2008-04-19T01:05:38 * TheSheep reads http://lucumr.pocoo.org/blogarchive/tekisuto
2008-04-19T01:08:21 <johill> what's with the wiki/italic/start thing?
2008-04-19T01:08:36 <johill> how's that pythonic if you parse those strings everywhere?
2008-04-19T01:09:18 <TheSheep> ask mitsuhiko :)
2008-04-19T01:13:17 <TheSheep> I also don't like how the 'data' dict is passed, it would make more sense to just create the directive objects and use them for storing the data
2008-04-19T01:13:48 <johill> yeah
2008-04-19T01:14:48 <TheSheep> I actually use a similar idea of separating the parser form the rules
2008-04-19T01:15:20 <TheSheep> only I define all rules with regexps, not arbitrary functions, for efficiency
2008-04-19T01:16:35 <TheSheep> hmm.. this page is 2 years old :)
2008-04-19T01:16:42 <johill> yeah :)
2008-04-19T01:16:56 <johill> not quite
2008-04-19T01:17:04 <johill> 1.25 or something ;)
2008-04-19T08:08:52 <kikka> Moin
2008-04-19T08:22:59 <ThomasWaldmann> moin
2008-04-19T09:08:38 <PawelPacana> moin
2008-04-19T09:14:17 * ThomasWaldmann slaps dreimark with a big python
2008-04-19T09:14:29 <ThomasWaldmann> moin Pawel
2008-04-19T09:59:15 <CIA-47> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 2624:82a1426b0235 1.6/MoinMoin/userform.py: revert 6be19b7e611b (see http://moinmo.in/MoinMoinBugs/ChangeOtherAccountsPassword), needs better fix
2008-04-19T10:17:15 <ThomasWaldmann> (similar problem in 1.7, btw)
2008-04-19T10:25:47 <johill> ThomasWaldmann: huh?
2008-04-19T10:25:52 <johill> how can that patch *cause* it?
2008-04-19T10:26:13 <johill> oh. I see
2008-04-19T10:28:23 <johill> we should just not use the theuser object
2008-04-19T10:33:13 <ThomasWaldmann> because theuser IS request.user
2008-04-19T10:35:57 <johill> yeah
2008-04-19T10:36:03 <johill> why do we use 'theuser' there anyway for all the checks?
2008-04-19T10:36:06 <johill> that's just confusing
2008-04-19T10:36:18 <johill> the correct thing to do would be to *copy* request.user
2008-04-19T10:36:24 <johill> in this scenario
2008-04-19T10:36:47 <johill> but I'd advocate just reordering the code and doing the checks w/o a user object
2008-04-19T10:37:00 <ThomasWaldmann> theuser user was initially some local user object used for checking / preparing it
2008-04-19T10:37:35 <johill> right
2008-04-19T10:37:39 <johill> so what was that about 1.7?
2008-04-19T10:38:06 <johill> ah. same thing there, I'll fix that first
2008-04-19T10:38:36 <ThomasWaldmann> be careful :)
2008-04-19T10:39:36 <johill> :)
2008-04-19T10:39:45 <johill> I'll probably just rewrite most of the code ;)
2008-04-19T10:40:28 <ThomasWaldmann> we need something working, for both 1.6 and 1.7
2008-04-19T10:41:13 <johill> yeah 1.7 is easier to test for me right now, I'll do that first, the code is mostly still the same though
2008-04-19T10:47:33 * ThomasWaldmann still needs some sleep, bbl
2008-04-19T10:48:50 <kikka> Moin
2008-04-19T10:54:12 <CIA-47> Johannes Berg <johannes AT sipsolutions DOT net> default * 3510:50c2b537a089 1.7/MoinMoin/theme/__init__.py: make sane default arg to theme.add_msg()
2008-04-19T10:57:32 <CIA-47> Johannes Berg <johannes AT sipsolutions DOT net> default * 3511:d2eddbbe24ca 1.7/MoinMoin/action/userprefs.py: allow userprefs plugins to return (message type, message) tuple
2008-04-19T11:03:17 <CIA-47> Johannes Berg <johannes AT sipsolutions DOT net> default * 3512:3fc77153629a 1.7/MoinMoin/userprefs/prefs.py: fix up preferences handling, drop theuser object in favour of direct checks
2008-04-19T11:03:17 <johill> that should fix it
2008-04-19T11:13:19 <johill> ok suc
2008-04-19T11:13:20 <johill> suck
2008-04-19T11:13:23 <johill> it's easy to fix in 1.7
2008-04-19T11:13:33 <johill> but non-trivial in 1.6 because there it's all intermingled with creating new users
2008-04-19T11:23:56 <CIA-47> Johannes Berg <johannes AT sipsolutions DOT net> default * 3513:7bfd4232cfb7 1.7/MoinMoin/userprefs/ (changepass.py notification.py oid.py prefs.py suid.py): builtin userprefs plugins: return appropriate message class
2008-04-19T11:46:30 <dreimark> moin
2008-04-19T11:46:45 <dreimark> looks like four eyes weren't enough
2008-04-19T11:52:35 <johill> yeah
2008-04-19T11:52:50 <johill> oh well. do you remember what the suid bug was this fixed? :)
2008-04-19T11:52:57 <dreimark> http://moinmo.in/MoinMoinBugs/1.6.0ChangingSelectedUserAccountOverwritesSuperuserAccount
2008-04-19T11:53:20 <dreimark> that was the initial bug
2008-04-19T11:53:21 <johill> ah right
2008-04-19T12:27:46 <johill> ok so how do we fix that then?
2008-04-19T12:27:53 <johill> I'm not sure why it gets a wrong user there in the first place
2008-04-19T12:32:15 <johill> oh I see
2008-04-19T12:33:45 <zenhase> moin
2008-04-19T12:38:13 <johill> hrm
2008-04-19T12:38:59 <johill> I don't have a good idea how to fix it
2008-04-19T12:39:23 <johill> some code assumes theuser points to the logged in user
2008-04-19T12:39:34 <johill> (for example the code that sets the 'newuser' variable)
2008-04-19T12:39:46 <johill> some other code assumes theuser is the object that we're changing
2008-04-19T12:39:50 <johill> (for example the name setting code)
2008-04-19T12:40:07 <johill> let's just release 1.7 ;)
2008-04-19T12:41:26 <xorAxAx> johill: well, once upon a time it wasnt broken
2008-04-19T12:41:32 <xorAxAx> so fixing it should be easy :-)
2008-04-19T12:41:38 <xorAxAx> by blaming the file
2008-04-19T12:42:14 <johill> no
2008-04-19T12:42:31 <xorAxAx> hmm?
2008-04-19T12:42:41 <johill> you're making the wrong assumption that moin code is focused
2008-04-19T12:42:59 <johill> it uses code all over request etc.
2008-04-19T12:43:02 <xorAxAx> it was already broken in e13e6d72f42a
2008-04-19T12:43:37 <xorAxAx> thats 10 months :)
2008-04-19T12:43:53 <johill> I think it was probably broken ever since super user was added
2008-04-19T12:43:59 <xorAxAx> nah
2008-04-19T12:44:03 <johill> and only worked by accident sometimes
2008-04-19T12:44:06 <xorAxAx> hmm
2008-04-19T12:44:19 <dreimark> in 1.5 it was bot
2008-04-19T12:44:24 <dreimark> not
2008-04-19T12:44:28 <johill> I tried fixing it
2008-04-19T12:44:31 <johill> but that added another bug
2008-04-19T12:44:35 <johill> where you rename your own account
2008-04-19T12:44:39 <johill> (and that wouldn't work any more)
2008-04-19T12:44:51 <johill> seriously, the problem is that this userform code does everything in the same code
2008-04-19T12:45:01 <johill> I just fixed it really easily in 1.7
2008-04-19T12:45:33 <johill> but there creating a user isn't intermingled with the prefs changes code
2008-04-19T12:45:51 <johill> so you don't have to worry about such things, it just exits early when request.user isn't assigned
2008-04-19T12:46:13 <johill> but in 1.6 you can even create a new user while logged in
2008-04-19T12:46:16 <johill> and that has the same code
2008-04-19T12:46:21 <johill> so which place did you get from?
2008-04-19T12:46:32 <johill> you have to add checks all over for the form button
2008-04-19T12:48:22 <johill> most likely, my session/auth work broke it
2008-04-19T12:49:15 <johill> because I assumed that request.get_user_from_form() would be used sanely
2008-04-19T12:49:26 <johill> for logins. not for preferences
2008-04-19T12:51:01 <johill> 1.7 does that
2008-04-19T12:51:05 <johill> (because I made it)
2008-04-19T12:51:14 <johill> anyway, lunch
2008-04-19T13:02:26 <dennda> Sorry for being a bit irresponsive the last few days. I got a few things that needed care... (Girlfriend ended our relationship etc...)
2008-04-19T13:10:02 <dreimark> hard times
2008-04-19T13:15:55 <TheSheep> ugh
2008-04-19T13:18:26 <zenhase> dennda: sorry to hear that :/
2008-04-19T13:20:41 <dennda> thanks
2008-04-19T13:26:24 <dreimark> bbl
2008-04-19T14:09:54 <dennda> copton: that code looks quite hacky as is
2008-04-19T15:05:36 <ThomasWaldmann> http://hackontest.org/
2008-04-19T15:11:34 <dreimark> wrong month
2008-04-19T15:11:47 * dreimark is in zuerich end of may
2008-04-19T15:35:58 <johill> why do we have so many wiki pages in underlay starting with "Ohje" :)
2008-04-19T15:37:47 <TheSheep> hilfe
2008-04-19T15:38:02 <TheSheep> ajuto
2008-04-19T15:47:00 <kikka> hihi
2008-04-19T15:57:15 <ThomasWaldmann> yeah, ohje is funny :)
2008-04-19T15:59:29 <ThomasWaldmann> johill: what's the point of that add_msg changeset?
2008-04-19T16:00:37 <johill> ThomasWaldmann: to be able to pass None instead of hardcoding the default everywhere
2008-04-19T16:00:42 <ThomasWaldmann> ah, i see in next changeset :)
2008-04-19T16:01:07 <johill> I could hardcode the default
2008-04-19T16:01:15 <johill> but that would probably end up to be in a number of places
2008-04-19T16:01:17 <johill> I didn't like that
2008-04-19T16:01:24 <johill> so I changed it that way :)
2008-04-19T16:02:33 <johill> anyway, I'm off, have a good remaining weekend :)
2008-04-19T16:04:06 <ThomasWaldmann> u2 :) cu.
2008-04-19T16:08:30 <ThomasWaldmann> johill: in case you still read: did you test that your recent changes fix both problems we had?
2008-04-19T16:17:00 <CIA-47> Thomas Waldmann <tw AT waldmann-edv DOT de> default * 3514:6adf6716f098 1.7/MoinMoin/userprefs/prefs.py: userprefs: refactor to use request, not self.request
2008-04-19T16:17:17 <gizmach> moin
2008-04-19T16:17:32 <ThomasWaldmann> hi gizmach
2008-04-19T16:36:42 <ThomasWaldmann> gizmach: do you have time to do some moin testing?
2008-04-19T16:37:20 <ThomasWaldmann> (everybody else is also invited :)
2008-04-19T16:37:51 <ThomasWaldmann> http://moinmo.in/MoinMoinBugs/ChangeOtherAccountsPassword
2008-04-19T16:38:04 <ThomasWaldmann> http://moinmo.in/MoinMoinBugs/1.6.0ChangingSelectedUserAccountOverwritesSuperuserAccount
2008-04-19T16:38:36 <ThomasWaldmann> those 2 bugs should be double-checked whether they happen in 1.7.latest
2008-04-19T16:39:25 * ThomasWaldmann looks at 1.6 meanwhile to fix it there also
2008-04-19T16:42:21 * ThomasWaldmann throws a needle in the channel... :)
2008-04-19T16:49:45 <TheSheep> ting!
2008-04-19T16:54:48 <ThomasWaldmann> seems to be rather deep here
2008-04-19T17:00:14 <gizmach> ThomasWaldmann: sure
2008-04-19T17:02:08 <ThomasWaldmann> maybe just use your updated local 1.7 test wiki to check
2008-04-19T17:39:48 * ThomasWaldmann will be away this evening - if someone has time, please work on a 1.6 bugfix, we need to fix that urgently.
2008-04-19T21:33:43 <dreimark> http://moinmo.in/ReimarBauer?action=AttachFile&do=view&target=userform.patch
2008-04-19T21:34:31 <dreimark> anyone here who can help to check that and find new bugs introduced by that
2008-04-19T21:46:23 <dreimark> (well it can be refactored a bit)
2008-04-19T22:53:03 <ThomasWaldmann> re
2008-04-19T22:54:49 <dreimark> hi
2008-04-19T22:55:14 * dreimark survived the python attack ;)
2008-04-19T22:57:23 <ThomasWaldmann> hehe
2008-04-19T22:57:45 <ThomasWaldmann> i looked at the patch, but I am not sure it is correct
2008-04-19T22:58:10 <ThomasWaldmann> get_user_from_form returns the superuser object, right?
2008-04-19T23:00:12 <ThomasWaldmann> dreimark:
2008-04-19T23:00:40 <dreimark> yes
2008-04-19T23:02:17 <ThomasWaldmann> so after patching in the name and the id, we have that corrected. but why do we user the superuser obj at all?
2008-04-19T23:03:49 <dreimark> in the past version we have not cared to save _setuid_real_user
2008-04-19T23:04:24 <dreimark> (1.5) so the superuser was not able to return to it's account
2008-04-19T23:04:35 <dreimark> in 1.7 it is done by logout
2008-04-19T23:06:44 <ThomasWaldmann> that might be true, but how is it related to my question?
2008-04-19T23:09:48 <dreimark> I'm not sure if we can use the user object
2008-04-19T23:11:45 <kikka> Huhu
2008-04-19T23:15:48 <dreimark> ThomasWaldmann: in 1.5 with select user the superuser has to logout and login again
2008-04-19T23:16:00 <dreimark> after he selected a differnt user
2008-04-19T23:16:26 <dreimark> some of the changes in 1.6 were to give the superuser the possibility to go back
2008-04-19T23:17:00 <dreimark> so it assumes that it is the super user
2008-04-19T23:17:14 <ThomasWaldmann> i don't care much for comfort features right now, I want to have the security fixed
2008-04-19T23:17:27 * dreimark too
2008-04-19T23:17:50 <ThomasWaldmann> so can you explain why this patch works?
2008-04-19T23:19:25 <dreimark> this patch does only for 'save' change the id and the name
2008-04-19T23:20:33 <dreimark> the usage of superuser is there to go back to his account or to log out
2008-04-19T23:21:14 <dreimark> if he goes back then the super user object is the previou one
2008-04-19T23:24:39 <ThomasWaldmann> why does it have the ticket and session check in the if branch (and not the else branch)?
2008-04-19T23:27:56 <dreimark> I tried to have the same test for select_user but I should have read that again
2008-04-19T23:28:28 <dreimark> the order was changed. this patch was one of the firsts in jan
2008-04-19T23:29:58 <dreimark> the else is not superuser
2008-04-19T23:31:36 * ThomasWaldmann has somehow the feeling that we need a different solution, maybe along the lines of your previous fix and maybe some other changes
2008-04-19T23:39:02 * dreimark thought on disabling the selectuser form till 1.7
2008-04-19T23:53:28 <dreimark> good night
MoinMoin: MoinMoinChat/Logs/moin-dev/2008-04-19 (last edited 2008-04-18 23:15:02 by IrcLogImporter)
