Re: [galaxy-dev] Resolved toolshed mercurial authentication issue, public name change issue remains
Am Sonntag, den 15.09.2013, 22:01 + schrieb Guest, Simon:
Hi Greg,
I finally got to the bottom of the reasons for my abort: authorization failed
message when trying to push tool updates into my local toolshed using hg
command line (rather than web interface), having given up for a while, and
just come back to it.
Since my authentication agent (apache LDAP module using corporate Active
Directory) was providing bare usernames to the Toolshed, I had been relying
on the remote_user_maildomain feature to turn this into an email address.
However, it seems this function is not triggered when using hg command line
access, so I had to change my rewrite rule which sets up the apache
REMOTE_USER in my apache conf file for the toolshed, from this:
RequestHeader set REMOTE_USER %{RU}e
to this:
RequestHeader set REMOTE_USER %{RU}e...@agresearch.co.nz
Hi Simon,
thanks Simon.
Bjoern
Now I can push updates directly from hg, and it's much more convenient. I
didn't have to change anything in that toolshed middleware (although some
temporary log messages I added there were the key for me solving the problem).
However, that bug remains where I can continue to change my public name in
the web user interface, even after I have created repos. I know not to do
this. If there's more information you want from me to try to track down what
is going wrong here, just say what you need, and I will endeavour to provide
it. But for me, this is now a minor issue, so don't do anything just on my
account.
Thanks for your help.
cheers,
Simon
-Original Message-
From: Greg Von Kuster [mailto:g...@bx.psu.edu]
Sent: Friday, 6 September 2013 1:00 p.m.
To: Guest, Simon
Cc: galaxy-dev@lists.bx.psu.edu
Subject: Re: [galaxy-dev] Bug in toolshed: changing public name breaks
repo path
Hello Simon,
The tool shed middleware basically consists of 2 files in
~/lib/galaxy/webapps/tool_shed/framework/middleware: hg.py which handles
authentication when pushing from the command line. The remoteuser.py file
handles remote user authentication, but I cannot guarantee it properly
handles hg push from the command line since I don't have an environment
set up that way. That would be the place to take a look though, and if
you discover problems let me know and we'll apply a patch.
Thanks very much,
Greg Von Kuster
On Sep 5, 2013, at 4:53 PM, Guest, Simon simon.gu...@agresearch.co.nz
wrote:
Hi Greg,
I just changed the public name on the web interface, where you click on
the User dropdown, and choose Public Name. Something about my environment
let it happen, when it apparently should have not been possible.
I suspect the reason lies in some mismatch between my apache user
authentication and toolshed userids. See my previous email for the
details of what I've been doing with that. I don't understand the
connection between userids (email addresses) used for authentication, and
public names, which appear to be used by the mercurial server inside the
toolshed (by inference from the public name appearing in the allow_push in
the toolshed repo). Is there a layer of toolshed middleware that maps
between the two?
I am going to investigate other ways of doing the authentication, as I
don't think passing in REMOTE_USER from apache is working (for me). I
would like to know how others are doing that.
cheers,
Simon
-Original Message-
From: Greg Von Kuster [mailto:g...@bx.psu.edu]
Sent: Friday, 6 September 2013 1:17 a.m.
To: Guest, Simon
Cc: Dave Bouvier; galaxy-dev@lists.bx.psu.edu
Subject: Re: [galaxy-dev] Bug in toolshed: changing public name
breaks repo path
Hello Simon,
On Sep 4, 2013, at 5:13 PM, Guest, Simon
simon.gu...@agresearch.co.nz
wrote:
Hi Dave, Greg,
Thanks for your reply.
I'm running a recently checked out stable branch. hg log shows this
tip:
changeset: 10473:c42567f43aa7
tag: tip
user:greg
date:Mon Aug 19 13:19:56 2013 -0400
summary: Filter invalid objects when generating the list of
repository_dependencies objects that are associated with a tool shed
repository installed into Galaxy.
I wonder if this problem is related to my more fundamental problem
of
being unable to get mercurial push authentication working properly.
I care much more about that, as that's blocking me (whereas the
problem I reported has an easy work-around).
Even though you've found a work-around to the problem that results
when you change your public user name in the tool shed after you have
created a repository that uses it, it is extremely important that we
get a fix ffor the issue committed to the tool shed code. Can you
let us know how you went about changing your public user name? The
only way we've been able to do it is
[galaxy-dev] Resolved toolshed mercurial authentication issue, public name change issue remains
Hi Greg,
I finally got to the bottom of the reasons for my abort: authorization failed
message when trying to push tool updates into my local toolshed using hg
command line (rather than web interface), having given up for a while, and just
come back to it.
Since my authentication agent (apache LDAP module using corporate Active
Directory) was providing bare usernames to the Toolshed, I had been relying on
the remote_user_maildomain feature to turn this into an email address.
However, it seems this function is not triggered when using hg command line
access, so I had to change my rewrite rule which sets up the apache REMOTE_USER
in my apache conf file for the toolshed, from this:
RequestHeader set REMOTE_USER %{RU}e
to this:
RequestHeader set REMOTE_USER %{RU}e...@agresearch.co.nz
Now I can push updates directly from hg, and it's much more convenient. I
didn't have to change anything in that toolshed middleware (although some
temporary log messages I added there were the key for me solving the problem).
However, that bug remains where I can continue to change my public name in the
web user interface, even after I have created repos. I know not to do this.
If there's more information you want from me to try to track down what is going
wrong here, just say what you need, and I will endeavour to provide it. But
for me, this is now a minor issue, so don't do anything just on my account.
Thanks for your help.
cheers,
Simon
-Original Message-
From: Greg Von Kuster [mailto:g...@bx.psu.edu]
Sent: Friday, 6 September 2013 1:00 p.m.
To: Guest, Simon
Cc: galaxy-dev@lists.bx.psu.edu
Subject: Re: [galaxy-dev] Bug in toolshed: changing public name breaks
repo path
Hello Simon,
The tool shed middleware basically consists of 2 files in
~/lib/galaxy/webapps/tool_shed/framework/middleware: hg.py which handles
authentication when pushing from the command line. The remoteuser.py file
handles remote user authentication, but I cannot guarantee it properly
handles hg push from the command line since I don't have an environment
set up that way. That would be the place to take a look though, and if
you discover problems let me know and we'll apply a patch.
Thanks very much,
Greg Von Kuster
On Sep 5, 2013, at 4:53 PM, Guest, Simon simon.gu...@agresearch.co.nz
wrote:
Hi Greg,
I just changed the public name on the web interface, where you click on
the User dropdown, and choose Public Name. Something about my environment
let it happen, when it apparently should have not been possible.
I suspect the reason lies in some mismatch between my apache user
authentication and toolshed userids. See my previous email for the
details of what I've been doing with that. I don't understand the
connection between userids (email addresses) used for authentication, and
public names, which appear to be used by the mercurial server inside the
toolshed (by inference from the public name appearing in the allow_push in
the toolshed repo). Is there a layer of toolshed middleware that maps
between the two?
I am going to investigate other ways of doing the authentication, as I
don't think passing in REMOTE_USER from apache is working (for me). I
would like to know how others are doing that.
cheers,
Simon
-Original Message-
From: Greg Von Kuster [mailto:g...@bx.psu.edu]
Sent: Friday, 6 September 2013 1:17 a.m.
To: Guest, Simon
Cc: Dave Bouvier; galaxy-dev@lists.bx.psu.edu
Subject: Re: [galaxy-dev] Bug in toolshed: changing public name
breaks repo path
Hello Simon,
On Sep 4, 2013, at 5:13 PM, Guest, Simon
simon.gu...@agresearch.co.nz
wrote:
Hi Dave, Greg,
Thanks for your reply.
I'm running a recently checked out stable branch. hg log shows this
tip:
changeset: 10473:c42567f43aa7
tag: tip
user:greg
date:Mon Aug 19 13:19:56 2013 -0400
summary: Filter invalid objects when generating the list of
repository_dependencies objects that are associated with a tool shed
repository installed into Galaxy.
I wonder if this problem is related to my more fundamental problem
of
being unable to get mercurial push authentication working properly.
I care much more about that, as that's blocking me (whereas the
problem I reported has an easy work-around).
Even though you've found a work-around to the problem that results
when you change your public user name in the tool shed after you have
created a repository that uses it, it is extremely important that we
get a fix ffor the issue committed to the tool shed code. Can you
let us know how you went about changing your public user name? The
only way we've been able to do it is by manually updaing the database
table record using a sql statement. If you have discovered another
way to do it, please let us know the steps we can take to reproduce
it so that we can get a fix as soon as
