Hello Simon,

The tool shed middleware basically consists of 2 files in 
~/lib/galaxy/webapps/tool_shed/framework/middleware: hg.py which handles 
authentication when pushing from the command line.  The remoteuser.py file 
handles remote user authentication, but I cannot guarantee it properly handles 
hg push from the command line since I don't have an environment set up that 
way.  That would be the place to take a look though, and if you discover 
problems let me know and we'll apply a patch.

Thanks very much,

Greg Von Kuster


On Sep 5, 2013, at 4:53 PM, "Guest, Simon" <simon.gu...@agresearch.co.nz> wrote:

> Hi Greg,
> 
> I just changed the public name on the web interface, where you click on the 
> User dropdown, and choose Public Name.  Something about my environment let it 
> happen, when it apparently should have not been possible.
> 
> I suspect the reason lies in some mismatch between my apache user 
> authentication and toolshed userids.  See my previous email for the details 
> of what I've been doing with that.  I don't understand the connection between 
> userids (email addresses) used for authentication, and public names, which 
> appear to be used by the mercurial server inside the toolshed (by inference 
> from the public name appearing in the allow_push in the toolshed repo).  Is 
> there a layer of toolshed middleware that maps between the two?
> 
> I am going to investigate other ways of doing the authentication, as I don't 
> think passing in REMOTE_USER from apache is working (for me).  I would like 
> to know how others are doing that.
> 
> cheers,
> Simon
> 
>> -----Original Message-----
>> From: Greg Von Kuster [mailto:g...@bx.psu.edu]
>> Sent: Friday, 6 September 2013 1:17 a.m.
>> To: Guest, Simon
>> Cc: Dave Bouvier; galaxy-dev@lists.bx.psu.edu
>> Subject: Re: [galaxy-dev] Bug in toolshed: changing public name breaks
>> repo path
>> 
>> Hello Simon,
>> 
>> 
>> On Sep 4, 2013, at 5:13 PM, "Guest, Simon" <simon.gu...@agresearch.co.nz>
>> wrote:
>> 
>>> Hi Dave, Greg,
>>> 
>>> Thanks for your reply.
>>> 
>>> I'm running a recently checked out stable branch.  hg log shows this
>> tip:
>>> changeset:   10473:c42567f43aa7
>>> tag:         tip
>>> user:        greg
>>> date:        Mon Aug 19 13:19:56 2013 -0400
>>> summary:     Filter invalid objects when generating the list of
>> repository_dependencies objects that are associated with a tool shed
>> repository installed into Galaxy.
>>> 
>>> I wonder if this problem is related to my more fundamental problem of
>> being unable to get mercurial push authentication working properly.  I
>> care much more about that, as that's blocking me (whereas the problem I
>> reported has an easy work-around).
>> 
>> Even though you've found a work-around to the problem that results when
>> you change your public user name in the tool shed after you have created a
>> repository that uses it, it is extremely important that we get a fix ffor
>> the issue committed to the tool shed code.  Can you let us know how you
>> went about changing your public user name?  The only way we've been able
>> to do it is by manually updaing the database table record using a sql
>> statement.  If you have discovered another way to do it, please let us
>> know the steps we can take to reproduce it so that we can get a fix as
>> soon as possible.  If this is, in fact, a bug, then it is a very critical
>> one.
>> 
>> Thanks,
>> 
>> Greg Von Kuster
>> 
>> 
>> 
>>> Here is more information about my environment.
>>> 
>>> I'm using apache for digest authentication, with the htdigest file
>> containing email addresses for usernames (so it matches what the toolshed
>> wants).  It passes it through to the toolshed using REMOTE_USER.  (We have
>> something like this working well for our main Galaxy instance.)  I can
>> access the toolshed just fine via the web interface, and I can do e.g. hg
>> outgoing on the command line against a toolshed repo to see what needs
>> pushing.  But when I try hg push, I get abort: authorization failed.
>>> 
>>> Looking inside the hgrc file inside my toolshed repo, I see it has
>>> allow_push = simon-guest (i.e. my public name, not my email address).
>>> This isn't going to match the REMOTE_USER passed in from apache, which
>>> is an email address.  So I think to get this working with my
>>> authentication framework, public name has to match the email address.
>>> (I tried hacking the allow_push in hgrc to be the email address, but
>>> that didn't work.)
>>> 
>>> Is anyone else using a toolshed behind apache with authentication
>> handled by apache, like this?  Should I expect hg push to work in this
>> configuration, or am I outside the bounds of what has been tested so far?
>>> 
>>> Thanks for your help, much appreciated.
>>> 
>>> cheers,
>>> Simon
>>> 
>>> 
>>> 
>>>> -----Original Message-----
>>>> From: Dave Bouvier [mailto:d...@bx.psu.edu]
>>>> Sent: Thursday, 5 September 2013 1:07 a.m.
>>>> To: Greg Von Kuster
>>>> Cc: Guest, Simon; galaxy-dev@lists.bx.psu.edu
>>>> Subject: Re: [galaxy-dev] Bug in toolshed: changing public name
>>>> breaks repo path
>>>> 
>>>> Simon,
>>>> 
>>>> I am unable to reproduce this behavior on my local tool shed
>>>> installation, which revision are you running?
>>>> 
>>>>  --Dave B.
>>>> 
>>>> On 09/04/2013 06:57 AM, Greg Von Kuster wrote:
>>>>> Hello Simin,
>>>>> 
>>>>> Bjoern is correct - if this is possible (which it looks like it is
>>>>> from
>>>> your traceback), then a bug has been introduced somewhat recently.
>>>> We'll take a look at this today and get a fix committed.  Thanks for
>>>> reporting this.
>>>>> 
>>>>> Greg Von Kuster
>>>>> 
>>>>> On Sep 4, 2013, at 3:17 AM, Bjoern Gruening
>>>>> <bjoern.gruen...@gmail.com>
>>>> wrote:
>>>>> 
>>>>>> Hi Simon,
>>>>>> 
>>>>>> you are right. Public usernames, or usernames associated with a
>>>>>> repository can't be changed. If you can that is a bug, please fill
>>>>>> a trello card with it. The reason is to guarantee reproducibility.
>>>>>> If anyone has installed your repository the triple
>>>>>> (username,revision,toolshed) is saved to reinstall that repository
>>>>>> at any time, if needed.
>>>>>> 
>>>>>> Cheers,
>>>>>> Bjoern
>>>>>> 
>>>>>>>> It looks like it's trying to use the public name in the repo
>>>>>>>> path, which isn't going to work very well if public names can be
>> changed.
>>>>>>>> 
>>>>>>>> Changing my public name back to what it was before made it start
>>>>>>>> working again.
>>>>>>> 
>>>>>>> To reply to my own post, I see now that when you create a user, a
>>>> comment on that page says: "You cannot change your public name after
>>>> you have created a repository in this tool shed."
>>>>>>> 
>>>>>>> Does this mean: "If you change your public name after you have
>>>>>>> created a repository in this tool shed, those repositories won't
>>>>>>> work any more" or some such  ;-).  Or is there actually some code
>>>>>>> to stop the user changing their public name in this case, which
>>>>>>> would imply my toolshed is somehow broken in a way unique to me?
>>>>>>> (I'm currently struggling to push tools into my toolshed using
>>>>>>> mercurial command line, through my apache front end, with the
>>>>>>> various layers of authentication, without it saying abort:
>>>>>>> authorization failed.)
>>>>>>> 
>>>>>>> cheers,
>>>>>>> Simon
>>>>>>> 
>>>>>>> 
>>>>>>> ==================================================================
>>>>>>> ==
>>>>>>> ===
>>>>>>> Attention: The information contained in this message and/or
>>>>>>> attachments from AgResearch Limited is intended only for the
>>>>>>> persons or entities to which it is addressed and may contain
>>>>>>> confidential and/or privileged material. Any review,
>>>>>>> retransmission, dissemination or other use of, or taking of any
>>>>>>> action in reliance upon, this information by persons or entities
>>>>>>> other than the intended recipients is prohibited by AgResearch
>>>>>>> Limited. If you have received this message in error, please notify
>> the sender immediately.
>>>>>>> ==================================================================
>>>>>>> ==
>>>>>>> ===
>>>>>>> 
>>>>>>> ___________________________________________________________
>>>>>>> Please keep all replies on the list by using "reply all"
>>>>>>> in your mail client.  To manage your subscriptions to this and
>>>>>>> other Galaxy lists, please use the interface at:
>>>>>>> http://lists.bx.psu.edu/
>>>>>>> 
>>>>>>> To search Galaxy mailing lists use the unified search at:
>>>>>>> http://galaxyproject.org/search/mailinglists/
>>>>>> 
>>>>>> 
>>>>>> 
>>>>>> ___________________________________________________________
>>>>>> Please keep all replies on the list by using "reply all"
>>>>>> in your mail client.  To manage your subscriptions to this and
>>>>>> other Galaxy lists, please use the interface at:
>>>>>> http://lists.bx.psu.edu/
>>>>>> 
>>>>>> To search Galaxy mailing lists use the unified search at:
>>>>>> http://galaxyproject.org/search/mailinglists/
>>>>> 
>>>>> 
>>>>> ___________________________________________________________
>>>>> Please keep all replies on the list by using "reply all"
>>>>> in your mail client.  To manage your subscriptions to this and other
>>>>> Galaxy lists, please use the interface at:
>>>>> http://lists.bx.psu.edu/
>>>>> 
>>>>> To search Galaxy mailing lists use the unified search at:
>>>>> http://galaxyproject.org/search/mailinglists/
>>>>> 
>>> 
>>> ======================================================================
>>> =
>>> Attention: The information contained in this message and/or
>>> attachments from AgResearch Limited is intended only for the persons
>>> or entities to which it is addressed and may contain confidential
>>> and/or privileged material. Any review, retransmission, dissemination
>>> or other use of, or taking of any action in reliance upon, this
>>> information by persons or entities other than the intended recipients
>>> is prohibited by AgResearch Limited. If you have received this message
>>> in error, please notify the sender immediately.
>>> ======================================================================
>>> =
>>> 
>>> ___________________________________________________________
>>> Please keep all replies on the list by using "reply all"
>>> in your mail client.  To manage your subscriptions to this and other
>>> Galaxy lists, please use the interface at:
>>> http://lists.bx.psu.edu/
>>> 
>>> To search Galaxy mailing lists use the unified search at:
>>> http://galaxyproject.org/search/mailinglists/
> 
> 
> =======================================================================
> Attention: The information contained in this message and/or attachments
> from AgResearch Limited is intended only for the persons or entities
> to which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of, or
> taking of any action in reliance upon, this information by persons or
> entities other than the intended recipients is prohibited by AgResearch
> Limited. If you have received this message in error, please notify the
> sender immediately.
> =======================================================================
> 
> ___________________________________________________________
> Please keep all replies on the list by using "reply all"
> in your mail client.  To manage your subscriptions to this
> and other Galaxy lists, please use the interface at:
> http://lists.bx.psu.edu/
> 
> To search Galaxy mailing lists use the unified search at:
> http://galaxyproject.org/search/mailinglists/


___________________________________________________________
Please keep all replies on the list by using "reply all"
in your mail client.  To manage your subscriptions to this
and other Galaxy lists, please use the interface at:
  http://lists.bx.psu.edu/

To search Galaxy mailing lists use the unified search at:
  http://galaxyproject.org/search/mailinglists/

Reply via email to