasWaldmann> _keturn: maybe. I had a short look at openid, but didnt do any work yet.
2005-12-01T03:03:19  <ThomasWaldmann> but maybe that's not all, iirc it also needs some form stuff
2005-12-01T03:03:30  <_keturn> redirect stuff, actually
2005-12-01T03:04:34  <ThomasWaldmann> btw, fabi worked on some interwiki auth, maybe we have to check whether that can be done openid like rather
2005-12-01T03:05:08  <_keturn> user will need to submit their openID in a forum, then <stuff happens>, and later the browser gets redirected *back* to the wiki and it may at that point be authenticated
2005-12-01T03:06:17  <ThomasWaldmann> it would be great if that <stuff happening> could be at another moin wiki
2005-12-01T03:06:52  <_keturn> I'm looking at auth.interwiki, and that has one case where it opens an xmlrpc back-channel, and another case where it says "pass # XXX"
2005-12-01T03:06:53  <ThomasWaldmann> maybe check the code we have and evaluate it against openid
2005-12-01T03:07:16  <ThomasWaldmann> that code is not finished, i am not sure it even works
2005-12-01T03:07:36  <lida> Thomas, I looked at the user-file. The name is temporarily changed when I save usr pref and set back to auth name at the next request. This is wrong. The wrong name should be avoided. But in the userform-code I do not know auth and so I do nt know if a name-change or an email-change is allowed or not.
2005-12-01T03:08:04  <ThomasWaldmann> lida: this is maybe possible only due to a bug in moin.
2005-12-01T03:08:39  <_keturn> oop, bus to catch, be back another day
2005-12-01T03:08:40  <ThomasWaldmann> we dont remove the old username -> id mapping from the user dict immediately
2005-12-01T03:08:49  <ThomasWaldmann> _keturn: cu :)
2005-12-01T03:09:11  <ThomasWaldmann> but this is a bug and we shouldnt build on it
2005-12-01T03:09:45  <ThomasWaldmann> so it looks like we need more framework stuff for auth
2005-12-01T03:10:43  <lida> Yes probably. There was also a note in the code that there is room for improvement ;-)
2005-12-01T03:11:28  <ThomasWaldmann> maybe we need a list of user attributes that gets set by auth module
2005-12-01T03:11:58  <ThomasWaldmann> and we have to avoid changing members of that list in userform code
2005-12-01T03:13:00  <lida> Sounds good.
2005-12-01T03:13:37  <lida> I may continue to look at it - but not now. It is getting late. Besides, during the day I am cut off from IRC.
2005-12-01T03:13:38  <ThomasWaldmann> and maybe not even offer form fields or not editable form fields for those
2005-12-01T03:14:16  <ThomasWaldmann> i think i have a look today evening
2005-12-01T03:14:41  <ThomasWaldmann> ssh tunnels rule :)
2005-12-01T03:14:54  <ThomasWaldmann> but sometimes are disallowed :)
2005-12-01T03:19:22  <lida> I probably could have IRC - but have to get other thinks done... - unfortunatey ;-)  I'll be back tomorrow.
2005-12-01T03:20:16  *** lida has quit IRC
2005-12-01T05:45:59  * ThomasWaldmann has some uncommitted auth stuff in workdir. it still has bugs as you see when saving userprefs on mm site.
2005-12-01T05:46:07  <ThomasWaldmann> will debug more later...
2005-12-01T08:03:53  *** nwp_ has quit IRC
2005-12-01T08:05:06  *** nwp_ has joined #moin-dev
2005-12-01T08:40:14  *** Fabi has joined #moin-dev
2005-12-01T10:10:06  *** Fabi has quit IRC
2005-12-01T10:20:13  *** starshine_away is now known as starshine
2005-12-01T10:37:00  *** starshine is now known as starshine_away
2005-12-01T13:25:25  *** Fabi has joined #moin-dev
2005-12-01T18:31:30  *** starshine_away is now known as starshine
2005-12-01T18:39:39  <ThomasWaldmann> moin
2005-12-01T18:41:12  * starshine waves a sleepy hello :)
2005-12-01T18:41:51  * ThomasWaldmann was 2h on the road for what normally takes 15mins 8-|
2005-12-01T19:03:57  *** moinBot` has joined #moin-dev
2005-12-01T19:04:16  *** moinBot has quit IRC
2005-12-01T19:38:49  <_keturn> auth.moin_cookie looks dangerous to me.  Anyone who can find your ID can login as you without any other credentials?
2005-12-01T19:43:14  <xorAxAx> _keturn: yep, has been like that for 5 years now
2005-12-01T19:43:45  <xorAxAx> .oO(we should obscure the code again to make it more secure)
2005-12-01T19:43:58  <xorAxAx> _keturn: so never expose the ID yourself and use SSL if necessary
2005-12-01T19:45:17  <_keturn> it's essentially putting your password in a cookie in a way you can't change.  :-/
2005-12-01T19:45:44  <xorAxAx> yeah, but the attack vectors are not that much different than with session based auth
2005-12-01T19:46:00  <xorAxAx> this doesnt mean that we wont transition to sessions
2005-12-01T20:07:13  <_keturn> ok, adding openid logins doesn't look too hard, just so long as it's okay for me to add another attribute to the user data.
2005-12-01T20:24:03  *** starshine is now known as starshine_away
2005-12-01T21:01:42  <_keturn> Is there anything in the test suite to help check the content of pages?  i.e. "fail unless page contains an input elment with name foo" kind of thing.
2005-12-01T21:02:09  <xorAxAx> i dont think so
2005-12-01T21:02:48  <xorAxAx> its very untypical for the test suite to pass in a release anyway (if the tests arent disabled before hand)
2005-12-01T21:04:55  <_keturn> heh.
2005-12-01T21:05:32  <_keturn> sweet.  the tests just *died*, didn't even finish.
2005-12-01T21:57:57  <ThomasWaldmann> _keturn: jfyi, i am changing auth stuff slightly right now
2005-12-01T21:59:58  <ThomasWaldmann> the User() constructor gets 2 addtl. kw args: User(...., auth_method='http', auth_attribs=('name', 'password'))
2005-12-01T22:00:24  <xorAxAx> ThomasWaldmann: what is auth_method?
2005-12-01T22:00:56  <ThomasWaldmann> the name of the auth function calling the constructor
2005-12-01T22:01:49  <ThomasWaldmann> so moin will "know" later, what authentified the user
2005-12-01T22:02:36  <ThomasWaldmann> it is stored in user object as .auth_method
2005-12-01T22:03:53  <ThomasWaldmann> auth_attribs are the names of the user obj attributes which are made up by the auth method and shouldnt be modified by forms
2005-12-01T22:09:27  <xorAxAx> nwp_: ping
2005-12-01T22:09:41  <nwp_> xorAxAx: pong
2005-12-01T22:09:51  <xorAxAx> nwp_: read above
2005-12-01T22:09:56  <nwp_> ah
2005-12-01T22:10:58  <nwp_> ThomasWaldmann: that still won't help with the problem we were talking about before, btw
2005-12-01T22:11:59  <nwp_> (about e.g. LDAP explicitly failing and cookie then succeeding)
2005-12-01T22:16:56  <ThomasWaldmann> yes, we need more changes
2005-12-01T22:17:13  <ThomasWaldmann> i try to get that first change working meanwhile :)
2005-12-01T22:17:34  <xorAxAx> of course without any tests :)
2005-12-01T22:18:31  <ThomasWaldmann> sure
2005-12-01T22:18:54  <xorAxAx> i mean "unit testing code"
2005-12-01T22:45:35  <_keturn> ok, the test that is crashing the test suite is PackageTests, and its call to installPackage is raising an AttributeError ("'RequestCLI' object has no attribute 'theme'",)
2005-12-01T22:45:48  <_keturn> why that crashes the test suite I have no idea
2005-12-01T22:47:29  <ThomasWaldmann> version?
2005-12-01T22:48:21  <_keturn> moin--main--1.5 with Debian etch python2.3 and python2.4
2005-12-01T22:50:57  <xorAxAx> _keturn: tom broke it ;-)
2005-12-01T22:51:00  <_keturn> the same error crashes parser.wiki testEscapeInGetTextFormatedLink
2005-12-01T22:53:31  <_keturn> and testEscapeInGetTextFormatted.  that seems to be all, the test suite finishes after I skip those.
2005-12-01T22:54:15  <_keturn> with 52 failures and 13 errors.
2005-12-01T22:54:45  <xorAxAx> yeah, just 52 failures.
2005-12-01T22:55:52  <xorAxAx> its really nice that i cannot test my own code because somebody else broke it completly
2005-12-01T22:56:01  <xorAxAx> and as he doesnt mind, i think i have to track this down
2005-12-01T22:56:13  <xorAxAx> _keturn: have you found out why unittest crashes?
2005-12-01T22:56:17  <xorAxAx> without any info
2005-12-01T22:56:47  *** ChanServ has quit IRC
2005-12-01T22:56:51  <xorAxAx> or, how did you find out that its that attributeerror?
2005-12-01T22:58:57  <_keturn> I found the attributeerror by putting a pdb.set_trace() in the test and stepping through until something nasty happened.  I haven't figured out why the test harness doesn't catch it right.
2005-12-01T22:59:19  <xorAxAx> ah, the way how real men [tm] would have done it :-)
2005-12-01T22:59:48  <xorAxAx> did you know that there is a gdb x frontend that works with pdb?
2005-12-01T23:01:12  <_keturn> ddd?  last time I tried it it didn't work especially well with pdb.  but maybe it got better.
2005-12-01T23:01:45  <xorAxAx> i just have read it, i havent tried it. maybe they didnt test enough
2005-12-01T23:05:03  * xorAxAx tries to trace through it using komodo
2005-12-01T23:15:00  *** ChanServ has joined #moin-dev
2005-12-01T23:15:00  *** irc.freenode.net sets mode: +o ChanServ
2005-12-01T23:16:57  <xorAxAx> hmmm!
2005-12-01T23:17:10  * xorAxAx guesses - output redirection
2005-12-01T23:17:16  <ThomasWaldmann> _keturn: the cli theme stuff is fixed in current
2005-12-01T23:19:16  <_keturn> xorAxAx: yeah, it might be output redirection, the tests really are finishing but no more output gets sent
2005-12-01T23:19:35  <xorAxAx> but - i cannot find at least one of our files
2005-12-01T23:19:45  <xorAxAx> as they should go to data/error.log
2005-12-01T23:26:17  <_keturn> I think I am using current.  Am I not?
2005-12-01T23:26:26  * xorAxAx updates to current
2005-12-01T23:28:31  * xorAxAx could reproduce it
2005-12-01T23:28:36  <xorAxAx> of course it was not fixed :)
2005-12-01T23:28:47  <xorAxAx> so debugging continues ...
2005-12-01T23:30:31  <xorAxAx> %-)
2005-12-01T23:30:46  <xorAxAx> the unittest output stream gets changed to the request instance
2005-12-01T23:30:48  <xorAxAx> hell weird
2005-12-01T23:34:09  <xorAxAx> hmm, that is correct and expected
2005-12-01T23:36:13  <xorAxAx> HA!
2005-12-01T23:36:15  <xorAxAx> found it
2005-12-01T23:37:05  <xorAxAx> i simply removed the stream kwarg in the testrunner init line in MoinMoin._tests
2005-12-01T23:37:46  <xorAxAx> its never save to use request.write for errors because request.write could be redirected at any point
2005-12-01T23:38:25  <_keturn> yeah, that seems to make it so the tests don't mysteriously disappear
2005-12-01T23:38:52  <xorAxAx> and that redirect request pattern is used very often in the codebase
2005-12-01T23:39:57  <_keturn> but now I get lots of cli theme errors.
2005-12-01T23:40:10  <xorAxAx> yep
2005-12-01T23:40:27  <xorAxAx> because the formatter is needed for i18n. but the formatter needs a theme which is not loaded
2005-12-01T23:40:50  <xorAxAx> because thomas removed it from requestbase.__init__
2005-12-01T23:41:12  <xorAxAx> and he added a workaround in moin_dump
2005-12-01T23:41:22  <xorAxAx> which is obviously wrong - it needs to go into requestcli
2005-12-01T23:41:25  <xorAxAx> ThomasWaldmann: do you agree?
2005-12-01T23:44:19  <_keturn> ah, thanks, that's enough to at least make my own tests go
2005-12-01T23:53:19  <xorAxAx> nice, i reduced the tests to 54 plain failures
2005-12-01T23:54:30  <xorAxAx> and no error
2005-12-01T23:54:31  <xorAxAx> s
MoinMoin: MoinMoinChat/Logs/moin-dev/2005-12-01 (last edited 2007-10-29 19:06:44 by localhost)