Hello community, here is the log from the commit of package webyast-base for openSUSE:Factory checked in at 2012-08-04 13:39:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/webyast-base (Old) and /work/SRC/openSUSE:Factory/.webyast-base.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "webyast-base", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/webyast-base/webyast-base.changes 2012-07-09 13:09:23.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.webyast-base.new/webyast-base.changes 2012-08-04 13:39:57.000000000 +0200 @@ -1,0 +2,28 @@ +Tue Jul 31 20:09:51 UTC 2012 - [email protected] + +- Gemfile - removed versioned devise dependency +- Support rubygem-devise 2.x +- 0.3.14 + +------------------------------------------------------------------- +Wed Jul 25 06:58:47 UTC 2012 - [email protected] + +- %post - do not start backround prefetch when running + 'rake db:migrate' (concurrent DB access can cause deadlock) + (this is a proper fix for bnc#767066) +- Ruby 1.9 fixes +- 0.3.13 + +------------------------------------------------------------------- +Wed Jul 18 09:32:04 UTC 2012 - [email protected] + +- allow disabling Web UI or REST API in WebYast config file + (/etc/webyast/config.yml) +- added custom 404 error page + +------------------------------------------------------------------- +Tue Jul 17 08:24:22 UTC 2012 - [email protected] + +- enabled HTTP Basic authentication (needed for REST API) + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ webyast-base.spec ++++++ --- /var/tmp/diff_new_pack.IB22IE/_old 2012-08-04 13:40:08.000000000 +0200 +++ /var/tmp/diff_new_pack.IB22IE/_new 2012-08-04 13:40:08.000000000 +0200 @@ -10,7 +10,7 @@ Name: webyast-base -Version: 0.3.12 +Version: 0.3.14 Release: 0 Provides: yast2-webservice = %{version} Obsoletes: yast2-webservice < %{version} @@ -402,7 +402,7 @@ %if %suse_version <= 1110 export WEBYAST_POLICYKIT='true' %endif -RAILS_ENV=production rake db:migrate +DISABLE_DATA_PREFETCH=true RAILS_ENV=production rake db:migrate chown -R %{webyast_user}: db chown -R %{webyast_user}: log echo "Database is ready" @@ -486,7 +486,6 @@ %{webyast_dir}/Rakefile %{webyast_dir}/config.ru %{webyast_dir}/script -%{webyast_dir}/vendor %dir %{webyast_dir}/config %{webyast_dir}/config/boot.rb %{webyast_dir}/config/database.yml ++++++ config.yml ++++++ --- /var/tmp/diff_new_pack.IB22IE/_old 2012-08-04 13:40:08.000000000 +0200 +++ /var/tmp/diff_new_pack.IB22IE/_new 2012-08-04 13:40:08.000000000 +0200 @@ -6,3 +6,11 @@ # Using the new # default: false polkit1: false + +# Enable/disable XML REST API +# default: false +rest_api_enabled: false + +# Enable/disable Web UI +# default: true +web_ui_enabled: true ++++++ webyastPermissionsService.rb ++++++ --- /var/tmp/diff_new_pack.IB22IE/_old 2012-08-04 13:40:08.000000000 +0200 +++ /var/tmp/diff_new_pack.IB22IE/_new 2012-08-04 13:40:08.000000000 +0200 @@ -104,7 +104,7 @@ result << "permissions have a wrong format" else case command - when :grant: + when :grant then begin if @polkit1 PolKit1::polkit1_write(POLKIT_SECTION, p, true, user) @@ -120,7 +120,7 @@ rescue Exception => e result << e.message end - when :revoke: + when :revoke then begin if @polkit1 PolKit1::polkit1_write(POLKIT_SECTION, p, false, user) @@ -136,7 +136,7 @@ rescue Exception => e result << e.message end - when :check: + when :check then if @polkit1 if PolKit1::polkit1_check(p, user) == :yes result << "yes" @@ -166,19 +166,19 @@ user = Etc.getpwuid(uid).name begin case command - when :grant: + when :grant then if @polkit1 return PolKit1.polkit1_check(PERMISSION_WRITE, user) == :yes else return PolKit.polkit_check(PERMISSION_WRITE, user) == :yes end - when :revoke: + when :revoke then if @polkit1 return PolKit1.polkit1_check(PERMISSION_WRITE, user) == :yes else return PolKit.polkit_check(PERMISSION_WRITE, user) == :yes end - when :check: + when :check then if @polkit1 return PolKit1.polkit1_check(PERMISSION_READ, user) == :yes else ++++++ www.tar.bz2 ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/Gemfile new/www/Gemfile --- old/www/Gemfile 2012-06-06 11:57:18.000000000 +0200 +++ new/www/Gemfile 2012-08-01 08:19:03.000000000 +0200 @@ -4,7 +4,7 @@ gem 'rails', '~> 3.2.3' -gem 'devise', "~> 1.5.3" +gem 'devise' gem 'devise-i18n' gem 'devise_unix2_chkpwd_authenticatable' gem 'cancan' diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/assets/stylesheets/webyast.css new/www/app/assets/stylesheets/webyast.css --- old/www/app/assets/stylesheets/webyast.css 2012-03-21 16:56:31.000000000 +0100 +++ new/www/app/assets/stylesheets/webyast.css 2012-07-20 14:24:27.000000000 +0200 @@ -530,7 +530,7 @@ display: block; width: 23px; height: 23px; - background: transparent url(/assets/bug.png) no-repeat scroll 0 0; + background: transparent url(/assets/images/bug.png) no-repeat scroll 0 0; float: left; } .status-icon + span { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/controllers/application_controller.rb new/www/app/controllers/application_controller.rb --- old/www/app/controllers/application_controller.rb 2012-05-24 11:30:11.000000000 +0200 +++ new/www/app/controllers/application_controller.rb 2012-07-25 15:07:37.000000000 +0200 @@ -24,6 +24,7 @@ class ApplicationController < ActionController::Base include FastGettext::Translation + before_filter :format_check before_filter :authenticate_account! before_filter :set_gettext_locale before_filter :init_cache @@ -39,6 +40,22 @@ end protected + + def format_check + if request.format.xml? && !Yast::Config.rest_api_enabled + render :xml => {:description => "REST API (XML interface) is not enabled in configuration file (/etc/webyast/config.yml)."}.to_xml(:root => :error), :status => 404 + else + if !Yast::Config.web_ui_enabled + if request.format.html? + render 'main/disabled', :status => 404 + else + # for all other formats just return 404 with empty data + head :status => 404 + end + end + end + end + def redirect_success logger.debug session.inspect if Basesystem.new.load_from_session(session).in_process? diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/controllers/errors_controller.rb new/www/app/controllers/errors_controller.rb --- old/www/app/controllers/errors_controller.rb 1970-01-01 01:00:00.000000000 +0100 +++ new/www/app/controllers/errors_controller.rb 2012-07-19 15:05:33.000000000 +0200 @@ -0,0 +1,12 @@ + +class ErrorsController < ApplicationController + def routing + error = {:description => _("Error 404 - The page does not exist.")} + + respond_to do |format| + format.html {render 'shared/404', :status => 404} + format.xml {render :xml => error.to_xml(:root => :error), :status => 404} + format.json {render :json=> error.to_json, :status => 404} + end + end +end \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/views/layouts/application.html.erb new/www/app/views/layouts/application.html.erb --- old/www/app/views/layouts/application.html.erb 2012-03-21 16:56:31.000000000 +0100 +++ new/www/app/views/layouts/application.html.erb 2012-07-17 09:54:42.000000000 +0200 @@ -32,6 +32,30 @@ <%= javascript_include_tag "application" %> <%= csrf_meta_tags %> + <%# HTTP basic authorization logout hack %> + <% if request.authorization %> + <script type="text/javascript"> + $(document).ready(function() { + $("#logout_link").click(function() { + if ($.browser.msie()) + { + <%# MSIE has API for cleaning authentication cache -%> + document.execCommand("ClearAuthenticationCache"); + } + else + { + <%# otherwise use AJAX hack -%> + var xmlhttp = new XMLHttpRequest(); + <%# browser should replace the cached credentials with these dummy ones -%> + xmlhttp.open("GET", "<% url_for destroy_account_session_path -%>", true, "logout", "logout"); + xmlhttp.send(""); + xmlhttp.abort(); + } + }); + }); + </script> + <% end %> + <title><%= _("WebYaST") %></title> <%= yield :head %> @@ -85,7 +109,7 @@ <%= render :partial => "main/language_list" %> </span> <span class="userbar-icon logout-icon"> - <%= link_to _("Logout"), :controller => "sessions", :action => "destroy" %> + <%= link_to _("Logout"), destroy_account_session_path, :id => "logout_link" %> </span> </span> </span> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/views/main/disabled.haml new/www/app/views/main/disabled.haml --- old/www/app/views/main/disabled.haml 1970-01-01 01:00:00.000000000 +0100 +++ new/www/app/views/main/disabled.haml 2012-07-19 15:05:33.000000000 +0200 @@ -0,0 +1,6 @@ +%h3 Error 404 - Web UI is disabled + +%p Web UI is disabled in this WebYaST instance. + +%p To enable the Web UI edit /etc/webyast/config.yml configuraion file and restart WebYaST. + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/app/views/shared/404.haml new/www/app/views/shared/404.haml --- old/www/app/views/shared/404.haml 1970-01-01 01:00:00.000000000 +0100 +++ new/www/app/views/shared/404.haml 2012-07-19 15:05:33.000000000 +0200 @@ -0,0 +1,6 @@ + +%h3 Error 404 - The page does not exist + +%p + The page you are accessing does not exist or has been moved. Check the URL or go to + %a{:href => "/"} the main page. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/config/environment.rb new/www/config/environment.rb --- old/www/config/environment.rb 2012-03-21 16:56:31.000000000 +0100 +++ new/www/config/environment.rb 2012-07-10 14:25:54.000000000 +0200 @@ -26,7 +26,7 @@ YastCache.active = Rails.env.production? ? true : false -if YastCache.active +if YastCache.active && !ENV["DISABLE_DATA_PREFETCH"] #check if table for caches exist and cache is active if ActiveRecord::Base.connection.tables.include?('data_caches') && ActiveRecord::Base.connection.tables.include?('delayed_jobs') diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/config/initializers/devise.rb new/www/config/initializers/devise.rb --- old/www/config/initializers/devise.rb 2012-03-21 16:56:31.000000000 +0100 +++ new/www/config/initializers/devise.rb 2012-07-17 10:24:05.000000000 +0200 @@ -3,4 +3,8 @@ config.use_salt_as_remember_token = false config.authentication_keys = [:username] config.timeout_in = 120.minutes + + # enable HTTP Basic authentication + config.http_authenticatable = true + config.http_authentication_realm = "WebYaST" end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/config/routes.rb new/www/config/routes.rb --- old/www/config/routes.rb 2012-03-21 16:56:31.000000000 +0100 +++ new/www/config/routes.rb 2012-07-19 15:05:33.000000000 +0200 @@ -55,4 +55,8 @@ match '/restdoc.:format' => 'restdoc#index', :as => :restdoc match '/notifiers/status.:format' => 'notifier#status', :as => :notifier match '/:controller(/:action(/:id))' + + # for custom 404 error handling, workaround for a Rails bug + # see https://rails.lighthouseapp.com/projects/8994/tickets/4444-can-no-longer-rescue_from-actioncontrollerroutingerror + match '*a', :to => 'errors#routing' end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/db/migrate/20111115091940_devise_columns.rb new/www/db/migrate/20111115091940_devise_columns.rb --- old/www/db/migrate/20111115091940_devise_columns.rb 2012-03-21 16:56:31.000000000 +0100 +++ new/www/db/migrate/20111115091940_devise_columns.rb 2012-08-01 08:27:01.000000000 +0200 @@ -1,10 +1,22 @@ +require 'devise/version' + class DeviseColumns < ActiveRecord::Migration def up change_table(:accounts) do |t| t.rename :login, :username #t.rememberable - t.trackable + + if Devise::VERSION.match /^2\./ + ## Trackable + t.integer :sign_in_count, :default => 0 + t.datetime :current_sign_in_at + t.datetime :last_sign_in_at + t.string :current_sign_in_ip + t.string :last_sign_in_ip + else + t.trackable + end # rememberable uses remember_token, but this field is different t.rename :remember_token_expires_at, :remember_created_at # these fields are named differently in devise diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/db/schema.rb new/www/db/schema.rb --- old/www/db/schema.rb 2012-06-06 13:23:42.000000000 +0200 +++ new/www/db/schema.rb 2012-07-19 15:05:33.000000000 +0200 @@ -32,8 +32,8 @@ t.string "session" t.string "picked_md5" t.string "refreshed_md5" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", :null => false + t.datetime "updated_at", :null => false end create_table "delayed_jobs", :force => true do |t| @@ -45,8 +45,8 @@ t.datetime "locked_at" t.datetime "failed_at" t.string "locked_by" - t.datetime "created_at" - t.datetime "updated_at" + t.datetime "created_at", :null => false + t.datetime "updated_at", :null => false t.string "queue" end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/lib/yast/config.rb new/www/lib/yast/config.rb --- old/www/lib/yast/config.rb 2012-03-21 16:56:31.000000000 +0100 +++ new/www/lib/yast/config.rb 2012-07-25 15:07:37.000000000 +0200 @@ -38,6 +38,7 @@ end end +# TODO FIXME: use Yast module name here (compatible with Rails autoloading) module YaST CONFIG=read_config() if ENV['WEBYAST_POLICYKIT']== 'true' @@ -47,3 +48,22 @@ end end +module Yast + module Config + config = read_config || {} + + # enabled when missing or invalid value + WEB_UI_ENABLED = config["web_ui_enabled"] != false + # disabled when missing or invalid value + REST_API_ENABLED = !(config["rest_api_enabled"] != true) + + def self.web_ui_enabled + WEB_UI_ENABLED + end + + def self.rest_api_enabled + REST_API_ENABLED + end + end +end + diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/lib/yast/config_file.rb new/www/lib/yast/config_file.rb --- old/www/lib/yast/config_file.rb 2012-03-21 16:56:31.000000000 +0100 +++ new/www/lib/yast/config_file.rb 2012-07-25 15:07:37.000000000 +0200 @@ -156,7 +156,7 @@ def self.config_default_location # pattern that rails is following too # see - # http://www.danielcadenas.com/2008/09/stubbingmocking-constants-with-mocha.html + # http://danielcadenas.com/blog/2008/09/10/stubbingmocking-constants-with-mocha/ CONFIG_DEFAULT_LOCATION end diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/www/test/test_helper.rb new/www/test/test_helper.rb --- old/www/test/test_helper.rb 2012-04-16 15:38:20.000000000 +0200 +++ new/www/test/test_helper.rb 2012-07-25 15:19:01.000000000 +0200 @@ -67,6 +67,18 @@ return FakeDbus.new end +# mock global config - enable both WEB UI and REST API +module Yast + module Config + def self.web_ui_enabled + true + end + + def self.rest_api_enabled + true + end + end +end # use a different DB for tests - needed during RPM build if !ENV['TEST_DB_PATH'].blank? && Rails.env.test? -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
