Re: Check API - permissions/authorisation
On 07/06/17 02:28, Stephen Finucane wrote: On Tue, 2017-06-06 at 21:10 +1000, Daniel Axtens wrote: Hi, One thing that has come up in discussions around CI and Patchwork is permissions for the checks API. What permissions are required for a user to create a check? I can't find anything in the docs to tell me for sure. I know that admin permissions are sufficient, and I have been unreliably informed that maintainership is sufficient. At the moment, we rely on the 'Patch.is_editable' property to determine this. That property allows edits to patches if the user is authenticated and is either (a) the submitter of the patch, (b) the delegate of the patch, (c) a project maintainer, or (d) a superuser. What actually is required? We probably want to make this reasonably granular so that, for example, the 0-day bot can be given the ability to create checks without needing people to trust them with any other rights. We could probably loosen the above conditions: checks are associated with a user and, since we merged '6c0bbe1' and '3fc11fea', it is possible to distinguish which checks a user belongs to. Personally, I would like to use Django Admin's groups or permissions to tag users with CI permissions but this is a good chunk of work and smells of YAGNI. Something even simpler, like letting any registered user create a check, could do the job? I'm a little bit uncomfortable with allowing anyone to create checks - the kernel in particular is a large enough project to have contributors who might be well-meaning but will go around contributing unhelpfully and just irritating maintainers. Some of those "contributors" may discover that they can now post checks which label minor static analysis warnings as failures... Maybe that's a problem to solve when we start seeing it, but on the other hand we can expect to be stuck with people running 2.0 for a considerable length of time. Russell was talking to mpe today to get the perspective of someone who maintains a fairly important patchwork project, he wasn't overly concerned if we required the user to be a maintainer for the time being, it's a bit annoying to have to ask the patchwork admin to add a new maintainer though. -- Andrew Donnellan OzLabs, ADL Canberra andrew.donnel...@au1.ibm.com IBM Australia Limited ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH RFC] events-api: allow filtering by date
On 15/06/17 09:59, Daniel Axtens wrote: Aaron Conolewrites: Aaron Conole writes: This commit allows users of the REST API to query for events based on the date field. This will allow utility writers to select a smaller subset of events when polling. Signed-off-by: Aaron Conole --- It should be noted that my motivation for this is to implement a git-pw event poll command for CI integration. If you think there's a better way of achieving this, let me know. You should check out Snowpatch: Andrew Donnellan and Russell Currey (on this list) are the developers. https://developer.ibm.com/open/openprojects/snowpatch/ I don't know how they do it but I'm sure they'd be happy to explain it at length :) We don't currently use the events API at all - we just poll the patches API at fixed intervals and look for patches that don't already have test results. We might change this approach in future. -- Andrew Donnellan OzLabs, ADL Canberra andrew.donnel...@au1.ibm.com IBM Australia Limited ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH RFC] events-api: allow filtering by date
Aaron Conolewrites: > Aaron Conole writes: > >> This commit allows users of the REST API to query for events based on >> the date field. This will allow utility writers to select a smaller >> subset of events when polling. >> >> Signed-off-by: Aaron Conole >> --- > > It should be noted that my motivation for this is to implement a git-pw > event poll command for CI integration. > > If you think there's a better way of achieving this, let me know. You should check out Snowpatch: Andrew Donnellan and Russell Currey (on this list) are the developers. https://developer.ibm.com/open/openprojects/snowpatch/ I don't know how they do it but I'm sure they'd be happy to explain it at length :) Regards, Daniel > > -Aaron > ___ > Patchwork mailing list > Patchwork@lists.ozlabs.org > https://lists.ozlabs.org/listinfo/patchwork ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: Server Error (500) starting with 02f8c2818bfd
Hi Aaron, I saw a 500 when I added the token auth stuff; I forgot to run manage.py migrate. Have you tried that? I also forgot to run collectstatic after adding clipboard.js; don't get bitten by that :) > Server is running: > httpd-2.4.6-45.el7.centos.4.x86_64, Django (1.11.2), mod-wsgi (4.5.15) I don't think we've merged full support for 1.11 yet - Stephen? Regards, Daniel ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH RFC] events-api: allow filtering by date
Aaron Conolewrites: > This commit allows users of the REST API to query for events based on > the date field. This will allow utility writers to select a smaller > subset of events when polling. > > Signed-off-by: Aaron Conole > --- It should be noted that my motivation for this is to implement a git-pw event poll command for CI integration. If you think there's a better way of achieving this, let me know. -Aaron ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
[PATCH RFC] events-api: allow filtering by date
This commit allows users of the REST API to query for events based on the date field. This will allow utility writers to select a smaller subset of events when polling. Signed-off-by: Aaron Conole--- patchwork/api/filters.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/patchwork/api/filters.py b/patchwork/api/filters.py index 3dc215c..666a3d8 100644 --- a/patchwork/api/filters.py +++ b/patchwork/api/filters.py @@ -127,7 +127,7 @@ class CheckFilter(TimestampMixin, FilterSet): fields = ('user', 'state', 'context') -class EventFilter(ProjectMixin, FilterSet): +class EventFilter(ProjectMixin, TimestampMixin, FilterSet): class Meta: model = Event -- 2.9.4 ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: Server Error (500) starting with 02f8c2818bfd
On Wed, 2017-06-14 at 10:08 -0400, Aaron Conole wrote: > Commit 02f8c2818bfd ("htdocs: Add clipboard.js") has caused my patchwork > instance to start throwing server error. I am not sure which logs to > look at (because /var/log/httpd/error_log doesn't seem to get updated > right now). Did you run the './manage.py collectstatic' command before restarting the httpd service? Hopefully that's all that's missing, because I have limited to no exposure with apache2+mod_wsgi (I favour nginx+uwsgi). I should be able to get help from OpenStack folks tomorrow though, if necessary. Stephen > I'm using Firefox 53.0.3 to access the server. > > Server is running: > httpd-2.4.6-45.el7.centos.4.x86_64, Django (1.11.2), mod-wsgi (4.5.15) > > Let me know what I can do to help debug. > > -Aaron ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Server Error (500) starting with 02f8c2818bfd
Commit 02f8c2818bfd ("htdocs: Add clipboard.js") has caused my patchwork instance to start throwing server error. I am not sure which logs to look at (because /var/log/httpd/error_log doesn't seem to get updated right now). I'm using Firefox 53.0.3 to access the server. Server is running: httpd-2.4.6-45.el7.centos.4.x86_64, Django (1.11.2), mod-wsgi (4.5.15) Let me know what I can do to help debug. -Aaron ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH 1/5] docs: Document the various htdocs supported
On Fri, 2017-06-09 at 18:25 +0100, Stephen Finucane wrote: > Signed-off-by: Stephen FinucaneApplied. Stephen ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH 2/5] htdocs: Add clipboard.js
On Tue, 2017-06-13 at 21:35 +1000, Andrew Donnellan wrote: > On 10/06/17 03:25, Stephen Finucane wrote: > > We provide our own, much smaller implementation of this currently. > > However, we want to be able to implement slightly different variants of > > this elsewhere and using an existing library helps avoid reinventing the > > wheel and lets us use already battle-tested code. > > > > Signed-off-by: Stephen Finucane> > One comment below > > Reviewed-by: Andrew Donnellan > > > --- > > We should probably look at integrating Django Compressor in a future > > release, as the number of JS files we have is slowly increasing. Work > > for v2.1.0. > > --- > > htdocs/README.rst | 10 ++ > > htdocs/js/bundle.js | 2 +- > > htdocs/js/clipboard.min.js| 7 +++ > > patchwork/templates/patchwork/patch-list.html | 20 +--- > > templates/base.html | 6 ++ > > 5 files changed, 29 insertions(+), 16 deletions(-) > > create mode 100644 htdocs/js/clipboard.min.js > > > > diff --git a/htdocs/README.rst b/htdocs/README.rst > > index 513fb24..62f15c2 100644 > > --- a/htdocs/README.rst > > +++ b/htdocs/README.rst > > @@ -65,6 +65,16 @@ js > > > > Part of Patchwork. > > > > +``clipboard.min.js`` > > + > > + Modern copy to clipboard. No Flash. Just 3kb gzipped > > + > > + This is used to allow us to "click to copy" various elements in the UI. > > + > > + :Website: https://clipboardjs.com/ > > + :GitHub: https://github.com/zenorocha/clipboard.js/ > > + :Version: 1.7.1 > > + > > ``jquery.js`` > > > > jQuery is a fast, small, and feature-rich JavaScript library. It makes > > things > > diff --git a/htdocs/js/bundle.js b/htdocs/js/bundle.js > > index c969d0b..e27c091 100644 > > --- a/htdocs/js/bundle.js > > +++ b/htdocs/js/bundle.js > > @@ -1,4 +1,3 @@ > > - > > var editing_order = false; > > var dragging = false; > > > > @@ -63,6 +62,7 @@ function drag_hover_in() > > if (!dragging) > > $(this).addClass("draghover"); > > } > > + > > function drag_hover_out() > > { > > $(this).removeClass("draghover"); > > This hunk seems unnecessary? Resolved this and applied. Stephen ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH 3/5] REST: Enable token auth support
On Tue, 2017-06-13 at 21:38 +1000, Andrew Donnellan wrote: > On 10/06/17 03:25, Stephen Finucane wrote: > > Token authentication is generally viewed as a more secure option for API > > authentication than storing a username and password. > > > > Django REST Framework gives us a TokenAuthentication class and an authtoken > > app that we can use to generate random tokens and authenticate to API > > endpoints. Enable this support and add some tests to validate correct > > behavior. > > > > Signed-off-by: Andrew Donnellan> > Signed-off-by: Stephen Finucane > > Changes from my RFC (that I spotted on first reading): > > * add token property on Person > * add tests > * split out regenerate_token() > > All looks good to me! That probably should have been in the commit message but yup, that's about it. Applied this and included it in rc4. Cheers, Stephen ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Patchwork v2.0.0-rc4 Available
The fourth and final release candidate of the upcoming Patchwork v2.0.0 release is now available: https://github.com/getpatchwork/patchwork/releases/tag/v2.0.0-rc4 This release introduces a number of fixes on top of rc3 that were found during testing of same: - The REST API now supports token authentication. This provides usability and security improvements over basic authentication. Basic authentication is retained for backwards compatibility. - A bug with migrations run against a PostgreSQL backend is resolved. We look forward to any feedback on this release. This is expected to be the final release candidate. Happy patchworking! --- Patchwork is a patch tracking system for community-based projects. It is intended to make the patch management process easier for both the project's contributors and maintainers, leaving time for the more important (and more interesting) stuff. You can find out more on the GitHub repo [1], the docs [2], or the original project homepage [3]. [1]: https://github.com/getpatchwork/patchwork [2]: https://patchwork.readthedocs.org/ [3]: http://jk.ozlabs.org/projects/patchwork/ ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH 4/5] views: Provide a way to view, (re)generate tokens
On Wed, 2017-06-14 at 17:57 +1000, Daniel Axtens wrote: > Daniel Axtenswrites: > > > Hi Stephen and Andrew, > > > > I've installed this on py[23].patchwork.dja.id.au > > > > > diff --git a/htdocs/css/style.css b/htdocs/css/style.css > > > index 5218f6d..af2f073 100644 > > > --- a/htdocs/css/style.css > > > +++ b/htdocs/css/style.css > > > @@ -369,7 +369,6 @@ table.form th.headerrow { > > > } > > > > > > table.form th { > > > - font-weight: normal; > > > > What does this change? It changes the 'API Token:' label on '/user'. I wasn't able to see any other side-effects. > > > > > text-align: left; > > > vertical-align: top; > > > padding-top: 0.6em; > > > diff --git a/patchwork/templates/patchwork/profile.html > > > b/patchwork/templates/patchwork/profile.html > > > index f976195..2005687 100644 > > > --- a/patchwork/templates/patchwork/profile.html > > > +++ b/patchwork/templates/patchwork/profile.html > > > @@ -134,7 +134,35 @@ address. > > > > > > > > > Authentication > > > -Change password > > > + > > > + > > > + > > > + Password: > > > + Change password > > > + > > > + > > > + API Token: > > > + > > > + {% if api_token %} > > > + > > > + > > +data-clipboard-target="#token">Copy > > > > This doesn't work for me in Chrome: > > > > Uncaught ReferenceError: Clipboard is not defined > > at HTMLDocument. (py3.patchwork.dja.id.au/:26) > > at c (jquery-1.10.1.min.js:4) > > at Object.fireWith [as resolveWith] (jquery-1.10.1.min.js:4) > > at Function.ready (jquery-1.10.1.min.js:4) > > at HTMLDocument.q (jquery-1.10.1.min.js:4) > > Ah, this would be due to me forgetting to run collectstatic. > > But even when I do that, I still get errors from a broken > > clipboard.min.js: > Uncaught SyntaxError: Unexpected end of input > > Any thoughts? I copied and pasted [1] to [2] and it looks like that file isn't complete. I suspect this was because it exceeded the 998 character SMTP limit (I ignored that error for git-send-email :)) Can you either (a) download clipboard.min.js from the original site [3], (b) clone the version I have pushed to my working repo [4], or (c) wait for the next rc which I'll be pushing imminently. Any of these should resolve the issue. > Regards, > Daniel > > > > The rest seems to work fine, I can create and use tokens (as far as I > > can tell - I haven't tried to do anything with the permissions they > > grant.) > > > > > + {% endif %} > > > + > > > + > > > + > > > + > > > + > > > > That should probably be "{% url" -- a space between % and url. I don't think it matters, but I've fixed it in the pushed version. Thanks for the reviews, folks, Stephen [1] view-source:https://py3.patchwork.dja.id.au/static/js/clipboard.min.js [2] http://jshint.com/ [3] https://github.com/zenorocha/clipboard.js/archive/v1.7.1.zip [4] https://github.com/stephenfin/patchwork/tree/token ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH 4/5] views: Provide a way to view, (re)generate tokens
Daniel Axtenswrites: > Hi Stephen and Andrew, > > I've installed this on py[23].patchwork.dja.id.au > >> diff --git a/htdocs/css/style.css b/htdocs/css/style.css >> index 5218f6d..af2f073 100644 >> --- a/htdocs/css/style.css >> +++ b/htdocs/css/style.css >> @@ -369,7 +369,6 @@ table.form th.headerrow { >> } >> >> table.form th { >> -font-weight: normal; > What does this change? > >> text-align: left; >> vertical-align: top; >> padding-top: 0.6em; >> diff --git a/patchwork/templates/patchwork/profile.html >> b/patchwork/templates/patchwork/profile.html >> index f976195..2005687 100644 >> --- a/patchwork/templates/patchwork/profile.html >> +++ b/patchwork/templates/patchwork/profile.html >> @@ -134,7 +134,35 @@ address. >> >> >> Authentication >> -Change password >> + >> + >> + >> + Password: >> + Change password >> + >> + >> + API Token: >> + >> + {% if api_token %} >> + >> + > +data-clipboard-target="#token">Copy > > This doesn't work for me in Chrome: > > Uncaught ReferenceError: Clipboard is not defined > at HTMLDocument. (py3.patchwork.dja.id.au/:26) > at c (jquery-1.10.1.min.js:4) > at Object.fireWith [as resolveWith] (jquery-1.10.1.min.js:4) > at Function.ready (jquery-1.10.1.min.js:4) > at HTMLDocument.q (jquery-1.10.1.min.js:4) Ah, this would be due to me forgetting to run collectstatic. But even when I do that, I still get errors from a broken clipboard.min.js: Uncaught SyntaxError: Unexpected end of input Any thoughts? Regards, Daniel > > The rest seems to work fine, I can create and use tokens (as far as I > can tell - I haven't tried to do anything with the permissions they > grant.) > >> + {% endif %} >> + >> + >> + >> + >> + > That should probably be "{% url" -- a space between % and url. > > Regards, > Daniel > >> +{% csrf_token %} >> +{% if api_token %} >> + >> +{% else %} >> + >> +{% endif %} >> + >> + >> + >> + >> >> >> >> diff --git a/patchwork/urls.py b/patchwork/urls.py >> index be996c0..285d565 100644 >> --- a/patchwork/urls.py >> +++ b/patchwork/urls.py >> @@ -235,6 +235,10 @@ if settings.ENABLE_REST_API: >> >> urlpatterns += [ >> url(r'^api/(?:(?P(1.0))/)?', include(api_patterns)), >> + >> +# token change >> +url(r'^user/generate-token/$', user_views.generate_token, >> +name='generate_token'), >> ] >> >> >> diff --git a/patchwork/views/user.py b/patchwork/views/user.py >> index 375d3d9..d99fedf 100644 >> --- a/patchwork/views/user.py >> +++ b/patchwork/views/user.py >> @@ -41,6 +41,7 @@ from patchwork.models import Person >> from patchwork.models import Project >> from patchwork.models import State >> from patchwork.views import generic_list >> +from patchwork.views import utils >> >> >> def register(request): >> @@ -126,6 +127,7 @@ def profile(request): >> .extra(select={'is_optout': optout_query}) >> context['linked_emails'] = people >> context['linkform'] = EmailForm() >> +context['api_token'] = request.user.profile.token >> >> return render(request, 'patchwork/profile.html', context) >> >> @@ -232,3 +234,9 @@ def todo_list(request, project_id): >> context['action_required_states'] = \ >> State.objects.filter(action_required=True).all() >> return render(request, 'patchwork/todo-list.html', context) >> + >> + >> +@login_required >> +def generate_token(request): >> +utils.regenerate_token(request.user) >> +return HttpResponseRedirect(reverse('user-profile')) >> -- >> 2.9.4 >> >> ___ >> Patchwork mailing list >> Patchwork@lists.ozlabs.org >> https://lists.ozlabs.org/listinfo/patchwork ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork
Re: [PATCH 4/5] views: Provide a way to view, (re)generate tokens
Hi Stephen and Andrew, I've installed this on py[23].patchwork.dja.id.au > diff --git a/htdocs/css/style.css b/htdocs/css/style.css > index 5218f6d..af2f073 100644 > --- a/htdocs/css/style.css > +++ b/htdocs/css/style.css > @@ -369,7 +369,6 @@ table.form th.headerrow { > } > > table.form th { > - font-weight: normal; What does this change? > text-align: left; > vertical-align: top; > padding-top: 0.6em; > diff --git a/patchwork/templates/patchwork/profile.html > b/patchwork/templates/patchwork/profile.html > index f976195..2005687 100644 > --- a/patchwork/templates/patchwork/profile.html > +++ b/patchwork/templates/patchwork/profile.html > @@ -134,7 +134,35 @@ address. > > > Authentication > -Change password > + > + > + > + Password: > + Change password > + > + > + API Token: > + > + {% if api_token %} > + > ++data-clipboard-target="#token">Copy This doesn't work for me in Chrome: Uncaught ReferenceError: Clipboard is not defined at HTMLDocument. (py3.patchwork.dja.id.au/:26) at c (jquery-1.10.1.min.js:4) at Object.fireWith [as resolveWith] (jquery-1.10.1.min.js:4) at Function.ready (jquery-1.10.1.min.js:4) at HTMLDocument.q (jquery-1.10.1.min.js:4) The rest seems to work fine, I can create and use tokens (as far as I can tell - I haven't tried to do anything with the permissions they grant.) > + {% endif %} > + > + > + > + > + That should probably be "{% url" -- a space between % and url. Regards, Daniel > +{% csrf_token %} > +{% if api_token %} > + > +{% else %} > + > +{% endif %} > + > + > + > + > > > > diff --git a/patchwork/urls.py b/patchwork/urls.py > index be996c0..285d565 100644 > --- a/patchwork/urls.py > +++ b/patchwork/urls.py > @@ -235,6 +235,10 @@ if settings.ENABLE_REST_API: > > urlpatterns += [ > url(r'^api/(?:(?P(1.0))/)?', include(api_patterns)), > + > +# token change > +url(r'^user/generate-token/$', user_views.generate_token, > +name='generate_token'), > ] > > > diff --git a/patchwork/views/user.py b/patchwork/views/user.py > index 375d3d9..d99fedf 100644 > --- a/patchwork/views/user.py > +++ b/patchwork/views/user.py > @@ -41,6 +41,7 @@ from patchwork.models import Person > from patchwork.models import Project > from patchwork.models import State > from patchwork.views import generic_list > +from patchwork.views import utils > > > def register(request): > @@ -126,6 +127,7 @@ def profile(request): > .extra(select={'is_optout': optout_query}) > context['linked_emails'] = people > context['linkform'] = EmailForm() > +context['api_token'] = request.user.profile.token > > return render(request, 'patchwork/profile.html', context) > > @@ -232,3 +234,9 @@ def todo_list(request, project_id): > context['action_required_states'] = \ > State.objects.filter(action_required=True).all() > return render(request, 'patchwork/todo-list.html', context) > + > + > +@login_required > +def generate_token(request): > +utils.regenerate_token(request.user) > +return HttpResponseRedirect(reverse('user-profile')) > -- > 2.9.4 > > ___ > Patchwork mailing list > Patchwork@lists.ozlabs.org > https://lists.ozlabs.org/listinfo/patchwork ___ Patchwork mailing list Patchwork@lists.ozlabs.org https://lists.ozlabs.org/listinfo/patchwork