Re: [galaxy-dev] Resolved toolshed mercurial authentication issue, public name change issue remains
Am Sonntag, den 15.09.2013, 22:01 + schrieb Guest, Simon: Hi Greg, I finally got to the bottom of the reasons for my abort: authorization failed message when trying to push tool updates into my local toolshed using hg command line (rather than web interface), having given up for a while, and just come back to it. Since my authentication agent (apache LDAP module using corporate Active Directory) was providing bare usernames to the Toolshed, I had been relying on the remote_user_maildomain feature to turn this into an email address. However, it seems this function is not triggered when using hg command line access, so I had to change my rewrite rule which sets up the apache REMOTE_USER in my apache conf file for the toolshed, from this: RequestHeader set REMOTE_USER %{RU}e to this: RequestHeader set REMOTE_USER %{RU}e...@agresearch.co.nz Hi Simon, thanks Simon. Bjoern Now I can push updates directly from hg, and it's much more convenient. I didn't have to change anything in that toolshed middleware (although some temporary log messages I added there were the key for me solving the problem). However, that bug remains where I can continue to change my public name in the web user interface, even after I have created repos. I know not to do this. If there's more information you want from me to try to track down what is going wrong here, just say what you need, and I will endeavour to provide it. But for me, this is now a minor issue, so don't do anything just on my account. Thanks for your help. cheers, Simon -Original Message- From: Greg Von Kuster [mailto:g...@bx.psu.edu] Sent: Friday, 6 September 2013 1:00 p.m. To: Guest, Simon Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] Bug in toolshed: changing public name breaks repo path Hello Simon, The tool shed middleware basically consists of 2 files in ~/lib/galaxy/webapps/tool_shed/framework/middleware: hg.py which handles authentication when pushing from the command line. The remoteuser.py file handles remote user authentication, but I cannot guarantee it properly handles hg push from the command line since I don't have an environment set up that way. That would be the place to take a look though, and if you discover problems let me know and we'll apply a patch. Thanks very much, Greg Von Kuster On Sep 5, 2013, at 4:53 PM, Guest, Simon simon.gu...@agresearch.co.nz wrote: Hi Greg, I just changed the public name on the web interface, where you click on the User dropdown, and choose Public Name. Something about my environment let it happen, when it apparently should have not been possible. I suspect the reason lies in some mismatch between my apache user authentication and toolshed userids. See my previous email for the details of what I've been doing with that. I don't understand the connection between userids (email addresses) used for authentication, and public names, which appear to be used by the mercurial server inside the toolshed (by inference from the public name appearing in the allow_push in the toolshed repo). Is there a layer of toolshed middleware that maps between the two? I am going to investigate other ways of doing the authentication, as I don't think passing in REMOTE_USER from apache is working (for me). I would like to know how others are doing that. cheers, Simon -Original Message- From: Greg Von Kuster [mailto:g...@bx.psu.edu] Sent: Friday, 6 September 2013 1:17 a.m. To: Guest, Simon Cc: Dave Bouvier; galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] Bug in toolshed: changing public name breaks repo path Hello Simon, On Sep 4, 2013, at 5:13 PM, Guest, Simon simon.gu...@agresearch.co.nz wrote: Hi Dave, Greg, Thanks for your reply. I'm running a recently checked out stable branch. hg log shows this tip: changeset: 10473:c42567f43aa7 tag: tip user:greg date:Mon Aug 19 13:19:56 2013 -0400 summary: Filter invalid objects when generating the list of repository_dependencies objects that are associated with a tool shed repository installed into Galaxy. I wonder if this problem is related to my more fundamental problem of being unable to get mercurial push authentication working properly. I care much more about that, as that's blocking me (whereas the problem I reported has an easy work-around). Even though you've found a work-around to the problem that results when you change your public user name in the tool shed after you have created a repository that uses it, it is extremely important that we get a fix ffor the issue committed to the tool shed code. Can you let us know how you went about changing your public user name? The only way we've been able to do it is
[galaxy-dev] Resolved toolshed mercurial authentication issue, public name change issue remains
Hi Greg, I finally got to the bottom of the reasons for my abort: authorization failed message when trying to push tool updates into my local toolshed using hg command line (rather than web interface), having given up for a while, and just come back to it. Since my authentication agent (apache LDAP module using corporate Active Directory) was providing bare usernames to the Toolshed, I had been relying on the remote_user_maildomain feature to turn this into an email address. However, it seems this function is not triggered when using hg command line access, so I had to change my rewrite rule which sets up the apache REMOTE_USER in my apache conf file for the toolshed, from this: RequestHeader set REMOTE_USER %{RU}e to this: RequestHeader set REMOTE_USER %{RU}e...@agresearch.co.nz Now I can push updates directly from hg, and it's much more convenient. I didn't have to change anything in that toolshed middleware (although some temporary log messages I added there were the key for me solving the problem). However, that bug remains where I can continue to change my public name in the web user interface, even after I have created repos. I know not to do this. If there's more information you want from me to try to track down what is going wrong here, just say what you need, and I will endeavour to provide it. But for me, this is now a minor issue, so don't do anything just on my account. Thanks for your help. cheers, Simon -Original Message- From: Greg Von Kuster [mailto:g...@bx.psu.edu] Sent: Friday, 6 September 2013 1:00 p.m. To: Guest, Simon Cc: galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] Bug in toolshed: changing public name breaks repo path Hello Simon, The tool shed middleware basically consists of 2 files in ~/lib/galaxy/webapps/tool_shed/framework/middleware: hg.py which handles authentication when pushing from the command line. The remoteuser.py file handles remote user authentication, but I cannot guarantee it properly handles hg push from the command line since I don't have an environment set up that way. That would be the place to take a look though, and if you discover problems let me know and we'll apply a patch. Thanks very much, Greg Von Kuster On Sep 5, 2013, at 4:53 PM, Guest, Simon simon.gu...@agresearch.co.nz wrote: Hi Greg, I just changed the public name on the web interface, where you click on the User dropdown, and choose Public Name. Something about my environment let it happen, when it apparently should have not been possible. I suspect the reason lies in some mismatch between my apache user authentication and toolshed userids. See my previous email for the details of what I've been doing with that. I don't understand the connection between userids (email addresses) used for authentication, and public names, which appear to be used by the mercurial server inside the toolshed (by inference from the public name appearing in the allow_push in the toolshed repo). Is there a layer of toolshed middleware that maps between the two? I am going to investigate other ways of doing the authentication, as I don't think passing in REMOTE_USER from apache is working (for me). I would like to know how others are doing that. cheers, Simon -Original Message- From: Greg Von Kuster [mailto:g...@bx.psu.edu] Sent: Friday, 6 September 2013 1:17 a.m. To: Guest, Simon Cc: Dave Bouvier; galaxy-dev@lists.bx.psu.edu Subject: Re: [galaxy-dev] Bug in toolshed: changing public name breaks repo path Hello Simon, On Sep 4, 2013, at 5:13 PM, Guest, Simon simon.gu...@agresearch.co.nz wrote: Hi Dave, Greg, Thanks for your reply. I'm running a recently checked out stable branch. hg log shows this tip: changeset: 10473:c42567f43aa7 tag: tip user:greg date:Mon Aug 19 13:19:56 2013 -0400 summary: Filter invalid objects when generating the list of repository_dependencies objects that are associated with a tool shed repository installed into Galaxy. I wonder if this problem is related to my more fundamental problem of being unable to get mercurial push authentication working properly. I care much more about that, as that's blocking me (whereas the problem I reported has an easy work-around). Even though you've found a work-around to the problem that results when you change your public user name in the tool shed after you have created a repository that uses it, it is extremely important that we get a fix ffor the issue committed to the tool shed code. Can you let us know how you went about changing your public user name? The only way we've been able to do it is by manually updaing the database table record using a sql statement. If you have discovered another way to do it, please let us know the steps we can take to reproduce it so that we can get a fix as soon as