Mercurial > p > roundup > code

annotate doc/upgrading.txt @ 8265:35beff316883

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
fix(api): issue2551384. Verify REST authorization earlier To reduce the ability of bad actors to spam (DOS) the REST endpoint with bad data and generate logs meant for debugging, modify the flow in client.py's REST handler to verify authorization earlier. If the anonymous user is allowed to use REST, this won't make a difference for a DOS attempt. The templates don't enable REST for the anonymous user by default. Most admins don't change this. The validation order for REST requests has been changed. CORS identfied an handled User authorization to use REST (return 403 on failure) REST request validated (Origin header valid etc.) (return 400 for bad request) Incorrectly formatted CORS preflight requests (e.g. missing Origin header) that are not recogized as a CORS request can now return HTTP status 403 as well as status 400 (when anonymous is allowed access). Note all CORS preflights are sent without authentication so appear as anonymous requests. The tests were updated to compensate, but it is not obvious to me from specs what the proper evaulation order/return codes should be for this case. Both 403/400 are failures and cause CORS to fail so there should be no difference but...
author John Rouillard <rouilj@ieee.org>
date Thu, 09 Jan 2025 09:30:08 -0500
parents 2a7c3eeaf167
children b757cf509480
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
1 .. meta::
6774
e7b4ad2c57ac landmarks, skiplink, remove bad attrs, autocomplete search
John Rouillard <rouilj@ieee.org>
parents: 6768
diff changeset
2 :description:
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3 Critical documentation for upgrading the Roundup Issue
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
4 Tracker. Actions that must be taken when upgrading from
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
5 one version to another are documented here.
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
6
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
7 .. index:: Upgrading
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
8
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 Upgrading to newer versions of Roundup
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
13 Please read each section carefully and edit the files in your tracker home
2016
2112962f5bb1 Update documentation for the client.py split and add an upgrade notice.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 2003
diff changeset
14 accordingly. Note that there is information about upgrade procedures in the
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
15 `administration guide`_ in the `Software Upgrade`_ section.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
17 If a specific version transition isn't mentioned here (e.g. 0.6.7 to
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
18 0.6.8) then you don't need to do anything. If you're upgrading from
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
19 0.5.6 to 0.6.8 though, you'll need to apply the "0.5 to 0.6" and
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
20 "0.6.x to 0.6.3" steps.
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
21
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
22 General steps:
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
23
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
24 1. Make note of your current Roundup version.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
25 2. Take your Roundup installation offline (web, email,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
26 cron scripts, roundup-admin etc.)
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
27 3. Backup your Roundup instance
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
28 4. Install the new version of Roundup (preferably in a new virtual
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
29 environment)
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
30 5. Make version specific changes as described below for
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
31 each version transition. If you are starting at 1.5.0
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
32 and installing to 2.3.0, you need to make the changes for **all**
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
33 versions starting at 1.5 and ending at 2.3. E.G.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
34 1.5.0 -> 1.5.1, 1.5.1 -> 1.6.0, ..., 2.1.0 -> 2.2.0,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
35 2.2.0 -> 2.3.0.
8047
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
36 6. Run ``roundup-admin -i <tracker_home> migrate`` using
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
37 the newer version of Roundup for the instance you are
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
38 upgrading. This will update the database if it is
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
39 required.
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
40 7. Bring your Roundup instance back online
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
41 8. Test
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
42
8047
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
43 Repeat for each tracker instance.
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
44
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
45 .. note::
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
46 The v1.5.x releases of Roundup were the last to support
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
47 Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
48 Python version 2.7 that is newer than 2.7.2 is required to run
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
49 Roundup. Starting with Roundup version 2.0.0 we also support Python 3
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
50 versions newer than 3.6.
4901
fa268ea457db Add note about dropping support for Python v2.5
John Kristensen <john@jerrykan.com>
parents: 4890
diff changeset
51
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
52 Recent release notes have the following labels:
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
53
8045
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
54 * **required** - Roundup will not work properly if these steps are not done
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
55 * **recommended** - Roundup will still work, but these steps can cause
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
56 security or stability issues if not done.
8045
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
57 * **optional** - new features or changes to existing features you might
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
58 want to use
8045
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
59 * **info** - important possibly visible changes in how things operate
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
60
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
61 If you use virtual environments for your installation, you
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
62 can run trackers with different versions of Roundup. So you
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
63 can have one tracker using version 2.2.0 and another tracker
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
64 using version 1.6.1. This allows you to upgrade trackers one
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
65 at a time rather than having to upgrade all your trackers at
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
66 once. Note that downgrading may require restoring your
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
67 database to an earlier version, so make sure you backed up
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
68 your database.
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
69
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
70 .. note::
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
71
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
72 This file only includes versions released in the last 10
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
73 years. If you are upgrading from an older version, start with the
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
74 changes in the `historical migration <upgrading-history.html>`_
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
75 document.
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
76
7438
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
77 .. admonition:: Python 2 Support
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
78
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
79 If you are running Roundup under Python 2, you should make plans to
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8064
diff changeset
80 switch to Python 3. Release 2.4.0 (Jul 2024) is the last release to
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8064
diff changeset
81 officially support Python 2. The next non-patch release scheduled
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8064
diff changeset
82 for 2025 will mark 5 years since Roundup supported Python 3.
7438
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
83
7452
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
84 .. admonition:: XHTML Support Deprecation Notice
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
85
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
86 If you are running a tracker where the ``html_version`` setting in
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
87 ``config.ini`` is ``xhtml``, you should plan to change your
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
88 templates to use html (HTML5). If you are affected by this, please
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
89 send email to the roundup-users mailing list (roundup-users at
8048
3ddc6a7d41de doc: 2.3.0 is the last version to support xhtml
John Rouillard <rouilj@ieee.org>
parents: 8047
diff changeset
90 lists.sourceforge.net). Version 2.3.0 is the last version to support
3ddc6a7d41de doc: 2.3.0 is the last version to support xhtml
John Rouillard <rouilj@ieee.org>
parents: 8047
diff changeset
91 XHTML.
7452
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
92
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
93 Contents:
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
94
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
95 .. contents::
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
96 :local:
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
97
8081
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
98 .. index:: Upgrading; 2.4.0 to 2.5.0
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
99
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
100 Migrating from 2.4.0 to 2.5.0
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
101 =============================
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
102
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
103 Deprecation Notices (info)
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
104 --------------------------
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
105
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
106 Support for SQLite version 2 has been removed in 2.5.0. Support for
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
107 the `PySQLite <https://github.com/ghaering/pysqlite>`_ library has
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
108 been removed in 2.5.0. Only the Python supplied sqlite3 library will
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
109 be supported.
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
110
8124
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
111 Update responsive template _generic.404.html and query.item.html (recommended)
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
112 ------------------------------------------------------------------------------
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
113
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
114 This only applies if your tracker is based on the responsive
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
115 template. Check the TEMPLATE-INFO.txt file in your tracker
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
116 home. The template name is the first component of the ``Name``
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
117 field. For example a Name like::
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
118
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
119 Name: responsive-bugtracker
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
120
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
121 is based on the responsive template. If the Name doesn't start with
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
122 ``responsive`` no changes are needed.
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
123
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
124 The ``_generic.404.html`` and ``query.item.html`` templates will crash
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
125 when displayed because a missing macro is called. Change::
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
126
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
127 <tal:block metal:use-macro="templates/page/macros/icing">
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
128
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
129 to::
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
130
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
131 <tal:block metal:use-macro="templates/page/macros/frame">
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
132
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
133 at the top of both files. The icing macro used in other tracker
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
134 templates was renamed to frame in this tracker template.
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
135
8218
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
136 Update userauditor.py detector (recommended)
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
137 --------------------------------------------
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
138
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
139 When using the REST interface, setting the address property of the
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
140 user to the same value it currently has resulted in an error.
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
141
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
142 If you have not changed your userauditor, you can copy one from any of
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
143 the supplied templates in the ``detectors/userauditor.py`` file. Use
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
144 ``roundup-admin templates`` to find a list of template directories.
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
145
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
146 If you have changed your userauditor from the stock version, apply the
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
147 following diff::
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
148
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
149 raise ValueError('Email address syntax is invalid
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
150 "%s"'%address)
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
151
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
152 check_main = db.user.stringFind(address=address)
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
153 + # allow user to set same address via rest
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
154 + if check_main:
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
155 + check_main = nodeid not in check_main
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
156 +
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
157 # make sure none of the alts are owned by anyone other than us (x!=nodeid)
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
158
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
159 add the lines marked with ``+`` in the file in the location after
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
160 check_main is assigned.
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
161
8239
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
162 Modify config.ini password_pbkdf2_default_rounds setting (recommended)
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
163 ----------------------------------------------------------------------
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
164
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
165 The method for hashing and storing passwords has been updated to use
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
166 PBKDF2 with SHA512 hash. This change was first introduced in Roundup
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
167 2.3 and is now the standard. If you previously added code in
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
168 interfaces.py for a `PBKDF2 upgrade`_ to enable PBKDF2S5, you can
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
169 remove that code now.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
170
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
171 SHA512 is a more secure hash, it requires fewer rounds to ensure
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
172 safety. The older PBKDF2-SHA1 needed around 2 million rounds.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
173
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
174 You should update the ``password_pbkdf2_default_rounds`` setting in
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
175 ``config.ini`` to 250000. This value is higher than the OWASP
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
176 recommendation of 210000 from three years ago. If you don’t make this
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
177 change, logins will be slow, especially for REST or XMLRPC calls.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
178
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
179 See `PBKDF2 upgrade`_ for details on how to test the algorithm's
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
180 speed. We do not recommend reverting to the older SHA1 PBKDF2. If you
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
181 have to do so due to a slow CPU, you can add the following to your
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
182 tracker's ``interfaces.py``::
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
183
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
184 from roundup.password import Password
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
185 ## Use PBDKF2 (PBKDF2-SHA1) as default hash for passwords.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
186 # That scheme is at the start of the deprecated_schemes list and ha
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
187 # to be removed.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
188 Password.default_scheme = Password.deprecated_schemes.pop(0)
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
189 # Add PBKDF2S5 (PBKDF2-SHA512) as a valid scheme. Passwords
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
190 # using it will be rehashed to use PBDKF2.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
191 Password.experimental_schemes[0] = "PBKDF2S5"
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
192
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
193 If you proceed with this, you should set
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
194 ``password_pbkdf2_default_rounds`` to 2 million or more rounds to keep
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
195 your hashed password database secure in case it gets stolen.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
196
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
197 Defusedxml support improves XMLRPC security (optional)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
198 ------------------------------------------------------
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
199
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
200 This release adds support for the defusedxml_ module. If it is
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
201 installed it will be automatically used. The default xmlrpc module in
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
202 the standard library has known issues when parsing crafted XML. It can
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
203 take a lot of CPU time and consume large amounts of memory with small
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
204 payloads.
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
205
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
206 When the XMLRPC endpoint is used without defusedxml, it will log a
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
207 warning to the log file. The log entry can be disabled by adding::
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
208
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
209
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
210 from roundup.cgi import client
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
211 client.WARN_FOR_MISSING_DEFUSEDXML = False
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
212
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
213 to the ``interfaces.py`` file in the tracker home. (Create the file if
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
214 it is missing.)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
215
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
216 XMLRPC access is enabled by default in the classic and other trackers.
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
217 Upgrading to defusedxml is considered optional because the XMLRPC
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
218 endpoint can be disabled in the tracker's ``config.ini``. Also
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
219 ``Xmlrpc Access`` can be removed from the ``Users`` role by commenting
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
220 out a line in ``schema.py``.
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
221
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
222 If you have enabled the xmlrpc endpoint, you should install
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
223 defusedxml.
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
224
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
225 .. _defusedxml: https://pypi.org/project/defusedxml/
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
226
8265
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
227 Change in REST response for invalid CORS requests (info)
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
228 --------------------------------------------------------
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
229
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
230 CORS_ preflight requests that are missing required headers can
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
231 now result in either a 403 or 400 error code. If you permit
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
232 anonymous users to access the REST interface, a 400 error may
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
233 still occur. Previously, only a 400 error was given. This change
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
234 is not expected to create issues since the client will recognize
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
235 both codes it as an error response, and the CORS request will
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
236 still fail.
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
237
8168
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
238 More secure session cookie handling (info)
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
239 ------------------------------------------
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
240
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
241 This affects you if you are accessing a tracker via https. The name
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
242 for the cookie that you get when logging into the web interface has a
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
243 new name. When upgrading to Roundup 2.5 all users will have to to log
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
244 in again. The cookie now has a ``__Secure-`` prefix to prevent it
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
245 from being exposed/used over http.
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
246
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
247 If your tracker is using the unencrypted http protocol, nothing has
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
248 changed.
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
249
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
250 See
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
251 https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#cookie_prefixes
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
252 for details on this security measure.
8124
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
253
8177
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
254 Invalid accept header now prevents operation (info)
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
255 ---------------------------------------------------
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
256
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
257 In earlier versions, the rest interface checked for an incorrect
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
258 "Accept" header, "@apiver", or the ".json" mime type only after
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
259 processing the request. This would lead to a 406 error, but the
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
260 requested change would still be completed.
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
261
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
262 In this release, the validation of the output format and version
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
263 occurs before any database changes are made. Now, all errors related
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
264 to the data format (mime type, API version) will return 406 errors,
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
265 where some previously resulted in 400 errors.
8124
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
266
8262
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
267 New method for registering templating utils (info)
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
268 --------------------------------------------------
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
269
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
270 If you are building a template utility function that needs access
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
271 to:
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
272
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
273 * the database
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
274 * the client instance
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
275 * the form the user submitted
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
276
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
277 you had to pass these objects from the template using the ``db``,
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
278 ``request.client`` or ``request.form`` arguments.
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
279
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
280 A new method for registering a template utility has been
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
281 added. If you use the ``instance`` object's
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
282 ``registerUtilMethod()`` to register a utility function, you do
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
283 not need to pass these arguments. The function is called as a
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
284 method and the first argument is a ``client`` instance from which
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
285 the database (client.db), form (client.form).
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
286
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
287 You can find an example in :ref:`dynamic_csp`.
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
288
8081
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
289 .. index:: Upgrading; 2.3.0 to 2.4.0
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
290
7556
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
291 Migrating from 2.3.0 to 2.4.0
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
292 =============================
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
293
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
294 Update your ``config.ini`` (required)
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
295 -------------------------------------
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
296
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
297 Upgrade tracker's config.ini file. Use::
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
298
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
299 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
300
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
301 to generate a new ini file preserving all your settings.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
302 You can then merge any local comments from the tracker's
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
303 ``config.ini`` to ``newconfig.ini`` and replace
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
304 ``config.ini`` with ``newconfig.ini``.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
305
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
306 ``updateconfig`` will tell you if it is changing old default
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
307 values or if a value must be changed manually.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
308
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
309 This will insert the bad API login rate limiting settings.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
310
7964
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
311 Also if you have ``html_version`` set to ``xhtml``, you will get
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
312 an error.
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
313
8064
d6b447de4f59 docs: set up for release documentation.
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
314 .. _CVE-2024-39124:
8062
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
315
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
316 Fix for CVE-2024-39124 in help/calendar popups (recommended)
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
317 ------------------------------------------------------------
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
318
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
319 Classhelper components accessed via URL using ``@template=help``,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
320 ``@template=calendar`` or other template frame in the classhelper
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
321 can run JavaScript embedded in the URL. If user clicks on a
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
322 malicious URL that:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
323
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
324 * arrives in an email,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
325 * is embedded in a note left on a ticket [#markdown-note]_,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
326 * left on some other web page
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
327
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
328 the JavaScript code will be executed. This vulnerability seems to
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
329 be limited to manually crafted URL's. It has not been generated
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
330 by using Roundup's mechanism for generating classhelper URLs.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
331
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
332 The files that need to be changed to fix this depend on the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
333 template used to create the tracker. Check the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
334 TEMPLATE-INFO.txt file in your tracker home. The template
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
335 name is the first component of the ``Name`` field. For
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
336 example trackers with Names like::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
337
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
338 Name: classic-bugtracker
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
339
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
340 Name: devel-mytracker
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
341
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
342 were derived from the ``classic`` and ``devel`` templates
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
343 respectively. If your tracker is derived from the jinja2
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
344 template, you may not be affected as it doesn't provide
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
345 classhelpers by default. If you aren't sure which tracker
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
346 template was used to create your tracker home, check the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
347 ``html/help.html`` file for the word ``Javascript``. If your
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
348 help.html is missing the word ``Javascript``, follow the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
349 directions for the classic template.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
350
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
351 If you have not modified the original tracker html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
352 templates, you can copy replacement files from the new
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
353 templates supplied with release 2.4.0. If you install 2.4.0
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
354 in a `new virtual environment
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
355 <installation.html#standard-installation>`_, you can use the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
356 command ``roundup-admin templates`` to find the installation
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
357 path of the default templates.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
358
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
359 If your template was based on the classic template, replace the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
360 following files in your tracker:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
361
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
362 * html/_generic.calendar.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
363 * html/_generic.help-list.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
364 * html/_generic.help-submit.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
365 * html/_generic.help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
366 * html/user.help-search.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
367 * html/user.help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
368
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
369 If your template was based on the minimal template, replace the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
370 following files in your tracker:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
371
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
372 * html/_generic.calendar.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
373 * html/_generic.help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
374
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
375 If your template was based on the responsive or devel templates,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
376 replace the following files in your tracker:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
377
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
378 * html/_generic.calendar.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
379 * html/_generic.help-submit.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
380 * html/help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
381 * html/user.help-search.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
382 * html/user.help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
383
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
384 As an example, assume Roundup's virtual environment is
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
385 ``/tools/roundup``. The classic tracker's default template will
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
386 be in ``/tools/roundup/share/roundup/templates/classic``.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
387 Copy
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
388 ``/tools/roundup/share/roundup/templates/classic/html/_generic.calendar.html``
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
389 to ``html/_generic.calendar.html`` in your tracker's home
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
390 directory. Repeat for every one of the files that needs to
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
391 be replaced.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
392
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
393 If you have made local changes to your popup/classhelper
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
394 files or have created new help templates based on the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
395 existing ones, don't copy the default files. Instead, follow
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
396 the directions below to modify each file as needed for your
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
397 template.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
398
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
399 In the examples below, your script tag may differ. For
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
400 example it could include::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
401
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
402 tal:attributes="nonce request/client/client_nonce"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
403
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
404 If it does, keep the differences. You want to make changes
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
405 to remove the structure option but keep the rest of the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
406 valid attributes.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
407
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
408 Most files have a small script that sets a few variables
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
409 from the settings in the URL. You should change::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
410
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
411 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
412 tal:content="structure string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
413 // this is the name of the field in the original form that we're working on
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
414 form = window.opener.document.${request/form/form/value};
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
415 field = '${request/form/property/value}';">
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
416
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
417 to::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
418
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
419 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
420 tal:content="string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
421 // this is the name of the field in the original form that we're working on
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
422 form = window.opener.document.${request/form/form/value};
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
423 field = '${request/form/property/value}';">
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
424
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
425 by removing the ``structure`` keyword from the tal:content
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
426 block. This will html escape the settings in the URL. This
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
427 neutralizes an attempt to execute JavaScript by manipulating
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
428 the URL. Most of the files use code similar to this.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
429
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
430 A few files have more extensive JavaScript embedded in the same
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
431 script tag. To handle this you should split it into two scripts
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
432 and encode the replaced strings. For example, change::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
433
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
434 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
435 tal:content="structure string:<!--
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
436 // this is the name of the field in the original form that we're working on
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
437 form = parent.opener.document.${request/form/form/value};
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
438 callingform=form
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
439 field = '${request/form/property/value}';
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
440 var listform = null
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
441 function listPresent() {
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
442 return document.frm_help.cb_listpresent.checked
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
443 [more code skipped]
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
444
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
445 to::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
446
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
447 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
448 tal:content="string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
449 // this is the name of the field in the original form that we're working on
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
450 form = parent.opener.document.${request/form/form/value};
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
451 callingform=form
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
452 field = '${request/form/property/value}';">
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
453 </script>
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
454 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
455 tal:content="string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
456 var listform = null
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
457 function listPresent() {
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
458 return document.frm_help.cb_listpresent.checked
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
459 [...]
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
460
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
461 modifying the original by:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
462
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
463 1. removing the ``structure`` keyword and the HTML comment
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
464 marker ``<!--``. This encodes the replaced strings.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
465 2. adding ``">`` at the end of the line that sets ``field`` closes
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
466 the script tag.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
467 3. adding::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
468
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
469 </script>
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
470 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
471 tal:content="string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
472
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
473 after the line used in step 2, to ends the first script and
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
474 starts a new script.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
475
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
476 Just removing the ``structure`` directive is enough to fix the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
477 bug. Splitting the large script into two parts:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
478
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
479 1. one that has replaced strings with values taken from the URL
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
480 2. one that has no replaced strings
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
481
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
482 allows use of ``structure`` on the script with no replaced
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
483 strings should it be required for your tracker.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
484
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
485 .. [#markdown-note] If you are using markdown formatting for your tracker's notes,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
486 the user will see the markdown label rather than the long
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
487 (suspicious) URL. You may want to add something like::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
488
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
489 a[href*=\@template]::after {
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
490 content: ' [' attr(href) ']';
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
491 }
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
492
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
493 to your css. This displays the URL inside square brackets if
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
494 the href has ``@template`` in it. It is placed after the link
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
495 label.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
496
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
497 Fix CVE in earlier versions of Roundup (recommended)
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
498 ----------------------------------------------------
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
499
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
500 If you are upgrading to version 2.4.0, you can skip this
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
501 section. These fixes are already present in 2.4.0.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
502
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
503 This section is for people who can not upgrade yet, and want
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
504 to fix the issues.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
505
8064
d6b447de4f59 docs: set up for release documentation.
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
506 .. _CVE-2024-39125:
8062
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
507
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
508 Referer value not escaped CVE-2024-39125
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
509 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
510
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
511 Malicious JavaScript inserted into a page can change the value of
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
512 the Referer header to include a script. If a link on that page
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
513 points to a Roundup tracker, that script will be executed. The
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
514 technique to change the header will result in a change of the URL
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
515 in the browser's address bar, but this is easily missed.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
516
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
517 Fix this by editing ``cgi/client.py``, and change::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
518
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
519 except (UsageError, Unauthorised) as msg:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
520 csrf_ok = False
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
521 self.form_wins = True
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
522 self._error_message = msg.args
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
523
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
524 to::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
525
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
526 except (UsageError, Unauthorised) as msg:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
527 csrf_ok = False
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
528 self.form_wins = True
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
529 self.add_error_message(' '.join(msg.args))
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
530
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
531 This escapes the Referer value an prevents it from being
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
532 executed.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
533
8064
d6b447de4f59 docs: set up for release documentation.
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
534 .. _CVE-2024-39126:
8062
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
535
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
536 Stop JavaScript execution from attached files CVE-2024-39126
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
537 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
538
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
539 If an SVG, XML or PDF file that includes malicious JavaScript is
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
540 attached to an issue, downloading the file will cause the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
541 JavaScript to run.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
542
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
543 In ``cgi/client.py`` add the Content-Security-Policy line
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
544 after the existing ``nosniff`` line so it looks like::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
545
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
546 # exception handlers.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
547 self.determine_language()
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
548 self.db.i18n = self.translator
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
549 self.setHeader("X-Content-Type-Options", "nosniff")
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
550 self.setHeader("Content-Security-Policy", "script-src 'none'")
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
551 self.serve_file(designator)
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
552
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
553 (the example is reindented for display).
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
554
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
555 This should prevent SVG and XML files with embedded scripts
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
556 from running.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
557
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
558 If your version of Roundup is old enough that the ``nosniff``
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
559 line is missing, search for ``serve_file(designator)`` and add
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
560 both setHeader lines.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
561
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
562 .. warning::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
563
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
564 If your users use older browsers that don't support Content
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
565 Security Policies (e.g. Internet Explorer), you must
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
566 remove ``text/xml`` and ``image/svg`` from
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
567 ``mime_type_allowlist`` as explained below for
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
568 ``application/pdf``.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
569
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
570 PDF files can also embed JavaScript. Many browsers include
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
571 PDF viewers that may not support disabling scripting. The
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
572 safest way to handle this is to force a download of the PDF
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
573 file and use a PDF viewer with scripting disabled. To force
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
574 downloading, look in ``cgi/client.py`` for
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
575 ``mime_type_allowlist`` and remove the line for
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
576 ``application/pdf``.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
577
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
578 Version 2.4.0 allows you to `modify the mime_type_allowlist
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
579 using interfaces.py
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
580 <admin_guide.html#controlling-browser-handling-of-attached-files>`_.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
581 This will allow you to enable in-browser reading of PDF
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
582 files when you upgrade to 2.4.0 if you wish.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
583
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
584 Note that a `Content Security Policy as documented in the admin
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
585 guide
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
586 <admin_guide.html#adding-a-web-content-security-policy-csp>`_ is
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
587 not applied it to a direct download. This requires adding an
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
588 explicit CSP header as above.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
589
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
590 .. comment: end of CVE include marker
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
591
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
592 XHTML no longer supported (required)
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
593 ------------------------------------
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
594
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
595 If your ``config.ini`` sets ``html_version`` to ``xhtml``,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
596 you need to change it to ``html``. Then you need to change
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
597 your tracker's templates to html from xhtml.
7964
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
598
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
599 Note that the default Roundup templates use html4 so it is
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
600 unlikely that your templates are xhtml based. See
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
601 `issue2551323
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
602 <https://issues.roundup-tracker.org/issue2551323>`_ for
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
603 details on the deprecation of xhtml.
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
604
7860
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
605 Update MySQL character set/collations (required)
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
606 ------------------------------------------------
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
607
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
608 issue2551282_ and issue2551115_ discuss issues with MySQL's utf8
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
609 support. MySQL has variations on utf8 character support. This
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
610 version of Roundup expects to use utf8mb4 which is a version of
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
611 utf8 that covers all characters, not just the ones in the basic
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
612 multilingual plane. Previous versions of Roundup used latin1 or
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
613 utf8mb3 (also known as just utf8). Newer versions of MySQL are
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
614 supposed to make utf8mb4 and not utf8mb3 the default.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
615
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
616 To convert your database, you need to have MySQL 8.0.11 or newer
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
617 (April 2018) and a mysql client.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
618
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
619 .. warning::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
620
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
621 This conversion can damage your database. Back up your
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
622 database using mysqldump or other tools. Preferably on a quiet
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
623 database. Verify that your database can be restored (or at
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
624 least look up directions for restoring it). This is very
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
625 important.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
626
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
627 We suggest shutting down Roundup's interfaces:
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
628
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
629 * web
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
630 * email
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
631 * cron jobs that use Python or roundup-admin
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
632
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
633 then make your backup.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
634
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
635 Then connect to your mysql instance using ``mysql`` with the
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
636 information in ``config.ini``. If your tracker's ``config.ini``
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
637 includes::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
638
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
639 name = roundupdb
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
640 host = localhost
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
641 user = roundupuser
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
642 password = rounduppw
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
643
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
644 you would run some version of::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
645
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
646 mysql -u roundupuser --host localhost -p roundupdb
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
647
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
648 and supply ``rounduppw`` when prompted.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
649
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
650 With the Roundup database quiet, convert the character set for the
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
651 database and then for all the tables. To convert the tables you
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
652 need a list of them. To get this run::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
653
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
654 mysql -sN -u roundupuser --host localhost -p \
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
655 -e 'show tables;' roundupdb > /tmp/tracker.tables
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
656
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
657 The ``-sN`` removes line drawing characters and column headers
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
658 from the output. For each table ``<t>`` in the file, run::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
659
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
660 ALTER TABLE `<t>` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
661
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
662 You can automate this conversion using sed::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
663
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
664 sed -e 's/^/ALTER TABLE `/' \
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
665 -e 's/$/` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;/'\
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
666 /tmp/tracker.tables> /tmp/tracker.tables.sql
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
667
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
668 The backticks "`" are required as some of the table names became
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
669 MySQL reserved words during Roundup's lifetime.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
670
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
671 Inspect ``tracker.tables.sql`` to see if all the lines look
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
672 correct. If so then we can start the conversion.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
673
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
674 First convert the character set for the database by running::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
675
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
676 mysql -u roundupuser --host localhost -p roundupdb
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
677
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
678 Then at the ``mysql>`` prompt run::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
679
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
680 ALTER DATABASE roundupdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
681
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
682 you should see: ``Query OK, 1 row affected (0.01 sec)``.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
683
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
684 Now to modify all the tables run:
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
685
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
686 \. /tmp/tracker.tables.sql
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
687
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
688 You will see output similar to::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
689
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
690 Query OK, 5 rows affected (0.01 sec)
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
691 Records: 5 Duplicates: 0 Warnings: 0
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
692
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
693 for each table. The rows/records will depend on the number of
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
694 entries in the table. This can take a while.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
695
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
696 Once you have successfully completed this, copy your tracker's
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
697 config.ini to a backup file. Edit ``config.ini`` to use the defaults:
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
698
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
699 * mysql_charset = utf8mb4
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
700 * mysql_collation = utf8mb4_unicode_ci
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
701 * mysql_binary_collation = utf8mb4_0900_bin
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
702
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
703 Also look for a ``~/.my.cnf`` for the roundup user and make sure
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
704 that the settings for character set (charset) are utf8mb4 compatible.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
705
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
706 To test, run ``roundup-admin -i tracker_home`` and display an
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
707 issue designator: e.g. ``display issue10``. Check that the text
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
708 fields are properly displayed (e.g. title). Start the web
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
709 interface and browse some issues. Again, check that the text
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
710 fields display correctly, that the history at the bottom of the
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
711 issues displays correctly and if you are using the default full
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
712 text search, make sure that that works.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
713
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
714 If this works, bring email cron jobs etc. back online.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
715
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
716 If this fails, take down the web interface, restore the database
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
717 from backup, restore the old config.ini. Then test again and
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
718 reach out to the mailing list for help.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
719
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
720 We can use assistance in getting these directions corrected or
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
721 enhanced. The core Roundup developers don't use MySQL for their
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
722 production workloads so we count on users to help us with this.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
723
8030
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
724 References:
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
725
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
726 * https://mathiasbynens.be/notes/mysql-utf8mb4#utf8-to-utf8mb4
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
727 * https://adamhooper.medium.com/in-mysql-never-use-utf8-use-utf8mb4-11761243e434
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
728
7860
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
729 .. _issue2551282: https://issues.roundup-tracker.org/issue2551282
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
730 .. _issue2551115: https://issues.roundup-tracker.org/issue2551115
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
731
8058
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
732 Disable spellcheck on all password fields (recommended)
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
733 -------------------------------------------------------
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
734
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
735 All tracker templates have been updated to disable spell checking on
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
736 password input fields. This can help prevent exposing the password to
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
737 an external server that provides spell checking for a browser. Since
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
738 passwords should not be real words in any language, spell checking
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
739 serves no purpose.
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
740
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
741 If you have modified your template with a "show password" option you
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
742 should disable spell check.
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
743
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
744 To implement this in your deployed trackers, add::
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
745
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
746 spellcheck="false"
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
747
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
748 to make your password inputs look like::
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
749
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
750 <input type="password" spellcheck="false" name=....>
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
751
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
752 The changed files in the classic/devel/responsive templates are:
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
753
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
754 .. code-block:: text
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
755
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
756 html/page.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
757 html/user.item.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
758
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
759 and in the jinja2 template the following files were changed:
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
760
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
761 .. code-block:: text
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
762
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
763 html/user.item.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
764 html/user.register.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
765 html/layout/navigation.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
766
7971
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
767 Add new classhelper to your templates (optional)
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
768 ------------------------------------------------
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
769
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
770 The classic classhelper invoked by the ``(list)`` link in your
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
771 issue.item.html template can be greatly improved by wrapping the
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
772 links with the new web-component based ``roundup-classhelper``.
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
773
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
774 The new classhelper:
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
775
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
776 * allows you to select items from multiple pages
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
777 * is usable with a content security policy
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
778 * is more easily styled
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
779
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
780 To deploy it, install the required files and wrap classhelp calls
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
781 in the new ``<roundup-classhelper>`` component. For example,
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
782 wrap::
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
783
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
784 <span tal:condition="context/is_edit_ok" tal:replace="structure
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
785 python:db.user.classhelp('username,realname,address',
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
786 property='nosy', width='600'" />
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
787
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
788 so it looks like::
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
789
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
790 <roundup-classhelper
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
791 data-search-with="username,phone,roles[]">
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
792
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
793 <span tal:condition="context/is_edit_ok" tal:replace="structure
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
794 python:db.user.classhelp('username,realname,address',
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
795 property='nosy', width='600')" />
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
796
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
797 </roundup-classhelper>
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
798
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
799 to allow the user to search by: username, phone number and use a
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
800 select/dropdown to search by role. Full details about the
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
801 attributes and installation instructions can be found in the
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
802 `classhelper documentation`_ in the admin guide.
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
803
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
804
7819
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
805 Disable performance improvement for wsgi mode (optional)
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
806 --------------------------------------------------------
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
807
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
808 In Roundup version 2.2.0, an experimental feature was introduced to
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
809 enhance performance while operating in wsgi mode. Initially, this
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
810 feature was disabled. Over the past two years, it has been used at a
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
811 few sites without any reported problems.
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
812
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
813 As a result, the default setting now enables this performance
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
814 improvement, encouraging a wider adoption of the feature. In the
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
815 event that an undiscovered bug arises, it can still be disabled
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
816 if you experience problems. To disable it, modify your wsgi
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
817 startup script and add the feature_flags to the RequestDispatcher
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
818 as below:
7819
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
819
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
820 feature_flags = { "cache_tracker": False }
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
821 app = RequestDispatcher(tracker_home, feature_flags=feature_flags)
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
822
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
823 Then restart your wsgi instance. If you have to disable this
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
824 feature, send email to the roundup-users mailing list
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
825 (roundup-users at lists.sourceforge.net) so we can help you
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
826 diagnose the cause and fix it for everybody.
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
827
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
828 In the future, support for disabling this improvement will be removed.
7819
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
829
7686
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
830 Fix duplicate id for confirm password in user.item.html (optional)
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
831 ------------------------------------------------------------------
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
832
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
833 The TAL macro ``user_confirm_input`` at the end of ``html/page.html``
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
834 for all templates except ``jinja2`` sets the ``id`` of the ``Confirm
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
835 password`` input the same as the ``Login Password`` input. This
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
836 creates an HTML error. Two items must not have the same id.
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
837
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
838 However browsers ignore the error and things still work. If you were
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
839 to use css or javascript to target the ``password`` id, it would not
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
840 work as expected.
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
841
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
842 To fix this, change the line near the end of your tracker's
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
843 ``html/page.html`` from::
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
844
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
845 tal:attributes="id name; name string:@confirm@$name; readonly not:edit_ok" value="">
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
846
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
847 to::
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
848
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
849 tal:attributes="id string:confirm_$name; name string:@confirm@$name; readonly not:edit_ok" value="">
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
850
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
851 This will change the id to ``confirm_password``.
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
852
7694
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
853 Merge changes from devel template task.index.html (optional)
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
854 ------------------------------------------------------------
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
855
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
856 The devel template's ``task.index.html`` has some fields that are not
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
857 defined in the schema. It looks like it was originally copied from the
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
858 ``bug.index.html``. If the task index is requested without specifying
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
859 the columns/fields, the template will crash trying to display
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
860 ``severity`` and other fields that don't exist in the task schema.
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
861
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
862 In normal use, the left hand menu for tasks always specifies valid
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
863 columns so you may not see this issue. However if you remove the
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
864 ``@columns`` query parameter, you can see the error.
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
865
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
866 The removed columns are: severity, versions, keywords, dependencies.
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
867
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
868 It is also missing the ``solves`` field which is added to match the
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
869 schema.
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
870
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
871 `You can see the diff in the Sourceforge web interface <https://sourceforge.net/p/roundup/code/ci/54eb12cd3be143b079809795dcb2f813f75a691c/tree/share/roundup/templates/devel/html/task.index.html?diff=c95870b2bbab822def6066498a4ef8634e76e0b3>`_.
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
872
7992
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
873 Make group headers span all columns (optional)
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
874 ----------------------------------------------
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
875
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
876 In a number of index pages a version of the following TAL command
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
877 appears::
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
878
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
879 <th tal:attributes="colspan python:len(request.columns)" class="group">
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
880
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
881 If the ``@columns`` parameter (aka request.columns) is not set,
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
882 all columns are shown. However the group header only spans the
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
883 first column. Changing this to read::
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
884
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
885 <th tal:attributes="colspan python:len(request.columns) or 100" class="group">
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
886
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
887 makes the group header span all the columns (if you have fewer
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
888 than 100 columns). All of the supplied templates hae been
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
889 upgraded with this change. `See issue 2551341 for details
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
890 <https://issues.roundup-tracker.org/issue2551341>`_.
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
891
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
892 Note the jinja2 template has the same issue, but the development
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
893 team hasn't devised a solution.
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
894
7936
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
895 Use @current_user in Searches (optional)
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
896 ----------------------------------------
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
897
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
898 You can create queries like: "My issues" by searching the ``creator``
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
899 property of issues for your id number. Similarly you can search for
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
900 "Issues assigned to me" by searching on the ``assignedto`` property.
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
901
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
902 Queries in Roundup can be shared between users. However queries like
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
903 these can be shared. However for any user but they will only find
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
904 issues created by/assigned to the user who created the query.
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
905
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
906 This release allows you to search Links to the User class by
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
907 specifying ``@current_user``. This token searches for the currently
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
908 log in user. It makes searches like the above usable when shared.
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
909
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
910 This only works for properties that are a Link to the user
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
911 class. E.G. creator, actor, assignedto. It does not yet work for
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
912 MultiLink properties (like nosy).
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
913
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
914 As an example this can be deployed to the classic tracker's issue
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
915 search template (issue.search.html), by replacing::
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
916
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
917 <option metal:fill-slot="extra_options" i18n:translate=""
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
918 tal:attributes="value request/user/id">created by
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
919 me</option>
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
920
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
921 with::
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
922
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
923 <option metal:fill-slot="extra_options" value="@current_user"
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
924 tal:attributes="selected python:value == '@current_user'"
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
925 i18n:translate="">created by me</option>
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
926
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
927 There are three places where ``value request/user/id`` is used in the
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
928 classic template. Your template may have more.
7938
ce5a554b2f88 doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7936
diff changeset
929
ce5a554b2f88 doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7936
diff changeset
930 If you have a user with the exact username of `@current_user` they
ce5a554b2f88 doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7936
diff changeset
931 should change it. `Details can be found in issue1525113
ce5a554b2f88 doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7936
diff changeset
932 <https://issues.roundup-tracker.org/issue1525113>`_.
7936
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
933
7719
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
934 New PostgreSQL Settings (optional)
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
935 ----------------------------------
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
936
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
937 With this release, you can specify a Postgresql database schema
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
938 to use. By default Roundup creates a database when using
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
939 ``roundup-admin init``. Setting the rdbms ``name`` keyword to
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
940 ``roundup_database.roundup_schema`` will create and use the
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
941 ``roundup_schema`` in the pre-created ``roundup_database``. See
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
942 the `Roundup PostgreSQL documentation`_ for details on how to set
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
943 up the roles.
7719
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
944
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
945 Also there is a new configuration keyword in the rdbms
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
946 section of ``config.ini``. The ``service`` keyword allows
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
947 you to define the service name for Postgres that will be
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
948 looked up in the `Connection Service File`_. Any of the
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
949 methods of specifying the file including by using the
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
950 ``PGSERVICEFILE`` environment variable are supported.
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
951
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
952 This is similar to the existing support for MySQL
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
953 option/config files and groups.
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
954
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
955 If you use services, any settings for the same properties
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
956 (user, name, password ...) that are in the tracker's
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
957 ``config.ini`` will override the service settings. So you
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
958 want to leave the ``config.ini`` settings blank. E.G.::
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
959
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
960 [rdbms]
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
961 name =
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
962 host =
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
963 port =
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
964 user =
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
965 password =
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
966 service = roundup_roundup
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
967
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
968 Setting ``service`` to ``roundup_roundup`` with
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
969 the following in the service file::
7719
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
970
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
971 [roundup_roundup]
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
972 host=127.0.0.1
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
973 port=5432
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
974 user=roundup
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
975 password=roundup
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
976 dbname=roundup
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
977
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
978 would use the roundup database with the specified
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
979 credentials. It is possible to define a service that
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
980 connects to a specific schema using::
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
981
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
982 options=-c search_path=roundup_service_dev
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
983
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
984 Note that the first schema specified after ``search_path=``
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
985 is created and populated. The schema name
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
986 (``roundup_service_dev``) must be terminated by: a comma,
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
987 whitespace or end of line.
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
988
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
989 You can use the command ``psql "service=db_service_name"``
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
990 to verify the settings in the connection file. Inside of
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
991 ``psql`` you can verify the ``search_path`` using ``show
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
992 search_path;``.
7719
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
993
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
994 .. _`Connection Service File`: https://www.postgresql.org/docs/current/libpq-pgservice.html
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
995
7749
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
996 Update for user.help-search.html (optional)
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
997 -------------------------------------------
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
998
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
999 There is a bug in the template used as a search helper for the user
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1000 fields (e.g. the nosy list). The ``properties`` url query argument was
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1001 ignored. You can not select the displayed fields using the
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1002 ``properties`` argument. This is fixed in 2.4.0. You can probably just
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1003 copy the ``user.help-search.html`` from the classic tracker template.
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1004
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1005 If you have modified that template, you can follow the analysis in
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1006 `issue2551320 <https://issues.roundup-tracker.org/issue2551320>`_
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1007 to fix your template.
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1008
7928
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1009 Update for _generic.help.html (optional)
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1010 ----------------------------------------
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1011
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1012 Using the ``_generic.help.html`` template with ``classhelper()`` to
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1013 provide information on a property without selecting a property caused
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1014 an error when processing the template. Using the help template with
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1015 Link properties can provide description or other information that the
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1016 user can use to determine the right setting.
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1017
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1018 If your tracker is based on the minimal or classic tracker and you have
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1019 not changed the _generic.help.html file, you can copy it into place
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1020 from the template directory.
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1021
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1022
7905
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1023 Fix static_files use of '-' directory (info)
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1024 --------------------------------------------
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1025
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1026 Use of the '-' directory in ``static_files`` config.ini setting now
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1027 works. So it will prevent access to the html directory when using
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1028 ``@@file/`` based url's.
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1029
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1030
7556
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1031 Bad Login Rate Limiting and Locking (info)
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1032 ------------------------------------------
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1033
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1034 Brute force logins have been rate limited in the HTML web interface
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1035 for a while. This was not the case with the API interfaces.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1036
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1037 This release introduces rate limiting for invalid REST or XMLRPC API
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1038 logins. As with the web interface, users who have hit the rate limit
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1039 have their accounts locked until after the recommended delay time has
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1040 passed. See `information on configuring the API rate limits`_ for
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1041 details.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1042
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1043 .. _`information on configuring the API rate limits`: rest.html#rate-limiting-api-failed-logins
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1044
7582
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1045 Removal of cgi.py from Python (info)
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1046 ------------------------------------
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1047
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1048 The ``cgi.py`` module will be `removed starting with Python 3.13
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1049 <https://peps.python.org/pep-0594/#cgi>`_. Roundup now `vendors a copy
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1050 <https://pypi.org/project/legacy-cgi/>`_ of ``cgi.py`` and makes it
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1051 and its storage objects available by importing from::
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1052
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1053 from roundup.anypy.cgi_ import cgi
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1054 from roundup.anypy.cgi_ import FieldStorage, MiniFieldStorage
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1055
7959
88239d4ac4ab doc: spelling fix.
John Rouillard <rouilj@ieee.org>
parents: 7938
diff changeset
1056 It is unlikely that you will care unless you have done some expert
7582
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1057 level Roundup customization. If you have, use one of the imports above
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1058 if you plan on running on Python 3.13 (expected in 2024) or newer.
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1059
7668
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1060 Fixing PostgreSQL Out of Memory Errors when Importing Tracker (info)
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1061 --------------------------------------------------------------------
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1062
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1063 Importing a tracker into PostgreSQL can run out of memory with the
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1064 error::
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1065
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1066 psycopg2.errors.OutOfMemory: out of shared memory
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1067 HINT: You might need to increase max_locks_per_transaction.
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1068
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1069 before changing your PostgreSQL configuration, try changing the pragma
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1070 ``savepoint_limit`` to a lower value. By default it is set to
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1071 ``10000``. In some cases this may be too high. See the `administration
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1072 guide`_ for further details.
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1073
7905
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1074 roundup-admin's History Command Produces Readable Output (info)
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1075 ---------------------------------------------------------------
7797
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1076
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1077 The history command of roundup-admin used to print the raw journal
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1078 data. In this release the default is to produce more human readable
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1079 data. The original output (not pretty printed as below) was::
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1080
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1081 [('1', <Date 2013-02-18.20:30:34.125>, '1', 'create', {}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1082 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1083 <Date 2013-02-19.21:24:20.391>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1084 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1085 'set',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1086 {'messages': (('+', ['3']),)}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1087 ('1', <Date 2013-02-19.21:24:24.797>, '1', 'set', {'priority': '1'}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1088 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1089 <Date 2013-02-20.03:16:52.000>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1090 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1091 'link',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1092 ('issue', '2', 'dependson')),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1093 ('1', <Date 2013-02-21.20:51:40.750>, '1', 'link', ('issue', '2',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1094 'seealso')),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1095 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1096 <Date 2013-02-22.05:33:08.875>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1097 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1098 'set',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1099 {'dependson': (('+', ['3']),), 'private': None, 'queue': None}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1100 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1101 <Date 2013-02-22.05:33:19.406>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1102 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1103 'set',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1104 {'dependson': (('+', ['2']),)}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1105 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1106 <Date 2013-02-27.03:24:42.844>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1107 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1108 'unlink',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1109 ('issue', '2', 'seealso')),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1110 ...
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1111
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1112 Now it produces (Each entry is on one line, lines wrapped
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1113 and indented for display)::
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1114
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1115 admin(2013-02-18.20:30:34) create issue
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1116 admin(2013-02-19.21:24:20) set modified messages: added: msg3
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1117 admin(2013-02-19.21:24:24) set priority was critical(1)
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1118 admin(2013-02-20.03:16:52) link added issue2 to dependson
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1119 admin(2013-02-21.20:51:40) link added issue2 to seealso
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1120 admin(2013-02-22.05:33:08) set modified dependson: added: issue3;
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1121 private was None; queue was None
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1122 admin(2013-02-22.05:33:19) set modified dependson: added: issue2
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1123 admin(2013-02-27.03:24:42) unlink removed issue2 from seealso
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1124 ...
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1125
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1126
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1127 A few things to note: set operations can either assign a property or
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1128 report a modification of a multilink property. If an assignment
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1129 occurs, the value reported is the **old value** that was there before
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1130 the assignment. It is **not** the value that is assigned. In the
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1131 example above I don't know what the current value of priority is. All
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1132 I know it was set to critical when the issue was created.
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1133
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1134 Modifications to multilink properties work differently. I know that
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1135 ``msg3`` was present in the messages property after 2013-02-19 at
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1136 21:24:20 UTC.
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1137
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1138 The history command gets a new optional argument ``raw`` that produces
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1139 the old style output. The old style is (marginally) more useful for
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1140 script automation.
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1141
7921
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1142 Deprecation Notices (info)
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1143 --------------------------
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1144
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1145 Support for SQLite version 1 has been removed in 2.4.0.
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1146
8046
c53117e6775f doc: deprication sqlite2
John Rouillard <rouilj@ieee.org>
parents: 8045
diff changeset
1147 Support for SQLite version 2 will be removed in 2.5.0.
c53117e6775f doc: deprication sqlite2
John Rouillard <rouilj@ieee.org>
parents: 8045
diff changeset
1148
7923
29a666d8a70d issue2551285 - Remove StructuredText support
John Rouillard <rouilj@ieee.org>
parents: 7922
diff changeset
1149 Support for StructuredText has been removed in 2.4.0. Support for
29a666d8a70d issue2551285 - Remove StructuredText support
John Rouillard <rouilj@ieee.org>
parents: 7922
diff changeset
1150 reStructuredText remains.
29a666d8a70d issue2551285 - Remove StructuredText support
John Rouillard <rouilj@ieee.org>
parents: 7922
diff changeset
1151
7922
ded9f1c3f112 announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents: 7921
diff changeset
1152 Support for the `PySQLite <https://github.com/ghaering/pysqlite>`_
ded9f1c3f112 announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents: 7921
diff changeset
1153 library will be removed in 2.5.0. Only the Python supplied sqlite3
ded9f1c3f112 announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents: 7921
diff changeset
1154 library will be supported.
ded9f1c3f112 announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents: 7921
diff changeset
1155
7556
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1156 .. index:: Upgrading; 2.2.0 to 2.3.0
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1157
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1158 Migrating from 2.2.0 to 2.3.0
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1159 =============================
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1160
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1161 Update your ``config.ini`` (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1162 -------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1163
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1164 Upgrade tracker's config.ini file. Use::
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1165
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1166 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1167
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1168 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1169 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1170 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1171 ``config.ini`` with ``newconfig.ini``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1172
7203
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
1173 ``updateconfig`` will tell you if it is changing old default
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
1174 values or if a value must be changed manually.
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
1175
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1176 Using the roundup-mailgw script (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1177 ------------------------------------------
7064
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1178
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1179 In previous versions the roundup-mailgw script had a ``-C`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1180 ``--class``) option for specifying a class to be used with ``-S`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1181 ``--set``) option(s). In the latest version the ``-C`` option is gone,
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1182 the class for this option is specified as a prefix, e.g. instead of ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1183
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1184 roundup-mailgw -C issue -S issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1185
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1186 You now specify ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1187
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1188 roundup-mailgw -S issue.issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1189
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1190 If multiple values need to be set, this can be achieved with multiple
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1191 ``-S`` options or with delimiting multiple values with a semicolon (in
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1192 that case the string needs to be quoted because semicolon is a shell
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1193 special character)::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1194
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1195 roundup-mailgw -S 'issue.issueprop1=value1;issueprop2=value2'
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1196 roundup-mailgw -S issue.issueprop1=value1 -S issue.issueprop2=value2
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1197
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1198 are equivalent. Note that the class is provided as a prefix for the
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1199 set-string, not for each property. The class can be omitted altogether
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1200 in which case it defaults to ``msg`` (this default existed in previous
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1201 versions).
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1202
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1203 If you do not use the ``-C`` (or ``--class``) option in your current
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1204 setup of mailgw you don't need to change anything.
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1205
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1206 Replace Create User permission for Anonymous with Register (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1207 ---------------------------------------------------------------------
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1208
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1209 Check your trackers schema.py. If you have the following code::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1210
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1211 db.security.addPermissionToRole('Anonymous', 'Create', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1212
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1213 after the permission for Anonymous 'Email Access', change it to::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1214
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1215 db.security.addPermissionToRole('Anonymous', 'Register', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1216
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1217 The comment for Anonymous 'Email Access' may refer to Create. Change
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1218 it to refer to Register.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1219
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1220 This will be an issue if you used the devel or responsive tracker
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1221 templates. If you used a classic, minimal or jinja2 template the
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1222 permission change (but not the comment change) should be done already.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1223
6806
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1224 Rdbms version change from 7 to 8 (required)
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1225 -------------------------------------------
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1226
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1227 This release includes a change that requires updates to the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1228 database schema.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1229
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1230 Sessions and one time key (otks) tables in the Mysql and
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1231 PostgreSQL database use a numeric type that
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1232 truncates/rounds expiration timestamps. This results in
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1233 entries being purged early or late (depending on whether
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1234 it rounds up or down). The discrepancy is a couple of
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1235 days for Mysql or a couple of minutes for PostgreSQL.
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1236
6806
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1237 Session keys stay for a week or more and CSRF keys are
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1238 two weeks by default. As a result, this isn't usually a
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1239 visible issue. This migration updates the numeric types
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1240 to ones that supports more significant figures.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1241
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1242 You should backup your instance and run the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1243 ``roundup-admin -i <tracker_home> migrate``
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1244 command for all your trackers once you've
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1245 installed the latest code base.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1246
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1247 Do this before you use the web, command-line or mail
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1248 interface and before any users access the tracker.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1249
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1250 If successful, this command will respond with either
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1251 "Tracker updated" (if you've not previously run it on an
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1252 RDBMS backend) or "No migration action required" (if you
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1253 have run it, or have used another interface to the tracker,
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1254 or are using anydbm).
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1255
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1256 Session/OTK data storage for SQLite backend changed (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1257 --------------------------------------------------------------
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1258
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1259 Roundup stores a lot of ephemeral data:
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1260
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1261 * login session tokens,
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1262 * rate limits
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1263 * password reset attempt tokens
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1264 * one time keys
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1265 * and anti CSRF keys.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1266
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1267 These were stored using dbm style files while the main data
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1268 is stored in a SQLite db. Using both dbm and sqlite style
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1269 files is surprising and due to how we lock dbm files can be
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1270 a performance issue.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1271
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1272 However you can continue to use the dbm files by setting the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1273 ``backend`` option in the ``[sessiondb]`` section of
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1274 ``config.ini`` to ``anydbm``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1275
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1276 If you do not change the setting, two sqlite databases
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1277 called ``db-otk`` and ``db-session`` replace the dbm
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1278 databases. Once you make the change the old ``otks`` and
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1279 ``sessions`` dbm databases can be removed.
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1280
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1281 Note this replacement will require users to log in again and
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1282 refresh web pages to save data. It is best if people save
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1283 all their changes and log out of Roundup before the upgrade
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1284 is done to minimize confusion. Because the data is
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1285 ephemeral, there is no plan to migrate this data to the new
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1286 SQLite databases. If you want to keep using the data set the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1287 ``sessiondb`` ``backend`` option as described above.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1288
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1289 Update ``config.ini``'s ``password_pbkdf2_default_rounds`` (required)
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1290 ---------------------------------------------------------------------
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1291
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1292 Roundup hashes passwords using PBKDF2 with SHA1. In this release, you
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1293 can `upgrade to PBKDF2-SHA512 from current PBKDF2-SHA1 (recommended)`_. If you
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1294 upgrade, you want to set the default rounds according to the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1295 PBKDF2-SHA512 upgrading directions. Note that this algorithm is
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1296 expected to be the default in a future version of Roundup.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1297
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1298 If you don't want to upgrade, we recommend that you increase the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1299 default number of rounds from the original 10000. PBKDF2 has a
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1300 parameter that makes hashing a password more difficult to do. The
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1301 original 10000 value was set years ago. It has not been updated for
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1302 advancements in computing power.
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1303
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1304 This release of Roundup changes the value to 2000000 (2
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1305 million). This exceeds the current `recommended setting of
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1306 1,300,000`_ for PBKDF2 when used with SHA1.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1307
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1308 .. caution::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1309
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1310 If you were using the old 10000 value, **it will be automatically
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1311 upgraded** to 2 million by using ``roundup-admin``'s
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1312 ``updateconfig``. If you were not using the old 10000 default, you
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1313 should update it manually.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1314
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1315 After the change users will still be able to log in using the older
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1316 10000 round hashed passwords. If ``migrate_passwords`` is set to
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1317 ``yes``, passwords will be automatically re-hashed using the new
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1318 higher value when the user logs in. If
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1319 ``password_pbkdf2_default_rounds`` is set to a lower value than was
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1320 used to hash a password, the password will not be rehashed so the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1321 higher value will be kept. The lower value will be used only if the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1322 password is changed using the web or command line.
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1323
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1324 Increasing the number of rounds will slow down re-hashing. That's the
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1325 whole point. Sadly it will also slow down logins. Usually the hash
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1326 takes under 1 second, but if you are using a slow chip (e.g. an ARM V6
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1327 at 700 bogo mips) it can take 30 seconds to compute the 2000000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1328 rounds. The slowdown is linear. So what takes .001 seconds at 10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1329 rounds will take: ``2000000/10000 * .001 = 200 * .001`` seconds or 0.2
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1330 seconds.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1331
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1332 You can see how long it will take by using the new ``roundup-admin``
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1333 ``perftest`` command. After you have finished migrating your database,
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1334 run::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1335
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1336 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2 rounds=10000
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1337
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1338 and then::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1339
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1340 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2 rounds=2,000,000
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1341
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1342 so see the difference. Output from this command looks like::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1343
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1344 Hash time: 0.203151849s scheme: PBKDF2 rounds: 10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1345
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1346 If your testing reports a hash time above 0.5 seconds for 10000
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1347 rounds, there may be another issue. See if executing::
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1348
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1349 python3 -c 'from hashlib import pbkdf2_hmac'
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1350
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1351 produces an error.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1352
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1353 If you get an ImportError, you are using Roundup's fallback PBKDF2
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1354 implementation. It is much slower than the library version. As a
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1355 result re-encrypting the password (and logging in, which requires
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1356 calculating the encrypted password) will be very slow.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1357
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1358 You should find out how to make the import succeed. You may need to
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1359 install an OS vendor package or some other library.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1360
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1361 .. _recommended setting of 1,300,000: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1362
8239
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
1363 .. _PBKDF2 upgrade:
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
1364
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1365 Upgrade to PBKDF2-SHA512 from current PBKDF2-SHA1 (recommended)
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1366 ---------------------------------------------------------------
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1367
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1368 We recommend that you upgrade to using PBKDF2-SHA512 for hashing your
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1369 passwords. This is a more secure method than the old PBKDF2 (with
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1370 SHA1). Because the algorithm is more secure, it uses a smaller value
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1371 for ``password_pbkdf2_default_rounds``. Setting
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1372 ``password_pbkdf2_default_rounds`` to ``250000`` exceeds the current
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1373 `recommended setting of 210,000`_ iterations for PBKDF2 when used with
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1374 SHA512.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1376 You can see how long this takes to calculate on your hardware using
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1377 ``roundup-admin``'s perftest command. For example::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1378
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1379 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2S5 rounds=250,000
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1380
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1381 produces::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1382
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1383 Hash time: 0.161892945 seconds, scheme: PBKDF2S5, rounds: 250000
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1384
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1385 Any increase in the number of rounds will cause the password to
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1386 automatically be rehashed to the higher value the next time the user
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1387 logs in via the web interface. Changing the number of rounds to a
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1388 **lower** value will not trigger a rehash during login unless the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1389 scheme is also being changed. The lower number will be used only when
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1390 the password is explicitly changed using the web interface or the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1391 command line (``roundup-admin`` for example).
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1392
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1393 Change the default hashing scheme by adding the following lines to
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1394 |the interfaces.py file|_ in your tracker home::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1395
7711
0c855080794e doc: fix PBKDF2 SHA512 implementation example.
John Rouillard <rouilj@ieee.org>
parents: 7694
diff changeset
1396 from roundup.password import Password
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1397 ## Use PBDKF2S5 (PBKDF2-SHA512) for passwords. Re-hash old PBDFK2
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1398 # Force password with scheme PBKDF2 (SHA1) to get re-hashed
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1399 Password.deprecated_schemes.insert(0, Password.known_schemes[0])
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1400 # choose PBKDF2S5 as the scheme to use for rehashing.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1401 Password.default_scheme = Password.experimental_schemes[0]
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1402
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1403 You may need to create the ``interfaces.py`` file if it doesn't exist.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1404 In the future, when the default hash is changed to PBKDF2S5, upgrade
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1405 directions will include instructions to remove these lines and
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1406 the file ``interfaces.py`` if it becomes empty.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1407
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1408 You can verify that PBKDF2S5 is used by default by running::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1409
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1410 roundup-admin -i <tracker_home> perftest password rounds=250,000
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1411
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1412 and verify that the scheme is PBKDF2S5.
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1413
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1414 .. _the interfaces.py file:
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1415 reference.html#interfaces-py-hooking-into-the-core-of-roundup
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1416
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1417 .. |the interfaces.py file| replace:: the ``interfaces.py`` file
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1418
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1419 .. _recommended setting of 210,000: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1420
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1421 jQuery updated with updates to user.help.html (recommended)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1422 -----------------------------------------------------------
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1423
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1424 The devel and responsive templates shipped with an old version of
7275
c5d01886b27d fix mispelling.
John Rouillard <rouilj@ieee.org>
parents: 7217
diff changeset
1425 jQuery. According to automated tests, it may have a security issue. It
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1426 has been updated to the current version: 3.6.3. If your tracker is
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1427 based on one of these templates (see the ``TEMPLATE-INFO.txt`` file in
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1428 your tracker), remove the old ``html/jquery.js`` file from your
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1429 tracker and copy the new ``jquery-3.6.3.js`` file from the template
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1430 directory to your tracker's ``html`` directory. Also copy in the new
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1431 ``user.help.html`` file. It now references the new ``jquery-3.6.3.js``
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1432 file.
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1433
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1434
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1435 Session/OTK data storage using Redis (optional)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1436 -----------------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1437
6819
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
1438 You can store your ephemeral data in a Redis database. This
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
1439 provides significantly better performance for ephemeral data
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
1440 than SQLite or dbm files. See the section `Using Redis for
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
1441 Session Databases`_ in the `administration guide`_
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1442
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1443
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1444 .. _Using Redis for Session Databases:
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1445 admin_guide.html#using-redis-for-session-databases
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1446
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1447 New SQLite databases created with WAL mode journaling (optional)
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1448 ----------------------------------------------------------------
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1449
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1450 By default, SQLite databases use a rollback journal when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1451 writing an update. The rollback journal stores a copy of the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1452 data from before the update. One downside of this is that
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1453 all reads have to be suspended while a write is
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1454 occurring. SQLite has an alternate way of insuring ACID
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1455 compliance by using a WAL (write ahead log) journal.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1456
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1457 Version 2.3.0 of Roundup, creates new SQLite databases using
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1458 WAL journaling. With WAL, a writer does not block readers
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1459 and readers do not block writing an update. This keeps
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1460 Roundup accessible even under a heavy write load (e.g. when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1461 bulk loading data or automated updates via REST).
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1462
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1463 If you want to convert your existing SQLite db to WAL mode:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1464
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1465 1. check the current journal mode on your database
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1466 using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1467
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1468 sqlite3 <tracker_home>/db/db "pragma journal_mode;"
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1469
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1470 2. If it returns ``delete``, change it to WAL mode using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1471
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1472 sqlite3 <tracker_home>/db/db "pragma journal_mode=WAL;"
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1473
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1474 3. verify by running the command in step 1 again and you
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1475 should get ``wal``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1476
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1477 If you are using SQLite for session and otk databases,
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1478 perform the same steps replacing ``db`` with ``db-session``
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1479 and ``db-otk``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1480
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1481 If you find WAL mode is not working for you, you can set the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1482 journal method to a rollback journal (``delete`` mode) by
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1483 using step 2 and replacing ``wal`` with ``delete``. (Note:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1484 SQLite supports other journaling modes, but only ``wal`` and
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1485 ``delete`` persist. Roundup doesn't set a journaling mode
7396
bb7752f6e1cd Clarify wording.
John Rouillard <rouilj@ieee.org>
parents: 7375
diff changeset
1486 when it opens the database, so journaling mode options such
bb7752f6e1cd Clarify wording.
John Rouillard <rouilj@ieee.org>
parents: 7375
diff changeset
1487 as ``truncate`` are not useful.)
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1488
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1489 For details on WAL mode see `<https://www.sqlite.org/wal.html>`_
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1490 and `<https://www.sqlite.org/pragma.html#pragma_journal_mode>`_.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
1491
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1492 Change in processing allowed_api_origins setting (info)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1493 -------------------------------------------------------
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1494
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1495 In this release you can use both ``*`` (as the first origin) and
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1496 explicit origins in the ``allowed_api_origins`` setting in
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1497 ``config.ini``. (Before it was only one or the other.)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1498
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1499 You do not need to use ``*``. If you do, it allows any client
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1500 anonymous (unauthenticated) access to the Roundup tracker. This
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1501 is the same as browsing the tracker without logging in. If they
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1502 try to provide credentials, access to the data will be denied by
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1503 `CORS`_.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1504
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1505 If you include explicit origins (e.g. \https://example.com),
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1506 users from those origins will not be blocked if they use
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1507 credentials to log in.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1508
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1509 .. _CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
1510
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1511 Change in processing of In-Reply_to email header (info)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
1512 -------------------------------------------------------
6941
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1513
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1514 Messages received via email usually include a ``[issue23]``
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1515 designator in the subject line. This indicates what issue is
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1516 being updated. If the designator is missing, Roundup tries
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1517 to find the correct issue by using the in-reply-to email
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1518 header.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1519
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1520 The former code appends the new message to the first issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1521 found with a message matching the in-reply-to
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1522 header. Usually a message is associated with only one
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1523 issue. However nothing in Roundup requires that.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1524
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1525 In this release, the in-reply-to matching is disabled if
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1526 there are multiple issues with the same message. In this
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1527 case, subject matching is used to try to find the matching
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1528 issue.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1529
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1530 If you don't have messages assigned to multiple issues you
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1531 will see no change. If you do have multi-linked messages
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1532 this will hopefully result in better message->issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1533 matching.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
1534
7400
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1535 Incremental/batch full test reindexing with roundup-admin (info)
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1536 ----------------------------------------------------------------
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1537
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1538 The ``reindex`` command in ``roundup-admin`` can reindex
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1539 a range of items. For example::
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1540
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1541 roundup-admin -i ... reindex issues:1-1000
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1542
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1543 will reindex only the first 1000 issues. This is useful since
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1544 reindexing can take a while and slow down the tracker. By running
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1545 it in batches you can control when the reindex runs rather than having
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1546 to wait for it to complete all the reindexing. See the man page or
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1547 `administration guide`_ for details.
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
1548
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
1549 .. index:: Upgrading; 2.1.0 to 2.2.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1550
6698
b56bd672ebbf formatting changes
John Rouillard <rouilj@ieee.org>
parents: 6688
diff changeset
1551 Migrating from 2.1.0 to 2.2.0
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
1552 =============================
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
1553
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1554 Update your ``config.ini`` (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1555 -------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1556
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1557 Upgrade tracker's config.ini file. Use::
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1558
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1559 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1560
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1561 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1562 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1563 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1564 ``config.ini`` with ``newconfig.ini``.
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1565
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1566 Rdbms version change from 6 to 7 (required)
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1567 -------------------------------------------
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1568
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1569 This release includes two changes that require updates to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1570 schema:
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1571
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1572 1. The size of words included in the Roundup FTS indexers have been
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1573 increased from 25 to 50. This requires changes to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1574 columns used by the native indexer. This also affect the whoosh
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1575 and xapian indexers.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1576 2. Some databases that include native full-text search (native-fts
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1577 indexer) searching are now supported.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1578
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
1579 You should run the ``roundup-admin -i <tracker_home> migrate`` command
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
1580 for all your trackers once you've installed the latest codebase.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1581
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1582 Do this before you use the web, command-line or mail interface
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1583 and before any users access the tracker.
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1584
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1585 If successful, this command will respond with either "Tracker
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1586 updated" (if you've not previously run it on an RDBMS backend) or
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1587 "No migration action required" (if you have run it, or have used
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1588 another interface to the tracker, or are using anydbm).
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
1589
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
1590 See `below if you want to enable native-fts searching`_.
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
1591
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
1592 .. _below if you want to enable native-fts searching: \
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1593 #enhanced-full-text-search-optional
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1594
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1595 The increase in indexed word length also affects whoosh and xapian
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1596 backends. You may want to run ``roundup-admin -i tracker_home
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1597 reindex`` if you want to index or search for longer words in your full
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1598 text searches. Re-indexing make take some time.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
1599
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1600 Check new login_empty_passwords setting (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1601 --------------------------------------------------
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
1602
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
1603 In this version of Roundup, users with a blank password are not
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
1604 allowed to login. Blank passwords have been allowed since 2002, but
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
1605 2022 is a different time. If you have a use case that requires a user
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
1606 to login without a password, set the ``login_empty_passwords`` setting
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1607 in the ``web`` section of ``config.ini`` to ``yes``. In
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1608 general this should be left at its default value of ``no``.
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1609
7724
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
1610 Verify that SQLite supports FTS5 (required)
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
1611 -------------------------------------------
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
1612
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
1613 If you use SQLite as your backend, it *must* support FTS5. See the
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
1614 `FTS5 testing steps`_ for how to verify this.
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
1615
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
1616 .. _FTS5 testing steps: installation.html#fts5-testing
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
1617
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1618 Check allowed_api_origins setting (optional)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1619 --------------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1620
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1621 If you are using the REST or xmlrpc api's from an origin
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1622 that is different from your roundup tracker, you will need
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1623 to add your allowed origins to the allowed_api_origins in
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1624 your updated ``config.ini``. Upgrade your ``config.ini`` as
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1625 described above then read the documentation for the setting
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1626 in ``config.ini``.
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
1627
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1628 Check compression settings (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1629 -------------------------------------
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
1630
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1631 Read the `administration guide`_ section on `Configuring Compression`_.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
1632
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1633 Upgrade your tracker's config.ini as described
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1634 above. Compare the old and new files and configure new
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1635 compression settings as you want. Then replace
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1636 ``config.ini`` with the ``newconfig.ini`` file.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
1637
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1638 Search added to user index page (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1639 ------------------------------------------
6464
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
1640
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
1641 A search form and count of number of hits has been added to the
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
1642 ``user.index.html`` template page in the classic template. You may
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
1643 want to merge the search form and footer into your template.
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
1644
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1645 Enhanced full-text search (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1646 ------------------------------------
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
1647
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1648 SQLite's `FTS5 full-text search engine`_ is available as is
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1649 `PostgreSQL's full text search`_. Both require a schema upgrade so you
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1650 should run::
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1651
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1652 roundup-admin -i tracker_home migrate
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1653
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1654 to create FTS specific tables before restarting the roundup-web or
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1655 email interfaces.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1656
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1657 SQLite 3.9.0+ or PostgreSQL 11.0+ are required to use this feature.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1658 When using SQLite, all full text search fields will allow searching
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1659 using the MATCH query format described at:
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1660 https://www.sqlite.org/fts5.html#full_text_query_syntax. When using
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1661 PostgreSQL either the websearch_to_tsquery or to_tsquery formats
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1662 described on
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1663 https://www.postgresql.org/docs/14/textsearch-controls.html#TEXTSEARCH-PARSING-QUERIES
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1664 can be used. The default is websearch. Prefixing the search with
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1665 ``ts:`` enables tsquery mode.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1666
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1667 A list of words behaves almost the same as the default text search
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1668 (``native``). So the search string ``fts search`` will find all issues
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
1669 that have both of those words (an AND search) in a text-field (like
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
1670 title) or in a message (or file) attached to the issue.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
1671
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1672 One thing to note is that native-fts searches do not ignore words
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
1673 longer than 50 characters or less than 2 characters. Also SQLite does
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
1674 not filter out common words (i.e. there is no stopword list). So words
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1675 like "and", "or", "then", "with" ... are included in the FTS5 search.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1676
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1677 You must explicitly enable this search mechanism by changing the
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
1678 ``indexer`` setting in ``config.ini`` to ``native-fts``. Native-fts
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
1679 must be explicitly chosen. This is different from Xapian or Whoosh
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
1680 indexers, which are chosen if they are installed in the Python
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
1681 environment. This prevents the existing native indexing from being
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
1682 discarded if ``indexer`` is not set.
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1683
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1684 Next re-index your data with ``roundup-admin -i tracker_home
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1685 reindex``. This can take a while depending on the size of the tracker.
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1686
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1687 You may want to update your ``config.ini`` by following the directions
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
1688 above to get the latest documentation.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
1689
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
1690 See the `administration guide notes on native-fts`_ for further details.
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
1691
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1692 Adding error reporting templates (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1693 -------------------------------------------
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1694
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1695 Currently some internal errors result in a bare html page with an
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1696 error message. The usual chrome supplied by page.html is not shown.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1697 For example query language syntax errors for full text search methods
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1698 will display a bare HTML error page.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1699
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1700 If you add an ``_generic.400.html`` template to the html directory, you
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1701 can display the error inside of the layout provided by the ``page.html``
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1702 template. This can make fixing the error and navigation easier. You
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1703 can use the ``_generic.404.html`` template to create a
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1704 ``_generic.400.html`` by modifying the title and body text. You can test
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
1705 the 400 template by appending ``@template=400`` to the url for the
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
1706 tracker.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
1707
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1708 Change passwords using crypt module (optional)
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1709 ----------------------------------------------
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1710
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1711 The crypt module is being removed from the standard library. Any
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1712 stored password using crypt encoding will fail to verify once the
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
1713 crypt module is removed (expected in Python 3.13 see `pep-0594
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
1714 <https://peps.python.org/pep-0594/>`_). Automatic migration of
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
1715 passwords (if enabled in config.ini) re-encrypts old passwords using
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
1716 something other than crypt if a user logs in using the web interface.
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1717
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1718 You can find users with passwords still encrypted using crypt by
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1719 running::
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1720
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1721 roundup-admin -i <tracker_home> table password,id,username
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1722
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1723 Look for lines starting with ``{CRYPT}``. You can reset the user's
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1724 password using::
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1725
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1726 roundup-admin -i <tracker_home>
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1727 roundup> set user16 password=somenewpassword
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1728
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1729 changing ``16`` to the id in the second column of the table output.
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1730 The example uses interactive mode (indicated by the ``roundup>``
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1731 prompt). This prevents the new password from showing up in the output
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1732 of ps or shell history. The new password will be encrypted using the
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1733 default encryption method (usually pbkdf2).
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
1734
6747
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1735 Enable performance improvement for wsgi mode (optional)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1736 -------------------------------------------------------
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1737
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1738 There is an experimental wsgi performance improvement mode that caches
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1739 the loaded roundup instance. This eliminates disk reads that are
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1740 incurred on each connection. In one report it improves speed by a
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1741 factor of 2 to 3 times. To enable this you should add a feature flag
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1742 to your Roundup wsgi wrapper (see the file
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1743 ``.../share/frontends/wsgi.py``) so it looks like::
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1744
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1745 feature_flags = { "cache_tracker": "" }
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1746 app = RequestDispatcher(tracker_home, feature_flags=feature_flags)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1747
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1748 to enable this mode. Note that this is experimental and was added
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1749 during the 2.2.0 beta period, so it is enabled using a feature flag.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1750 If you use this and it works for you please followup with an email to
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1751 the roundup-users at lists.sourceforge.net mailing list so we can
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1752 enable it by default in a future release.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
1753
6753
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1754
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1755 Hide submit button during readonly use of _generic.item.html (optional)
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1756 -----------------------------------------------------------------------
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1757
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1758 The submit button in _generic.item.html always shows up even when the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1759 user doesn't have edit perms. Change the ``context/submit`` html to
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1760 read::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1761
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1762 <td colspan=3 tal:content="structure context/submit"
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1763 tal:condition="context/is_edit_ok">
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1764
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1765 in your TAL based templates. The ``jinja2`` based templates are
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1766 missing this file, but if you implemented one you want to surround the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1767 jinja2 code with::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1768
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
1769 {% if context.is_edit_ok() %}
6753
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1770 <submit button code here>
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1771 {% endif %}
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1772
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
1773
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
1774 .. index:: Upgrading; 2.0.0 to 2.1.0
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
1775
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1776 Migrating from 2.0.0 to 2.1.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1777 =============================
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1778
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1779 Rdbms version change from 5 to 6 (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1780 -------------------------------------------
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1781
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1782 To fix an issue with importing databases, the database has to be
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1783 upgraded for rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1784
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1785 You should run the ``roundup-admin migrate`` command for your
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1786 tracker once you've installed the latest codebase.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1787
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1788 Do this before you use the web, command-line or mail interface
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1789 and before any users access the tracker.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1790
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1791 If successful, this command will respond with either "Tracker
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1792 updated" (if you've not previously run it on an RDBMS backend) or
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1793 "No migration action required" (if you have run it, or have used
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1794 another interface to the tracker, or are using anydbm).
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1795
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1796 This only changes the schema for the mysql backend. It has no
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1797 effect other than upgrading the revision on other rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1798
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1799 On the mysql backend it creates the database index that makes
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1800 sure the key field for your class is unique.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1801
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1802 If your update/migration fails, you will see an::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1803
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1804 IntegrityError: (1062, "Duplicate entry '0-NULL' for key '_user_key_retired_idx'")
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1805
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1806 it means you have two non-retired members of the class with the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1807 same key field. E.G. two non-retired users with the same
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1808 username.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1809
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1810 Debug this using roundup-admin using the list command. For
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1811 example dump the user class by the key field ``username``::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1812
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1813 $ roundup-admin -i <tracker_home> list user username
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1814 1: admin
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1815 2: anonymous
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1816 3: demo
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1817 4: agent
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1818 5: provisional
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1819 6: foo@example.com
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1820 7: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1821 8: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1822 ...
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1823
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1824 then search the usernames for duplicates. Once you have
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1825 identified the duplicate username (``dupe`` above), you should
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1826 retire the other active duplicates or change the username for the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1827 duplicate. To retire ``7: dupe``, you run::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1828
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1829 roundup-admin -i <tracker_home> retire user7
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1830
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1831 (use ``restore user7`` if you retired the wrong item). If you
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1832 want to rename the entry use::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1833
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1834 roundup-admin -i <tracker_home> set user7 username=dupe1
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1835
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1836 Keep doing this until you have no more duplicates. Then run the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1837 update/migrate again.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1838
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1839 If you have duplicate non-retired entries in your database,
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1840 please email roundup-users at lists.sourceforge.net. We are
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1841 interested in how many issues this has caused. Duplicate creation
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1842 should occur only when two or more mysql processes run in
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1843 parallel and both of them creating an item with the same key. So
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1844 this should be a rare event. The internal duplicate prevention
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1845 checks should work in other cases.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1846
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1847 For the nerds: if you had a new installation that was created at
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1848 version 5, the uniqueness of a key was not enforced at the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1849 database level. If you had a database that was at version 4 and
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1850 then upgraded to version 5 you have the uniqueness enforcing
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1851 constraint. Running migrate updates to schema version 6 and installs
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1852 the unique index constraint if it is missing.
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
1853
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1854 Setuptools is now required to install (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1855 --------------------------------------------
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
1856
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
1857 Roundup install now uses setuptools rather than distutils. You must
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
1858 install setuptools. Use the version packgaged by your OS vendor. If
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
1859 your OS vendor doesn't supply setuptools use ``pip install
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
1860 setuptools``. (You may need pip3 rather than pip if using python3.)
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
1861
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1862 Define Authentication Header (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1863 ---------------------------------------
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1864
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1865 The web server in front of roundup (apache, nginx) can perform user
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1866 authentication. It can pass the authenticated username to the backend
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1867 in a variable. By default roundup looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1868 variable. This can be changed by setting the parameter
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1869 ``http_auth_header`` in the ``[web]`` section of the tracker's
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1870 ``config.ini`` file to a different value. The value is case sensitive.
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1871 If the value is unset (the default) the REMOTE_USER variable is used.
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1872
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1873 If you are running roundup using ``roundup-server`` behind a proxy
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1874 that authenticates the user you need to configure ``roundup-server``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1875 to pass the HTTP header with the authenticated username to the
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1876 tracker. By default ``roundup-server`` looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1877 header for the authenticated user. You can copy an arbitrary header
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1878 variable to the tracker using the ``-I`` option to roundup-server (or
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1879 the equivalent option in the roundup-server config file).
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1880
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1881 For example to use the ``uid_variable`` header, two configuration
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1882 changes are needed: First configure ``roundup-server`` to pass the
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1883 header to the tracker using::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1884
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1885 roundup-server -I uid_variable ....
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1886
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1887 note that the header is passed exactly as supplied by the upstream
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1888 server. It is **not** prefixed with ``HTTP_`` like other headers since
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1889 you are explicitly allowing the header. Multiple comma separated
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1890 headers can be passed to the ``-I`` option. These could be used in a
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1891 detector or other tracker extensions, but only one header can be used
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1892 by the tracker as an authentication header.
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1893
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1894 To make the tracker honor the new variable changing the tracker
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1895 ``config.ini`` to read::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1896
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1897 [web]
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1898 ...
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1899 http_auth_header = uid_variable
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1900
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1901 At the time this is written, support is experimental. If you use it
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
1902 you should notify the roundup maintainers using the roundup-users
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
1903 at lists.sourceforge.net mailing list.
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
1904
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1905 Classname Format Enforced (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1906 --------------------------------
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1907
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1908 Check schema.py and look at all Class(), IssueClass(), FileClass()
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1909 calls. The second argument is the classname. All classnames must:
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1910
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1911 * start with an alphabetic character
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1912 * consist of alphanumerics and '_'
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1913 * not end with a digit
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1914
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1915 this was not enforced before. Using non-standard classnames could lead
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1916 to other issues.
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
1917
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1918 jQuery updated with updates to user.help.html (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1919 -----------------------------------------------------------
6290
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1920
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1921 The devel and responsive templates shipped with an old version of
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1922 jQuery with some security issues. It has been updated to the current
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1923 version: 3.5.1. If your tracker is based on one of these templates
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1924 (see the ``TEMPLATE-INFO.txt`` file in your tracker), remove the old
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1925 ``html/jquery.js`` file from your tracker and copy the new
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1926 ``jquery-3.5.1.js`` file from the template directory to your tracker's
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1927 ``html`` directory. Also copy in the new ``user.help.html`` file. It now
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1928 references the new ``jquery-3.5.1.js`` file and also fixes a bug that
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1929 prevented applying the change from the helper to the field on the main
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1930 form.
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
1931
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1932 Roundup-admin security stops on incorrect properties (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1933 -----------------------------------------------------------
6393
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
1934
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
1935 The ``roundup-admin ... security`` command used to continue
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
1936 running through the rest of the security roles after reporting a
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
1937 property error. Now it stops after reporting the incorrect property.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
1938
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
1939 If run non-interactively, it exits with status 1. It can now be
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
1940 used in a startup script to detect permission errors.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
1941
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1942 Futureproof devel and responsive timezone selection extension (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1943 ---------------------------------------------------------------------------
6418
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1944
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1945 The devel and responsive (derived from devel) templates use a select
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1946 control to list all available timezones when pytz is used. It
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1947 sanitizes the data using cgi.escape. Cgi.escape is deprecated and
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1948 removed in newer pythons. Change your ``extensions/timezone.py``
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1949 file by applying the following patch manually::
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1950
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1951
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1952 -import cgi
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1953 +try:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1954 + from html import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1955 +except ImportError:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1956 + from cgi import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1957
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1958 try:
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1959 import pytz
6418
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1960 @@ -25,7 +28,7 @@
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1961 s = ' '
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1962 if zone == value:
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1963 s = 'selected=selected '
6418
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1964 - z = cgi.escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1965 + z = escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1966
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1967 See https://issues.roundup-tracker.org/issue2551136 for more details.
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
1968
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
1969 .. index:: Upgrading; 1.6.x to 2.0.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
1970
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1971 Migrating from 1.6.X to 2.0.0
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
1972 =============================
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
1973
6174
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
1974 .. index:: roundup-admin; updateconfig subcommand
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
1975
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1976
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1977 Python 2 MYSQL users MUST READ (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1978 -----------------------------------------
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1979
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1980 To fix issues with encoding of data and text searching, roundup now
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1981 explicitly sets the database connection character set. Roundup prior
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1982 to 2.0 used the default character set which was not always utf-8. All
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1983 roundup data is manipulated in utf-8. This mismatch causes issues with
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1984 searches and result in corrupted data in the database if it was not
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1985 properly represented across the charset conversions.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1986
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1987 This issue exists when running roundup under python 2. Note that there
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1988 are more changes required for running roundup 2.0 if you choose to use
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1989 python3. See `Python 3 support`_.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1990
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1991 In an upgraded ``config.ini`` (see next section) the ``[rdbms]``
6333
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
1992 section has a key ``mysql_charset`` set by default to ``utf8mb4``.
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
1993
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
1994 It should be possible to change ``utf8mb4`` to any mysql charset. So
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
1995 if you know what charset is enabled (e.g. via a setting in ~roundup/.my.cnf,
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1996 or the default charset for the database) you can set it in
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1997 ``config.ini`` and not need to covert the database. However the
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1998 underlying issues with misconverted data and bad searches will still
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1999 exist if they did before.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2000
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2001 None of the roundup developers run mysql, so the exact steps to take
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2002 during the upgrade were tested with test and not production databases.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2003
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2004 **Before doing anything else:**
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2005
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2006 Backup the mysql database using mysql dump or other mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2007 supported tool.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2008
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2009 Backup roundup using your current backup tool and take the roundup
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2010 instance offline.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2011
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2012 Then the following steps (similar to the conversion in needed for
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2013 Python 3) should work:
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2014
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2015 1. Export the tracker database
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2016 using your **current** 1.6 instance::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2017
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2018 roundup-admin -i <trackerdir> exporttables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2019
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2020 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2021
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2022 2. Import the exported database using the **new** 2.0 roundup::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2023
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2024 roundup-admin -i <trackerdir> importtables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2025
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2026 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2027
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2028 The imported data should overwrite the original data. Note it is
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2029 critically important that the ``exporttables`` be done with the *old
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2030 tracker* and the ``importtables`` be done with the *new tracker*. An
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2031 import/export cycle between roundup 1.6.0 and roundup 2.0 has been
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2032 done successfully. So the export format for 1.6 and 2.0 should be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2033 compatible.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2034
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2035 Note that ``importtables`` is new in roundup-2.0, so you will not be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2036 able to import the result of ``exporttables`` using any 1.x version of
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2037 roundup.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2038
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2039 Following the same sequence as above using ``export`` and ``import``
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2040 should also work, but it will export all the files and messages. This
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2041 will take longer but may be worth trying if the ``exporttables`` and
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2042 ``importtables`` method fails for some reason.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2043
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2044 Another way that should be faster, but is untested is to use mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2045 dump to dump the database.
8111
394f72021dad docs: replace redirecting url's with target
John Rouillard <rouilj@ieee.org>
parents: 8081
diff changeset
2046 https://makandracards.com/makandra/595-dumping-importing-mysql-utf-8-safe-way
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
2047 recommends:
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2048
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2049 Note that when your MySQL server is not set to UTF-8 you need to do
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2050 mysqldump --default-character-set=latin1 (!) to get a correctly
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2051 encoded dump. In that case you will also need to remove the SET
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2052 NAMES='latin1' comment at the top of the dump, so the target machine
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2053 won't change its UTF-8 charset when sourcing.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2054
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2055 Then import the dump. Removing ``SET NAMES`` should allow the import
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2056 to use UTF-8.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2057
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2058 Please report success or issues with this conversion to the
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
2059 roundup-users at lists.sourceforge.net mailing list.
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2060
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2061 As people report successful or unsuccessful conversions, we will update
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2062 the errata page at: https://wiki.roundup-tracker.org/ReleaseErrata.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2063
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2064 Upgrade tracker's config.ini file (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2065 -----------------------------------------------
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2066
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2067 Once you have installed the new roundup, use::
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2068
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2069 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2070
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2071 to generate a new ini file preserving all your settings. You can then
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2072 merge any local comments from the tracker's ``config.ini`` into
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2073 ``newconfig.ini``. Compare the old and new files and configure any new
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2074 settings as you want. Then replace ``config.ini`` with the
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2075 ``newconfig.ini`` file.
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2076
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2077 .. _Python 3 support:
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2078
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2079 Python 3 support (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2080 -----------------------
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2081
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2082 Many of the ``.html`` and ``.py`` files from Roundup that are copied
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2083 into tracker directories have changed for Python 3 support. If you
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2084 wish to move an existing tracker to Python 3, you need to merge in
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2085 those changes. Also you need to make sure that locally created python
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2086 code in the tracker is correct for Python 3.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2087
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2088 If your tracker uses the ``anydbm`` or ``mysql`` backends, you also
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2089 need to export the tracker contents using ``roundup-admin export``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2090 running under Python 2, and them import them using ``roundup-admin
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2091 import`` running under Python 3. This is detailed in the documention
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2092 for migrating to a different backend. If using the ``sqlite`` backend,
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2093 you do not need to export and import, but need to delete the
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2094 ``db/otks`` and ``db/sessions`` files when changing Python version.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2095 If using the ``postgresql`` backend, you do not need to export and
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2096 import and no other special database-related steps are needed.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2097
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2098 If you use the whoosh indexer, you will need to reindex. It looks like
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2099 a database created with Python 2 leads to Unicode decode errors when
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2100 accessed by Python 3. Reindexing can take a while (see details below
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2101 look for "reindexing").
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2102
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2103 Octal values in config.ini change from the Python 2 representation
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2104 with a leading ``0`` (``022``). They now use a leading ``0o``
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2105 (``0o22``). Note that the ``0o`` format is properly handled under
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2106 python 2. You can use the ``newconfig.ini`` generated using ``python3
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2107 roundup-admin -i ... updateconfig newconfig.ini`` if you want to go
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2108 back to using python 2. (Note going back to Python 2 will require
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2109 the same steps as moving from 2 to 3 except using Python 3 to perform
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2110 the export.)
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2111
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2112 Rate Limit New User Registration (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2113 ---------------------------------------
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2114
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2115 The new user registration form can be abused by bots to allow
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2116 automated registration for spamming. This can be limited by using the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2117 new ``config.ini`` ``[web]`` option called
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2118 ``registration_delay``. The default is 4 and is the number of seconds
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2119 between the time the form was generated and the time the form is
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2120 processed.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2121
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2122 If you do not modify the ``user.register.html`` template in your
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2123 tracker's html directory, you *must* set this to 0. Otherwise you will
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2124 see the error:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2125
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
2126 .. code-block:: text
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
2127
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2128 Form is corrupted, missing: opaqueregister.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2129
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2130 If set to 0, the rate limit check is disabled.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2131
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2132 If you want to use this, you can change your ``user.register.html``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2133 file to include::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2134
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2135 <input type="hidden" name="opaqueregister" tal:attributes="value python: utils.timestamp()">
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2136
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2137 The hidden input field can be placed right after the form declaration
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2138 that starts with::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2139
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2140 <form method="POST" onSubmit="return submit_once()"
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2141
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2142 If you have applied Erik Forsberg's tracker level patch to implement
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2143 (see: https://hg.python.org/tracker/python-dev/rev/83477f735132), you
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2144 can back the code out of the tracker. You must change the name of the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2145 field in the html template to ``opaqueregistration`` from ``opaque``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2146 in order to use the core code.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2147
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2148 PGP mail processing (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2149 ------------------------------
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2150
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2151 Roundup now uses the ``gpg`` module instead of ``pyme`` to process PGP
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2152 mail. If you have PGP processing enabled, make sure the ``gpg``
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2153 module is installed.
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2154
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2155 MySQL client module (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2156 ---------------------------------
5510
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2157
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2158 Although the ``MySQLdb`` module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2159 https://pypi.org/project/MySQL-python/ is still supported, it is
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2160 recommended to switch to the updated module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2161 https://pypi.org/project/mysqlclient/.
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2162
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2163 XMLRPC Access Role (info/required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2164 ----------------------------------
5879
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2165
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2166 A new permission has been added to control access to the XMLRPC
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2167 endpoint. If the user doesn't have the new "Xmlrpc Access" permission,
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2168 they will not be able to log in using the /xmlrpc end point. To add
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2169 this new permission to the "User" role you should change your
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2170 tracker's schema.py and add::
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2171
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2172 db.security.addPermissionToRole('User', 'Xmlrpc Access')
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2173
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2174 This is usually included near where other permissions like "Web Access"
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2175 or "Email Access" are assigned.
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2176
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2177 New values for db.tx_Source (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2178 ----------------------------------
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2179
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2180 The database attribute tx_Source reports "xmlrpc" and "rest" when the
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2181 /xmlrpc and /rest web endpoints are used. Check all code (extensions,
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2182 detectors, lib) in trackers looking for tx_Source. If you have code
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2183 like::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2184
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2185 if db.tx_Source == "web":
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2186
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2187 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2188
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2189 if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2190
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2191 you may need to change these to include matches to "rest" and
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2192 "xmlrpc". For example::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2193
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2194 if db.tx_Source in [ "web", "rest", "xmlrpc" ]
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2195
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2196 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2197
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2198 if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2199
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2200
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2201 CSV export changes (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2202 -------------------------
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2203
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2204 The original Roundup CSV export function for indexes reported id
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2205 numbers for links. The wiki had a version that resolved the id's to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2206 names, so it would report ``open`` rather than ``2`` or
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2207 ``user2;user3`` rather than ``[2,3]``.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2208
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2209 Many people added the enhanced version to their extensions directory.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2210
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2211 The enhanced version was made the default in roundup 2.0. If you want
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2212 to use the old version (that returns id's), you can replace references
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2213 to ``export_csv`` with ``export_csv_id`` in templates.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2214
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2215 Both core csv export functions have been changed to force quoting of
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2216 all exported fields. To incorporate this change in any CSV export
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2217 extension you may have added, change references in your code from::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2218
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2219 writer = csv.writer(wfile)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2220
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2221 to::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2222
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2223 writer = csv.writer(wfile, quoting=csv.QUOTE_NONNUMERIC)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2224
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2225 this forces all (non-numeric) fields to be quoted and empty quotes to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2226 be added for missing parameters.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2227
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2228 This turns exported values that may look like formulas into strings so
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2229 some versions of Excel won't try to interpret them as a formula.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2230
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2231 Update userauditor.py to restrict usernames (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2232 ---------------------------------------------------------
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2233
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2234 A username can be created with embedded commas and < and >
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2235 characters. Even though the < and > are usually escaped when
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2236 displayed, the embedded comma makes it difficult to edit lists of
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2237 users as they are comma separated.
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2238
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2239 If you have not modified your tracker's userauditor.py, you can just
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2240 copy the userauditor.py from the classic template into your tracker's
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2241 detectors directory. Otherwise merge the changes from the template
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2242 userauditor.py. https://issues.roundup-tracker.org/issue2550921 may be
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2243 helpful.
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2244
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2245 Consider reindexing if you use European languages (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2246 ---------------------------------------------------------------
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2247
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2248 A couple of bugs dealing with incorrect indexing of European languages
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2249 (Russian and German were reported) have been fixed. Note reindexing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2250 all your data may take a long time. See:
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2251 https://issues.roundup-tracker.org/issue1195739 and
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2252 https://issues.roundup-tracker.org/issue1344046 for a description of
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2253 the problem. If you determine that this a problem for your tracker,
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2254 you can use::
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2255
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2256 roundup-admin -i /path/to/tracker reindex
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2257
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2258 to rewrite your full text indexes. The tracker used for reindex timing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2259 had 140MB of file/message data and 2500 issues with a slow 5400RPM
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2260 SATA drive. Using native indexing with sqlite took about 45
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2261 minutes. Using whoosh took about 2 hours. Using xapian took about 6
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2262 hours. All examples were with Python 2. Anecdotal evidence shows
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2263 Python 3 is faster, but YMMV.
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2264
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2265 Merge improvements in statusauditor.py (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2266 -------------------------------------------------
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2267
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2268 By default the detector statusauditor.py will change the status from
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2269 "unread" to "chatting" when a second message is added to an issue.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2270 The distributed classic and jinja templates implement this feature in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2271 their copies of ``detectors/statusauditor.py``.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2272
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2273 This can be a problem. Consider a person sending email to create an
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2274 issue. Then the person sends a followup message to add some additional
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2275 information to the issue. The followup message will trigger the status
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2276 change from "unread" to "chatting". This is misleading since the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2277 person is "chatting" with themselves.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2278
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2279 Statusauditor.py has been enhanced to prevent the status from changing
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2280 to "chatting" until a second user (person) adds a message. If you
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2281 want this functionality, you need to merge the distributed
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2282 statusauditor.py with your tracker's statusauditor.py. If you have not
7499
a072331c843b Change customizing to customising in all variants.
John Rouillard <rouilj@ieee.org>
parents: 7452
diff changeset
2283 customised your tracker's statusauditor.py, copy the one from the
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2284 distibuted template. In addition to the python file, you also must
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2285 copy/merge the distributed ``detectors/config.ini`` into your
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2286 tracker's detectors directory. Most people can copy
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2287 ``detectors/config.ini`` from the distributed templates as they won't
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2288 have a ``detectors/config.ini`` file. (Note this is
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2289 ``detectors/config.ini`` do not confuse it with the main
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2290 ``config.ini`` file at the root of the tracker home.)
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2291
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2292 This enhancement is disabled by default. Enable it by changing the
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2293 value in ``detectors/config.ini`` from::
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2294
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2295 chatting_requires_two_users = False
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2296
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2297 to::
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2298
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2299 chatting_requires_two_users = True
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2300
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2301 (the values ``no`` and ``yes`` can also be used). Restart the tracker
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2302 to enable the change.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2303
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2304 If you don't do this quite right you will see one of two error
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2305 messages in the web interface when you try to update an issue with a
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2306 message::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2307
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2308 Edit Error: Unsupported configuration option: Option
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2309 STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS not found in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2310 detectors/config.ini.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2311 Contact tracker admin to fix.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2312
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2313 This happens if detectors/config.ini is not found or is missing the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2314 ``chatting_requires_two_users`` option in the ``statusauditor``
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2315 section.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2316
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2317 If you have an incorrect value (say you use ``T`` rather than
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2318 ``True``) you see a different error::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2319
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2320 Edit Error: Invalid value for
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2321 DETECTOR::STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS: 'T'
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2322 Allowed values: yes, no
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2323
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2324 to fix this set the value to ``yes`` (True) or ``no`` (False).
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2325
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2326 Responsive template changes (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2327 --------------------------------------
5990
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2328
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2329 There have been some changes to the responsive template. You can
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2330 diff/merge these changes into your responsive template based tracker.
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2331
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2332 Jinja template changes (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2333 ---------------------------------
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2334
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2335 Auto escaping has been enabled in the jinja template engine, this
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2336 means it is no longer necessary to manually escape dynamic strings
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2337 with ``|e``, but strings that should not be escaped need to be marked
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2338 with ``|safe`` (e.g. ``{{ context.history()|u|safe }}``). Also, the i18n
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2339 extension has been enabled and the template has been updated to use
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2340 the extension for translatable text instead of explicit ``i18n.gettext``
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2341 calls::
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2342
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2343 {% trans %}List of issues{% endtrans %}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2344
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2345 instead of::
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2346
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2347 {{ i18n.gettext('List of issues')|u }}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2348
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2349 The jinja template has been upgraded to use bootstrap 4.1.3 (from
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2350 2.2.2). You can diff/merge changes into your jinja template based
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2351 tracker.
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2352
5994
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2353 Also search _generic.index.html, navigation.html and file.index.html
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2354 in the html directory of your tracker. Look for::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2355
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2356 <input type="hidden" name="@action"
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2357
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2358 where the value is a jinja expression that calls i18n.gettext. Set the
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2359 value to the argument of the gettext call. E.G. replace::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2360
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2361 <input type="hidden" name="@action" value="{{ i18n.gettext('editCSV')|u }}">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2362
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2363 with::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2364
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2365 <input type="hidden" name="@action" value="editCSV">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2366
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2367 The action keywords should not be translated.
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2368
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
2369 .. index:: Upgrading; 1.5.1 to 1.6.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
2370
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2371 Migrating from 1.5.1 to 1.6.0
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2372 =============================
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2373
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2374 Update tracker config file
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2375 --------------------------
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2376
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2377 After installing the new version of roundup, you should
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2378 update the ``config.ini`` file for your tracker. To do this:
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2379
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2380 1. backup your existing ``config.ini`` file
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2381 2. using the newly installed code, run::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2382
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2383 roundup-admin -i /path/to/tracker updateconfig config.ini.new
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2384
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2385 to create the file config.ini.new. Replace
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2386 ``/path/to/tracker`` with the path to your tracker.
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2387 3. replace your tracker's config.ini with config.ini.new
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2388
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2389 Using updateconfig keeps all the settings from your
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2390 tracker's config.ini file and adds settings for all the new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2391 options.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2392
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2393 If you have added comments to your original config.ini file,
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2394 merge the added comments into the config.ini.new file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2395 replace your tracker's config.ini with config.ini.new.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2396
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2397 Read the new config.ini and configure it to enable new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2398 features. Details on using these features can be found in
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2399 this section.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2400
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2401 Make sure that user can view labelprop on classes (required)
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2402 ------------------------------------------------------------
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2403
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2404 If you have View permissions that use ``properties=...``, make sure
7505
62409b4a3a52 Link labelprop to setlabelprop in reference
John Rouillard <rouilj@ieee.org>
parents: 7499
diff changeset
2405 that the `labelprop <reference.html#setlabelprop-property>`_ for the
62409b4a3a52 Link labelprop to setlabelprop in reference
John Rouillard <rouilj@ieee.org>
parents: 7499
diff changeset
2406 class is listed in the properties list.
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2407
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2408 The first one of these that exists must must be in the list:
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2409
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2410 1. the property set by a call to setlabelprop for the class
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2411 2. the key of the class (as set by setkey())
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2412 3. the "name" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2413 4. the "title" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2414
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2415 if none of those apply, you must allow
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2416
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2417 * the "id" property
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2418
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2419 E.G. If your class does a setlabelprop("foo") you must include "foo"
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2420 in the properties list even if the class has name or title properties.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2421
7506
38de0d748284 Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents: 7505
diff changeset
2422 See: `reference.html setlabelprop
38de0d748284 Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents: 7505
diff changeset
2423 <reference.html#setlabelprop-property>`_ for further details on the
38de0d748284 Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents: 7505
diff changeset
2424 labelprop.
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2425
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2426 If you don't do this, you will find that multilinks (and possibly
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2427 links) may not be displayed properly. E.G. templates that iterate over
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2428 a mutlilink field (with tal:repeat for example) may not show any
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2429 content.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2430
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2431 See: https://sourceforge.net/p/roundup/mailman/message/35763294/
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2432 for the initial discussion of the issue.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2433
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
2434 .. _cross site request forgery detection added:
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
2435
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2436 Cross Site Request Forgery Detection Added (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2437 --------------------------------------------------------
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2438
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2439 Roundup 1.6. supports a number of defenses against CSRF.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2440
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2441 Http header verification against the tracker's ``web``
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2442 setting in the ``[tracker]`` section of config.ini for the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2443 following headers:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2444
7344
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2445 1. Analyze the ``Referer`` HTTP header to make sure it
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2446 includes the web setting.
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2447 2. Analyze the ``Origin`` HTTP header to make sure the
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2448 schema://host matches the web setting.
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2449 3. Analyze the ``X-Forwarded-Host`` header set by a proxy
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2450 running in front of roundup to make sure it agrees with
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2451 the host part of the web setting.
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2452 4. Analyze the ``Host`` header to make sure it agrees with
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2453 the host part of the web setting. This is not done if
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2454 ``X-Forwarded-Host`` is set.
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2455
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2456 By default roundup 1.6 does not require any specific header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2457 to be present. However at least one of the headers above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2458 *must* pass validation checks (usually ``Host`` or
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2459 ``Referer``) or the submission is rejected with an error.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2460 If any header fails validation, the submission is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2461 rejected. (Note the user's form keeps all the data they
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2462 entered if it was rejected.)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2463
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2464 Also the admin can include unique csrf tokens for all forms
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2465 submitted using the POST method. (Delete and put methods are also
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2466 included, but not currently used by roundup.) The csrf
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2467 token (nonce) is tied to the user's session. When the user
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2468 submits the form and nonce, the nonce is checked to make
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2469 sure it was issued to the user and the same session. If this
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2470 is not true the post is rejected and the user is notified.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2471
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2472 The standard context/submit templating item creates CSRF tokens by
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2473 default. If you have forms using the POST method that are not using
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2474 the standard submit routine, you should add the following field to all
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2475 forms::
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2476
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2477 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2478 tal:attributes="value python:utils.anti_csrf_nonce()">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2479
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2480 A unique random token is generated by every call to
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2481 utils.anti_csrf_nonce() and is put in a database to be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2482 retreived if the token is used. Token lifetimes are 2 weeks
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2483 by default but can be configured in config.ini. Roundup will
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2484 automatically prune old tokens. Calling anti_csrf_nonce with
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2485 an integer lifetime, for example::
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2486
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2487 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2488 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2489
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2490 sets the lifetime of that nonce to 10 minutes.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2491
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2492 If you want to change the default settings, you have to
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2493 update the web section in your tracker's config.ini file. Follow the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2494 section above to generate an updated config.ini file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2495 look for settings that start with csrf. The updated config.ini
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2496 file includes detailed descriptions of the settings.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2497
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2498 In general one of four values can be set for these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2499 settings. The default is ``yes``, which validates the header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2500 or nonce and blocks access if the validation fails. If the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2501 field/header is missing it allows access. Setting these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2502 fields to ``required`` blocks access if the header/nonce is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2503 missing.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2504
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
2505 It is recommended that you change your templates so every form
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
2506 that is not submitted via GET has an @csrf field. Then change
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
2507 the csrf_enforce_token setting to 'required'.
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
2508
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2509 Errors and Troubleshooting - @csrf in url
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2510 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
2511
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2512 If you see the @csrf nonce in the URL, you have added the value to a
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2513 form that uses the GET method. You should remove the @csrf token from
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2514 these forms as it is not needed.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2515
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2516 Errors and Troubleshooting - AttributeError list object no attribute value
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2517 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2518 If you get an error:
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2519
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
2520 .. code-block:: text
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
2521
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2522 AttributeError: 'list' object has no attribute 'value'
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2523
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2524 in handle_csrf, you have more than one @csrf token for the form. This
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2525 usually occurs because the form uses the standard context/submit
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2526 element but you also added an explicit @csrf statement. Simply remove
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2527 the @csrf element for that form.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
2528
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2529 Errors and Troubleshooting - xmlrpc Required Header Missing
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2530 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6768
15238a434368 formatting fixes.
John Rouillard <rouilj@ieee.org>
parents: 6753
diff changeset
2531 When performing and xmlrpc call, if you see something like::
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2532
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2533 xmlrpclib.Fault: <Fault 1: "<class
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2534 'roundup.exceptions.UsageError'>:Required Header Missing">
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2535
7507
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2536 change your xmlrpc client to add appropriate headers to
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2537 the request including the:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2538
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2539 X-Requested-With:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2540
7507
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2541 header as well as any other required csrf headers (e.g. referer,
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2542 origin) configured in config.ini. See the `advanced python client
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2543 <xmlrpc.html#advanced-python-client-adding-anti-csrf-headers>`_ at
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2544 the end of the xmlrpc guide.
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2545
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2546 Alternatively change the setting of
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2547 csrf_enforce_header_x-requested-with in config.ini to ``no``. So it
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2548 looks like::
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2549
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2550 csrf_enforce_header_x-requested-with = no
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2551
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2552 This is not recommended as it reduces csrf protection.
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
2553
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2554
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2555 Support for SameSite cookie option for session cookie
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2556 -----------------------------------------------------
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2557
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2558 Support for serving the session cookie using the SameSite cookie option
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2559 has been added. By default it is set to lax to provide a better user
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2560 experience. But this can be changed to strict or the option can be
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2561 removed entirely.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2562
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2563 Using the process for merging config.ini changes described in
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2564 `Cross Site Request Forgery Detection Added`_ you can add the
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2565 ``samesite_cookie_setting`` to the ``[web]`` section of the config
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2566 file.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
2567
5147
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2568 Fix for path traversal changes template resolution
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2569 --------------------------------------------------
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2570
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2571 The templates in the tracker's html subdirectory must not be
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2572 symbolic links that lead outside of the html directory.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2573
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2574 If you don't use symbolic links for templates in your html
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2575 subdirectory you don't have to make any changes. Otherwise you need to
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2576 replace the symbolic links with hard links to the files or replace the
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2577 symbolic links with the files.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2578
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2579 This is a side effect of fixing a path traversal security issue. The
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2580 security issue required a directory with a specific unusual name. This
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2581 made it difficult to exploit. However allowing the use of
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2582 subdirectories to organize the templates required that it be fixed.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2583
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
2584
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2585 Database back end specified in config.ini (required)
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2586 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2587
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2588 The ``db/backend_name`` file is no longer used to configure the database
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2589 backend being used for a tracker. The backend is now configured in the
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2590 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2591 section. For example if ``db/backend_name`` file contains ``sqlite``, a new
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2592 entry in the tracker's ``config.ini`` will need to be created::
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2593
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2594 [rdbms]
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2595
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2596 ...
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2597
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2598 # Database backend.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2599 # Default:
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2600 backend = sqlite
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2601
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2602 Once the ``config.ini`` file has been updated with the new ``backend`` option,
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2603 you can safely delete the ``db/backend_name`` file.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2604
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2605 Note: the ``backend_name`` file may be located in a directory other than
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2606 ``db/`` if you have configured the ``database`` option in the ``[main]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2607 section of the ``config.ini`` file to be something other than ``db``.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2608
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2609 Note 2: if you are using the anydbm back end, you still set
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2610 it using the backend option in the rdbms section of the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2611 config.ini file.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2612
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2613 New config file option 'indexer' added
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2614 --------------------------------------
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2615
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2616 This release added support for the Whoosh indexer, so a new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2617 config file option has been
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2618 added. You can force Roundup to use a particular text indexer by
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2619 setting this value in the [main] section of the tracker's
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2620 ``config.ini`` file (usually placed right before indexer_stopwords)::
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2621
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2622 [main]
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2623
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2624 ...
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2625
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2626 # Force Roundup to use a particular text indexer.
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2627 # If no indexer is supplied, the first available indexer
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2628 # will be used in the following order:
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2629 # Possible values: xapian, whoosh, native (internal).
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2630 indexer =
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
2631
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2632 Errors and Troubleshooting - Full text searching not working
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2633 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2634
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2635 If after the upgrade full text searching is not working try changing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2636 the indexer value. If this is failing most likely you need to set
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2637 '''indexer = native''' to use the rdbms or db text indexing systems.
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2638
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2639 Alternatively you can do a
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2640 '''roundup-admin -i /path/to/tracker reindex'''
5752
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2641 to generate a new index using roundup's preferred indexer from the
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2642 list above.
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2643
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2644 Xapian error with flint when reindexing
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2645 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2646 If you reindex and are using xapian, you may get the error that
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2647 "flint" is not supported (looks like flint was removed after xapian
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2648 1.2.x). To fix this, you can delete the full text search database
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2649 located in the tracker home directory in the file '''db/text-index'''
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
2650 and then perform a reindex.
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2651
5108
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2652 Stemming improved in Xapian Indexer
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2653 -----------------------------------
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2654
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2655 Stemming allows a search for "silent" also match silently. The Porter
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2656 stemmer in Xapian works with lowercase English text. In this release we
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2657 lowercase the documents as they are put into the indexer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2658
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2659 This means capitalization is not preserved, but produces more hits by
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2660 using the stemmer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2661
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2662 You will need to do a roundup-admin reindex if you are using the
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2663 Xapian full text indexer on your tracker.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2664
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
2665
5098
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2666 New config file option 'replyto_address' added
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2667 ----------------------------------------------
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2668
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2669 A new config file option has been added to let you control the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2670 Reply-To header on nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2671
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2672 Edit your tracker's ``config.ini`` and place the following after
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2673 the email entry in the tracker section::
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2674
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2675 [tracker]
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2676 ...
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2677
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2678 # Controls the reply-to header address used when sending
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2679 # nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2680 # If the value is unset (default) the roundup tracker's
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2681 # email address (above) is used.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2682 # If set to "AUTHOR" then the primary email address of the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2683 # author of the change will be used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2684 # address. This allows email exchanges to occur outside of
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2685 # the view of roundup and exposes the address of the person
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2686 # who updated the issue, but it could be useful in some
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2687 # unusual circumstances.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2688 # If set to some other value, the value is used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2689 # address. It must be a valid RFC2822 address or people will not be
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2690 # able to reply.
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2691 # Default:
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2692 replyto_address =
5098
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
2693
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2694 Login from a search or after logout works better (required)
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2695 -----------------------------------------------------------
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2696
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2697 The login form has been improved to work with some back end code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2698 changes. Now when a user logs in they stay on the same page where they
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2699 started the login. To make this work, you must change the tal that is
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
2700 used to set the ``__came_from`` form variable. Note that the url
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
2701 assigned to __came_from must be url encoded/quoted and be under the
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2702 tracker's base url. If the base_url uses http, you can set the url to
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
2703 https.
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2704
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2705 Replace the existing code in the tracker's html/page.html page that
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2706 looks similar to (look for name="__came_from"):
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2707
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2708 .. code::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2709 :class: big-code
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2710
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2711 <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2712
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2713 with the following:
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2714
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2715 .. code:: html
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2716 :class: big-code
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2717
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2718 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2719 tal:condition="exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2720 tal:attributes="value string:${request/base}${request/env/PATH_INFO}?${request/env/QUERY_STRING}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2721 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2722 tal:condition="not:exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2723 tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2724
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2725 Now search backwards for the nearest form statement before the code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2726 that sets __came_from. If it looks like::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2727
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2728 <form method="post" action="#">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2729
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2730 replace it with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2731
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2732 <form method="post" tal:attributes="action request/base">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2733
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2734 or with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2735
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2736 <form method="post" tal:attributes="action string:${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2737
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2738 the important part is that the action field **must not** include any query
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2739 parameters ('#' includes query params).
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
2740
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2741 Errors and Troubleshooting - Unrecognized scheme in ...
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2742 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
2743
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2744 One symptom of failing to do this is getting an error:
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2745
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2746 Unrecognized scheme in ....
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2747
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2748 where the .... changes depending on the url path. You can see this
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2749 when logging in from any screen other than the main index.
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2750
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2751 Option to make adding multiple keywords more convenient
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2752 -------------------------------------------------------
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2753
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2754 In the classic tracker, after adding a new keyword you are redirected
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2755 to the page for the new keyword so you can change the keyword's
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2756 name. This is usually not desirable as you usually correctly set the
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2757 keyword's name when creating the keyword. The new classic tracker has
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2758 a new checkbox (checked by default) that keeps you on the same page so
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2759 you can add a new keywords one after the other.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2760
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2761 To add this to your own tracker, add the following code (prefixed with
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2762 a +) after the entry box for the new keyword in html/keyword.item.html:
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2763
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2764 .. code::
7344
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
2765 :class: big-code
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2766
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2767 <tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2768 <th i18n:translate="">Keyword</th>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2769 <td tal:content="structure context/name/field">name</td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2770 + <td tal:condition="not:context/id">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2771 + <tal:comment tal:replace="nothing">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2772 + If we get here and do not have an id, we are creating a new
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2773 + keyword. It would be nice to provide some mechanism to
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2774 + determine the preferred state of the "Continue adding keywords"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2775 + checkbox. By default it is enabled.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2776 + </tal:comment>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2777 + <input type="checkbox" id="continue_new_keyword"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2778 + name="__redirect_to"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2779 + tal:attributes="value
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2780 + string:${request/base}${request/env/PATH_INFO}?@template=item;
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2781 + checked python:True" />
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2782 + <label for="continue_new_keyword" i18n:translate="">Continue adding keywords.</label>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2783 + </td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2784 </tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2785
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2786 Note remove the leading '+' when adding this to the templates.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2787
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2788 The key component here is support for the '__redirect_to' query
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2789 property. It is a url which can be used when creating any new item
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2790 (issue, user, keyword ....). It controls the next page displayed after
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2791 creating the item. If '__redirect_to' is not set, then you end up on
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
2792 the page for the newly created item. The url value assigned to
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2793 __redirect_to must start with the tracker's base url and must be properly
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
2794 url encoded.
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
2795
5179
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2796 Helper popups trigger change events on the original page
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2797 --------------------------------------------------------
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2798
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2799 The helper popups used to set dates (from a calendar), change lists of
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2800 users or lists of issues did not notify the browser that the fields
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2801 had been changed. This release adds code to trigger the change event.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2802
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2803 To add the change event to the calendar popup, you don't need to do
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2804 any changes to the tracker. It is all done in the roundup python code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2805 in templating.py.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2806
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2807 To add the change event when updating users using the help-submit
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2808 template, copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2809 share/roundup/templates/devel/html/_generic.help-submit.html and
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2810 replace your tracker's html/_generic.help-submit.html. If you have
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2811 done local changes to this file, change your file to include the code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2812 that defines the onclick event for the input field with
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2813 id="btn_apply".
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2814
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2815 To add the change event when updating lists of issues copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2816 share/roundup/templates/devel/html/help_controls.js to your tracer's
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2817 html directory. If you have made local changes to the javascript file,
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2818 merge the two if/else blocks labeled::
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2819
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2820 /* trigger change event on the field we changed */
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2821
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2822 into your help_controls.js
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
2823
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2824 html/_generic.404.html in trackers use page template
5078
487dc55e3c5e issue2550907 Fix errors when creating documentation. Work done by
John Rouillard <rouilj@ieee.org>
parents: 5068
diff changeset
2825 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2826
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2827 The original generic 404 error pages for many trackers did not use the
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2828 standard page layout. This change replaces the html/_generic.404.html
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2829 page with one that uses the page template.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2830
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2831 If your deployed tracker is based on: classic, minimal, responsive or
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2832 devel templates and has not changed the html/_generic.404.html file,
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2833 you can copy in the new file to get this additional functionality.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2834
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2835 Organize templates into subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2836 --------------------------------------
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2837
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2838 The @template parameter to the web interface allows the use of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2839 subdirectories. So a setting of @template=view/view for an issue would
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2840 use the template in the tracker's html/view/issue.view.html. Similarly
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2841 for a caller class, you could put all the templates under the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2842 html/caller directory with names like: html/caller/caller.item.html,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2843 html/caller/caller.index.html etc. You may want to symbolically link the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2844 html/_generic* templates into your subdirectory so that missing
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2845 templates (e.g. a missing caller.edit.html template) can be satisfied
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2846 by the _generic.edit.html template.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
2847
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2848 Properly quote query dispname (displayed name) in page.html
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2849 -----------------------------------------------------------
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2850
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2851 A new method has been added to HTMLStringProperty called url_quote.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2852 The default templates have been updated to use this in the "Your
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2853 Query" section of the trackers html/page.html file. You will want to
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2854 change your template. Lines starting with - are the original line and
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2855 you want to change it to match the line starting with the + (remove
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2856 the + from the line):
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2857
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2858 .. code::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2859 :class: big-code
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2860
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2861 <tal:block tal:repeat="qs request/user/queries">
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2862 - <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2863 + <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2864 tal:content="qs/name">link</a><br>
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2865 </tal:block>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2866
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2867 Find the tal:repeat line that loops over all queries. Then
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2868 change the value assigned to @dispname in the href attribute from
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2869 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2870 the value for tal:content.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
2871
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2872 Allow "Show Unassigned" issues link to work for Anonymous user
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
2873 --------------------------------------------------------------
5113
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2874
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2875 In this release the anonymous user is allowed to search the user
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2876 class. The following was added to the schema for all templates that
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2877 provide the search option::
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2878
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2879 p = db.security.addPermission(name='Search', klass='user')
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2880 db.security.addPermissionToRole ('Anonymous', p)
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2881
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2882 If you are running a tracker that **does not** allow read access for
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2883 anonymous, you should remove this entry as it can be used to perform
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
2884 a username guessing attack against a roundup install.
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
2885
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2886 Errors and Troubleshooting - Unassigned issues for anonymous
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2887 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5276
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
2888
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
2889 If you notice that the "Unassigned Issues" search on page.html
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
2890 is displaying assigned issues for users with the Anonymous role,
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
2891 you need to allow search permissions for the user class.
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
2892
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2893 Improvements in Classic Tracker query.edit.html template
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2894 --------------------------------------------------------
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2895
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2896 There is a new query editing template included in the distribution at:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2897
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2898 ``share/roundup/templates/classic/html/query.edit.html``
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2899
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2900 This template fixes:
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2901
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2902 * public query could not be removed from "Your Queries" once it was added.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2903 Trying to do so would cause a permissions error.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2904 * private yes/no dropdown always showed "yes" regardless of
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2905 underlying state
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2906 * query Delete button did not work.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2907 * same query being displayed multiple times
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2908
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2909 It also adds:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2910 * the table layout displays queries created by the user first,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2911 then available public queries.
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2912 * public query owners are shown
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2913 * better support for deleted queries. When a query is deleted, it is
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2914 still available for those who added it to their query list. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2915 are the query owner, you can restore (undelete) the query. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2916 are not the owner you can remove it from your query list.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2917 (If a query is deleted and nobody had it in their query list, it
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2918 will not show up in the "Active retired queries" section. You will
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2919 have to use the class editor or roundup_admin command line to
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2920 restore it.)
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2921 * notifies the user that delete/restore requires javascript. It
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2922 always did, but that requirement wasn't displayed.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2923
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2924 To use the new template, you must add Restore permission on queries to
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2925 allow the user to restore queries (see below).
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2926
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2927 If you have not modified the query.edit.html template in your tracker,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2928 you should be able to copy the new version from the location above.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2929 Otherwise you will have to merge the changes into your modified template.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2930
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2931 Add the query Restore permission for the User role to your tracker's
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2932 schema.py file. Place it right after the query retire permission for
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2933 the user role. After the change it should look like::
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2934
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2935 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2936 description="User is allowed to retire their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2937 db.security.addPermissionToRole('User', p)
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2938 p = db.security.addPermission(name='Restore', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2939 check=edit_query,
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2940 description="User is allowed to restore their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2941 db.security.addPermissionToRole('User', p)
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
2942
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2943 where the last four lines are the ones you need to add.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2944
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2945 Usually you can add this to your User role. If all users have the User
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2946 role in common then all logged in users should be ok. If you have
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2947 users who do not include the User role (e.g. they may only have a
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2948 Provisional role), you should add the search permission to that role
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2949 (e.g. Provisional) as well if you allow them to edit their list of
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2950 queries.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2951
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2952 Also see the `new search permissions for query in 1.4.17`_ section
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2953 discussing search permission requirements for editing queries. The
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2954 fixes in this release require the ability to search the creator of all
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2955 queries to work correctly.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2956
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2957 If the test script for the `new search permissions for query in
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2958 1.4.17`_ doesn't report that a role has the ability to search queries
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2959 or at least search the creator property for queries, add the following
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2960 permissions to your schema.py::
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2961
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2962 s = db.security.addPermission(name='Search', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2963 properties=['creator'],
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2964 description="User is allowed to Search queries for creator")
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2965 db.security.addPermissionToRole('User', s)
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2966
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2967 Errors and Troubleshooting - Public queries listed twice when editing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
2968 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
2969
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2970 If you do not do this, public queries will be listed twice in the edit
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2971 interface. Once in the "Queries I created" section and again in the
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2972 "Queries others created" section of the query edit page
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
2973 (``http..../query?@template=edit``).
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
2974
5274
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2975 Fix security issues in query.item.html template
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2976 -----------------------------------------------
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2977 The default query.item.html template allows anybody to view all
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2978 queries.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2979
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2980 This has been updated in the classic, devel and responsive templates
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2981 to only allow people to view queries they creates or queries that are
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2982 publicly viewable.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2983
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2984 If you haven't modified you query.item.html template, simply copy the
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2985 query.item.html template from one of the above default templates to
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2986 your tracker's html directory.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
2987
8236
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
2988 Enhancement to check command for Permissions (optional)
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
2989 -------------------------------------------------------
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2990 A new form of check function is permitted in permission definitions.
8236
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
2991 An example check function is ``own_record(db, userid, itemid)`` in the
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
2992 file schema.py. The three argument form is still supported and will
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
2993 work the same as it always has (although it may be depricated in the
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
2994 future).
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2995
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2996 If the check function is defined as::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2997
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2998 check(db, userid, itemid, **ctx)
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2999
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3000 the ctx variable will have the context to use when determining access
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3001 rights::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3002
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3003 ctx['property'] the name of the property being checked or None if
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3004 it's a class check.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3005
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3006 ctx['classname'] the name of the class that is being checked
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3007 (issue, query ....).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3008
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3009 ctx['permission'] the name of the permission (e.g. View, Edit...).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3010
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3011 This should make defining complex permissions much easier. Consider::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3012
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3013 def issue_private_access(db, userid, itemid, **ctx):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3014 if not db.issue.get(itemid, 'private'):
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3015 # allow access to everything if not private
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3016 return True
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3017
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3018 # It is a private issue hide nosy list
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3019 # Note that the nosy property *must* be listed
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3020 # in permissions argument to the addPermission
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3021 # definition otherwise this check command
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3022 # is not run.
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3023 if ctx['property'] == 'nosy':
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3024 return False # deny access to this property
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3025
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3026 # allow access for editing, viewing etc. of the class
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3027 return True
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3028
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3029
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3030 e = db.security.addPermission(name='Edit', klass='issue',
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3031 check=issue_private_access,
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3032 properties=['nosy'],
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3033 description="Edit issue checks")
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3034
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3035 It is suggested that you change your checks to use the ``**ctx``
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3036 parameter. This is expected to be the preferred form in the future.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3037 You do not need to use the ``ctx`` parameter in the function if you do
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3038 not need it.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3039
8236
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3040 If the new four argument form is required in the future, there will be
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3041 required (not optional) directions on upgrading your schema.
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3042
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3043 Changes to property permissions
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3044 -------------------------------
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3045
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
3046 If you create a permission::
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3047
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3048 db.security.addPermission(name='View', klass='user',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3049 properties=['theme'], check=own_record,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3050 description="User is allowed to view their own theme")
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3051
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3052 that combines checks and properties, the permission also matches a
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3053 permission check for the View permission on the user class. So this
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3054 also allows the user to see their user record. It is unexpected that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3055 checking for access without a property would match this permission.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3056
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3057 This release adds support for making a permission like above only be
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3058 used during property permission tests. See ``customizing.txt`` and
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3059 search for props_only and set_props_only_default in the section
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3060 'Adding a new Permission'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3061
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3062 Improve query editing
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3063 ---------------------
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3064
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3065 If a user creates a query with the same name as one of their existing
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3066 queries, the query editing interface will now report an error. By
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3067 default the query editing page (issue.search.html) displays the index
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3068 page when the search is triggered. This is usually correct since the
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3069 user expects to see the results of the query. But now that
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3070 the code properly checks for duplicate search names, the user should
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3071 stay on the search page if there is an error. To add this to your
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3072 existing issue.search.html page, add the following line after the
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
3073 hidden field ``@old-queryname``::
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3074
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3075 <input type="hidden" name="@template" value="index|search"/>
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3076
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3077 With this addition, the index template is displayed if there is no
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3078 error, and the user stays on the search template if there is an error.
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3079
5323
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3080 New -L (loghttpvialogger) option to roundup-server
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3081 --------------------------------------------------
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3082
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3083 Http request logs from roundup-server are sent to stderr or
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3084 can be recorded in a log file (if -l or the logfile options
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3085 is used). However there is no way to rotate the logfile
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3086 without shutting down and restarting the roundup-server.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3087
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3088 If the -L flag is used, the python logging module is used
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3089 for logging the http requests. The name for the log
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3090 (qualname) is 'roundup.http'. You can direct these messages
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3091 to a rotating log file by putting the following::
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3092
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3093 [loggers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3094 keys=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3095
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3096 [logger_roundup.http]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3097 level=INFO
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3098 handlers=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3099 qualname=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3100 propagate=0
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3101
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3102 [handlers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3103 keys=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3104
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3105 [handler_rotate_weblog]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3106 class=logging.handlers.RotatingFileHandler
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3107 args=('httpd.log','a', 512000, 2)
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3108 formatter=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3109
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3110 [formatters]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3111 keys=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3112
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3113 [formatter_plain]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3114 format=%(message)s
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3115
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3116 into a file (e.g. logging.ini). Then reference this file in
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3117 the 'config' value of the [logging] section in the trackers
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3118 config.ini file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3119
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3120 Note the log configuration above is an example and can be
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3121 merged into a more full featured logging config file for
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3122 your tracker if you wish. It will create a new file in the
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3123 current working directory called 'httpd.log' and will rotate
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3124 the log file at 500K and keep two old copies of the file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3125
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
3126 .. index:: Upgrading; 1.5.0 to 1.5.1
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
3127
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3128 Migrating from 1.5.0 to 1.5.1
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3129 =============================
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3130
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3131 User data visibility
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3132 --------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3133
4902
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3134 For security reasons you should change the permissions on the user
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3135 class. We previously shipped a configuration that allowed users to see
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3136 too many of other users details, including hashed passwords under
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3137 certain circumstances. In schema.py in your tracker, replace the line::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3138
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3139 db.security.addPermissionToRole('User', 'View', 'user')
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3140
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3141 with::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3142
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3143 p = db.security.addPermission(name='View', klass='user',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3144 properties=('id', 'organisation', 'phone', 'realname',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3145 'timezone', 'username'))
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3146 db.security.addPermissionToRole('User', p)
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3147
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3148 Note that this removes visibility of user emails, if you want emails to
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3149 be visible you can add 'address' and 'alternate_addresses' to the list
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3150 above.
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3151
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3152 XSS protection for custom actions
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3153 ---------------------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3154
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3155 If you have defined your own cgi actions in your tracker instance
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3156 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3157 all cases where client.error_message or client.ok_message are modified
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3158 directly. Instead of::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3159
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3160 self.client.ok_message.append(...)
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3161
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3162 you need to call::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3163
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3164 self.client.add_ok_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3165
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3166 and the same for::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3167
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3168 self.client.error_message.append(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3169
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3170 vs.::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3171
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3172 self.client.add_error_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3173
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3174 The new calls escape the passed string by default and avoid XSS security
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3175 issues.
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3176
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3177
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3178 Migrating from older versions
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3179 =============================
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3180
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3181 See the `historical migration <upgrading-history.html>`_ document.
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3182
7091
849e9b2d6926 Rename security.py to security-history.py; change reference
John Rouillard <rouilj@ieee.org>
parents: 7064
diff changeset
3183 .. _`security documentation`: security-history.html
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
3184 .. _`Roundup postgresql documentation`: postgresql.html
2409
Richard Jones <richard@users.sourceforge.net>
parents: 2374
diff changeset
3185 .. _`administration guide`: admin_guide.html
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3186 .. _`xmlrpc guide`: xmlrpc.html
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
3187 .. _FTS5 full-text search engine: https://www.sqlite.org/fts5.html
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3188 .. _PostgreSQL's full text search: https://www.postgresql.org/docs/current/textsearch.html
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3189 .. _`administration guide notes on native-fts`: admin_guide.html#configuring-native-fts-full-text-search
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
3190 .. _Configuring Compression: admin_guide.html#configuring-compression
7971
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
3191 .. _classhelper documentation: admin_guide.html#classhelper-web-component
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
3192 .. _Software Upgrade: admin_guide.html#software-upgrade
7281
194093011cb7 Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents: 7277
diff changeset
3193 .. _new search permissions for query in 1.4.17:
194093011cb7 Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents: 7277
diff changeset
3194 upgrading-history.html#new-search-permissions-for-query-in-1-4-17
Roundup Issue Tracker: http://roundup-tracker.org/