Mercurial > p > roundup > code

annotate doc/upgrading.txt @ 8535:4184173d364f

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: make web page follow login_empty_passwords setting. remove the required attribute from password input in the the html templates if login_empty_passwords is enabled in config.ini. Also document in upgrading.txt.
author John Rouillard <rouilj@ieee.org>
date Wed, 18 Mar 2026 17:49:16 -0400
parents 00aec15117c0
children 1ffa1f42e1da
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
1 .. meta::
6774
e7b4ad2c57ac landmarks, skiplink, remove bad attrs, autocomplete search
John Rouillard <rouilj@ieee.org>
parents: 6768
diff changeset
2 :description:
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3 Critical documentation for upgrading the Roundup Issue
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
4 Tracker. Actions that must be taken when upgrading from
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
5 one version to another are documented here.
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
6
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
7 .. index:: Upgrading
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
8
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 Upgrading to newer versions of Roundup
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
13 Please read each section carefully and edit the files in your tracker home
2016
2112962f5bb1 Update documentation for the client.py split and add an upgrade notice.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 2003
diff changeset
14 accordingly. Note that there is information about upgrade procedures in the
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
15 `administration guide`_ in the `Software Upgrade`_ section.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
17 If a specific version transition isn't mentioned here (e.g. 0.6.7 to
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
18 0.6.8) then you don't need to do anything. If you're upgrading from
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
19 0.5.6 to 0.6.8 though, you'll need to apply the "0.5 to 0.6" and
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
20 "0.6.x to 0.6.3" steps.
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
21
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
22 General steps:
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
23
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
24 1. Make note of your current Roundup version.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
25 2. Take your Roundup installation offline (web, email,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
26 cron scripts, roundup-admin etc.)
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
27 3. Backup your Roundup instance
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
28 4. Install the new version of Roundup (preferably in a new virtual
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
29 environment)
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
30 5. Make version specific changes as described below for
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
31 each version transition. If you are starting at 1.5.0
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
32 and installing to 2.3.0, you need to make the changes for **all**
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
33 versions starting at 1.5 and ending at 2.3. E.G.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
34 1.5.0 -> 1.5.1, 1.5.1 -> 1.6.0, ..., 2.1.0 -> 2.2.0,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
35 2.2.0 -> 2.3.0.
8047
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
36 6. Run ``roundup-admin -i <tracker_home> migrate`` using
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
37 the newer version of Roundup for the instance you are
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
38 upgrading. This will update the database if it is
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
39 required.
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
40 7. Bring your Roundup instance back online
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
41 8. Test
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
42
8047
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
43 Repeat for each tracker instance.
a0876d16e299 doc: clarify basic upgrade instructions to target single instance
John Rouillard <rouilj@ieee.org>
parents: 8046
diff changeset
44
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
45 .. note::
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
46 The v1.5.x releases of Roundup were the last to support
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
47 Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
48 Python version 2.7 that is newer than 2.7.2 is required to run
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
49 Roundup. Starting with Roundup version 2.0.0 we also support Python 3
8315
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
50 versions newer than 3.6. Roundup version 2.5 supports Python
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
51 3.7 and newer.
4901
fa268ea457db Add note about dropping support for Python v2.5
John Kristensen <john@jerrykan.com>
parents: 4890
diff changeset
52
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
53 Recent release notes have the following labels:
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
54
8045
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
55 * **required** - Roundup will not work properly if these steps are not done
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
56 * **recommended** - Roundup will still work, but these steps can cause
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
57 security or stability issues if not done.
8045
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
58 * **optional** - new features or changes to existing features you might
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
59 want to use
8045
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
60 * **info** - important possibly visible changes in how things operate
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
61
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
62 If you use virtual environments for your installation, you
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
63 can run trackers with different versions of Roundup. So you
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
64 can have one tracker using version 2.2.0 and another tracker
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
65 using version 1.6.1. This allows you to upgrade trackers one
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
66 at a time rather than having to upgrade all your trackers at
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
67 once. Note that downgrading may require restoring your
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
68 database to an earlier version, so make sure you backed up
ab96dcb1beb4 doc: bold status/severity keywords in key; discuss virtual env install
John Rouillard <rouilj@ieee.org>
parents: 8030
diff changeset
69 your database.
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
70
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
71 .. note::
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
72
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
73 This file only includes versions released in the last 10
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
74 years. If you are upgrading from an older version, start with the
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
75 changes in the `historical migration <upgrading-history.html>`_
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
76 document.
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
77
7438
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
78 .. admonition:: Python 2 Support
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
79
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
80 If you are running Roundup under Python 2, you should make plans to
8071
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8064
diff changeset
81 switch to Python 3. Release 2.4.0 (Jul 2024) is the last release to
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8064
diff changeset
82 officially support Python 2. The next non-patch release scheduled
a4cb4e75d4e9 final changes for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 8064
diff changeset
83 for 2025 will mark 5 years since Roundup supported Python 3.
7438
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
84
7452
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
85 .. admonition:: XHTML Support Deprecation Notice
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
86
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
87 If you are running a tracker where the ``html_version`` setting in
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
88 ``config.ini`` is ``xhtml``, you should plan to change your
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
89 templates to use html (HTML5). If you are affected by this, please
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
90 send email to the roundup-users mailing list (roundup-users at
8048
3ddc6a7d41de doc: 2.3.0 is the last version to support xhtml
John Rouillard <rouilj@ieee.org>
parents: 8047
diff changeset
91 lists.sourceforge.net). Version 2.3.0 is the last version to support
3ddc6a7d41de doc: 2.3.0 is the last version to support xhtml
John Rouillard <rouilj@ieee.org>
parents: 8047
diff changeset
92 XHTML.
7452
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
93
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
94 .. raw:: html
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
95
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
96 <details>
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
97 <summary>Contents:</summary>
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
98
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
99 .. contents::
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
100 :local:
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
101
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
102 .. raw:: html
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
103
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
104 </details>
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
105
8411
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
106 .. index:: Upgrading; 2.5.0 to 2.6.0
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
107
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
108 Migrating from 2.5.0 to 2.6.0
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
109 =============================
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
110
8446
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
111 Default Logs Include Unique Request Identifier (info)
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
112 -----------------------------------------------------
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
113
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
114 The default logging format has been changed from::
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
115
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
116 %(asctime)s %(levelname)s %(message)s
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
117
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
118 to::
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
119
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
120 %(asctime)s %(trace_id)s %(levelname)s %(message)s
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
121
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
122 So logs now look like::
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
123
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
124 2025-08-20 03:25:00,308 f6RPbT2s70vvJ2jFb9BQNF DEBUG get user1 cached
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
125
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
126 which in the previous format would look like::
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
127
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
128 2025-08-20 03:25:00,308 DEBUG get user1 cached
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
129
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
130 The new format includes ``trace_id`` which is a thread and process
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
131 unique identifier for a single request. So you can link together all
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
132 of the log lines and determine where a slow down or other
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
133 problem occurred.
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
134
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
135 The logging format is now a ``config.ini`` parameter in the
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
136 ``logging`` section with the name ``format``. You can change it if you
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
137 would like the old logging format without having to create a logging
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
138 configuration file. See :ref:`rounduplogging` for details.
14c7c07b32d8 feature: add thread local trace_id and trace_reason to logging.
John Rouillard <rouilj@ieee.org>
parents: 8432
diff changeset
139
8510
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
140 Make Pagination Links Keep Search Name (optional)
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
141 -------------------------------------------------
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
142
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
143 When displaying a named search, index templates don't preserve
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
144 the name when using the pagination (Next/Prev) links. This is
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
145 fixed in the 2.6.0 templates for issues/bugs/tasks. To make the
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
146 change to your templates, look for the pagination links (look for
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
147 prev or previous case insensitive) in your tracker's html
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
148 subdirectory and change::
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
149
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
150 request.indexargs_url(request.classname,
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
151 {'@startwith':prev.first, '@pagesize':prev.size})"
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
152
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
153 to read::
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
154
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
155 request.indexargs_url(request.classname,
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
156 dict({'@dispname': request.dispname}
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
157 if request.dispname
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
158 else {},
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
159 **{'@startwith':prev.first, '@pagesize':prev.size}))"
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
160
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
161 This code will be embedded in templating markup that is not shown
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
162 above. The change above is for your previous/prev link. The
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
163 change for the next pagination link is similar with::
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
164
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
165 {'@startwith':next.first, '@pagesize':next.size}
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
166
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
167 replacing::
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
168
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
169 {'@startwith':prev.first, '@pagesize':prev.size}
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
170
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
171 in the example.
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
172
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
173 This moves the existing dictionary used to override the URL
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
174 arguments to the second argument inside a ``dict()`` call. It
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
175 also adds ``**`` before it. This change creates a new override
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
176 dictionary that includes an ``@dispname`` parameter if it is set
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
177 in the request. If ``@dispname`` is not set, the existing
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
178 dictionary contents are used.
00aec15117c0 bug: Issue2551393 - keep search name when paginating
John Rouillard <rouilj@ieee.org>
parents: 8478
diff changeset
179
8411
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
180 Support authorized changes in your tracker (optional)
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
181 -----------------------------------------------------
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
182
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
183 An auditor can require change verification with user's password.
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
184
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
185 When changing sensitive information (e.g. passwords) it is
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
186 useful to ask for a validated authorization. This makes sure
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
187 that the user is present by typing their password.
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
188
8412
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
189 You can add this to your auditors using the example
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
190 :ref:`sensitive_changes`.
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
191
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
192 To use this, you must copy ``_generic.reauth.html`` into your
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
193 tracker's html subdirectory. See the classic template directory for a
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
194 copy. If you are using jinja2, see the jinja2 template directory.
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
195 Then you can raise a Reauth exception and have the proper page
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
196 displayed.
8411
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
197
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
198 Also javascript *MUST* be turned on if this is used with a file
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
199 input. If JavaScript is not turned on, attached files are lost during
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
200 the reauth step. Information from other types of inputs (password,
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
201 date, text etc.) do not need JavaScript to work.
ef1ea918b07a feat(security): Add user confirmation/reauth for sensitive changes
John Rouillard <rouilj@ieee.org>
parents: 8371
diff changeset
202
8412
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
203 See :ref:`Confirming the User` in the reference manual for details.
0663a7bcef6c feat: finish reauth docs, enhance code.
John Rouillard <rouilj@ieee.org>
parents: 8411
diff changeset
204
8423
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
205 Support for dictConfig Logging Configuration (optional)
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
206 -------------------------------------------------------
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
207
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
208 Roundup's basic log configuration via config.ini has always had the
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
209 ability to use an ini style logging configuration to set levels per
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
210 log channel, control output file rotation etc.
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
211
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
212 With Roundup 2.6 you can use a JSON like file to configure logging
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
213 using `dictConfig
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
214 <https://docs.python.org/3/library/logging.config.html#logging.config.dictConfig>`_. The
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
215 JSON file format as been enhanced to support comments that are
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
216 stripped before being processed by the logging system.
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
217
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
218 You can read about the details in the :ref:`admin manual <dictLogConfig>`.
94eed885e958 feat: add support for using dictConfig to configure logging.
John Rouillard <rouilj@ieee.org>
parents: 8412
diff changeset
219
8459
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
220 Fix user.item.html template producing invalid Javascript (optional)
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
221 -------------------------------------------------------------------
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
222
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
223 The html template ``page.html`` in the classic, devel, minimal, and
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
224 responsive tracker templates define a ``user_src_input`` macro. This
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
225 macro produces invalid javascript for the ``onblur`` event when used
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
226 by ``user.item.html``. The only effect from this bug is a javascript
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
227 error reported in the user's browser when the user does not have edit
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
228 permissions on the page. It doesn't have any user visible impact.
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
229
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
230 If you want to fix this, replace::
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
231
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
232 tal:attributes="onblur python:edit_ok and 'split_name(this)';
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
233
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
234 with::
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
235
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
236 tal:attributes="onblur python:'split_name(this)' if edit_ok else '';
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
237
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
238 in the ``html/page.html`` file in your tracker.
db435e272f26 fix: update updating.txt doc for user_src_input bug
John Rouillard <rouilj@ieee.org>
parents: 8446
diff changeset
239
8535
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
240 Allow users without a password to log in (optional)
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
241 ---------------------------------------------------
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
242
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
243 You can configure a tracker to allow a login without a password.
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
244 However the default html templates require the password field to
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
245 be filled in. This prevents a login with an empty password.
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
246
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
247 If you don't want to allow a login without a password, you can
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
248 skip this section.
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
249
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
250 This change automatically removes the required attribute if the
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
251 ``config.ini`` ``login_empty_passwords`` setting is enabled
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
252 (true). The default is disabled with the value ``no``).
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
253
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
254 This change is the default for the tracker templates in 2.6 and
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
255 newer.
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
256
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
257 To add this to your tracker, change the ``page.html`` (for TAL
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
258 based trackers) or ``layout/navigation.html (for jinja2 trackers).
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
259
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
260 For TAL trackers, replace the ``required`` parameter by finding
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
261 the following password input in the tracker's ``html/page.html``
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
262 file::
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
263
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
264 <input size="10" spellcheck="false" type="password" required name="__login_password"><br>
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
265
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
266 and modifying it to look like::
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
267
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
268 <input size="10" spellcheck="false" type="password"
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
269 tal:attributes="required python: 'required'
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
270 if not db.config.WEB_LOGIN_EMPTY_PASSWORDS else nothing"
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
271 name="__login_password"><br>
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
272
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
273 The equivalent change for jinja2's
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
274 ``html/layout/navigation.html`` based template starts with::
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
275
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
276 <input class="form-control form-control-sm" spellcheck="false" type="password" required name="__login_password" placeholder='password'>
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
277
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
278 and changes to::
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
279
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
280 <input class="form-control form-control-sm" spellcheck="false" type="password" name="__login_password" placeholder='password' {{ "required" if not db.config.WEB_LOGIN_EMPTY_PASSWORDS }}>
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
281
4184173d364f bug: make web page follow login_empty_passwords setting.
John Rouillard <rouilj@ieee.org>
parents: 8510
diff changeset
282
8081
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
283 .. index:: Upgrading; 2.4.0 to 2.5.0
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
284
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
285 Migrating from 2.4.0 to 2.5.0
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
286 =============================
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
287
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
288 .. _CVE-2025-53865:
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
289
8359
d98cb4730a4a docs: relabel/label a couple of headers
John Rouillard <rouilj@ieee.org>
parents: 8357
diff changeset
290 XSS security issue with devel and responsive templates (recommended)
d98cb4730a4a docs: relabel/label a couple of headers
John Rouillard <rouilj@ieee.org>
parents: 8357
diff changeset
291 --------------------------------------------------------------------
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
292
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
293 There are actually two different issues under this heading.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
294
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
295 1. incorrect use of the ``structure`` keyword with
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
296 ``tal:content``
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
297 2. use of ``tal:replace`` on unsafe input
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
298
8371
7d1b50c02835 doc: link to security page for link to formal CVE report.
John Rouillard <rouilj@ieee.org>
parents: 8365
diff changeset
299 See the `security page for a link to CVE-2025-53865
7d1b50c02835 doc: link to security page for link to formal CVE report.
John Rouillard <rouilj@ieee.org>
parents: 8365
diff changeset
300 <security.html#cve-announcements>`_.
7d1b50c02835 doc: link to security page for link to formal CVE report.
John Rouillard <rouilj@ieee.org>
parents: 8365
diff changeset
301
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
302 In the discussion below, the :term:`html directory` means one or
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
303 more directories listed in the ``templates`` key of your
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
304 tracker's ``config.ini`` file.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
305
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
306 These directions can be used to solve the XSS security issue with
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
307 any version of Roundup. Even if you used a classic or minimal
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
308 template, you should check your trackers for these issues. The
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
309 classic template fixed most of these many years ago, but the
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
310 updates were not made to the devel and responsive templates. No
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
311 report of similar issues with the jinja template has been seen.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
312
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
313 Incorrect use of structure in templates
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
314 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
315
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
316 The devel and responsive templates prior to Roundup 2.5 used this
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
317 construct::
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
318
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
319 tal:content="structure context/MUMBLE/plain"
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
320
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
321 Where ``MUMBLE`` is a property of your issues (e.g. title).
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
322
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
323 This construct allows a URL with a carefully crafted query
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
324 parameter to execute arbitrary JavaScript.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
325
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
326 You should check all your trackers. The classic template has not
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
327 used this construct since at least 2009, but your tracker's
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
328 templates may use the offending construct anyway.
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
329
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
330 This fix will apply if your tracker is based on the responsive or
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
331 devel template. Check the TEMPLATE-INFO.txt file in your tracker
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
332 home. The template name is the first component of the ``Name``
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
333 field. For example a Name like::
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
334
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
335 Name: responsive-bugtracker
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
336
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
337 Name: devel-bugtracker
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
338
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
339 shows that tracker is based on the responsive or devel templates.
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
340
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
341 .. _cve-2025-53865-fixed:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
342
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
343 To fix this, remove the ``structure`` declaration when it is used
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
344 with a plain representation. So fixing the code by replacing the
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
345 example above with::
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
346
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
347 tal:content="context/MUMBLE/plain"
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
348
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
349 prevents the attack.
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
350
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
351 To check for this issue, search for ``structure`` followed by
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
352 ``/plain`` in all your html templates. If you are on a Linux/Unix
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
353 system you can search the html subdirectory of your tracker with
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
354 the following::
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
355
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
356 grep 'structure.*/plain' *.html
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
358 which should return any lines with issues.
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
359
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
360 .. warning::
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
361
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
362 Backup the files in the ``html`` subdirectory of your tracker
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
363 in case an edit goes wrong.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
364
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
365 As an example, you could fix this issue using the GNU sed
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
366 command::
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
367
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
368 sed -i.bak -e '/structure.*\/plain/s/structure.//' *.html
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
369
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
370 to edit the files in place and remove the structure keyword. It
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
371 will create a ``.bak`` file with the original contents of the
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
372 file. If your templates were changed, this might still miss some
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
373 entries. If you are on windows, some text editors support search
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
374 and replace using a regular expression.
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
375
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
376 If the construct is split across lines::
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
377
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
378 tal:content="structure
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
379 context/MUMBLE/plain"
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
380
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
381 the commands above will miss the construct. So you should also
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
382 search the html files using ``grep /plain *.html`` and verify
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
383 that all of the ``context/MUMBLE/plain`` include ``tal:content``
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
384 as in the `fixed example above <#cve-2025-53865-fixed>`_. Any
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
385 lines that have ``context/MUMBLE/plain`` without ``tal:content=``
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
386 before it need to be manually verified/fixed.
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
387
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
388 The distributed devel and responsive templates do not split the
8365
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
389 construct across lines, but if you changed the files it may be
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
390 split.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
391
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
392 tal:replace used with unsafe input
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
393 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
394
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
395 The problem was caused by the following markup::
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
396
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
397 <span tal:replace="context/MUMBLE" />
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
398
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
399 in the head of the ``bug.item.html``, ``task.item.html`` and
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
400 other files in the devel and responsive templates.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
401
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
402 This was fixed many years ago in the classic template's
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
403 ``index.item.html``. The classic template replaces the above
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
404 construct with::
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
405
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
406 <tal:x tal:content="context/MUMBLE" />
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
407
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
408 ``tal:content`` explicitly escapes the result unless the
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
409 ``structure`` directive is used. ``tal:replace`` expects the
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
410 result to be safe and usable in an HTML context.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
411
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
412 TAL drops any tags that it doesn't know about from the output.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
413 ``<tal:x tal:content="..." />`` results in the value of the
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
414 content expression without a surrounding html tag. (Effectively
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
415 replacing the construct.)
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
416
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
417 The following diff for ``bug.item.html`` in the devel template
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
418 shows the change to make things safe (remove lines starting with
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
419 ``-`` and add lines staring with ``+``)::
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
420
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
421 <tal:block metal:use-macro="templates/page/macros/frame">
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
422 <title metal:fill-slot="head_title">
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
423 <tal:block condition="context/id" i18n:translate=""
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
424 - >Bug <span tal:replace="context/id" i18n:name="id"
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
425 - />: <span tal:replace="context/title" i18n:name="title"
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
426 - /> - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
427 + >Bug <tal:x tal:content="context/id" i18n:name="id"
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
428 + />: <tal:x tal:content="context/title" i18n:name="title"
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
429 + /> - <tal:x tal:content="config/TRACKER_NAME" i18n:name="tracker"
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
430 /></tal:block>
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
431 <tal:block condition="not:context/id" i18n:translate=""
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
432 >New Bug report - <span tal:replace="config/TRACKER_NAME" i18n:name="tracker"
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
433
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
434 A similar change was applied in the following html files in the
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
435 devel or responsive templates:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
436
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
437 .. rst-class:: multicol
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
438
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
439 * _generic.collision.html
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
440 * bug.item.html
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
441 * keyword.item.html
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
442 * milestone.item.html
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
443 * msg.item.html
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
444 * task.item.html
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
445 * user.item.html
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
446
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
447 Also ``page.html`` should be changed from::
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
448
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
449 <p class="label"><b tal:replace="request/user/username">username</b></p>
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
450
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
451 to::
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
452
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
453 <p class="label"><b tal:replace="python:request.user.username.plain(escape=1)">username</b></p>
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
454
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
455 The code audit found the ``tal:replace`` construct is used with
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
456 ``context/id`` and ``context/designator`` paths. The references
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
457 to these paths have been changed to use ``tal:x`` in the classic
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
458 template's ``msg.item.html`` file and the classic and minimal
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
459 template's ``_generic.collision.html`` file.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
460
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
461 These paths are critical to navigation in Roundup and are set
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
462 from the path part of the URL. Roundup's URL path validation
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
463 makes it unlikely that an attacker could exploit them. If you
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
464 wish you can change your templates or copy the corresponding
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
465 files from the template if you haven't made local changes.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
466
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
467 Also you may have used copies of these insecure templates
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
468 elsewhere in your tracker (e.g. to create a feature class). To
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
469 find other possible issues you can use the command::
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
470
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
471 grep -r "tal:replace=" *.html
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
472
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
473 in your tracker's :term:`html directory`. Check each occurrence
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
474 and if needed, change it to the safer form. You should consider
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
475 any reference to ``context`` to be under the user's (attacker's)
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
476 control. Also ``db`` (excluding ``db/config``) and ``request``
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
477 references that use user supplied content
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
478 (e.g. ``request/user/username`` above) should be changed to
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
479 ``tal:x`` form
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
480
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
481 .. comment:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
482 As part of the analysis, the following command was used to find
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
483 potentially vulnerable stuff in the templates. Each grep -v was
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
484 removed to display items in that category and they were checked::
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
485
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
486 grep -r 'tal:replace' . | grep -v 'replace="batch' | \
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
487 grep -v 'replace="config' | grep -v 'replace="db/config' | \
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
488 grep -v 'replace="structure' | grep -v 'replace="python:' | \
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
489 grep -v 'replace="request/'
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
490
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
491
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
492 context/id, context/designator:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
493 assume safe if used in an class.item.html page as the page
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
494 wouldn't be shown if they weren't valid numbers/designators.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
495
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
496 Might not be ok referenced in a _generic fallback page though.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
497
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
498 config, db/config, batch, nothing:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
499 should be safe as they are not under user control
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
500
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
501 request/classname (python:request._classname), request/template:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
502 should be safe as they are needed to navigate to a display page,
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
503 so if they are invalid nothing will be displayed.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
504
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
505 utils, python:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
506 assume it's written correctly and is safe (could use some new
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
507 tests for the shipped utility functions). The intent of these
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
508 can be to deliver blocks of <script> or other html markup.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
509
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
510 db, request:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
511 might be dangerous when accessing user supplied values.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
512
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
513 request/user/username:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
514 Escape these. If the username is an XSS issue, an attacker could
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
515 use it to compromise a user.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
516
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
517 request/dispname:
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
518 should be quoted and is by the existing python: code.
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
519
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
520 Open question: why does there have to be an error generated by the
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
521 url @sort=1. Without invalid sort param, the exploit url doesn't
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
522 work and the context appears to use the database's title not the one
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
523 in the url. Also its not positional @sort=1 can appear anywhere in
4ac0bbb3e440 bug(security): CVE-2025-53865 - XSS bug
John Rouillard <rouilj@ieee.org>
parents: 8361
diff changeset
524 the url.
8357
abf1297e7a94 bug(security): fix XSS exploit in devel and responsive templates
John Rouillard <rouilj@ieee.org>
parents: 8355
diff changeset
525
8315
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
526 Deprecation Notices (required)
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
527 ------------------------------
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
528
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
529 * Support for SQLite version 2 has been removed in 2.5.0.
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
530 * Support for the `PySQLite <https://github.com/ghaering/pysqlite>`_
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
531 library has been removed in 2.5.0. Only the Python supplied
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
532 sqlite3 library is supported.
3f43db05aa11 docs: use bulleted list for deprecation; pydoc for shared dir
John Rouillard <rouilj@ieee.org>
parents: 8300
diff changeset
533 * Roundup 2.5.0 supports Python 3.7 or newer. (It is not tested
8355
226a4f391ae2 docs: fix typo
John Rouillard <rouilj@ieee.org>
parents: 8352
diff changeset
534 on Python 3.6. It may work but we don't support it.)
8081
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
535
8124
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
536 Update responsive template _generic.404.html and query.item.html (recommended)
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
537 ------------------------------------------------------------------------------
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
538
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
539 This only applies if your tracker is based on the responsive
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
540 template. Check the TEMPLATE-INFO.txt file in your tracker
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
541 home. The template name is the first component of the ``Name``
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
542 field. For example a Name like::
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
543
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
544 Name: responsive-bugtracker
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
545
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
546 is based on the responsive template. If the Name doesn't start with
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
547 ``responsive`` no changes are needed.
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
548
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
549 The ``_generic.404.html`` and ``query.item.html`` templates will crash
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
550 when displayed because a missing macro is called. Change::
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
551
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
552 <tal:block metal:use-macro="templates/page/macros/icing">
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
553
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
554 to::
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
555
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
556 <tal:block metal:use-macro="templates/page/macros/frame">
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
557
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
558 at the top of both files. The icing macro used in other tracker
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
559 templates was renamed to frame in this tracker template.
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
560
8218
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
561 Update userauditor.py detector (recommended)
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
562 --------------------------------------------
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
563
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
564 When using the REST interface, setting the address property of the
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
565 user to the same value it currently has resulted in an error.
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
566
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
567 If you have not changed your userauditor, you can copy one from any of
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
568 the supplied templates in the ``detectors/userauditor.py`` file. Use
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
569 ``roundup-admin templates`` to find a list of template directories.
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
570
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
571 If you have changed your userauditor from the stock version, apply the
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
572 following diff::
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
573
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
574 raise ValueError('Email address syntax is invalid
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
575 "%s"'%address)
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
576
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
577 check_main = db.user.stringFind(address=address)
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
578 + # allow user to set same address via rest
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
579 + if check_main:
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
580 + check_main = nodeid not in check_main
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
581 +
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
582 # make sure none of the alts are owned by anyone other than us (x!=nodeid)
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
583
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
584 add the lines marked with ``+`` in the file in the location after
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
585 check_main is assigned.
32aaf5dc562b fix(REST): issue2551383; improve errors for bad json, fix PUT docs
John Rouillard <rouilj@ieee.org>
parents: 8177
diff changeset
586
8239
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
587 Modify config.ini password_pbkdf2_default_rounds setting (recommended)
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
588 ----------------------------------------------------------------------
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
589
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
590 The method for hashing and storing passwords has been updated to use
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
591 PBKDF2 with SHA512 hash. This change was first introduced in Roundup
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
592 2.3 and is now the standard. If you previously added code in
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
593 interfaces.py for a `PBKDF2 upgrade`_ to enable PBKDF2S5, you can
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
594 remove that code now.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
595
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
596 SHA512 is a more secure hash, it requires fewer rounds to ensure
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
597 safety. The older PBKDF2-SHA1 needed around 2 million rounds.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
598
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
599 You should update the ``password_pbkdf2_default_rounds`` setting in
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
600 ``config.ini`` to 250000. This value is higher than the OWASP
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
601 recommendation of 210000 from three years ago. If you don’t make this
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
602 change, logins will be slow, especially for REST or XMLRPC calls.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
603
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
604 See `PBKDF2 upgrade`_ for details on how to test the algorithm's
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
605 speed. We do not recommend reverting to the older SHA1 PBKDF2. If you
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
606 have to do so due to a slow CPU, you can add the following to your
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
607 tracker's ``interfaces.py``::
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
608
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
609 from roundup.password import Password
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
610 ## Use PBDKF2 (PBKDF2-SHA1) as default hash for passwords.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
611 # That scheme is at the start of the deprecated_schemes list and ha
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
612 # to be removed.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
613 Password.default_scheme = Password.deprecated_schemes.pop(0)
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
614 # Add PBKDF2S5 (PBKDF2-SHA512) as a valid scheme. Passwords
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
615 # using it will be rehashed to use PBDKF2.
8361
fee1b89ae6c3 docs: fix example
John Rouillard <rouilj@ieee.org>
parents: 8360
diff changeset
616 Password.experimental_schemes.insert(0, "PBKDF2S5")
8239
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
617
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
618 If you proceed with this, you should set
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
619 ``password_pbkdf2_default_rounds`` to 2 million or more rounds to keep
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
620 your hashed password database secure in case it gets stolen.
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
621
8237
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
622 Defusedxml support improves XMLRPC security (optional)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
623 ------------------------------------------------------
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
624
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
625 This release adds support for the defusedxml_ module. If it is
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
626 installed it will be automatically used. The default xmlrpc module in
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
627 the standard library has known issues when parsing crafted XML. It can
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
628 take a lot of CPU time and consume large amounts of memory with small
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
629 payloads.
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
630
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
631 When the XMLRPC endpoint is used without defusedxml, it will log a
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
632 warning to the log file. The log entry can be disabled by adding::
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
633
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
634
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
635 from roundup.cgi import client
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
636 client.WARN_FOR_MISSING_DEFUSEDXML = False
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
637
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
638 to the ``interfaces.py`` file in the tracker home. (Create the file if
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
639 it is missing.)
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
640
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
641 XMLRPC access is enabled by default in the classic and other trackers.
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
642 Upgrading to defusedxml is considered optional because the XMLRPC
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
643 endpoint can be disabled in the tracker's ``config.ini``. Also
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
644 ``Xmlrpc Access`` can be removed from the ``Users`` role by commenting
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
645 out a line in ``schema.py``.
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
646
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
647 If you have enabled the xmlrpc endpoint, you should install
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
648 defusedxml.
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
649
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
650 .. _defusedxml: https://pypi.org/project/defusedxml/
57325fea9982 issue2551116 - Replace xmlrpclib (xmlrpc.client) with defusedxml.
John Rouillard <rouilj@ieee.org>
parents: 8236
diff changeset
651
8286
6445e63bb423 feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents: 8285
diff changeset
652 Enable use of native date inputs (optional)
6445e63bb423 feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents: 8285
diff changeset
653 -------------------------------------------
8285
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
654
8300
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
655 Roundup now can use native ``date`` or ``datetime-local`` inputs for
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
656 ``Date()`` properties. These inputs take the place of the text input and
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
657 calendar popup from earlier Roundup versions. Modern browsers come with
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
658 a built-in calendar for date selection, so the ``(cal)`` calendar link
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
659 is no longer needed. These native inputs show the date based on the
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
660 browser's locale and translate terms into the local language.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
661
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
662 Note that the date format is tied to the language setting in most
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
663 browsers, with some browsers you need special configurations to make the
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
664 browser use the operating system date format.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
665
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
666 By default the old input mechanism (using type=text inputs) is used.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
667 To enable native date input you need to set the config variable ::
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
668
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
669 use_browser_date_input = yes
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
670
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
671 in section ``[web]`` in the ``config.ini`` file.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
672
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
673 If native date input is used, simple uses of the ``field()`` method will
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
674 generate ``datetime-local`` inputs to allow selection of a date and time.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
675 Input fields for ``Date()`` properties will not have the ``(cal)`` link
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
676 anymore. If fields should only use a date (without time) you can specify
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
677 the parameter ``display_time=no`` in ``schema.py`` for a ``Date()``
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
678 property (the default is ``yes``). This will use ``date`` inputs in the
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
679 generated html to select a date only. If you need this only for a single
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
680 date, the ``field()`` method now has a boolean parameter
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
681 ``display_time`` (which by default is set to the ``display_time``
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
682 parameter of ``Date()``)
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
683
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
684 Complex uses using a ``format`` specification in ``field()`` will not be
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
685 upgraded and will operate like earlier Roundup versions. In addition the
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
686 ``format`` can now also be specified in the ``Date()`` constructor.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
687
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
688 To upgrade all date properties, there are five changes to make:
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
689
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
690 1. Configure ``use_browser_date_input = yes`` in section ``[web]`` in
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
691 ``config.ini``
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
692
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
693 2. Optionally add ``display_time = no`` in the schema for Date()
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
694 properties that should have no time displayed
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
695
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
696 3. Remove the format argument from field() calls on Date()
8285
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
697 properties.
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
698
8300
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
699 4. Remove popcal() calls.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
700
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
701 5. Include datecopy.js in page.html.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
702
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
703 The ``display_time`` option
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
704 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
705
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
706 Both the ``Date()`` constructor and the ``field`` call take a
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
707 ``display_time`` option which by default is ``yes`` in the ``Date()``
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
708 constructor and ``True`` in ``field``. The ``display_time`` setting of
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
709 ``Date()`` is inherited by the html property, so it doesn't need to be
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
710 specified in each ``field()`` call for this property.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
711
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
712 When ``display_time`` is off, the date field does not include hours,
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
713 minutes or seconds.
8285
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
714
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
715 Remove format argument
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
716 ~~~~~~~~~~~~~~~~~~~~~~
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
717
8300
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
718 Speaking of arguments, avoid setting the date ``format`` if you want to
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
719 use native date inputs. If you include the `format` argument in the
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
720 `field` method, it should be removed.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
721
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
722 By default using a format argument will show the
8285
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
723 popup calendar link. You can disable the link by setting
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
724 ``popcal=False`` in the field() call. If you have::
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
725
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
726 tal:content="structure python:context.duedate.field(
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
727 placeholder='YYYY-MM, format='%Y-%m')"
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
728
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
729 changing it to::
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
730
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
731 tal:content="structure python:context.duedate.field(
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
732 placeholder='YYYY-MM, format='%Y-%m',
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
733 popcal=False)"
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
734
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
735 will generate the input as in Roundup 2.4 or earlier without a
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
736 popcal link.
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
737
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
738 Remove popcal
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
739 ~~~~~~~~~~~~~
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
740
8300
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
741 if you have enabled date input types in the configuration and you
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
742 use the ``popcal()`` method directly in your templates, you
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
743 should remove them. The browser's native date selection calendar should
8285
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
744 be used instead.
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
745
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
746 Add copy/paste/edit on double-click using datecopy.js
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
747 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
748
8300
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
749 When using date input types,
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
750 there is no way to copy/paste using a native ``datetime-local`` or
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
751 ``date`` input. With the ``datecopy.js`` file installed, double-clicking
8285
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
752 on the input turns it into a normal text input with the ability
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
753 to copy, paste, or manually edit the date.
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
754
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
755 To set this up, take either ``datecopy.js`` or the smaller
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
756 version, ``datecopy.min.js``, from the ``html`` folder of the
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
757 classic tracker template. Put the file in the ``html`` folder of
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
758 your tracker home.
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
759
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
760 After you install the datecopy file, you can add the script
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
761 directly to a page using::
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
762
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
763 <script tal:attributes="nonce request/client/client_nonce"
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
764 tal:content="structure python:utils.readfile('datecopy.min.js')">
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
765 </script>
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
766
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
767 or get the file in a separate download using a regular script
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
768 tag::
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
769
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
770 <script type="text/javascript" src="@@file/datecopy.js">
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
771 </script>
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
772
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
773 You can place these at the end of ``page.html`` just before the
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
774 close body ``</body>`` tag. This is the method used in the
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
775 classic template. This forces the file to be run for every page
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
776 even those that don't have any date inputs. However, it is cached
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
777 after the first download.
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
778
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
779 Alternatively you can inline or link to it using a script tag
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
780 only on pages that will have a date input. For example
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
781 ``issue.item.html``.
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
782
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
783 There is no support for activating text mode using the
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
784 keyboard. Tablet/touch support is mixed. Chrome supports
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
785 double-tap to activate text mode input. Firefox does not.
2bf0c4e7795e fix: issue2551390 - Replace text input/calendar popup with native date input
John Rouillard <rouilj@ieee.org>
parents: 8277
diff changeset
786
8346
107761be1e75 docs: issue2551398 document enabling native browser number/integer types
John Rouillard <rouilj@ieee.org>
parents: 8345
diff changeset
787 Enable native number inputs for Number() and Integer() (optional)
8286
6445e63bb423 feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents: 8285
diff changeset
788 -----------------------------------------------------------------
6445e63bb423 feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents: 8285
diff changeset
789
8300
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
790 Roundup's ``field()`` method for properties of type ``Number()`` or
8346
107761be1e75 docs: issue2551398 document enabling native browser number/integer types
John Rouillard <rouilj@ieee.org>
parents: 8345
diff changeset
791 ``Integer()`` can use a native browser number input by default.
8300
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
792
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
793 This is configurable for *all* ``Number()`` and ``Integer()`` properties
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
794 with the config option ``use_browser_number_input`` in section ``[web]``.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
795
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
796 You can use the old style text inputs for individual fields
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
797 by calling the field method with ``type="text"``.
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
798
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
799 Note that the ``Integer()`` type also uses ``step="1"`` by default to
8286
6445e63bb423 feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents: 8285
diff changeset
800 add a stepper control and try to constrain the input to
6445e63bb423 feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents: 8285
diff changeset
801 integers. This can be overridden by passing a new step
8300
b99e76e76496 Make native date and number elements configurable
Ralf Schlatterbeck <rsc@runtux.com>
parents: 8286
diff changeset
802 (e.g. ``step="50"``) to the ``field()`` method.
8286
6445e63bb423 feat(web) - Use native number type input for Number() and Integer().
John Rouillard <rouilj@ieee.org>
parents: 8285
diff changeset
803
8346
107761be1e75 docs: issue2551398 document enabling native browser number/integer types
John Rouillard <rouilj@ieee.org>
parents: 8345
diff changeset
804 This is an experiment and maybe changed based on feedback.
107761be1e75 docs: issue2551398 document enabling native browser number/integer types
John Rouillard <rouilj@ieee.org>
parents: 8345
diff changeset
805
8265
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
806 Change in REST response for invalid CORS requests (info)
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
807 --------------------------------------------------------
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
808
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
809 CORS_ preflight requests that are missing required headers can
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
810 now result in either a 403 or 400 error code. If you permit
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
811 anonymous users to access the REST interface, a 400 error may
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
812 still occur. Previously, only a 400 error was given. This change
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
813 is not expected to create issues since the client will recognize
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
814 both codes it as an error response, and the CORS request will
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
815 still fail.
35beff316883 fix(api): issue2551384. Verify REST authorization earlier
John Rouillard <rouilj@ieee.org>
parents: 8262
diff changeset
816
8168
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
817 More secure session cookie handling (info)
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
818 ------------------------------------------
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
819
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
820 This affects you if you are accessing a tracker via https. The name
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
821 for the cookie that you get when logging into the web interface has a
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
822 new name. When upgrading to Roundup 2.5 all users will have to to log
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
823 in again. The cookie now has a ``__Secure-`` prefix to prevent it
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
824 from being exposed/used over http.
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
825
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
826 If your tracker is using the unencrypted http protocol, nothing has
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
827 changed.
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
828
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
829 See
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
830 https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#cookie_prefixes
3f0f4746dc7e issue2551370 - prefix session cookie with __Secure- over https
John Rouillard <rouilj@ieee.org>
parents: 8124
diff changeset
831 for details on this security measure.
8124
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
832
8177
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
833 Invalid accept header now prevents operation (info)
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
834 ---------------------------------------------------
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
835
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
836 In earlier versions, the rest interface checked for an incorrect
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
837 "Accept" header, "@apiver", or the ".json" mime type only after
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
838 processing the request. This would lead to a 406 error, but the
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
839 requested change would still be completed.
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
840
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
841 In this release, the validation of the output format and version
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
842 occurs before any database changes are made. Now, all errors related
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
843 to the data format (mime type, API version) will return 406 errors,
2967f37e73e4 refactor: issue2551289. invalid REST Accept header stops request
John Rouillard <rouilj@ieee.org>
parents: 8168
diff changeset
844 where some previously resulted in 400 errors.
8124
800c8dd75051 - issue2551074 - In "responsive" template: click on hide comment leads
John Rouillard <rouilj@ieee.org>
parents: 8111
diff changeset
845
8262
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
846 New method for registering templating utils (info)
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
847 --------------------------------------------------
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
848
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
849 If you are building a template utility function that needs access
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
850 to:
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
851
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
852 * the database
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
853 * the client instance
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
854 * the form the user submitted
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
855
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
856 you had to pass these objects from the template using the ``db``,
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
857 ``request.client`` or ``request.form`` arguments.
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
858
8352
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8346
diff changeset
859 A new method for registering a template utility has been added. If you
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8346
diff changeset
860 use the ``instance`` object's ``registerUtilMethod()`` to register a
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8346
diff changeset
861 utility function, you do not need to pass these arguments. The
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8346
diff changeset
862 function is called as a method and the first argument is a
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8346
diff changeset
863 TemplatingUtils (tu) instance from which the client object
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8346
diff changeset
864 (tu.client), the database (tu.client.db), form (tu.client.form),
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8346
diff changeset
865 request (tu.client.request), the translator for the current language
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8346
diff changeset
866 (tu._) and any functions (tu.X) you registered using
6ea309c6d17c docs: fix registerutilMethod docs, format for highlights.
John Rouillard <rouilj@ieee.org>
parents: 8346
diff changeset
867 ``registerUtil()`` are available.
8262
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
868
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
869 You can find an example in :ref:`dynamic_csp`.
2a7c3eeaf167 feat: add templating utils method dynamically; method to set http code
John Rouillard <rouilj@ieee.org>
parents: 8239
diff changeset
870
8478
ed4ef394d5d6 doc: initial attempt to document setup of pgp support for email.
John Rouillard <rouilj@ieee.org>
parents: 8459
diff changeset
871 .. _gpginstall:
ed4ef394d5d6 doc: initial attempt to document setup of pgp support for email.
John Rouillard <rouilj@ieee.org>
parents: 8459
diff changeset
872
8359
d98cb4730a4a docs: relabel/label a couple of headers
John Rouillard <rouilj@ieee.org>
parents: 8357
diff changeset
873 Directions for installing gpg (optional)
d98cb4730a4a docs: relabel/label a couple of headers
John Rouillard <rouilj@ieee.org>
parents: 8357
diff changeset
874 ----------------------------------------
8345
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
875
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
876 In this release a new version of the gpg module was needed for Ubuntu
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
877 24.04 and python 3.13. Paul Schwabauer produced a new version of the
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
878 gpg module. However it is only on the test instance of pypi. If you
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
879 run into issues installing gpg with pip, you can use::
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
880
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
881 pip install --index-url https://test.pypi.org/simple/ \
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
882 --extra-index-url https://pypi.org/simple gpg;
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
883
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
884 to installed version 2.0 of gpg from test.pypi.org obtaining it's
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
885 requirements from pypi.org.
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
886
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
887 When `issue2551368 <https://issues.roundup-tracker.org/issue2551368>`_
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
888 is closed, you should be able to use ``pip install gpg`` again.
35fab0db52f5 docs(install): document how to install gpg 2.0
John Rouillard <rouilj@ieee.org>
parents: 8315
diff changeset
889
8081
95f91b6f0386 issue2551343 - Remove support for PySQLite and sqlite v2.
John Rouillard <rouilj@ieee.org>
parents: 8071
diff changeset
890 .. index:: Upgrading; 2.3.0 to 2.4.0
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
891
7556
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
892 Migrating from 2.3.0 to 2.4.0
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
893 =============================
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
894
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
895 Update your ``config.ini`` (required)
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
896 -------------------------------------
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
897
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
898 Upgrade tracker's config.ini file. Use::
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
899
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
900 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
901
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
902 to generate a new ini file preserving all your settings.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
903 You can then merge any local comments from the tracker's
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
904 ``config.ini`` to ``newconfig.ini`` and replace
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
905 ``config.ini`` with ``newconfig.ini``.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
906
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
907 ``updateconfig`` will tell you if it is changing old default
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
908 values or if a value must be changed manually.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
909
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
910 This will insert the bad API login rate limiting settings.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
911
7964
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
912 Also if you have ``html_version`` set to ``xhtml``, you will get
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
913 an error.
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
914
8064
d6b447de4f59 docs: set up for release documentation.
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
915 .. _CVE-2024-39124:
8062
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
916
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
917 Fix for CVE-2024-39124 in help/calendar popups (recommended)
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
918 ------------------------------------------------------------
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
919
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
920 Classhelper components accessed via URL using ``@template=help``,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
921 ``@template=calendar`` or other template frame in the classhelper
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
922 can run JavaScript embedded in the URL. If user clicks on a
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
923 malicious URL that:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
924
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
925 * arrives in an email,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
926 * is embedded in a note left on a ticket [#markdown-note]_,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
927 * left on some other web page
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
928
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
929 the JavaScript code will be executed. This vulnerability seems to
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
930 be limited to manually crafted URL's. It has not been generated
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
931 by using Roundup's mechanism for generating classhelper URLs.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
932
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
933 The files that need to be changed to fix this depend on the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
934 template used to create the tracker. Check the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
935 TEMPLATE-INFO.txt file in your tracker home. The template
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
936 name is the first component of the ``Name`` field. For
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
937 example trackers with Names like::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
938
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
939 Name: classic-bugtracker
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
940
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
941 Name: devel-mytracker
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
942
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
943 were derived from the ``classic`` and ``devel`` templates
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
944 respectively. If your tracker is derived from the jinja2
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
945 template, you may not be affected as it doesn't provide
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
946 classhelpers by default. If you aren't sure which tracker
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
947 template was used to create your tracker home, check the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
948 ``html/help.html`` file for the word ``Javascript``. If your
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
949 help.html is missing the word ``Javascript``, follow the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
950 directions for the classic template.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
951
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
952 If you have not modified the original tracker html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
953 templates, you can copy replacement files from the new
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
954 templates supplied with release 2.4.0. If you install 2.4.0
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
955 in a `new virtual environment
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
956 <installation.html#standard-installation>`_, you can use the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
957 command ``roundup-admin templates`` to find the installation
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
958 path of the default templates.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
959
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
960 If your template was based on the classic template, replace the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
961 following files in your tracker:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
962
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
963 * html/_generic.calendar.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
964 * html/_generic.help-list.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
965 * html/_generic.help-submit.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
966 * html/_generic.help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
967 * html/user.help-search.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
968 * html/user.help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
969
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
970 If your template was based on the minimal template, replace the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
971 following files in your tracker:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
972
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
973 * html/_generic.calendar.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
974 * html/_generic.help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
975
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
976 If your template was based on the responsive or devel templates,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
977 replace the following files in your tracker:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
978
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
979 * html/_generic.calendar.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
980 * html/_generic.help-submit.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
981 * html/help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
982 * html/user.help-search.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
983 * html/user.help.html
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
984
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
985 As an example, assume Roundup's virtual environment is
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
986 ``/tools/roundup``. The classic tracker's default template will
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
987 be in ``/tools/roundup/share/roundup/templates/classic``.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
988 Copy
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
989 ``/tools/roundup/share/roundup/templates/classic/html/_generic.calendar.html``
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
990 to ``html/_generic.calendar.html`` in your tracker's home
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
991 directory. Repeat for every one of the files that needs to
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
992 be replaced.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
993
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
994 If you have made local changes to your popup/classhelper
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
995 files or have created new help templates based on the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
996 existing ones, don't copy the default files. Instead, follow
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
997 the directions below to modify each file as needed for your
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
998 template.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
999
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1000 In the examples below, your script tag may differ. For
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1001 example it could include::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1002
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1003 tal:attributes="nonce request/client/client_nonce"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1004
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1005 If it does, keep the differences. You want to make changes
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1006 to remove the structure option but keep the rest of the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1007 valid attributes.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1008
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1009 Most files have a small script that sets a few variables
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1010 from the settings in the URL. You should change::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1011
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1012 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1013 tal:content="structure string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1014 // this is the name of the field in the original form that we're working on
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1015 form = window.opener.document.${request/form/form/value};
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1016 field = '${request/form/property/value}';">
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1017
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1018 to::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1019
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1020 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1021 tal:content="string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1022 // this is the name of the field in the original form that we're working on
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1023 form = window.opener.document.${request/form/form/value};
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1024 field = '${request/form/property/value}';">
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1025
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1026 by removing the ``structure`` keyword from the tal:content
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1027 block. This will html escape the settings in the URL. This
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1028 neutralizes an attempt to execute JavaScript by manipulating
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1029 the URL. Most of the files use code similar to this.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1030
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1031 A few files have more extensive JavaScript embedded in the same
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1032 script tag. To handle this you should split it into two scripts
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1033 and encode the replaced strings. For example, change::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1034
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1035 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1036 tal:content="structure string:<!--
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1037 // this is the name of the field in the original form that we're working on
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1038 form = parent.opener.document.${request/form/form/value};
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1039 callingform=form
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1040 field = '${request/form/property/value}';
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1041 var listform = null
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1042 function listPresent() {
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1043 return document.frm_help.cb_listpresent.checked
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1044 [more code skipped]
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1045
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1046 to::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1047
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1048 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1049 tal:content="string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1050 // this is the name of the field in the original form that we're working on
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1051 form = parent.opener.document.${request/form/form/value};
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1052 callingform=form
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1053 field = '${request/form/property/value}';">
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1054 </script>
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1055 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1056 tal:content="string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1057 var listform = null
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1058 function listPresent() {
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1059 return document.frm_help.cb_listpresent.checked
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1060 [...]
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1061
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1062 modifying the original by:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1063
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1064 1. removing the ``structure`` keyword and the HTML comment
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1065 marker ``<!--``. This encodes the replaced strings.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1066 2. adding ``">`` at the end of the line that sets ``field`` closes
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1067 the script tag.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1068 3. adding::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1069
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1070 </script>
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1071 <script language="Javascript" type="text/javascript"
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1072 tal:content="string:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1073
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1074 after the line used in step 2, to ends the first script and
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1075 starts a new script.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1076
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1077 Just removing the ``structure`` directive is enough to fix the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1078 bug. Splitting the large script into two parts:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1079
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1080 1. one that has replaced strings with values taken from the URL
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1081 2. one that has no replaced strings
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1082
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1083 allows use of ``structure`` on the script with no replaced
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1084 strings should it be required for your tracker.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1085
8431
a6c41651f553 doc: reformat markdown-note footnote
John Rouillard <rouilj@ieee.org>
parents: 8423
diff changeset
1086 .. [#markdown-note] If you are using markdown formatting for your
a6c41651f553 doc: reformat markdown-note footnote
John Rouillard <rouilj@ieee.org>
parents: 8423
diff changeset
1087 tracker's notes, the user will see the markdown label rather than
a6c41651f553 doc: reformat markdown-note footnote
John Rouillard <rouilj@ieee.org>
parents: 8423
diff changeset
1088 the long (suspicious) URL. You may want to add something like::
8062
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1089
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1090 a[href*=\@template]::after {
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1091 content: ' [' attr(href) ']';
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1092 }
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1093
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1094 to your css. This displays the URL inside square brackets if
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1095 the href has ``@template`` in it. It is placed after the link
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1096 label.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1097
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1098 Fix CVE in earlier versions of Roundup (recommended)
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1099 ----------------------------------------------------
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1100
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1101 If you are upgrading to version 2.4.0, you can skip this
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1102 section. These fixes are already present in 2.4.0.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1103
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1104 This section is for people who can not upgrade yet, and want
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1105 to fix the issues.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1106
8064
d6b447de4f59 docs: set up for release documentation.
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
1107 .. _CVE-2024-39125:
8062
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1108
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1109 Referer value not escaped CVE-2024-39125
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1110 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1111
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1112 Malicious JavaScript inserted into a page can change the value of
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1113 the Referer header to include a script. If a link on that page
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1114 points to a Roundup tracker, that script will be executed. The
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1115 technique to change the header will result in a change of the URL
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1116 in the browser's address bar, but this is easily missed.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1117
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1118 Fix this by editing ``cgi/client.py``, and change::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1119
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1120 except (UsageError, Unauthorised) as msg:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1121 csrf_ok = False
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1122 self.form_wins = True
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1123 self._error_message = msg.args
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1124
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1125 to::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1126
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1127 except (UsageError, Unauthorised) as msg:
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1128 csrf_ok = False
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1129 self.form_wins = True
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1130 self.add_error_message(' '.join(msg.args))
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1131
8277
b757cf509480 doc: typo fix.
John Rouillard <rouilj@ieee.org>
parents: 8265
diff changeset
1132 This escapes the Referer value and prevents it from being
8062
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1133 executed.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1134
8064
d6b447de4f59 docs: set up for release documentation.
John Rouillard <rouilj@ieee.org>
parents: 8062
diff changeset
1135 .. _CVE-2024-39126:
8062
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1136
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1137 Stop JavaScript execution from attached files CVE-2024-39126
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1138 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1139
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1140 If an SVG, XML or PDF file that includes malicious JavaScript is
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1141 attached to an issue, downloading the file will cause the
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1142 JavaScript to run.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1143
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1144 In ``cgi/client.py`` add the Content-Security-Policy line
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1145 after the existing ``nosniff`` line so it looks like::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1146
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1147 # exception handlers.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1148 self.determine_language()
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1149 self.db.i18n = self.translator
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1150 self.setHeader("X-Content-Type-Options", "nosniff")
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1151 self.setHeader("Content-Security-Policy", "script-src 'none'")
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1152 self.serve_file(designator)
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1153
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1154 (the example is reindented for display).
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1155
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1156 This should prevent SVG and XML files with embedded scripts
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1157 from running.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1158
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1159 If your version of Roundup is old enough that the ``nosniff``
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1160 line is missing, search for ``serve_file(designator)`` and add
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1161 both setHeader lines.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1162
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1163 .. warning::
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1164
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1165 If your users use older browsers that don't support Content
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1166 Security Policies (e.g. Internet Explorer), you must
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1167 remove ``text/xml`` and ``image/svg`` from
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1168 ``mime_type_allowlist`` as explained below for
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1169 ``application/pdf``.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1170
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1171 PDF files can also embed JavaScript. Many browsers include
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1172 PDF viewers that may not support disabling scripting. The
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1173 safest way to handle this is to force a download of the PDF
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1174 file and use a PDF viewer with scripting disabled. To force
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1175 downloading, look in ``cgi/client.py`` for
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1176 ``mime_type_allowlist`` and remove the line for
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1177 ``application/pdf``.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1178
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1179 Version 2.4.0 allows you to `modify the mime_type_allowlist
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1180 using interfaces.py
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1181 <admin_guide.html#controlling-browser-handling-of-attached-files>`_.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1182 This will allow you to enable in-browser reading of PDF
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1183 files when you upgrade to 2.4.0 if you wish.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1184
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1185 Note that a `Content Security Policy as documented in the admin
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1186 guide
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1187 <admin_guide.html#adding-a-web-content-security-policy-csp>`_ is
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1188 not applied it to a direct download. This requires adding an
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1189 explicit CSP header as above.
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1190
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1191 .. comment: end of CVE include marker
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1192
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1193 XHTML no longer supported (required)
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1194 ------------------------------------
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1195
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1196 If your ``config.ini`` sets ``html_version`` to ``xhtml``,
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1197 you need to change it to ``html``. Then you need to change
28aa76443f58 fix(security): fix CVE-2024-39124, CVE-2024-39124, and CVE-2024-39125
John Rouillard <rouilj@ieee.org>
parents: 8058
diff changeset
1198 your tracker's templates to html from xhtml.
7964
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
1199
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
1200 Note that the default Roundup templates use html4 so it is
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
1201 unlikely that your templates are xhtml based. See
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
1202 `issue2551323
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
1203 <https://issues.roundup-tracker.org/issue2551323>`_ for
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
1204 details on the deprecation of xhtml.
791b61ed11c9 issue2551323 - Remove XHTML support
John Rouillard <rouilj@ieee.org>
parents: 7961
diff changeset
1205
7860
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1206 Update MySQL character set/collations (required)
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1207 ------------------------------------------------
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1208
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1209 issue2551282_ and issue2551115_ discuss issues with MySQL's utf8
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1210 support. MySQL has variations on utf8 character support. This
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1211 version of Roundup expects to use utf8mb4 which is a version of
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1212 utf8 that covers all characters, not just the ones in the basic
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1213 multilingual plane. Previous versions of Roundup used latin1 or
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1214 utf8mb3 (also known as just utf8). Newer versions of MySQL are
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1215 supposed to make utf8mb4 and not utf8mb3 the default.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1216
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1217 To convert your database, you need to have MySQL 8.0.11 or newer
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1218 (April 2018) and a mysql client.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1219
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1220 .. warning::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1221
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1222 This conversion can damage your database. Back up your
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1223 database using mysqldump or other tools. Preferably on a quiet
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1224 database. Verify that your database can be restored (or at
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1225 least look up directions for restoring it). This is very
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1226 important.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1227
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1228 We suggest shutting down Roundup's interfaces:
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1229
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1230 * web
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1231 * email
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1232 * cron jobs that use Python or roundup-admin
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1233
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1234 then make your backup.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1235
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1236 Then connect to your mysql instance using ``mysql`` with the
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1237 information in ``config.ini``. If your tracker's ``config.ini``
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1238 includes::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1239
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1240 name = roundupdb
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1241 host = localhost
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1242 user = roundupuser
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1243 password = rounduppw
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1244
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1245 you would run some version of::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1246
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1247 mysql -u roundupuser --host localhost -p roundupdb
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1248
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1249 and supply ``rounduppw`` when prompted.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1250
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1251 With the Roundup database quiet, convert the character set for the
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1252 database and then for all the tables. To convert the tables you
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1253 need a list of them. To get this run::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1254
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1255 mysql -sN -u roundupuser --host localhost -p \
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1256 -e 'show tables;' roundupdb > /tmp/tracker.tables
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1257
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1258 The ``-sN`` removes line drawing characters and column headers
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1259 from the output. For each table ``<t>`` in the file, run::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1260
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1261 ALTER TABLE `<t>` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1262
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1263 You can automate this conversion using sed::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1264
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1265 sed -e 's/^/ALTER TABLE `/' \
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1266 -e 's/$/` CONVERT TO CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;/'\
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1267 /tmp/tracker.tables> /tmp/tracker.tables.sql
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1268
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1269 The backticks "`" are required as some of the table names became
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1270 MySQL reserved words during Roundup's lifetime.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1271
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1272 Inspect ``tracker.tables.sql`` to see if all the lines look
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1273 correct. If so then we can start the conversion.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1274
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1275 First convert the character set for the database by running::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1276
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1277 mysql -u roundupuser --host localhost -p roundupdb
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1278
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1279 Then at the ``mysql>`` prompt run::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1280
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1281 ALTER DATABASE roundupdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1282
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1283 you should see: ``Query OK, 1 row affected (0.01 sec)``.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1284
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1285 Now to modify all the tables run:
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1286
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1287 \. /tmp/tracker.tables.sql
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1288
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1289 You will see output similar to::
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1290
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1291 Query OK, 5 rows affected (0.01 sec)
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1292 Records: 5 Duplicates: 0 Warnings: 0
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1293
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1294 for each table. The rows/records will depend on the number of
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1295 entries in the table. This can take a while.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1296
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1297 Once you have successfully completed this, copy your tracker's
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1298 config.ini to a backup file. Edit ``config.ini`` to use the defaults:
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1299
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1300 * mysql_charset = utf8mb4
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1301 * mysql_collation = utf8mb4_unicode_ci
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1302 * mysql_binary_collation = utf8mb4_0900_bin
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1303
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1304 Also look for a ``~/.my.cnf`` for the roundup user and make sure
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1305 that the settings for character set (charset) are utf8mb4 compatible.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1306
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1307 To test, run ``roundup-admin -i tracker_home`` and display an
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1308 issue designator: e.g. ``display issue10``. Check that the text
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1309 fields are properly displayed (e.g. title). Start the web
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1310 interface and browse some issues. Again, check that the text
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1311 fields display correctly, that the history at the bottom of the
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1312 issues displays correctly and if you are using the default full
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1313 text search, make sure that that works.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1314
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1315 If this works, bring email cron jobs etc. back online.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1316
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1317 If this fails, take down the web interface, restore the database
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1318 from backup, restore the old config.ini. Then test again and
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1319 reach out to the mailing list for help.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1320
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1321 We can use assistance in getting these directions corrected or
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1322 enhanced. The core Roundup developers don't use MySQL for their
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1323 production workloads so we count on users to help us with this.
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1324
8030
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
1325 References:
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
1326
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
1327 * https://mathiasbynens.be/notes/mysql-utf8mb4#utf8-to-utf8mb4
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
1328 * https://adamhooper.medium.com/in-mysql-never-use-utf8-use-utf8mb4-11761243e434
6d1b62ffbb5d docs: add references for utf8 -> utf8mb4 conversion/issues for mysql
John Rouillard <rouilj@ieee.org>
parents: 7995
diff changeset
1329
7860
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1330 .. _issue2551282: https://issues.roundup-tracker.org/issue2551282
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1331 .. _issue2551115: https://issues.roundup-tracker.org/issue2551115
8b31893f5930 issue2551115/issue2551282 - utf8mb4 support in roundup
John Rouillard <rouilj@ieee.org>
parents: 7819
diff changeset
1332
8058
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1333 Disable spellcheck on all password fields (recommended)
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1334 -------------------------------------------------------
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1335
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1336 All tracker templates have been updated to disable spell checking on
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1337 password input fields. This can help prevent exposing the password to
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1338 an external server that provides spell checking for a browser. Since
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1339 passwords should not be real words in any language, spell checking
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1340 serves no purpose.
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1341
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1342 If you have modified your template with a "show password" option you
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1343 should disable spell check.
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1344
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1345 To implement this in your deployed trackers, add::
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1346
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1347 spellcheck="false"
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1348
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1349 to make your password inputs look like::
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1350
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1351 <input type="password" spellcheck="false" name=....>
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1352
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1353 The changed files in the classic/devel/responsive templates are:
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1354
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1355 .. code-block:: text
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1356
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1357 html/page.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1358 html/user.item.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1359
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1360 and in the jinja2 template the following files were changed:
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1361
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1362 .. code-block:: text
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1363
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1364 html/user.item.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1365 html/user.register.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1366 html/layout/navigation.html
0e382e97f0e3 fix: disable spellchecking for password fields
John Rouillard <rouilj@ieee.org>
parents: 8048
diff changeset
1367
7971
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1368 Add new classhelper to your templates (optional)
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1369 ------------------------------------------------
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1370
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1371 The classic classhelper invoked by the ``(list)`` link in your
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1372 issue.item.html template can be greatly improved by wrapping the
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1373 links with the new web-component based ``roundup-classhelper``.
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1374
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1375 The new classhelper:
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1376
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1377 * allows you to select items from multiple pages
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1378 * is usable with a content security policy
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1379 * is more easily styled
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1380
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1381 To deploy it, install the required files and wrap classhelp calls
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1382 in the new ``<roundup-classhelper>`` component. For example,
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1383 wrap::
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1384
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1385 <span tal:condition="context/is_edit_ok" tal:replace="structure
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1386 python:db.user.classhelp('username,realname,address',
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1387 property='nosy', width='600'" />
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1388
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1389 so it looks like::
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1390
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1391 <roundup-classhelper
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1392 data-search-with="username,phone,roles[]">
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1393
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1394 <span tal:condition="context/is_edit_ok" tal:replace="structure
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1395 python:db.user.classhelp('username,realname,address',
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1396 property='nosy', width='600')" />
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1397
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1398 </roundup-classhelper>
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1399
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1400 to allow the user to search by: username, phone number and use a
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1401 select/dropdown to search by role. Full details about the
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1402 attributes and installation instructions can be found in the
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1403 `classhelper documentation`_ in the admin guide.
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1404
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
1405
7819
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
1406 Disable performance improvement for wsgi mode (optional)
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
1407 --------------------------------------------------------
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
1408
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1409 In Roundup version 2.2.0, an experimental feature was introduced to
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1410 enhance performance while operating in wsgi mode. Initially, this
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1411 feature was disabled. Over the past two years, it has been used at a
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1412 few sites without any reported problems.
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1413
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1414 As a result, the default setting now enables this performance
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1415 improvement, encouraging a wider adoption of the feature. In the
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1416 event that an undiscovered bug arises, it can still be disabled
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1417 if you experience problems. To disable it, modify your wsgi
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1418 startup script and add the feature_flags to the RequestDispatcher
8360
f6e58615a998 doc: put example in callout using ::
John Rouillard <rouilj@ieee.org>
parents: 8359
diff changeset
1419 as below::
7819
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
1420
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
1421 feature_flags = { "cache_tracker": False }
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
1422 app = RequestDispatcher(tracker_home, feature_flags=feature_flags)
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
1423
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1424 Then restart your wsgi instance. If you have to disable this
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1425 feature, send email to the roundup-users mailing list
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1426 (roundup-users at lists.sourceforge.net) so we can help you
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1427 diagnose the cause and fix it for everybody.
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1428
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1429 In the future, support for disabling this improvement will be removed.
7819
0fe2b9f6e19f issue2551212 - enable wsgi cache_tracker by default
John Rouillard <rouilj@ieee.org>
parents: 7801
diff changeset
1430
7686
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1431 Fix duplicate id for confirm password in user.item.html (optional)
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1432 ------------------------------------------------------------------
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1433
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1434 The TAL macro ``user_confirm_input`` at the end of ``html/page.html``
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1435 for all templates except ``jinja2`` sets the ``id`` of the ``Confirm
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1436 password`` input the same as the ``Login Password`` input. This
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1437 creates an HTML error. Two items must not have the same id.
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1438
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1439 However browsers ignore the error and things still work. If you were
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1440 to use css or javascript to target the ``password`` id, it would not
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1441 work as expected.
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1442
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1443 To fix this, change the line near the end of your tracker's
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1444 ``html/page.html`` from::
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1445
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1446 tal:attributes="id name; name string:@confirm@$name; readonly not:edit_ok" value="">
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1447
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1448 to::
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1449
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1450 tal:attributes="id string:confirm_$name; name string:@confirm@$name; readonly not:edit_ok" value="">
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1451
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1452 This will change the id to ``confirm_password``.
a27f30709d46 fix: duplicate password id generated for user.item.html
John Rouillard <rouilj@ieee.org>
parents: 7668
diff changeset
1453
7694
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1454 Merge changes from devel template task.index.html (optional)
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1455 ------------------------------------------------------------
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1456
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1457 The devel template's ``task.index.html`` has some fields that are not
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1458 defined in the schema. It looks like it was originally copied from the
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1459 ``bug.index.html``. If the task index is requested without specifying
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1460 the columns/fields, the template will crash trying to display
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1461 ``severity`` and other fields that don't exist in the task schema.
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1462
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1463 In normal use, the left hand menu for tasks always specifies valid
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1464 columns so you may not see this issue. However if you remove the
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1465 ``@columns`` query parameter, you can see the error.
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1466
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1467 The removed columns are: severity, versions, keywords, dependencies.
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1468
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1469 It is also missing the ``solves`` field which is added to match the
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1470 schema.
54eb12cd3be1 fix: make task index not crash.
John Rouillard <rouilj@ieee.org>
parents: 7686
diff changeset
1471
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1472 `You can see the diff in the Sourceforge web interface <https://sourceforge.net/p/roundup/code/ci/54eb12cd3be143b079809795dcb2f813f75a691c/tree/share/roundup/templates/devel/html/task.index.html?diff=c95870b2bbab822def6066498a4ef8634e76e0b3>`_.
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1473
7992
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1474 Make group headers span all columns (optional)
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1475 ----------------------------------------------
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1476
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1477 In a number of index pages a version of the following TAL command
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1478 appears::
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1479
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1480 <th tal:attributes="colspan python:len(request.columns)" class="group">
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1481
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1482 If the ``@columns`` parameter (aka request.columns) is not set,
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1483 all columns are shown. However the group header only spans the
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1484 first column. Changing this to read::
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1485
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1486 <th tal:attributes="colspan python:len(request.columns) or 100" class="group">
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1487
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1488 makes the group header span all the columns (if you have fewer
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1489 than 100 columns). All of the supplied templates hae been
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1490 upgraded with this change. `See issue 2551341 for details
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1491 <https://issues.roundup-tracker.org/issue2551341>`_.
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1492
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1493 Note the jinja2 template has the same issue, but the development
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1494 team hasn't devised a solution.
1e9c16b079fa fix: issue2551341 - if @columns missing from an index url, the group headers colspan property = 0
John Rouillard <rouilj@ieee.org>
parents: 7971
diff changeset
1495
7936
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1496 Use @current_user in Searches (optional)
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1497 ----------------------------------------
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1498
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1499 You can create queries like: "My issues" by searching the ``creator``
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1500 property of issues for your id number. Similarly you can search for
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1501 "Issues assigned to me" by searching on the ``assignedto`` property.
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1502
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1503 Queries in Roundup can be shared between users. However queries like
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1504 these can be shared. However for any user but they will only find
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1505 issues created by/assigned to the user who created the query.
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1506
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1507 This release allows you to search Links to the User class by
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1508 specifying ``@current_user``. This token searches for the currently
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1509 log in user. It makes searches like the above usable when shared.
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1510
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1511 This only works for properties that are a Link to the user
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1512 class. E.G. creator, actor, assignedto. It does not yet work for
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1513 MultiLink properties (like nosy).
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1514
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1515 As an example this can be deployed to the classic tracker's issue
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1516 search template (issue.search.html), by replacing::
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1517
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1518 <option metal:fill-slot="extra_options" i18n:translate=""
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1519 tal:attributes="value request/user/id">created by
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1520 me</option>
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1521
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1522 with::
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1523
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1524 <option metal:fill-slot="extra_options" value="@current_user"
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1525 tal:attributes="selected python:value == '@current_user'"
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1526 i18n:translate="">created by me</option>
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1527
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1528 There are three places where ``value request/user/id`` is used in the
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1529 classic template. Your template may have more.
7938
ce5a554b2f88 doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7936
diff changeset
1530
ce5a554b2f88 doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7936
diff changeset
1531 If you have a user with the exact username of `@current_user` they
ce5a554b2f88 doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7936
diff changeset
1532 should change it. `Details can be found in issue1525113
ce5a554b2f88 doc: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7936
diff changeset
1533 <https://issues.roundup-tracker.org/issue1525113>`_.
7936
a9b136565838 feat: issue1525113 - notation to filter by logged-in user
John Rouillard <rouilj@ieee.org>
parents: 7928
diff changeset
1534
7719
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1535 New PostgreSQL Settings (optional)
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1536 ----------------------------------
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1537
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1538 With this release, you can specify a Postgresql database schema
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1539 to use. By default Roundup creates a database when using
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1540 ``roundup-admin init``. Setting the rdbms ``name`` keyword to
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1541 ``roundup_database.roundup_schema`` will create and use the
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1542 ``roundup_schema`` in the pre-created ``roundup_database``. See
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1543 the `Roundup PostgreSQL documentation`_ for details on how to set
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
1544 up the roles.
7719
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1545
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1546 Also there is a new configuration keyword in the rdbms
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1547 section of ``config.ini``. The ``service`` keyword allows
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1548 you to define the service name for Postgres that will be
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1549 looked up in the `Connection Service File`_. Any of the
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1550 methods of specifying the file including by using the
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1551 ``PGSERVICEFILE`` environment variable are supported.
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1552
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1553 This is similar to the existing support for MySQL
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1554 option/config files and groups.
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1555
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1556 If you use services, any settings for the same properties
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1557 (user, name, password ...) that are in the tracker's
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1558 ``config.ini`` will override the service settings. So you
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1559 want to leave the ``config.ini`` settings blank. E.G.::
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1560
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1561 [rdbms]
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1562 name =
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1563 host =
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1564 port =
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1565 user =
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1566 password =
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1567 service = roundup_roundup
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1568
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1569 Setting ``service`` to ``roundup_roundup`` with
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1570 the following in the service file::
7719
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1571
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1572 [roundup_roundup]
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1573 host=127.0.0.1
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1574 port=5432
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1575 user=roundup
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1576 password=roundup
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1577 dbname=roundup
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1578
7723
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1579 would use the roundup database with the specified
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1580 credentials. It is possible to define a service that
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1581 connects to a specific schema using::
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1582
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1583 options=-c search_path=roundup_service_dev
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1584
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1585 Note that the first schema specified after ``search_path=``
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1586 is created and populated. The schema name
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1587 (``roundup_service_dev``) must be terminated by: a comma,
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1588 whitespace or end of line.
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1589
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1590 You can use the command ``psql "service=db_service_name"``
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1591 to verify the settings in the connection file. Inside of
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1592 ``psql`` you can verify the ``search_path`` using ``show
8147f6deac9f fix(db): Make using pg_service work again.
John Rouillard <rouilj@ieee.org>
parents: 7719
diff changeset
1593 search_path;``.
7719
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1594
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1595 .. _`Connection Service File`: https://www.postgresql.org/docs/current/libpq-pgservice.html
3071db43bfb6 feat: issue2550852 - support using a specified PostgreSQL db schema
John Rouillard <rouilj@ieee.org>
parents: 7711
diff changeset
1596
7749
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1597 Update for user.help-search.html (optional)
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1598 -------------------------------------------
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1599
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1600 There is a bug in the template used as a search helper for the user
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1601 fields (e.g. the nosy list). The ``properties`` url query argument was
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1602 ignored. You can not select the displayed fields using the
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1603 ``properties`` argument. This is fixed in 2.4.0. You can probably just
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1604 copy the ``user.help-search.html`` from the classic tracker template.
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1605
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1606 If you have modified that template, you can follow the analysis in
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1607 `issue2551320 <https://issues.roundup-tracker.org/issue2551320>`_
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1608 to fix your template.
79344ea780ea doc: add upgrading notes for user.help-search.html
John Rouillard <rouilj@ieee.org>
parents: 7724
diff changeset
1609
7928
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1610 Update for _generic.help.html (optional)
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1611 ----------------------------------------
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1612
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1613 Using the ``_generic.help.html`` template with ``classhelper()`` to
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1614 provide information on a property without selecting a property caused
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1615 an error when processing the template. Using the help template with
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1616 Link properties can provide description or other information that the
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1617 user can use to determine the right setting.
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1618
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1619 If your tracker is based on the minimal or classic tracker and you have
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1620 not changed the _generic.help.html file, you can copy it into place
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1621 from the template directory.
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1622
c05ea62b4c7a fix: issue2551347 - make _generic.help.html work without property settings
John Rouillard <rouilj@ieee.org>
parents: 7923
diff changeset
1623
7905
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1624 Fix static_files use of '-' directory (info)
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1625 --------------------------------------------
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1626
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1627 Use of the '-' directory in ``static_files`` config.ini setting now
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1628 works. So it will prevent access to the html directory when using
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1629 ``@@file/`` based url's.
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1630
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1631
7556
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1632 Bad Login Rate Limiting and Locking (info)
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1633 ------------------------------------------
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1634
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1635 Brute force logins have been rate limited in the HTML web interface
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1636 for a while. This was not the case with the API interfaces.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1637
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1638 This release introduces rate limiting for invalid REST or XMLRPC API
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1639 logins. As with the web interface, users who have hit the rate limit
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1640 have their accounts locked until after the recommended delay time has
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1641 passed. See `information on configuring the API rate limits`_ for
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1642 details.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1643
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1644 .. _`information on configuring the API rate limits`: rest.html#rate-limiting-api-failed-logins
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1645
7582
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1646 Removal of cgi.py from Python (info)
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1647 ------------------------------------
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1648
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1649 The ``cgi.py`` module will be `removed starting with Python 3.13
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1650 <https://peps.python.org/pep-0594/#cgi>`_. Roundup now `vendors a copy
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1651 <https://pypi.org/project/legacy-cgi/>`_ of ``cgi.py`` and makes it
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1652 and its storage objects available by importing from::
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1653
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1654 from roundup.anypy.cgi_ import cgi
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1655 from roundup.anypy.cgi_ import FieldStorage, MiniFieldStorage
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1656
7959
88239d4ac4ab doc: spelling fix.
John Rouillard <rouilj@ieee.org>
parents: 7938
diff changeset
1657 It is unlikely that you will care unless you have done some expert
7582
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1658 level Roundup customization. If you have, use one of the imports above
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1659 if you plan on running on Python 3.13 (expected in 2024) or newer.
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
1660
7668
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1661 Fixing PostgreSQL Out of Memory Errors when Importing Tracker (info)
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1662 --------------------------------------------------------------------
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1663
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1664 Importing a tracker into PostgreSQL can run out of memory with the
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1665 error::
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1666
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1667 psycopg2.errors.OutOfMemory: out of shared memory
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1668 HINT: You might need to increase max_locks_per_transaction.
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1669
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1670 before changing your PostgreSQL configuration, try changing the pragma
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1671 ``savepoint_limit`` to a lower value. By default it is set to
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1672 ``10000``. In some cases this may be too high. See the `administration
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1673 guide`_ for further details.
5b41018617f2 fix: out of memory error when importing under postgresql
John Rouillard <rouilj@ieee.org>
parents: 7582
diff changeset
1674
7905
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1675 roundup-admin's History Command Produces Readable Output (info)
f47b186a2ad9 fix use of '-' directory in static files
John Rouillard <rouilj@ieee.org>
parents: 7860
diff changeset
1676 ---------------------------------------------------------------
7797
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1677
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1678 The history command of roundup-admin used to print the raw journal
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1679 data. In this release the default is to produce more human readable
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1680 data. The original output (not pretty printed as below) was::
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1681
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1682 [('1', <Date 2013-02-18.20:30:34.125>, '1', 'create', {}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1683 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1684 <Date 2013-02-19.21:24:20.391>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1685 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1686 'set',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1687 {'messages': (('+', ['3']),)}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1688 ('1', <Date 2013-02-19.21:24:24.797>, '1', 'set', {'priority': '1'}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1689 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1690 <Date 2013-02-20.03:16:52.000>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1691 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1692 'link',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1693 ('issue', '2', 'dependson')),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1694 ('1', <Date 2013-02-21.20:51:40.750>, '1', 'link', ('issue', '2',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1695 'seealso')),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1696 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1697 <Date 2013-02-22.05:33:08.875>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1698 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1699 'set',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1700 {'dependson': (('+', ['3']),), 'private': None, 'queue': None}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1701 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1702 <Date 2013-02-22.05:33:19.406>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1703 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1704 'set',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1705 {'dependson': (('+', ['2']),)}),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1706 ('1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1707 <Date 2013-02-27.03:24:42.844>,
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1708 '1',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1709 'unlink',
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1710 ('issue', '2', 'seealso')),
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1711 ...
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1712
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1713 Now it produces (Each entry is on one line, lines wrapped
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1714 and indented for display)::
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1715
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1716 admin(2013-02-18.20:30:34) create issue
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1717 admin(2013-02-19.21:24:20) set modified messages: added: msg3
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1718 admin(2013-02-19.21:24:24) set priority was critical(1)
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1719 admin(2013-02-20.03:16:52) link added issue2 to dependson
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1720 admin(2013-02-21.20:51:40) link added issue2 to seealso
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1721 admin(2013-02-22.05:33:08) set modified dependson: added: issue3;
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1722 private was None; queue was None
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1723 admin(2013-02-22.05:33:19) set modified dependson: added: issue2
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1724 admin(2013-02-27.03:24:42) unlink removed issue2 from seealso
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1725 ...
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1726
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1727
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1728 A few things to note: set operations can either assign a property or
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1729 report a modification of a multilink property. If an assignment
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1730 occurs, the value reported is the **old value** that was there before
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1731 the assignment. It is **not** the value that is assigned. In the
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1732 example above I don't know what the current value of priority is. All
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1733 I know it was set to critical when the issue was created.
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1734
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1735 Modifications to multilink properties work differently. I know that
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1736 ``msg3`` was present in the messages property after 2013-02-19 at
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1737 21:24:20 UTC.
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1738
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1739 The history command gets a new optional argument ``raw`` that produces
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1740 the old style output. The old style is (marginally) more useful for
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1741 script automation.
8bdf0484215c Summary: feat: roundup-admin history command has human interpretable output
John Rouillard <rouilj@ieee.org>
parents: 7793
diff changeset
1742
7921
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1743 Deprecation Notices (info)
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1744 --------------------------
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1745
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1746 Support for SQLite version 1 has been removed in 2.4.0.
e3975f679bf1 issue2551302 - Remove support for sqlite version 1 from back_sqlite.py
John Rouillard <rouilj@ieee.org>
parents: 7905
diff changeset
1747
8046
c53117e6775f doc: deprication sqlite2
John Rouillard <rouilj@ieee.org>
parents: 8045
diff changeset
1748 Support for SQLite version 2 will be removed in 2.5.0.
c53117e6775f doc: deprication sqlite2
John Rouillard <rouilj@ieee.org>
parents: 8045
diff changeset
1749
7923
29a666d8a70d issue2551285 - Remove StructuredText support
John Rouillard <rouilj@ieee.org>
parents: 7922
diff changeset
1750 Support for StructuredText has been removed in 2.4.0. Support for
29a666d8a70d issue2551285 - Remove StructuredText support
John Rouillard <rouilj@ieee.org>
parents: 7922
diff changeset
1751 reStructuredText remains.
29a666d8a70d issue2551285 - Remove StructuredText support
John Rouillard <rouilj@ieee.org>
parents: 7922
diff changeset
1752
7922
ded9f1c3f112 announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents: 7921
diff changeset
1753 Support for the `PySQLite <https://github.com/ghaering/pysqlite>`_
ded9f1c3f112 announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents: 7921
diff changeset
1754 library will be removed in 2.5.0. Only the Python supplied sqlite3
ded9f1c3f112 announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents: 7921
diff changeset
1755 library will be supported.
ded9f1c3f112 announce deprecation for PySQLite in 2.5.0
John Rouillard <rouilj@ieee.org>
parents: 7921
diff changeset
1756
7556
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1757 .. index:: Upgrading; 2.2.0 to 2.3.0
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
1758
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1759 Migrating from 2.2.0 to 2.3.0
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1760 =============================
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1761
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1762 Update your ``config.ini`` (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1763 -------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1764
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1765 Upgrade tracker's config.ini file. Use::
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1766
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1767 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1768
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1769 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1770 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1771 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1772 ``config.ini`` with ``newconfig.ini``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1773
7203
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
1774 ``updateconfig`` will tell you if it is changing old default
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
1775 values or if a value must be changed manually.
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
1776
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1777 Using the roundup-mailgw script (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1778 ------------------------------------------
7064
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1779
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1780 In previous versions the roundup-mailgw script had a ``-C`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1781 ``--class``) option for specifying a class to be used with ``-S`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1782 ``--set``) option(s). In the latest version the ``-C`` option is gone,
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1783 the class for this option is specified as a prefix, e.g. instead of ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1784
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1785 roundup-mailgw -C issue -S issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1786
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1787 You now specify ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1788
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1789 roundup-mailgw -S issue.issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1790
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1791 If multiple values need to be set, this can be achieved with multiple
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1792 ``-S`` options or with delimiting multiple values with a semicolon (in
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1793 that case the string needs to be quoted because semicolon is a shell
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1794 special character)::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1795
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1796 roundup-mailgw -S 'issue.issueprop1=value1;issueprop2=value2'
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1797 roundup-mailgw -S issue.issueprop1=value1 -S issue.issueprop2=value2
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1798
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1799 are equivalent. Note that the class is provided as a prefix for the
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1800 set-string, not for each property. The class can be omitted altogether
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1801 in which case it defaults to ``msg`` (this default existed in previous
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1802 versions).
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1803
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1804 If you do not use the ``-C`` (or ``--class``) option in your current
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1805 setup of mailgw you don't need to change anything.
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
1806
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1807 Replace Create User permission for Anonymous with Register (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1808 ---------------------------------------------------------------------
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1809
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1810 Check your trackers schema.py. If you have the following code::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1811
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1812 db.security.addPermissionToRole('Anonymous', 'Create', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1813
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1814 after the permission for Anonymous 'Email Access', change it to::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1815
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1816 db.security.addPermissionToRole('Anonymous', 'Register', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1817
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1818 The comment for Anonymous 'Email Access' may refer to Create. Change
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1819 it to refer to Register.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1820
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1821 This will be an issue if you used the devel or responsive tracker
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1822 templates. If you used a classic, minimal or jinja2 template the
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1823 permission change (but not the comment change) should be done already.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
1824
6806
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1825 Rdbms version change from 7 to 8 (required)
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1826 -------------------------------------------
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1827
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1828 This release includes a change that requires updates to the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1829 database schema.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1830
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1831 Sessions and one time key (otks) tables in the Mysql and
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1832 PostgreSQL database use a numeric type that
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1833 truncates/rounds expiration timestamps. This results in
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1834 entries being purged early or late (depending on whether
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1835 it rounds up or down). The discrepancy is a couple of
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1836 days for Mysql or a couple of minutes for PostgreSQL.
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1837
6806
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1838 Session keys stay for a week or more and CSRF keys are
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1839 two weeks by default. As a result, this isn't usually a
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1840 visible issue. This migration updates the numeric types
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1841 to ones that supports more significant figures.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1842
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1843 You should backup your instance and run the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1844 ``roundup-admin -i <tracker_home> migrate``
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1845 command for all your trackers once you've
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1846 installed the latest code base.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1847
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1848 Do this before you use the web, command-line or mail
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1849 interface and before any users access the tracker.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1850
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1851 If successful, this command will respond with either
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1852 "Tracker updated" (if you've not previously run it on an
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1853 RDBMS backend) or "No migration action required" (if you
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1854 have run it, or have used another interface to the tracker,
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1855 or are using anydbm).
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
1856
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1857 Session/OTK data storage for SQLite backend changed (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1858 --------------------------------------------------------------
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1859
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1860 Roundup stores a lot of ephemeral data:
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1861
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1862 * login session tokens,
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1863 * rate limits
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1864 * password reset attempt tokens
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1865 * one time keys
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1866 * and anti CSRF keys.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1867
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1868 These were stored using dbm style files while the main data
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1869 is stored in a SQLite db. Using both dbm and sqlite style
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1870 files is surprising and due to how we lock dbm files can be
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1871 a performance issue.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1872
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1873 However you can continue to use the dbm files by setting the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1874 ``backend`` option in the ``[sessiondb]`` section of
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1875 ``config.ini`` to ``anydbm``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1876
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1877 If you do not change the setting, two sqlite databases
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1878 called ``db-otk`` and ``db-session`` replace the dbm
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1879 databases. Once you make the change the old ``otks`` and
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1880 ``sessions`` dbm databases can be removed.
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1881
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1882 Note this replacement will require users to log in again and
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1883 refresh web pages to save data. It is best if people save
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1884 all their changes and log out of Roundup before the upgrade
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1885 is done to minimize confusion. Because the data is
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
1886 ephemeral, there is no plan to migrate this data to the new
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1887 SQLite databases. If you want to keep using the data set the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1888 ``sessiondb`` ``backend`` option as described above.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
1889
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1890 Update ``config.ini``'s ``password_pbkdf2_default_rounds`` (required)
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1891 ---------------------------------------------------------------------
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1892
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1893 Roundup hashes passwords using PBKDF2 with SHA1. In this release, you
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
1894 can `upgrade to PBKDF2-SHA512 from current PBKDF2-SHA1 (recommended)`_. If you
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1895 upgrade, you want to set the default rounds according to the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1896 PBKDF2-SHA512 upgrading directions. Note that this algorithm is
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1897 expected to be the default in a future version of Roundup.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1898
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1899 If you don't want to upgrade, we recommend that you increase the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1900 default number of rounds from the original 10000. PBKDF2 has a
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1901 parameter that makes hashing a password more difficult to do. The
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1902 original 10000 value was set years ago. It has not been updated for
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1903 advancements in computing power.
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1904
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1905 This release of Roundup changes the value to 2000000 (2
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1906 million). This exceeds the current `recommended setting of
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1907 1,300,000`_ for PBKDF2 when used with SHA1.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1908
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1909 .. caution::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1910
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1911 If you were using the old 10000 value, **it will be automatically
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1912 upgraded** to 2 million by using ``roundup-admin``'s
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1913 ``updateconfig``. If you were not using the old 10000 default, you
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1914 should update it manually.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1915
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1916 After the change users will still be able to log in using the older
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1917 10000 round hashed passwords. If ``migrate_passwords`` is set to
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1918 ``yes``, passwords will be automatically re-hashed using the new
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1919 higher value when the user logs in. If
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1920 ``password_pbkdf2_default_rounds`` is set to a lower value than was
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1921 used to hash a password, the password will not be rehashed so the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1922 higher value will be kept. The lower value will be used only if the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1923 password is changed using the web or command line.
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1924
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1925 Increasing the number of rounds will slow down re-hashing. That's the
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1926 whole point. Sadly it will also slow down logins. Usually the hash
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1927 takes under 1 second, but if you are using a slow chip (e.g. an ARM V6
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1928 at 700 bogo mips) it can take 30 seconds to compute the 2000000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1929 rounds. The slowdown is linear. So what takes .001 seconds at 10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1930 rounds will take: ``2000000/10000 * .001 = 200 * .001`` seconds or 0.2
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1931 seconds.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1932
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1933 You can see how long it will take by using the new ``roundup-admin``
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1934 ``perftest`` command. After you have finished migrating your database,
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1935 run::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1936
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1937 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2 rounds=10000
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1938
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1939 and then::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1940
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1941 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2 rounds=2,000,000
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1942
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1943 so see the difference. Output from this command looks like::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1944
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1945 Hash time: 0.203151849s scheme: PBKDF2 rounds: 10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1946
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1947 If your testing reports a hash time above 0.5 seconds for 10000
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1948 rounds, there may be another issue. See if executing::
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1949
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1950 python3 -c 'from hashlib import pbkdf2_hmac'
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1951
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1952 produces an error.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1953
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1954 If you get an ImportError, you are using Roundup's fallback PBKDF2
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1955 implementation. It is much slower than the library version. As a
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1956 result re-encrypting the password (and logging in, which requires
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1957 calculating the encrypted password) will be very slow.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1958
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
1959 You should find out how to make the import succeed. You may need to
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1960 install an OS vendor package or some other library.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1961
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1962 .. _recommended setting of 1,300,000: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
1963
8239
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
1964 .. _PBKDF2 upgrade:
6bd11a73f2ed issue2551253. default hash is PBKDF2-SHA512.
John Rouillard <rouilj@ieee.org>
parents: 8237
diff changeset
1965
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1966 Upgrade to PBKDF2-SHA512 from current PBKDF2-SHA1 (recommended)
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1967 ---------------------------------------------------------------
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1968
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1969 We recommend that you upgrade to using PBKDF2-SHA512 for hashing your
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1970 passwords. This is a more secure method than the old PBKDF2 (with
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1971 SHA1). Because the algorithm is more secure, it uses a smaller value
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1972 for ``password_pbkdf2_default_rounds``. Setting
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1973 ``password_pbkdf2_default_rounds`` to ``250000`` exceeds the current
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1974 `recommended setting of 210,000`_ iterations for PBKDF2 when used with
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1975 SHA512.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1976
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1977 You can see how long this takes to calculate on your hardware using
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1978 ``roundup-admin``'s perftest command. For example::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1979
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1980 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2S5 rounds=250,000
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1981
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1982 produces::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1983
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1984 Hash time: 0.161892945 seconds, scheme: PBKDF2S5, rounds: 250000
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1985
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1986 Any increase in the number of rounds will cause the password to
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1987 automatically be rehashed to the higher value the next time the user
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1988 logs in via the web interface. Changing the number of rounds to a
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1989 **lower** value will not trigger a rehash during login unless the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1990 scheme is also being changed. The lower number will be used only when
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1991 the password is explicitly changed using the web interface or the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1992 command line (``roundup-admin`` for example).
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1993
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1994 Change the default hashing scheme by adding the following lines to
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1995 |the interfaces.py file|_ in your tracker home::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1996
7711
0c855080794e doc: fix PBKDF2 SHA512 implementation example.
John Rouillard <rouilj@ieee.org>
parents: 7694
diff changeset
1997 from roundup.password import Password
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1998 ## Use PBDKF2S5 (PBKDF2-SHA512) for passwords. Re-hash old PBDFK2
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
1999 # Force password with scheme PBKDF2 (SHA1) to get re-hashed
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2000 Password.deprecated_schemes.insert(0, Password.known_schemes[0])
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2001 # choose PBKDF2S5 as the scheme to use for rehashing.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2002 Password.default_scheme = Password.experimental_schemes[0]
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2003
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2004 You may need to create the ``interfaces.py`` file if it doesn't exist.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2005 In the future, when the default hash is changed to PBKDF2S5, upgrade
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2006 directions will include instructions to remove these lines and
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2007 the file ``interfaces.py`` if it becomes empty.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2008
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2009 You can verify that PBKDF2S5 is used by default by running::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2010
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2011 roundup-admin -i <tracker_home> perftest password rounds=250,000
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2012
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2013 and verify that the scheme is PBKDF2S5.
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2014
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2015 .. _the interfaces.py file:
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2016 reference.html#interfaces-py-hooking-into-the-core-of-roundup
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2017
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2018 .. |the interfaces.py file| replace:: the ``interfaces.py`` file
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2019
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2020 .. _recommended setting of 210,000: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
2021
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2022 jQuery updated with updates to user.help.html (recommended)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2023 -----------------------------------------------------------
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2024
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2025 The devel and responsive templates shipped with an old version of
7275
c5d01886b27d fix mispelling.
John Rouillard <rouilj@ieee.org>
parents: 7217
diff changeset
2026 jQuery. According to automated tests, it may have a security issue. It
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2027 has been updated to the current version: 3.6.3. If your tracker is
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2028 based on one of these templates (see the ``TEMPLATE-INFO.txt`` file in
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2029 your tracker), remove the old ``html/jquery.js`` file from your
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2030 tracker and copy the new ``jquery-3.6.3.js`` file from the template
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2031 directory to your tracker's ``html`` directory. Also copy in the new
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2032 ``user.help.html`` file. It now references the new ``jquery-3.6.3.js``
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2033 file.
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2034
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2035
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2036 Session/OTK data storage using Redis (optional)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2037 -----------------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2038
6819
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
2039 You can store your ephemeral data in a Redis database. This
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
2040 provides significantly better performance for ephemeral data
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
2041 than SQLite or dbm files. See the section `Using Redis for
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
2042 Session Databases`_ in the `administration guide`_
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2043
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2044
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2045 .. _Using Redis for Session Databases:
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2046 admin_guide.html#using-redis-for-session-databases
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
2047
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2048 New SQLite databases created with WAL mode journaling (optional)
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2049 ----------------------------------------------------------------
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2050
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2051 By default, SQLite databases use a rollback journal when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2052 writing an update. The rollback journal stores a copy of the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2053 data from before the update. One downside of this is that
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2054 all reads have to be suspended while a write is
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2055 occurring. SQLite has an alternate way of insuring ACID
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2056 compliance by using a WAL (write ahead log) journal.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2057
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2058 Version 2.3.0 of Roundup, creates new SQLite databases using
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2059 WAL journaling. With WAL, a writer does not block readers
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2060 and readers do not block writing an update. This keeps
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2061 Roundup accessible even under a heavy write load (e.g. when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2062 bulk loading data or automated updates via REST).
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2063
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2064 If you want to convert your existing SQLite db to WAL mode:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2065
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2066 1. check the current journal mode on your database
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2067 using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2068
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2069 sqlite3 <tracker_home>/db/db "pragma journal_mode;"
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2070
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2071 2. If it returns ``delete``, change it to WAL mode using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2072
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2073 sqlite3 <tracker_home>/db/db "pragma journal_mode=WAL;"
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2074
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2075 3. verify by running the command in step 1 again and you
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2076 should get ``wal``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2077
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2078 If you are using SQLite for session and otk databases,
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2079 perform the same steps replacing ``db`` with ``db-session``
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2080 and ``db-otk``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2081
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2082 If you find WAL mode is not working for you, you can set the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2083 journal method to a rollback journal (``delete`` mode) by
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2084 using step 2 and replacing ``wal`` with ``delete``. (Note:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2085 SQLite supports other journaling modes, but only ``wal`` and
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2086 ``delete`` persist. Roundup doesn't set a journaling mode
7396
bb7752f6e1cd Clarify wording.
John Rouillard <rouilj@ieee.org>
parents: 7375
diff changeset
2087 when it opens the database, so journaling mode options such
bb7752f6e1cd Clarify wording.
John Rouillard <rouilj@ieee.org>
parents: 7375
diff changeset
2088 as ``truncate`` are not useful.)
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2089
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2090 For details on WAL mode see `<https://www.sqlite.org/wal.html>`_
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2091 and `<https://www.sqlite.org/pragma.html#pragma_journal_mode>`_.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
2092
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2093 Change in processing allowed_api_origins setting (info)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2094 -------------------------------------------------------
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2095
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2096 In this release you can use both ``*`` (as the first origin) and
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2097 explicit origins in the ``allowed_api_origins`` setting in
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2098 ``config.ini``. (Before it was only one or the other.)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2099
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2100 You do not need to use ``*``. If you do, it allows any client
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2101 anonymous (unauthenticated) access to the Roundup tracker. This
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2102 is the same as browsing the tracker without logging in. If they
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2103 try to provide credentials, access to the data will be denied by
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2104 `CORS`_.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2105
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2106 If you include explicit origins (e.g. \https://example.com),
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2107 users from those origins will not be blocked if they use
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2108 credentials to log in.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2109
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2110 .. _CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
2111
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2112 Change in processing of In-Reply_to email header (info)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
2113 -------------------------------------------------------
6941
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2114
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2115 Messages received via email usually include a ``[issue23]``
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2116 designator in the subject line. This indicates what issue is
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2117 being updated. If the designator is missing, Roundup tries
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2118 to find the correct issue by using the in-reply-to email
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2119 header.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2120
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2121 The former code appends the new message to the first issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2122 found with a message matching the in-reply-to
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2123 header. Usually a message is associated with only one
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2124 issue. However nothing in Roundup requires that.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2125
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2126 In this release, the in-reply-to matching is disabled if
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2127 there are multiple issues with the same message. In this
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2128 case, subject matching is used to try to find the matching
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2129 issue.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2130
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2131 If you don't have messages assigned to multiple issues you
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2132 will see no change. If you do have multi-linked messages
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2133 this will hopefully result in better message->issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2134 matching.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
2135
7400
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2136 Incremental/batch full test reindexing with roundup-admin (info)
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2137 ----------------------------------------------------------------
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2138
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2139 The ``reindex`` command in ``roundup-admin`` can reindex
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2140 a range of items. For example::
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2141
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2142 roundup-admin -i ... reindex issues:1-1000
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2143
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2144 will reindex only the first 1000 issues. This is useful since
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2145 reindexing can take a while and slow down the tracker. By running
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2146 it in batches you can control when the reindex runs rather than having
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2147 to wait for it to complete all the reindexing. See the man page or
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2148 `administration guide`_ for details.
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
2149
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
2150 .. index:: Upgrading; 2.1.0 to 2.2.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2151
6698
b56bd672ebbf formatting changes
John Rouillard <rouilj@ieee.org>
parents: 6688
diff changeset
2152 Migrating from 2.1.0 to 2.2.0
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
2153 =============================
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
2154
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2155 Update your ``config.ini`` (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2156 -------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2157
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2158 Upgrade tracker's config.ini file. Use::
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2159
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2160 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2161
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2162 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2163 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2164 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
2165 ``config.ini`` with ``newconfig.ini``.
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2166
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2167 Rdbms version change from 6 to 7 (required)
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2168 -------------------------------------------
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2169
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2170 This release includes two changes that require updates to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2171 schema:
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2172
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2173 1. The size of words included in the Roundup FTS indexers have been
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2174 increased from 25 to 50. This requires changes to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2175 columns used by the native indexer. This also affect the whoosh
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2176 and xapian indexers.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2177 2. Some databases that include native full-text search (native-fts
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2178 indexer) searching are now supported.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2179
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
2180 You should run the ``roundup-admin -i <tracker_home> migrate`` command
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
2181 for all your trackers once you've installed the latest codebase.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2182
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2183 Do this before you use the web, command-line or mail interface
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2184 and before any users access the tracker.
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2185
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2186 If successful, this command will respond with either "Tracker
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2187 updated" (if you've not previously run it on an RDBMS backend) or
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2188 "No migration action required" (if you have run it, or have used
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2189 another interface to the tracker, or are using anydbm).
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
2190
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
2191 See `below if you want to enable native-fts searching`_.
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
2192
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
2193 .. _below if you want to enable native-fts searching: \
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2194 #enhanced-full-text-search-optional
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2195
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2196 The increase in indexed word length also affects whoosh and xapian
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2197 backends. You may want to run ``roundup-admin -i tracker_home
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2198 reindex`` if you want to index or search for longer words in your full
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2199 text searches. Re-indexing make take some time.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
2200
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2201 Check new login_empty_passwords setting (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2202 --------------------------------------------------
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
2203
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
2204 In this version of Roundup, users with a blank password are not
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
2205 allowed to login. Blank passwords have been allowed since 2002, but
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
2206 2022 is a different time. If you have a use case that requires a user
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
2207 to login without a password, set the ``login_empty_passwords`` setting
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2208 in the ``web`` section of ``config.ini`` to ``yes``. In
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2209 general this should be left at its default value of ``no``.
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2210
7724
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
2211 Verify that SQLite supports FTS5 (required)
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
2212 -------------------------------------------
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
2213
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
2214 If you use SQLite as your backend, it *must* support FTS5. See the
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
2215 `FTS5 testing steps`_ for how to verify this.
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
2216
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
2217 .. _FTS5 testing steps: installation.html#fts5-testing
68c04cc8edf7 More doc upates for FTS5 requires for sqlite and roundup > 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 7723
diff changeset
2218
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2219 Check allowed_api_origins setting (optional)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2220 --------------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2221
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2222 If you are using the REST or xmlrpc api's from an origin
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2223 that is different from your roundup tracker, you will need
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2224 to add your allowed origins to the allowed_api_origins in
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2225 your updated ``config.ini``. Upgrade your ``config.ini`` as
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2226 described above then read the documentation for the setting
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2227 in ``config.ini``.
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
2228
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2229 Check compression settings (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2230 -------------------------------------
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
2231
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2232 Read the `administration guide`_ section on `Configuring Compression`_.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
2233
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2234 Upgrade your tracker's config.ini as described
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2235 above. Compare the old and new files and configure new
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2236 compression settings as you want. Then replace
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
2237 ``config.ini`` with the ``newconfig.ini`` file.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
2238
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2239 Search added to user index page (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2240 ------------------------------------------
6464
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
2241
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
2242 A search form and count of number of hits has been added to the
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
2243 ``user.index.html`` template page in the classic template. You may
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
2244 want to merge the search form and footer into your template.
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
2245
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2246 Enhanced full-text search (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2247 ------------------------------------
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
2248
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2249 SQLite's `FTS5 full-text search engine`_ is available as is
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2250 `PostgreSQL's full text search`_. Both require a schema upgrade so you
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2251 should run::
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2252
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2253 roundup-admin -i tracker_home migrate
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2254
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2255 to create FTS specific tables before restarting the roundup-web or
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2256 email interfaces.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2257
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2258 SQLite 3.9.0+ or PostgreSQL 11.0+ are required to use this feature.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2259 When using SQLite, all full text search fields will allow searching
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2260 using the MATCH query format described at:
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2261 https://www.sqlite.org/fts5.html#full_text_query_syntax. When using
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2262 PostgreSQL either the websearch_to_tsquery or to_tsquery formats
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2263 described on
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2264 https://www.postgresql.org/docs/14/textsearch-controls.html#TEXTSEARCH-PARSING-QUERIES
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2265 can be used. The default is websearch. Prefixing the search with
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2266 ``ts:`` enables tsquery mode.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2267
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2268 A list of words behaves almost the same as the default text search
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2269 (``native``). So the search string ``fts search`` will find all issues
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
2270 that have both of those words (an AND search) in a text-field (like
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
2271 title) or in a message (or file) attached to the issue.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
2272
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2273 One thing to note is that native-fts searches do not ignore words
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
2274 longer than 50 characters or less than 2 characters. Also SQLite does
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
2275 not filter out common words (i.e. there is no stopword list). So words
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2276 like "and", "or", "then", "with" ... are included in the FTS5 search.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2277
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2278 You must explicitly enable this search mechanism by changing the
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
2279 ``indexer`` setting in ``config.ini`` to ``native-fts``. Native-fts
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
2280 must be explicitly chosen. This is different from Xapian or Whoosh
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
2281 indexers, which are chosen if they are installed in the Python
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
2282 environment. This prevents the existing native indexing from being
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
2283 discarded if ``indexer`` is not set.
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2284
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2285 Next re-index your data with ``roundup-admin -i tracker_home
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2286 reindex``. This can take a while depending on the size of the tracker.
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2287
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2288 You may want to update your ``config.ini`` by following the directions
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
2289 above to get the latest documentation.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
2290
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2291 See the `administration guide notes on native-fts`_ for further details.
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
2292
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2293 Adding error reporting templates (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2294 -------------------------------------------
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2295
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2296 Currently some internal errors result in a bare html page with an
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2297 error message. The usual chrome supplied by page.html is not shown.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2298 For example query language syntax errors for full text search methods
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2299 will display a bare HTML error page.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2300
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2301 If you add an ``_generic.400.html`` template to the html directory, you
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2302 can display the error inside of the layout provided by the ``page.html``
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2303 template. This can make fixing the error and navigation easier. You
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2304 can use the ``_generic.404.html`` template to create a
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2305 ``_generic.400.html`` by modifying the title and body text. You can test
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2306 the 400 template by appending ``@template=400`` to the url for the
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
2307 tracker.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
2308
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2309 Change passwords using crypt module (optional)
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2310 ----------------------------------------------
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2311
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2312 The crypt module is being removed from the standard library. Any
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2313 stored password using crypt encoding will fail to verify once the
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
2314 crypt module is removed (expected in Python 3.13 see `pep-0594
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
2315 <https://peps.python.org/pep-0594/>`_). Automatic migration of
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
2316 passwords (if enabled in config.ini) re-encrypts old passwords using
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
2317 something other than crypt if a user logs in using the web interface.
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2318
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2319 You can find users with passwords still encrypted using crypt by
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2320 running::
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2321
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2322 roundup-admin -i <tracker_home> table password,id,username
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2323
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2324 Look for lines starting with ``{CRYPT}``. You can reset the user's
8432
7f7749d86da8 doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents: 8431
diff changeset
2325 password using [#history-pragma]_ ::
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2326
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2327 roundup-admin -i <tracker_home>
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2328 roundup> set user16 password=somenewpassword
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2329
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2330 changing ``16`` to the id in the second column of the table output.
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2331 The example uses interactive mode (indicated by the ``roundup>``
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2332 prompt). This prevents the new password from showing up in the output
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2333 of ps or shell history. The new password will be encrypted using the
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2334 default encryption method (usually pbkdf2).
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
2335
8432
7f7749d86da8 doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents: 8431
diff changeset
2336 .. [#history-pragma] If your version of roundup-admin provides history
7f7749d86da8 doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents: 8431
diff changeset
2337 support, you should add ``-P history_features=2`` to the command
7f7749d86da8 doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents: 8431
diff changeset
2338 line or run ``pragma history_features=2`` at the ``roundup>``
7f7749d86da8 doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents: 8431
diff changeset
2339 prompt. This will prevent the command line (and password) from being
7f7749d86da8 doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents: 8431
diff changeset
2340 saved to your history file (usually ``.roundup_admin_history`` in
7f7749d86da8 doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents: 8431
diff changeset
2341 your user's home directory. You can use ``roundup-admin -i
7f7749d86da8 doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents: 8431
diff changeset
2342 <tracker_home> pragma list`` to see if pragmas are supported.
7f7749d86da8 doc: add disable saving roundup-admin history file for password changes
John Rouillard <rouilj@ieee.org>
parents: 8431
diff changeset
2343
6747
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2344 Enable performance improvement for wsgi mode (optional)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2345 -------------------------------------------------------
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2346
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2347 There is an experimental wsgi performance improvement mode that caches
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2348 the loaded roundup instance. This eliminates disk reads that are
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2349 incurred on each connection. In one report it improves speed by a
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2350 factor of 2 to 3 times. To enable this you should add a feature flag
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2351 to your Roundup wsgi wrapper (see the file
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2352 ``.../share/frontends/wsgi.py``) so it looks like::
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2353
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2354 feature_flags = { "cache_tracker": "" }
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2355 app = RequestDispatcher(tracker_home, feature_flags=feature_flags)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2356
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2357 to enable this mode. Note that this is experimental and was added
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2358 during the 2.2.0 beta period, so it is enabled using a feature flag.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2359 If you use this and it works for you please followup with an email to
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2360 the roundup-users at lists.sourceforge.net mailing list so we can
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2361 enable it by default in a future release.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
2362
6753
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2363
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2364 Hide submit button during readonly use of _generic.item.html (optional)
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2365 -----------------------------------------------------------------------
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2366
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2367 The submit button in _generic.item.html always shows up even when the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2368 user doesn't have edit perms. Change the ``context/submit`` html to
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2369 read::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2370
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2371 <td colspan=3 tal:content="structure context/submit"
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2372 tal:condition="context/is_edit_ok">
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2373
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2374 in your TAL based templates. The ``jinja2`` based templates are
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2375 missing this file, but if you implemented one you want to surround the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2376 jinja2 code with::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2377
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
2378 {% if context.is_edit_ok() %}
6753
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2379 <submit button code here>
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2380 {% endif %}
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2381
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
2382
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
2383 .. index:: Upgrading; 2.0.0 to 2.1.0
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
2384
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2385 Migrating from 2.0.0 to 2.1.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2386 =============================
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2387
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2388 Rdbms version change from 5 to 6 (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2389 -------------------------------------------
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2390
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2391 To fix an issue with importing databases, the database has to be
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2392 upgraded for rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2393
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2394 You should run the ``roundup-admin migrate`` command for your
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2395 tracker once you've installed the latest codebase.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2396
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2397 Do this before you use the web, command-line or mail interface
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2398 and before any users access the tracker.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2399
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2400 If successful, this command will respond with either "Tracker
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2401 updated" (if you've not previously run it on an RDBMS backend) or
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2402 "No migration action required" (if you have run it, or have used
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2403 another interface to the tracker, or are using anydbm).
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2404
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2405 This only changes the schema for the mysql backend. It has no
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2406 effect other than upgrading the revision on other rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2407
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2408 On the mysql backend it creates the database index that makes
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2409 sure the key field for your class is unique.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2410
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2411 If your update/migration fails, you will see an::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2412
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2413 IntegrityError: (1062, "Duplicate entry '0-NULL' for key '_user_key_retired_idx'")
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2414
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2415 it means you have two non-retired members of the class with the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2416 same key field. E.G. two non-retired users with the same
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2417 username.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2418
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2419 Debug this using roundup-admin using the list command. For
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2420 example dump the user class by the key field ``username``::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2421
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2422 $ roundup-admin -i <tracker_home> list user username
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2423 1: admin
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2424 2: anonymous
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2425 3: demo
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2426 4: agent
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2427 5: provisional
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2428 6: foo@example.com
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2429 7: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2430 8: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2431 ...
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2432
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2433 then search the usernames for duplicates. Once you have
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2434 identified the duplicate username (``dupe`` above), you should
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2435 retire the other active duplicates or change the username for the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2436 duplicate. To retire ``7: dupe``, you run::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2437
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2438 roundup-admin -i <tracker_home> retire user7
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2439
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2440 (use ``restore user7`` if you retired the wrong item). If you
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2441 want to rename the entry use::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2442
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2443 roundup-admin -i <tracker_home> set user7 username=dupe1
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2444
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2445 Keep doing this until you have no more duplicates. Then run the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2446 update/migrate again.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2447
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2448 If you have duplicate non-retired entries in your database,
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2449 please email roundup-users at lists.sourceforge.net. We are
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2450 interested in how many issues this has caused. Duplicate creation
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2451 should occur only when two or more mysql processes run in
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2452 parallel and both of them creating an item with the same key. So
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2453 this should be a rare event. The internal duplicate prevention
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2454 checks should work in other cases.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2455
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2456 For the nerds: if you had a new installation that was created at
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2457 version 5, the uniqueness of a key was not enforced at the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2458 database level. If you had a database that was at version 4 and
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2459 then upgraded to version 5 you have the uniqueness enforcing
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2460 constraint. Running migrate updates to schema version 6 and installs
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2461 the unique index constraint if it is missing.
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
2462
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2463 Setuptools is now required to install (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2464 --------------------------------------------
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
2465
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
2466 Roundup install now uses setuptools rather than distutils. You must
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
2467 install setuptools. Use the version packgaged by your OS vendor. If
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
2468 your OS vendor doesn't supply setuptools use ``pip install
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
2469 setuptools``. (You may need pip3 rather than pip if using python3.)
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
2470
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2471 Define Authentication Header (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2472 ---------------------------------------
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2473
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2474 The web server in front of roundup (apache, nginx) can perform user
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2475 authentication. It can pass the authenticated username to the backend
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2476 in a variable. By default roundup looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2477 variable. This can be changed by setting the parameter
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2478 ``http_auth_header`` in the ``[web]`` section of the tracker's
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2479 ``config.ini`` file to a different value. The value is case sensitive.
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2480 If the value is unset (the default) the REMOTE_USER variable is used.
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2481
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2482 If you are running roundup using ``roundup-server`` behind a proxy
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2483 that authenticates the user you need to configure ``roundup-server``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2484 to pass the HTTP header with the authenticated username to the
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2485 tracker. By default ``roundup-server`` looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2486 header for the authenticated user. You can copy an arbitrary header
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2487 variable to the tracker using the ``-I`` option to roundup-server (or
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2488 the equivalent option in the roundup-server config file).
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2489
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2490 For example to use the ``uid_variable`` header, two configuration
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2491 changes are needed: First configure ``roundup-server`` to pass the
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2492 header to the tracker using::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2493
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2494 roundup-server -I uid_variable ....
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2495
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2496 note that the header is passed exactly as supplied by the upstream
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2497 server. It is **not** prefixed with ``HTTP_`` like other headers since
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2498 you are explicitly allowing the header. Multiple comma separated
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2499 headers can be passed to the ``-I`` option. These could be used in a
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2500 detector or other tracker extensions, but only one header can be used
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2501 by the tracker as an authentication header.
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2502
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2503 To make the tracker honor the new variable changing the tracker
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2504 ``config.ini`` to read::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2505
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2506 [web]
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2507 ...
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2508 http_auth_header = uid_variable
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2509
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2510 At the time this is written, support is experimental. If you use it
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
2511 you should notify the roundup maintainers using the roundup-users
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
2512 at lists.sourceforge.net mailing list.
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
2513
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2514 Classname Format Enforced (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2515 --------------------------------
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2516
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2517 Check schema.py and look at all Class(), IssueClass(), FileClass()
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2518 calls. The second argument is the classname. All classnames must:
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2519
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2520 * start with an alphabetic character
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2521 * consist of alphanumerics and '_'
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2522 * not end with a digit
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2523
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2524 this was not enforced before. Using non-standard classnames could lead
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2525 to other issues.
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
2526
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2527 jQuery updated with updates to user.help.html (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2528 -----------------------------------------------------------
6290
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2529
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2530 The devel and responsive templates shipped with an old version of
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2531 jQuery with some security issues. It has been updated to the current
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2532 version: 3.5.1. If your tracker is based on one of these templates
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2533 (see the ``TEMPLATE-INFO.txt`` file in your tracker), remove the old
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2534 ``html/jquery.js`` file from your tracker and copy the new
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2535 ``jquery-3.5.1.js`` file from the template directory to your tracker's
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2536 ``html`` directory. Also copy in the new ``user.help.html`` file. It now
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2537 references the new ``jquery-3.5.1.js`` file and also fixes a bug that
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2538 prevented applying the change from the helper to the field on the main
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2539 form.
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
2540
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2541 Roundup-admin security stops on incorrect properties (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2542 -----------------------------------------------------------
6393
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
2543
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
2544 The ``roundup-admin ... security`` command used to continue
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
2545 running through the rest of the security roles after reporting a
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
2546 property error. Now it stops after reporting the incorrect property.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
2547
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
2548 If run non-interactively, it exits with status 1. It can now be
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
2549 used in a startup script to detect permission errors.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
2550
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2551 Futureproof devel and responsive timezone selection extension (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2552 ---------------------------------------------------------------------------
6418
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2553
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2554 The devel and responsive (derived from devel) templates use a select
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2555 control to list all available timezones when pytz is used. It
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2556 sanitizes the data using cgi.escape. Cgi.escape is deprecated and
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2557 removed in newer pythons. Change your ``extensions/timezone.py``
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2558 file by applying the following patch manually::
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2559
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2560
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2561 -import cgi
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2562 +try:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2563 + from html import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2564 +except ImportError:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2565 + from cgi import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2566
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2567 try:
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2568 import pytz
6418
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2569 @@ -25,7 +28,7 @@
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2570 s = ' '
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2571 if zone == value:
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
2572 s = 'selected=selected '
6418
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2573 - z = cgi.escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2574 + z = escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2575
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2576 See https://issues.roundup-tracker.org/issue2551136 for more details.
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
2577
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
2578 .. index:: Upgrading; 1.6.x to 2.0.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
2579
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2580 Migrating from 1.6.X to 2.0.0
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2581 =============================
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2582
6174
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
2583 .. index:: roundup-admin; updateconfig subcommand
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
2584
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2585
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2586 Python 2 MYSQL users MUST READ (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2587 -----------------------------------------
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2588
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2589 To fix issues with encoding of data and text searching, roundup now
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2590 explicitly sets the database connection character set. Roundup prior
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2591 to 2.0 used the default character set which was not always utf-8. All
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2592 roundup data is manipulated in utf-8. This mismatch causes issues with
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2593 searches and result in corrupted data in the database if it was not
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2594 properly represented across the charset conversions.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2595
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2596 This issue exists when running roundup under python 2. Note that there
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2597 are more changes required for running roundup 2.0 if you choose to use
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2598 python3. See `Python 3 support`_.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2599
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2600 In an upgraded ``config.ini`` (see next section) the ``[rdbms]``
6333
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
2601 section has a key ``mysql_charset`` set by default to ``utf8mb4``.
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
2602
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
2603 It should be possible to change ``utf8mb4`` to any mysql charset. So
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
2604 if you know what charset is enabled (e.g. via a setting in ~roundup/.my.cnf,
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2605 or the default charset for the database) you can set it in
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2606 ``config.ini`` and not need to covert the database. However the
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2607 underlying issues with misconverted data and bad searches will still
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2608 exist if they did before.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2609
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2610 None of the roundup developers run mysql, so the exact steps to take
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2611 during the upgrade were tested with test and not production databases.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2612
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2613 **Before doing anything else:**
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2614
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2615 Backup the mysql database using mysql dump or other mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2616 supported tool.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2617
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2618 Backup roundup using your current backup tool and take the roundup
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2619 instance offline.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2620
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2621 Then the following steps (similar to the conversion in needed for
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2622 Python 3) should work:
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2623
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2624 1. Export the tracker database
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2625 using your **current** 1.6 instance::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2626
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2627 roundup-admin -i <trackerdir> exporttables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2628
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2629 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2630
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2631 2. Import the exported database using the **new** 2.0 roundup::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2632
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2633 roundup-admin -i <trackerdir> importtables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2634
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2635 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2636
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2637 The imported data should overwrite the original data. Note it is
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2638 critically important that the ``exporttables`` be done with the *old
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2639 tracker* and the ``importtables`` be done with the *new tracker*. An
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2640 import/export cycle between roundup 1.6.0 and roundup 2.0 has been
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2641 done successfully. So the export format for 1.6 and 2.0 should be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2642 compatible.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2643
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2644 Note that ``importtables`` is new in roundup-2.0, so you will not be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2645 able to import the result of ``exporttables`` using any 1.x version of
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2646 roundup.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2647
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2648 Following the same sequence as above using ``export`` and ``import``
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2649 should also work, but it will export all the files and messages. This
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2650 will take longer but may be worth trying if the ``exporttables`` and
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2651 ``importtables`` method fails for some reason.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2652
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2653 Another way that should be faster, but is untested is to use mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2654 dump to dump the database.
8111
394f72021dad docs: replace redirecting url's with target
John Rouillard <rouilj@ieee.org>
parents: 8081
diff changeset
2655 https://makandracards.com/makandra/595-dumping-importing-mysql-utf-8-safe-way
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
2656 recommends:
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2657
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2658 Note that when your MySQL server is not set to UTF-8 you need to do
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2659 mysqldump --default-character-set=latin1 (!) to get a correctly
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2660 encoded dump. In that case you will also need to remove the SET
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2661 NAMES='latin1' comment at the top of the dump, so the target machine
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2662 won't change its UTF-8 charset when sourcing.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2663
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2664 Then import the dump. Removing ``SET NAMES`` should allow the import
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2665 to use UTF-8.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2666
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2667 Please report success or issues with this conversion to the
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
2668 roundup-users at lists.sourceforge.net mailing list.
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2669
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2670 As people report successful or unsuccessful conversions, we will update
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2671 the errata page at: https://wiki.roundup-tracker.org/ReleaseErrata.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2672
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2673 Upgrade tracker's config.ini file (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2674 -----------------------------------------------
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
2675
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2676 Once you have installed the new roundup, use::
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2677
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2678 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2679
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2680 to generate a new ini file preserving all your settings. You can then
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2681 merge any local comments from the tracker's ``config.ini`` into
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2682 ``newconfig.ini``. Compare the old and new files and configure any new
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2683 settings as you want. Then replace ``config.ini`` with the
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2684 ``newconfig.ini`` file.
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2685
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2686 .. _Python 3 support:
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2687
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2688 Python 3 support (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2689 -----------------------
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2690
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2691 Many of the ``.html`` and ``.py`` files from Roundup that are copied
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2692 into tracker directories have changed for Python 3 support. If you
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2693 wish to move an existing tracker to Python 3, you need to merge in
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2694 those changes. Also you need to make sure that locally created python
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2695 code in the tracker is correct for Python 3.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2696
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2697 If your tracker uses the ``anydbm`` or ``mysql`` backends, you also
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2698 need to export the tracker contents using ``roundup-admin export``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2699 running under Python 2, and them import them using ``roundup-admin
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2700 import`` running under Python 3. This is detailed in the documention
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2701 for migrating to a different backend. If using the ``sqlite`` backend,
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2702 you do not need to export and import, but need to delete the
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2703 ``db/otks`` and ``db/sessions`` files when changing Python version.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2704 If using the ``postgresql`` backend, you do not need to export and
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2705 import and no other special database-related steps are needed.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2706
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2707 If you use the whoosh indexer, you will need to reindex. It looks like
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2708 a database created with Python 2 leads to Unicode decode errors when
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2709 accessed by Python 3. Reindexing can take a while (see details below
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2710 look for "reindexing").
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2711
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2712 Octal values in config.ini change from the Python 2 representation
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2713 with a leading ``0`` (``022``). They now use a leading ``0o``
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
2714 (``0o22``). Note that the ``0o`` format is properly handled under
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2715 python 2. You can use the ``newconfig.ini`` generated using ``python3
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2716 roundup-admin -i ... updateconfig newconfig.ini`` if you want to go
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2717 back to using python 2. (Note going back to Python 2 will require
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2718 the same steps as moving from 2 to 3 except using Python 3 to perform
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
2719 the export.)
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
2720
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2721 Rate Limit New User Registration (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2722 ---------------------------------------
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2723
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2724 The new user registration form can be abused by bots to allow
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2725 automated registration for spamming. This can be limited by using the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2726 new ``config.ini`` ``[web]`` option called
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2727 ``registration_delay``. The default is 4 and is the number of seconds
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2728 between the time the form was generated and the time the form is
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2729 processed.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2730
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2731 If you do not modify the ``user.register.html`` template in your
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2732 tracker's html directory, you *must* set this to 0. Otherwise you will
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2733 see the error:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2734
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
2735 .. code-block:: text
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
2736
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2737 Form is corrupted, missing: opaqueregister.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2738
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2739 If set to 0, the rate limit check is disabled.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2740
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2741 If you want to use this, you can change your ``user.register.html``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2742 file to include::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2743
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2744 <input type="hidden" name="opaqueregister" tal:attributes="value python: utils.timestamp()">
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2745
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2746 The hidden input field can be placed right after the form declaration
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2747 that starts with::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2748
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2749 <form method="POST" onSubmit="return submit_once()"
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2750
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2751 If you have applied Erik Forsberg's tracker level patch to implement
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2752 (see: https://hg.python.org/tracker/python-dev/rev/83477f735132), you
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2753 can back the code out of the tracker. You must change the name of the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2754 field in the html template to ``opaqueregistration`` from ``opaque``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2755 in order to use the core code.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2756
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2757 PGP mail processing (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2758 ------------------------------
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2759
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2760 Roundup now uses the ``gpg`` module instead of ``pyme`` to process PGP
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2761 mail. If you have PGP processing enabled, make sure the ``gpg``
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2762 module is installed.
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
2763
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2764 MySQL client module (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2765 ---------------------------------
5510
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2766
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2767 Although the ``MySQLdb`` module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2768 https://pypi.org/project/MySQL-python/ is still supported, it is
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2769 recommended to switch to the updated module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2770 https://pypi.org/project/mysqlclient/.
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
2771
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2772 XMLRPC Access Role (info/required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2773 ----------------------------------
5879
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2774
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2775 A new permission has been added to control access to the XMLRPC
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2776 endpoint. If the user doesn't have the new "Xmlrpc Access" permission,
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2777 they will not be able to log in using the /xmlrpc end point. To add
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2778 this new permission to the "User" role you should change your
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2779 tracker's schema.py and add::
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2780
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2781 db.security.addPermissionToRole('User', 'Xmlrpc Access')
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2782
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2783 This is usually included near where other permissions like "Web Access"
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2784 or "Email Access" are assigned.
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
2785
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2786 New values for db.tx_Source (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2787 ----------------------------------
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2788
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2789 The database attribute tx_Source reports "xmlrpc" and "rest" when the
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2790 /xmlrpc and /rest web endpoints are used. Check all code (extensions,
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2791 detectors, lib) in trackers looking for tx_Source. If you have code
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2792 like::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2793
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2794 if db.tx_Source == "web":
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2795
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2796 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2797
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2798 if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2799
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2800 you may need to change these to include matches to "rest" and
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2801 "xmlrpc". For example::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2802
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2803 if db.tx_Source in [ "web", "rest", "xmlrpc" ]
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2804
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2805 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2806
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2807 if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2808
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2809
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2810 CSV export changes (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2811 -------------------------
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2812
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2813 The original Roundup CSV export function for indexes reported id
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2814 numbers for links. The wiki had a version that resolved the id's to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2815 names, so it would report ``open`` rather than ``2`` or
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2816 ``user2;user3`` rather than ``[2,3]``.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2817
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2818 Many people added the enhanced version to their extensions directory.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2819
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2820 The enhanced version was made the default in roundup 2.0. If you want
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2821 to use the old version (that returns id's), you can replace references
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2822 to ``export_csv`` with ``export_csv_id`` in templates.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2823
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2824 Both core csv export functions have been changed to force quoting of
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2825 all exported fields. To incorporate this change in any CSV export
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2826 extension you may have added, change references in your code from::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2827
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2828 writer = csv.writer(wfile)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2829
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2830 to::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2831
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2832 writer = csv.writer(wfile, quoting=csv.QUOTE_NONNUMERIC)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2833
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2834 this forces all (non-numeric) fields to be quoted and empty quotes to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2835 be added for missing parameters.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2836
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2837 This turns exported values that may look like formulas into strings so
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2838 some versions of Excel won't try to interpret them as a formula.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
2839
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2840 Update userauditor.py to restrict usernames (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2841 ---------------------------------------------------------
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2842
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2843 A username can be created with embedded commas and < and >
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
2844 characters. Even though the < and > are usually escaped when
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2845 displayed, the embedded comma makes it difficult to edit lists of
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2846 users as they are comma separated.
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2847
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2848 If you have not modified your tracker's userauditor.py, you can just
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2849 copy the userauditor.py from the classic template into your tracker's
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2850 detectors directory. Otherwise merge the changes from the template
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2851 userauditor.py. https://issues.roundup-tracker.org/issue2550921 may be
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
2852 helpful.
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
2853
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2854 Consider reindexing if you use European languages (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2855 ---------------------------------------------------------------
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2856
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2857 A couple of bugs dealing with incorrect indexing of European languages
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2858 (Russian and German were reported) have been fixed. Note reindexing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2859 all your data may take a long time. See:
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2860 https://issues.roundup-tracker.org/issue1195739 and
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2861 https://issues.roundup-tracker.org/issue1344046 for a description of
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2862 the problem. If you determine that this a problem for your tracker,
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2863 you can use::
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2864
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2865 roundup-admin -i /path/to/tracker reindex
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2866
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2867 to rewrite your full text indexes. The tracker used for reindex timing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2868 had 140MB of file/message data and 2500 issues with a slow 5400RPM
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2869 SATA drive. Using native indexing with sqlite took about 45
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2870 minutes. Using whoosh took about 2 hours. Using xapian took about 6
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2871 hours. All examples were with Python 2. Anecdotal evidence shows
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2872 Python 3 is faster, but YMMV.
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
2873
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2874 Merge improvements in statusauditor.py (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2875 -------------------------------------------------
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2876
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2877 By default the detector statusauditor.py will change the status from
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2878 "unread" to "chatting" when a second message is added to an issue.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2879 The distributed classic and jinja templates implement this feature in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2880 their copies of ``detectors/statusauditor.py``.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2881
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2882 This can be a problem. Consider a person sending email to create an
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2883 issue. Then the person sends a followup message to add some additional
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2884 information to the issue. The followup message will trigger the status
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2885 change from "unread" to "chatting". This is misleading since the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2886 person is "chatting" with themselves.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2887
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2888 Statusauditor.py has been enhanced to prevent the status from changing
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2889 to "chatting" until a second user (person) adds a message. If you
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2890 want this functionality, you need to merge the distributed
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2891 statusauditor.py with your tracker's statusauditor.py. If you have not
7499
a072331c843b Change customizing to customising in all variants.
John Rouillard <rouilj@ieee.org>
parents: 7452
diff changeset
2892 customised your tracker's statusauditor.py, copy the one from the
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2893 distibuted template. In addition to the python file, you also must
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2894 copy/merge the distributed ``detectors/config.ini`` into your
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2895 tracker's detectors directory. Most people can copy
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2896 ``detectors/config.ini`` from the distributed templates as they won't
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2897 have a ``detectors/config.ini`` file. (Note this is
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2898 ``detectors/config.ini`` do not confuse it with the main
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2899 ``config.ini`` file at the root of the tracker home.)
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2900
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2901 This enhancement is disabled by default. Enable it by changing the
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2902 value in ``detectors/config.ini`` from::
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2903
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2904 chatting_requires_two_users = False
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2905
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2906 to::
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2907
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2908 chatting_requires_two_users = True
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2909
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2910 (the values ``no`` and ``yes`` can also be used). Restart the tracker
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2911 to enable the change.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2912
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2913 If you don't do this quite right you will see one of two error
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2914 messages in the web interface when you try to update an issue with a
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2915 message::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2916
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2917 Edit Error: Unsupported configuration option: Option
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2918 STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS not found in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2919 detectors/config.ini.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2920 Contact tracker admin to fix.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2921
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2922 This happens if detectors/config.ini is not found or is missing the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2923 ``chatting_requires_two_users`` option in the ``statusauditor``
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2924 section.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2925
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2926 If you have an incorrect value (say you use ``T`` rather than
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2927 ``True``) you see a different error::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2928
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2929 Edit Error: Invalid value for
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2930 DETECTOR::STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS: 'T'
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2931 Allowed values: yes, no
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2932
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2933 to fix this set the value to ``yes`` (True) or ``no`` (False).
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2934
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2935 Responsive template changes (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2936 --------------------------------------
5990
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2937
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
2938 There have been some changes to the responsive template. You can
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2939 diff/merge these changes into your responsive template based tracker.
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2940
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2941 Jinja template changes (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
2942 ---------------------------------
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2943
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2944 Auto escaping has been enabled in the jinja template engine, this
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2945 means it is no longer necessary to manually escape dynamic strings
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2946 with ``|e``, but strings that should not be escaped need to be marked
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2947 with ``|safe`` (e.g. ``{{ context.history()|u|safe }}``). Also, the i18n
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2948 extension has been enabled and the template has been updated to use
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2949 the extension for translatable text instead of explicit ``i18n.gettext``
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2950 calls::
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2951
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2952 {% trans %}List of issues{% endtrans %}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2953
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2954 instead of::
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2955
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2956 {{ i18n.gettext('List of issues')|u }}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
2957
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2958 The jinja template has been upgraded to use bootstrap 4.1.3 (from
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2959 2.2.2). You can diff/merge changes into your jinja template based
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
2960 tracker.
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
2961
5994
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2962 Also search _generic.index.html, navigation.html and file.index.html
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2963 in the html directory of your tracker. Look for::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2964
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2965 <input type="hidden" name="@action"
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2966
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2967 where the value is a jinja expression that calls i18n.gettext. Set the
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2968 value to the argument of the gettext call. E.G. replace::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2969
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2970 <input type="hidden" name="@action" value="{{ i18n.gettext('editCSV')|u }}">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2971
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2972 with::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2973
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2974 <input type="hidden" name="@action" value="editCSV">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2975
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2976 The action keywords should not be translated.
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
2977
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
2978 .. index:: Upgrading; 1.5.1 to 1.6.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
2979
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2980 Migrating from 1.5.1 to 1.6.0
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2981 =============================
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
2982
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2983 Update tracker config file
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2984 --------------------------
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2985
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2986 After installing the new version of roundup, you should
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2987 update the ``config.ini`` file for your tracker. To do this:
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2988
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2989 1. backup your existing ``config.ini`` file
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2990 2. using the newly installed code, run::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2991
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2992 roundup-admin -i /path/to/tracker updateconfig config.ini.new
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2993
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2994 to create the file config.ini.new. Replace
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2995 ``/path/to/tracker`` with the path to your tracker.
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
2996 3. replace your tracker's config.ini with config.ini.new
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2997
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2998 Using updateconfig keeps all the settings from your
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
2999 tracker's config.ini file and adds settings for all the new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3000 options.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3001
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3002 If you have added comments to your original config.ini file,
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3003 merge the added comments into the config.ini.new file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3004 replace your tracker's config.ini with config.ini.new.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3005
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3006 Read the new config.ini and configure it to enable new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3007 features. Details on using these features can be found in
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3008 this section.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3009
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
3010 Make sure that user can view labelprop on classes (required)
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3011 ------------------------------------------------------------
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3012
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3013 If you have View permissions that use ``properties=...``, make sure
7505
62409b4a3a52 Link labelprop to setlabelprop in reference
John Rouillard <rouilj@ieee.org>
parents: 7499
diff changeset
3014 that the `labelprop <reference.html#setlabelprop-property>`_ for the
62409b4a3a52 Link labelprop to setlabelprop in reference
John Rouillard <rouilj@ieee.org>
parents: 7499
diff changeset
3015 class is listed in the properties list.
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3016
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3017 The first one of these that exists must must be in the list:
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3018
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3019 1. the property set by a call to setlabelprop for the class
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3020 2. the key of the class (as set by setkey())
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3021 3. the "name" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3022 4. the "title" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3023
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3024 if none of those apply, you must allow
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3025
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3026 * the "id" property
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3027
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3028 E.G. If your class does a setlabelprop("foo") you must include "foo"
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3029 in the properties list even if the class has name or title properties.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3030
7506
38de0d748284 Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents: 7505
diff changeset
3031 See: `reference.html setlabelprop
38de0d748284 Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents: 7505
diff changeset
3032 <reference.html#setlabelprop-property>`_ for further details on the
38de0d748284 Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents: 7505
diff changeset
3033 labelprop.
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3034
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3035 If you don't do this, you will find that multilinks (and possibly
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3036 links) may not be displayed properly. E.G. templates that iterate over
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3037 a mutlilink field (with tal:repeat for example) may not show any
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3038 content.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3039
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3040 See: https://sourceforge.net/p/roundup/mailman/message/35763294/
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3041 for the initial discussion of the issue.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3042
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
3043 .. _cross site request forgery detection added:
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
3044
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
3045 Cross Site Request Forgery Detection Added (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
3046 --------------------------------------------------------
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3047
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3048 Roundup 1.6. supports a number of defenses against CSRF.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3049
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3050 Http header verification against the tracker's ``web``
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3051 setting in the ``[tracker]`` section of config.ini for the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3052 following headers:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3053
7344
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3054 1. Analyze the ``Referer`` HTTP header to make sure it
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3055 includes the web setting.
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3056 2. Analyze the ``Origin`` HTTP header to make sure the
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3057 schema://host matches the web setting.
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3058 3. Analyze the ``X-Forwarded-Host`` header set by a proxy
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3059 running in front of roundup to make sure it agrees with
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3060 the host part of the web setting.
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3061 4. Analyze the ``Host`` header to make sure it agrees with
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3062 the host part of the web setting. This is not done if
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3063 ``X-Forwarded-Host`` is set.
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3064
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3065 By default roundup 1.6 does not require any specific header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3066 to be present. However at least one of the headers above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3067 *must* pass validation checks (usually ``Host`` or
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3068 ``Referer``) or the submission is rejected with an error.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3069 If any header fails validation, the submission is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3070 rejected. (Note the user's form keeps all the data they
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3071 entered if it was rejected.)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3072
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3073 Also the admin can include unique csrf tokens for all forms
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3074 submitted using the POST method. (Delete and put methods are also
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3075 included, but not currently used by roundup.) The csrf
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3076 token (nonce) is tied to the user's session. When the user
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3077 submits the form and nonce, the nonce is checked to make
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3078 sure it was issued to the user and the same session. If this
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3079 is not true the post is rejected and the user is notified.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3080
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3081 The standard context/submit templating item creates CSRF tokens by
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3082 default. If you have forms using the POST method that are not using
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3083 the standard submit routine, you should add the following field to all
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3084 forms::
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3085
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3086 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3087 tal:attributes="value python:utils.anti_csrf_nonce()">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3088
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3089 A unique random token is generated by every call to
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3090 utils.anti_csrf_nonce() and is put in a database to be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3091 retreived if the token is used. Token lifetimes are 2 weeks
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3092 by default but can be configured in config.ini. Roundup will
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3093 automatically prune old tokens. Calling anti_csrf_nonce with
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3094 an integer lifetime, for example::
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3095
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3096 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3097 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3098
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3099 sets the lifetime of that nonce to 10 minutes.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3100
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3101 If you want to change the default settings, you have to
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3102 update the web section in your tracker's config.ini file. Follow the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3103 section above to generate an updated config.ini file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3104 look for settings that start with csrf. The updated config.ini
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3105 file includes detailed descriptions of the settings.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3106
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3107 In general one of four values can be set for these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3108 settings. The default is ``yes``, which validates the header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3109 or nonce and blocks access if the validation fails. If the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3110 field/header is missing it allows access. Setting these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3111 fields to ``required`` blocks access if the header/nonce is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3112 missing.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3113
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
3114 It is recommended that you change your templates so every form
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
3115 that is not submitted via GET has an @csrf field. Then change
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
3116 the csrf_enforce_token setting to 'required'.
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
3117
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3118 Errors and Troubleshooting - @csrf in url
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3119 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
3120
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3121 If you see the @csrf nonce in the URL, you have added the value to a
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3122 form that uses the GET method. You should remove the @csrf token from
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3123 these forms as it is not needed.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3124
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3125 Errors and Troubleshooting - AttributeError list object no attribute value
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3126 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3127 If you get an error:
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3128
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
3129 .. code-block:: text
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
3130
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3131 AttributeError: 'list' object has no attribute 'value'
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3132
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3133 in handle_csrf, you have more than one @csrf token for the form. This
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3134 usually occurs because the form uses the standard context/submit
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3135 element but you also added an explicit @csrf statement. Simply remove
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3136 the @csrf element for that form.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
3137
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3138 Errors and Troubleshooting - xmlrpc Required Header Missing
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3139 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6768
15238a434368 formatting fixes.
John Rouillard <rouilj@ieee.org>
parents: 6753
diff changeset
3140 When performing and xmlrpc call, if you see something like::
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3141
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3142 xmlrpclib.Fault: <Fault 1: "<class
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3143 'roundup.exceptions.UsageError'>:Required Header Missing">
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3144
7507
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3145 change your xmlrpc client to add appropriate headers to
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3146 the request including the:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3147
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3148 X-Requested-With:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3149
7507
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3150 header as well as any other required csrf headers (e.g. referer,
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3151 origin) configured in config.ini. See the `advanced python client
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3152 <xmlrpc.html#advanced-python-client-adding-anti-csrf-headers>`_ at
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3153 the end of the xmlrpc guide.
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3154
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3155 Alternatively change the setting of
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3156 csrf_enforce_header_x-requested-with in config.ini to ``no``. So it
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3157 looks like::
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3158
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3159 csrf_enforce_header_x-requested-with = no
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3160
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3161 This is not recommended as it reduces csrf protection.
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
3162
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3163
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3164 Support for SameSite cookie option for session cookie
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3165 -----------------------------------------------------
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3166
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3167 Support for serving the session cookie using the SameSite cookie option
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3168 has been added. By default it is set to lax to provide a better user
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
3169 experience. But this can be changed to strict or the option can be
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3170 removed entirely.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3171
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3172 Using the process for merging config.ini changes described in
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3173 `Cross Site Request Forgery Detection Added`_ you can add the
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3174 ``samesite_cookie_setting`` to the ``[web]`` section of the config
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3175 file.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
3176
5147
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3177 Fix for path traversal changes template resolution
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3178 --------------------------------------------------
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3179
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3180 The templates in the tracker's html subdirectory must not be
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3181 symbolic links that lead outside of the html directory.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3182
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3183 If you don't use symbolic links for templates in your html
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3184 subdirectory you don't have to make any changes. Otherwise you need to
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3185 replace the symbolic links with hard links to the files or replace the
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3186 symbolic links with the files.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3187
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3188 This is a side effect of fixing a path traversal security issue. The
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3189 security issue required a directory with a specific unusual name. This
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3190 made it difficult to exploit. However allowing the use of
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3191 subdirectories to organize the templates required that it be fixed.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3192
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
3193
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
3194 Database back end specified in config.ini (required)
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3195 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3196
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3197 The ``db/backend_name`` file is no longer used to configure the database
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3198 backend being used for a tracker. The backend is now configured in the
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3199 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3200 section. For example if ``db/backend_name`` file contains ``sqlite``, a new
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3201 entry in the tracker's ``config.ini`` will need to be created::
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3202
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3203 [rdbms]
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3204
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3205 ...
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3206
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3207 # Database backend.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3208 # Default:
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3209 backend = sqlite
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3210
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3211 Once the ``config.ini`` file has been updated with the new ``backend`` option,
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3212 you can safely delete the ``db/backend_name`` file.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3213
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3214 Note: the ``backend_name`` file may be located in a directory other than
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3215 ``db/`` if you have configured the ``database`` option in the ``[main]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3216 section of the ``config.ini`` file to be something other than ``db``.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
3217
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3218 Note 2: if you are using the anydbm back end, you still set
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3219 it using the backend option in the rdbms section of the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3220 config.ini file.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3221
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3222 New config file option 'indexer' added
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3223 --------------------------------------
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3224
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3225 This release added support for the Whoosh indexer, so a new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
3226 config file option has been
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3227 added. You can force Roundup to use a particular text indexer by
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3228 setting this value in the [main] section of the tracker's
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3229 ``config.ini`` file (usually placed right before indexer_stopwords)::
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3230
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3231 [main]
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3232
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3233 ...
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3234
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3235 # Force Roundup to use a particular text indexer.
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3236 # If no indexer is supplied, the first available indexer
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3237 # will be used in the following order:
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3238 # Possible values: xapian, whoosh, native (internal).
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3239 indexer =
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
3240
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3241 Errors and Troubleshooting - Full text searching not working
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3242 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3243
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3244 If after the upgrade full text searching is not working try changing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3245 the indexer value. If this is failing most likely you need to set
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3246 '''indexer = native''' to use the rdbms or db text indexing systems.
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3247
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3248 Alternatively you can do a
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3249 '''roundup-admin -i /path/to/tracker reindex'''
5752
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3250 to generate a new index using roundup's preferred indexer from the
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3251 list above.
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3252
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3253 Xapian error with flint when reindexing
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3254 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3255 If you reindex and are using xapian, you may get the error that
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3256 "flint" is not supported (looks like flint was removed after xapian
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3257 1.2.x). To fix this, you can delete the full text search database
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3258 located in the tracker home directory in the file '''db/text-index'''
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
3259 and then perform a reindex.
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3260
5108
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3261 Stemming improved in Xapian Indexer
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3262 -----------------------------------
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3263
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3264 Stemming allows a search for "silent" also match silently. The Porter
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3265 stemmer in Xapian works with lowercase English text. In this release we
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3266 lowercase the documents as they are put into the indexer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3267
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3268 This means capitalization is not preserved, but produces more hits by
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3269 using the stemmer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3270
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3271 You will need to do a roundup-admin reindex if you are using the
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3272 Xapian full text indexer on your tracker.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3273
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
3274
5098
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3275 New config file option 'replyto_address' added
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3276 ----------------------------------------------
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3277
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3278 A new config file option has been added to let you control the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3279 Reply-To header on nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3280
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3281 Edit your tracker's ``config.ini`` and place the following after
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3282 the email entry in the tracker section::
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3283
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3284 [tracker]
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3285 ...
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3286
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3287 # Controls the reply-to header address used when sending
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3288 # nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3289 # If the value is unset (default) the roundup tracker's
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3290 # email address (above) is used.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3291 # If set to "AUTHOR" then the primary email address of the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3292 # author of the change will be used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3293 # address. This allows email exchanges to occur outside of
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3294 # the view of roundup and exposes the address of the person
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3295 # who updated the issue, but it could be useful in some
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3296 # unusual circumstances.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3297 # If set to some other value, the value is used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3298 # address. It must be a valid RFC2822 address or people will not be
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3299 # able to reply.
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3300 # Default:
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3301 replyto_address =
5098
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
3302
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
3303 Login from a search or after logout works better (required)
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3304 -----------------------------------------------------------
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3305
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3306 The login form has been improved to work with some back end code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3307 changes. Now when a user logs in they stay on the same page where they
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3308 started the login. To make this work, you must change the tal that is
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
3309 used to set the ``__came_from`` form variable. Note that the url
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
3310 assigned to __came_from must be url encoded/quoted and be under the
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3311 tracker's base url. If the base_url uses http, you can set the url to
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
3312 https.
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3313
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3314 Replace the existing code in the tracker's html/page.html page that
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3315 looks similar to (look for name="__came_from"):
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3316
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3317 .. code::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3318 :class: big-code
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3319
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3320 <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3321
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3322 with the following:
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3323
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3324 .. code:: html
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3325 :class: big-code
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3326
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3327 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3328 tal:condition="exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3329 tal:attributes="value string:${request/base}${request/env/PATH_INFO}?${request/env/QUERY_STRING}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3330 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3331 tal:condition="not:exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3332 tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3333
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3334 Now search backwards for the nearest form statement before the code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3335 that sets __came_from. If it looks like::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3336
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3337 <form method="post" action="#">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3338
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3339 replace it with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3340
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3341 <form method="post" tal:attributes="action request/base">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3342
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3343 or with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3344
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3345 <form method="post" tal:attributes="action string:${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3346
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3347 the important part is that the action field **must not** include any query
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3348 parameters ('#' includes query params).
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
3349
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3350 Errors and Troubleshooting - Unrecognized scheme in ...
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3351 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
3352
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3353 One symptom of failing to do this is getting an error:
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3354
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3355 Unrecognized scheme in ....
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3356
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3357 where the .... changes depending on the url path. You can see this
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3358 when logging in from any screen other than the main index.
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3359
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3360 Option to make adding multiple keywords more convenient
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3361 -------------------------------------------------------
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3362
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3363 In the classic tracker, after adding a new keyword you are redirected
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3364 to the page for the new keyword so you can change the keyword's
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3365 name. This is usually not desirable as you usually correctly set the
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3366 keyword's name when creating the keyword. The new classic tracker has
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3367 a new checkbox (checked by default) that keeps you on the same page so
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3368 you can add a new keywords one after the other.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3369
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3370 To add this to your own tracker, add the following code (prefixed with
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3371 a +) after the entry box for the new keyword in html/keyword.item.html:
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3372
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3373 .. code::
7344
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
3374 :class: big-code
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3375
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3376 <tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3377 <th i18n:translate="">Keyword</th>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3378 <td tal:content="structure context/name/field">name</td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3379 + <td tal:condition="not:context/id">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3380 + <tal:comment tal:replace="nothing">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3381 + If we get here and do not have an id, we are creating a new
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3382 + keyword. It would be nice to provide some mechanism to
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3383 + determine the preferred state of the "Continue adding keywords"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3384 + checkbox. By default it is enabled.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3385 + </tal:comment>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3386 + <input type="checkbox" id="continue_new_keyword"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3387 + name="__redirect_to"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3388 + tal:attributes="value
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3389 + string:${request/base}${request/env/PATH_INFO}?@template=item;
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3390 + checked python:True" />
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3391 + <label for="continue_new_keyword" i18n:translate="">Continue adding keywords.</label>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3392 + </td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3393 </tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3394
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3395 Note remove the leading '+' when adding this to the templates.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3396
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3397 The key component here is support for the '__redirect_to' query
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3398 property. It is a url which can be used when creating any new item
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3399 (issue, user, keyword ....). It controls the next page displayed after
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3400 creating the item. If '__redirect_to' is not set, then you end up on
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
3401 the page for the newly created item. The url value assigned to
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3402 __redirect_to must start with the tracker's base url and must be properly
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
3403 url encoded.
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
3404
5179
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3405 Helper popups trigger change events on the original page
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3406 --------------------------------------------------------
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3407
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3408 The helper popups used to set dates (from a calendar), change lists of
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3409 users or lists of issues did not notify the browser that the fields
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3410 had been changed. This release adds code to trigger the change event.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3411
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3412 To add the change event to the calendar popup, you don't need to do
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3413 any changes to the tracker. It is all done in the roundup python code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3414 in templating.py.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3415
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3416 To add the change event when updating users using the help-submit
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3417 template, copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3418 share/roundup/templates/devel/html/_generic.help-submit.html and
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3419 replace your tracker's html/_generic.help-submit.html. If you have
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3420 done local changes to this file, change your file to include the code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3421 that defines the onclick event for the input field with
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3422 id="btn_apply".
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3423
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3424 To add the change event when updating lists of issues copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3425 share/roundup/templates/devel/html/help_controls.js to your tracer's
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3426 html directory. If you have made local changes to the javascript file,
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3427 merge the two if/else blocks labeled::
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3428
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3429 /* trigger change event on the field we changed */
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3430
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3431 into your help_controls.js
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
3432
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3433 html/_generic.404.html in trackers use page template
5078
487dc55e3c5e issue2550907 Fix errors when creating documentation. Work done by
John Rouillard <rouilj@ieee.org>
parents: 5068
diff changeset
3434 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3435
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3436 The original generic 404 error pages for many trackers did not use the
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3437 standard page layout. This change replaces the html/_generic.404.html
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3438 page with one that uses the page template.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3439
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3440 If your deployed tracker is based on: classic, minimal, responsive or
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3441 devel templates and has not changed the html/_generic.404.html file,
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3442 you can copy in the new file to get this additional functionality.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3443
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3444 Organize templates into subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3445 --------------------------------------
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3446
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3447 The @template parameter to the web interface allows the use of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3448 subdirectories. So a setting of @template=view/view for an issue would
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3449 use the template in the tracker's html/view/issue.view.html. Similarly
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3450 for a caller class, you could put all the templates under the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3451 html/caller directory with names like: html/caller/caller.item.html,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3452 html/caller/caller.index.html etc. You may want to symbolically link the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3453 html/_generic* templates into your subdirectory so that missing
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3454 templates (e.g. a missing caller.edit.html template) can be satisfied
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3455 by the _generic.edit.html template.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
3456
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3457 Properly quote query dispname (displayed name) in page.html
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3458 -----------------------------------------------------------
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3459
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3460 A new method has been added to HTMLStringProperty called url_quote.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3461 The default templates have been updated to use this in the "Your
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3462 Query" section of the trackers html/page.html file. You will want to
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3463 change your template. Lines starting with - are the original line and
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3464 you want to change it to match the line starting with the + (remove
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3465 the + from the line):
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3466
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3467 .. code::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
3468 :class: big-code
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3469
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3470 <tal:block tal:repeat="qs request/user/queries">
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3471 - <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3472 + <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3473 tal:content="qs/name">link</a><br>
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3474 </tal:block>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3475
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3476 Find the tal:repeat line that loops over all queries. Then
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3477 change the value assigned to @dispname in the href attribute from
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3478 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3479 the value for tal:content.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
3480
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3481 Allow "Show Unassigned" issues link to work for Anonymous user
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
3482 --------------------------------------------------------------
5113
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3483
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3484 In this release the anonymous user is allowed to search the user
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3485 class. The following was added to the schema for all templates that
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3486 provide the search option::
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3487
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3488 p = db.security.addPermission(name='Search', klass='user')
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3489 db.security.addPermissionToRole ('Anonymous', p)
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3490
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3491 If you are running a tracker that **does not** allow read access for
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3492 anonymous, you should remove this entry as it can be used to perform
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
3493 a username guessing attack against a roundup install.
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
3494
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3495 Errors and Troubleshooting - Unassigned issues for anonymous
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3496 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5276
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
3497
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
3498 If you notice that the "Unassigned Issues" search on page.html
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
3499 is displaying assigned issues for users with the Anonymous role,
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
3500 you need to allow search permissions for the user class.
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
3501
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3502 Improvements in Classic Tracker query.edit.html template
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3503 --------------------------------------------------------
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3504
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3505 There is a new query editing template included in the distribution at:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3506
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3507 ``share/roundup/templates/classic/html/query.edit.html``
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3508
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3509 This template fixes:
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3510
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3511 * public query could not be removed from "Your Queries" once it was added.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3512 Trying to do so would cause a permissions error.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3513 * private yes/no dropdown always showed "yes" regardless of
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3514 underlying state
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3515 * query Delete button did not work.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3516 * same query being displayed multiple times
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3517
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3518 It also adds:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3519 * the table layout displays queries created by the user first,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3520 then available public queries.
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3521 * public query owners are shown
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3522 * better support for deleted queries. When a query is deleted, it is
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3523 still available for those who added it to their query list. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3524 are the query owner, you can restore (undelete) the query. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3525 are not the owner you can remove it from your query list.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3526 (If a query is deleted and nobody had it in their query list, it
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3527 will not show up in the "Active retired queries" section. You will
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3528 have to use the class editor or roundup_admin command line to
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3529 restore it.)
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3530 * notifies the user that delete/restore requires javascript. It
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3531 always did, but that requirement wasn't displayed.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3532
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3533 To use the new template, you must add Restore permission on queries to
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3534 allow the user to restore queries (see below).
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3535
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3536 If you have not modified the query.edit.html template in your tracker,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3537 you should be able to copy the new version from the location above.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3538 Otherwise you will have to merge the changes into your modified template.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3539
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3540 Add the query Restore permission for the User role to your tracker's
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3541 schema.py file. Place it right after the query retire permission for
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3542 the user role. After the change it should look like::
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3543
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3544 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3545 description="User is allowed to retire their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3546 db.security.addPermissionToRole('User', p)
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3547 p = db.security.addPermission(name='Restore', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3548 check=edit_query,
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3549 description="User is allowed to restore their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3550 db.security.addPermissionToRole('User', p)
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
3551
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3552 where the last four lines are the ones you need to add.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3553
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3554 Usually you can add this to your User role. If all users have the User
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3555 role in common then all logged in users should be ok. If you have
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3556 users who do not include the User role (e.g. they may only have a
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3557 Provisional role), you should add the search permission to that role
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3558 (e.g. Provisional) as well if you allow them to edit their list of
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3559 queries.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3560
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3561 Also see the `new search permissions for query in 1.4.17`_ section
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3562 discussing search permission requirements for editing queries. The
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3563 fixes in this release require the ability to search the creator of all
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3564 queries to work correctly.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3565
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3566 If the test script for the `new search permissions for query in
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3567 1.4.17`_ doesn't report that a role has the ability to search queries
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3568 or at least search the creator property for queries, add the following
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3569 permissions to your schema.py::
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3570
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3571 s = db.security.addPermission(name='Search', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3572 properties=['creator'],
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3573 description="User is allowed to Search queries for creator")
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3574 db.security.addPermissionToRole('User', s)
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3575
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3576 Errors and Troubleshooting - Public queries listed twice when editing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
3577 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
3578
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3579 If you do not do this, public queries will be listed twice in the edit
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3580 interface. Once in the "Queries I created" section and again in the
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3581 "Queries others created" section of the query edit page
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
3582 (``http..../query?@template=edit``).
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
3583
5274
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3584 Fix security issues in query.item.html template
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3585 -----------------------------------------------
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3586 The default query.item.html template allows anybody to view all
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3587 queries.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3588
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3589 This has been updated in the classic, devel and responsive templates
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3590 to only allow people to view queries they creates or queries that are
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3591 publicly viewable.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3592
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3593 If you haven't modified you query.item.html template, simply copy the
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3594 query.item.html template from one of the above default templates to
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3595 your tracker's html directory.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
3596
8236
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3597 Enhancement to check command for Permissions (optional)
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3598 -------------------------------------------------------
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3599 A new form of check function is permitted in permission definitions.
8236
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3600 An example check function is ``own_record(db, userid, itemid)`` in the
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3601 file schema.py. The three argument form is still supported and will
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3602 work the same as it always has (although it may be depricated in the
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3603 future).
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3604
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3605 If the check function is defined as::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3606
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3607 check(db, userid, itemid, **ctx)
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3608
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3609 the ctx variable will have the context to use when determining access
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3610 rights::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3611
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3612 ctx['property'] the name of the property being checked or None if
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3613 it's a class check.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3614
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3615 ctx['classname'] the name of the class that is being checked
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3616 (issue, query ....).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3617
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3618 ctx['permission'] the name of the permission (e.g. View, Edit...).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3619
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3620 This should make defining complex permissions much easier. Consider::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3621
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3622 def issue_private_access(db, userid, itemid, **ctx):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3623 if not db.issue.get(itemid, 'private'):
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3624 # allow access to everything if not private
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3625 return True
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3626
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3627 # It is a private issue hide nosy list
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3628 # Note that the nosy property *must* be listed
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3629 # in permissions argument to the addPermission
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3630 # definition otherwise this check command
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3631 # is not run.
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3632 if ctx['property'] == 'nosy':
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3633 return False # deny access to this property
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3634
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3635 # allow access for editing, viewing etc. of the class
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3636 return True
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3637
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3638
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3639 e = db.security.addPermission(name='Edit', klass='issue',
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3640 check=issue_private_access,
7801
af898d1d66dc doc: run sphinx-lint over docs.
John Rouillard <rouilj@ieee.org>
parents: 7797
diff changeset
3641 properties=['nosy'],
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3642 description="Edit issue checks")
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3643
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3644 It is suggested that you change your checks to use the ``**ctx``
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3645 parameter. This is expected to be the preferred form in the future.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3646 You do not need to use the ``ctx`` parameter in the function if you do
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3647 not need it.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
3648
8236
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3649 If the new four argument form is required in the future, there will be
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3650 required (not optional) directions on upgrading your schema.
2d0bd038fc5e doc: clarify adding ctx argument to check command in schema.py
John Rouillard <rouilj@ieee.org>
parents: 8218
diff changeset
3651
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3652 Changes to property permissions
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3653 -------------------------------
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3654
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
3655 If you create a permission::
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3656
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3657 db.security.addPermission(name='View', klass='user',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3658 properties=['theme'], check=own_record,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3659 description="User is allowed to view their own theme")
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3660
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3661 that combines checks and properties, the permission also matches a
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3662 permission check for the View permission on the user class. So this
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3663 also allows the user to see their user record. It is unexpected that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3664 checking for access without a property would match this permission.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3665
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3666 This release adds support for making a permission like above only be
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3667 used during property permission tests. See ``customizing.txt`` and
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3668 search for props_only and set_props_only_default in the section
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3669 'Adding a new Permission'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
3670
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3671 Improve query editing
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3672 ---------------------
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3673
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3674 If a user creates a query with the same name as one of their existing
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3675 queries, the query editing interface will now report an error. By
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3676 default the query editing page (issue.search.html) displays the index
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3677 page when the search is triggered. This is usually correct since the
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3678 user expects to see the results of the query. But now that
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3679 the code properly checks for duplicate search names, the user should
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
3680 stay on the search page if there is an error. To add this to your
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
3681 existing issue.search.html page, add the following line after the
7793
72a26f3b94db doc: fix formatting.
John Rouillard <rouilj@ieee.org>
parents: 7749
diff changeset
3682 hidden field ``@old-queryname``::
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3683
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3684 <input type="hidden" name="@template" value="index|search"/>
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3685
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3686 With this addition, the index template is displayed if there is no
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3687 error, and the user stays on the search template if there is an error.
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
3688
5323
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3689 New -L (loghttpvialogger) option to roundup-server
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3690 --------------------------------------------------
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3691
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3692 Http request logs from roundup-server are sent to stderr or
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3693 can be recorded in a log file (if -l or the logfile options
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3694 is used). However there is no way to rotate the logfile
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3695 without shutting down and restarting the roundup-server.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3696
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3697 If the -L flag is used, the python logging module is used
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3698 for logging the http requests. The name for the log
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3699 (qualname) is 'roundup.http'. You can direct these messages
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3700 to a rotating log file by putting the following::
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3701
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3702 [loggers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3703 keys=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3704
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3705 [logger_roundup.http]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3706 level=INFO
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3707 handlers=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3708 qualname=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3709 propagate=0
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3710
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3711 [handlers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3712 keys=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3713
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3714 [handler_rotate_weblog]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3715 class=logging.handlers.RotatingFileHandler
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3716 args=('httpd.log','a', 512000, 2)
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3717 formatter=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3718
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3719 [formatters]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3720 keys=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3721
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3722 [formatter_plain]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3723 format=%(message)s
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3724
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3725 into a file (e.g. logging.ini). Then reference this file in
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3726 the 'config' value of the [logging] section in the trackers
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3727 config.ini file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3728
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3729 Note the log configuration above is an example and can be
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3730 merged into a more full featured logging config file for
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3731 your tracker if you wish. It will create a new file in the
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3732 current working directory called 'httpd.log' and will rotate
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3733 the log file at 500K and keep two old copies of the file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
3734
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
3735 .. index:: Upgrading; 1.5.0 to 1.5.1
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
3736
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3737 Migrating from 1.5.0 to 1.5.1
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3738 =============================
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3739
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3740 User data visibility
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3741 --------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3742
4902
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3743 For security reasons you should change the permissions on the user
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3744 class. We previously shipped a configuration that allowed users to see
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3745 too many of other users details, including hashed passwords under
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3746 certain circumstances. In schema.py in your tracker, replace the line::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3747
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3748 db.security.addPermissionToRole('User', 'View', 'user')
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3749
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3750 with::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3751
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3752 p = db.security.addPermission(name='View', klass='user',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3753 properties=('id', 'organisation', 'phone', 'realname',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3754 'timezone', 'username'))
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3755 db.security.addPermissionToRole('User', p)
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3756
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3757 Note that this removes visibility of user emails, if you want emails to
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3758 be visible you can add 'address' and 'alternate_addresses' to the list
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
3759 above.
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3760
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3761 XSS protection for custom actions
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3762 ---------------------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
3763
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3764 If you have defined your own cgi actions in your tracker instance
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3765 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3766 all cases where client.error_message or client.ok_message are modified
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3767 directly. Instead of::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3768
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3769 self.client.ok_message.append(...)
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3770
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3771 you need to call::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3772
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3773 self.client.add_ok_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3774
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3775 and the same for::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3776
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3777 self.client.error_message.append(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3778
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3779 vs.::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3780
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3781 self.client.add_error_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3782
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3783 The new calls escape the passed string by default and avoid XSS security
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
3784 issues.
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
3785
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3786
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3787 Migrating from older versions
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3788 =============================
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3789
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3790 See the `historical migration <upgrading-history.html>`_ document.
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
3791
7091
849e9b2d6926 Rename security.py to security-history.py; change reference
John Rouillard <rouilj@ieee.org>
parents: 7064
diff changeset
3792 .. _`security documentation`: security-history.html
7961
32ead43b8299 docs: postgres user; wsgi default mode update; diff for task.index.html
John Rouillard <rouilj@ieee.org>
parents: 7959
diff changeset
3793 .. _`Roundup postgresql documentation`: postgresql.html
2409
Richard Jones <richard@users.sourceforge.net>
parents: 2374
diff changeset
3794 .. _`administration guide`: admin_guide.html
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
3795 .. _`xmlrpc guide`: xmlrpc.html
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
3796 .. _FTS5 full-text search engine: https://www.sqlite.org/fts5.html
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3797 .. _PostgreSQL's full text search: https://www.postgresql.org/docs/current/textsearch.html
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
3798 .. _`administration guide notes on native-fts`: admin_guide.html#configuring-native-fts-full-text-search
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
3799 .. _Configuring Compression: admin_guide.html#configuring-compression
7971
fe0348bbe45b issue2551353 - Add roundup-classhelper for 2.4.0 release
John Rouillard <rouilj@ieee.org>
parents: 7964
diff changeset
3800 .. _classhelper documentation: admin_guide.html#classhelper-web-component
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
3801 .. _Software Upgrade: admin_guide.html#software-upgrade
7281
194093011cb7 Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents: 7277
diff changeset
3802 .. _new search permissions for query in 1.4.17:
194093011cb7 Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents: 7277
diff changeset
3803 upgrading-history.html#new-search-permissions-for-query-in-1-4-17
Roundup Issue Tracker: http://roundup-tracker.org/