Mercurial > p > roundup > code

annotate doc/upgrading.txt @ 7650:4de48eadf5f4

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: Fix roundup-admin security command. Lowercase optionalarg. Roles are indexed by lower case role name. So 'security User' and 'security user' should generate the same output. Also add testing for this case. Thread: https://sourceforge.net/p/roundup/mailman/roundup-users/thread/CAH-41398iTPhze7D_pZB8tqTBHF%3Dq6HYonbcG%2B%2BYN-ioDssXBw%40mail.gmail.com/#msg41557225 starting from: https://sourceforge.net/p/roundup/mailman/message/41557225/
author John Rouillard <rouilj@ieee.org>
date Fri, 06 Oct 2023 09:53:22 -0400
parents 978285986b2c
children 5b41018617f2
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
1 .. meta::
6774
e7b4ad2c57ac landmarks, skiplink, remove bad attrs, autocomplete search
John Rouillard <rouilj@ieee.org>
parents: 6768
diff changeset
2 :description:
7138
1e3b9abbc2b9 shorten meta description < 160 chars. best practice.
John Rouillard <rouilj@ieee.org>
parents: 7134
diff changeset
3 Critical documentation for upgrading the Roundup Issue
1e3b9abbc2b9 shorten meta description < 160 chars. best practice.
John Rouillard <rouilj@ieee.org>
parents: 7134
diff changeset
4 Tracker. Actions that must be taken when upgrading from
6586
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
5 one version to another are documented here.
24e2eeb2ed9a Add meta description to some doc pages.
John Rouillard <rouilj@ieee.org>
parents: 6464
diff changeset
6
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
7 .. index:: Upgrading
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
8
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
9 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
10 Upgrading to newer versions of Roundup
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
11 ======================================
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
12
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
13 Please read each section carefully and edit the files in your tracker home
2016
2112962f5bb1 Update documentation for the client.py split and add an upgrade notice.
Johannes Gijsbers <jlgijsbers@users.sourceforge.net>
parents: 2003
diff changeset
14 accordingly. Note that there is information about upgrade procedures in the
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
15 `administration guide`_ in the `Software Upgrade`_ section.
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
16
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
17 If a specific version transition isn't mentioned here (e.g. 0.6.7 to
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
18 0.6.8) then you don't need to do anything. If you're upgrading from
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
19 0.5.6 to 0.6.8 though, you'll need to apply the "0.5 to 0.6" and
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
20 "0.6.x to 0.6.3" steps.
2273
c77483d2cda4 merge from maint-0-7
Richard Jones <richard@users.sourceforge.net>
parents: 2263
diff changeset
21
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
22 General steps:
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
23
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
24 1. Make note of your current Roundup version.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
25 2. Take your Roundup installation offline (web, email,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
26 cron scripts, roundup-admin etc.)
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
27 3. Backup your Roundup instance
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
28 4. Install the new version of Roundup (preferably in a new virtual
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
29 environment)
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
30 5. Make version specific changes as described below for
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
31 each version transition. If you are starting at 1.5.0
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
32 and installing to 2.3.0, you need to make the changes for **all**
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
33 versions starting at 1.5 and ending at 2.3. E.G.
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
34 1.5.0 -> 1.5.1, 1.5.1 -> 1.6.0, ..., 2.1.0 -> 2.2.0,
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
35 2.2.0 -> 2.3.0.
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
36 6. Run ``roundup-admin -i <tracker_home> migrate`` using the newer
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
37 version of Roundup for **all** the trackers you have
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
38 upgraded. This will update the database if it is required.
7047
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
39 7. Bring your Roundup instance back online
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
40 8. Test
d3593cbb8e6f Add overview of upgrading steps. Also capitalize roundup.
John Rouillard <rouilj@ieee.org>
parents: 6941
diff changeset
41
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
42 .. note::
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
43 The v1.5.x releases of Roundup were the last to support
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
44 Python v2.5 and v2.6. Starting with the v1.6 releases of Roundup
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
45 Python version 2.7 that is newer than 2.7.2 is required to run
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
46 Roundup. Starting with Roundup version 2.0.0 we also support Python 3
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
47 versions newer than 3.6.
4901
fa268ea457db Add note about dropping support for Python v2.5
John Kristensen <john@jerrykan.com>
parents: 4890
diff changeset
48
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
49 Recent release notes have the following labels:
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
50
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
51 * required - Roundup will not work properly if these steps are not done
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
52 * recommended - Roundup will still work, but these steps can cause
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
53 security or stability issues if not done.
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
54 * optional - new features or changes to existing features you might
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
55 want to use
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
56 * info - important possibly visible changes in how things operate
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
57
7296
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
58 If you use virtual environments for your installation, you can run
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
59 trackers with different versions of Roundup. So you can have one tracker
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
60 using version 2.2.0 and another tracker using version 1.6.1. This
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
61 allows you to upgrade trackers one at a time rather than having to
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
62 upgrade all your trackers at once.
c3b0fd62b0b8 Minor tweaks to upgrading general directions.
John Rouillard <rouilj@ieee.org>
parents: 7281
diff changeset
63
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
64 .. note::
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
65
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
66 This file only includes versions released in the last 10
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
67 years. If you are upgrading from an older version, start with the
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
68 changes in the `historical migration <upgrading-history.html>`_
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
69 document.
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
70
7438
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
71 .. admonition:: Python 2 Support
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
72
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
73 If you are running Roundup under Python 2, you should make plans to
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
74 switch to Python 3. The continuous Integration (CI) and other services
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
75 used for developing Roundup are dropping support for Python 2. Also
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
76 optional packages are dropping Python 2 support. As a result Python 2
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
77 may not be supported for many more release cycles.
116ea5ce06ab issue2551269: Add warning abut Python 2 support lifetime
John Rouillard <rouilj@ieee.org>
parents: 7400
diff changeset
78
7452
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
79 .. admonition:: XHTML Support Deprecation Notice
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
80
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
81 If you are running a tracker where the ``html_version`` setting in
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
82 ``config.ini`` is ``xhtml``, you should plan to change your
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
83 templates to use html (HTML5). If you are affected by this, please
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
84 send email to the roundup-users mailing list (roundup-users at
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
85 lists.sourceforge.net). Version 2.3.0 is expected to be the last
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
86 version to support XHTML.
bed28b64c581 Add xhtml deprecation notice.
John Rouillard <rouilj@ieee.org>
parents: 7438
diff changeset
87
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
88 Contents:
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
89
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
90 .. contents::
4890
609edf9de0a5 docs: Remove one nesting level from ToC on subpages
anatoly techtonik <techtonik@gmail.com>
parents: 4880
diff changeset
91 :local:
782
6f6eb43d9d86 Moved the MIGRATION text in with the rest of the docco, fixed up for 0.4.2
Richard Jones <richard@users.sourceforge.net>
parents:
diff changeset
92
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
93 .. index:: Upgrading; 2.2.0 to 2.3.0
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
94
7556
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
95 Migrating from 2.3.0 to 2.4.0
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
96 =============================
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
97
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
98 Update your ``config.ini`` (required)
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
99 -------------------------------------
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
100
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
101 Upgrade tracker's config.ini file. Use::
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
102
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
103 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
104
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
105 to generate a new ini file preserving all your settings.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
106 You can then merge any local comments from the tracker's
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
107 ``config.ini`` to ``newconfig.ini`` and replace
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
108 ``config.ini`` with ``newconfig.ini``.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
109
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
110 ``updateconfig`` will tell you if it is changing old default
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
111 values or if a value must be changed manually.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
112
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
113 This will insert the bad API login rate limiting settings.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
114
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
115 Bad Login Rate Limiting and Locking (info)
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
116 ------------------------------------------
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
117
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
118 Brute force logins have been rate limited in the HTML web interface
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
119 for a while. This was not the case with the API interfaces.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
120
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
121 This release introduces rate limiting for invalid REST or XMLRPC API
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
122 logins. As with the web interface, users who have hit the rate limit
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
123 have their accounts locked until after the recommended delay time has
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
124 passed. See `information on configuring the API rate limits`_ for
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
125 details.
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
126
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
127 .. _`information on configuring the API rate limits`: rest.html#rate-limiting-api-failed-logins
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
128
7582
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
129 Removal of cgi.py from Python (info)
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
130 ------------------------------------
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
131
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
132 The ``cgi.py`` module will be `removed starting with Python 3.13
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
133 <https://peps.python.org/pep-0594/#cgi>`_. Roundup now `vendors a copy
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
134 <https://pypi.org/project/legacy-cgi/>`_ of ``cgi.py`` and makes it
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
135 and its storage objects available by importing from::
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
136
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
137 from roundup.anypy.cgi_ import cgi
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
138 from roundup.anypy.cgi_ import FieldStorage, MiniFieldStorage
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
139
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
140 It is unlikey that you will care unless you have done some expert
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
141 level Roundup customization. If you have, use one of the imports above
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
142 if you plan on running on Python 3.13 (expected in 2024) or newer.
978285986b2c fix: issue2551193 - Fix roundup for removal of cgi and cgitb ...
John Rouillard <rouilj@ieee.org>
parents: 7556
diff changeset
143
7556
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
144 .. index:: Upgrading; 2.2.0 to 2.3.0
273c8c2b5042 fix(api): - issue2551063 - Rest/Xmlrpc interfaces needs failed login protection.
John Rouillard <rouilj@ieee.org>
parents: 7507
diff changeset
145
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
146 Migrating from 2.2.0 to 2.3.0
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
147 =============================
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
148
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
149 Update your ``config.ini`` (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
150 -------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
151
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
152 Upgrade tracker's config.ini file. Use::
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
153
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
154 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
155
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
156 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
157 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
158 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
159 ``config.ini`` with ``newconfig.ini``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
160
7203
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
161 ``updateconfig`` will tell you if it is changing old default
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
162 values or if a value must be changed manually.
12a3cd86668f auto update 'password_pbkdf2_default_rounds' "
John Rouillard <rouilj@ieee.org>
parents: 7166
diff changeset
163
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
164 Using the roundup-mailgw script (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
165 ------------------------------------------
7064
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
166
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
167 In previous versions the roundup-mailgw script had a ``-C`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
168 ``--class``) option for specifying a class to be used with ``-S`` (or
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
169 ``--set``) option(s). In the latest version the ``-C`` option is gone,
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
170 the class for this option is specified as a prefix, e.g. instead of ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
171
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
172 roundup-mailgw -C issue -S issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
173
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
174 You now specify ::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
175
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
176 roundup-mailgw -S issue.issueprop=value
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
177
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
178 If multiple values need to be set, this can be achieved with multiple
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
179 ``-S`` options or with delimiting multiple values with a semicolon (in
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
180 that case the string needs to be quoted because semicolon is a shell
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
181 special character)::
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
182
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
183 roundup-mailgw -S 'issue.issueprop1=value1;issueprop2=value2'
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
184 roundup-mailgw -S issue.issueprop1=value1 -S issue.issueprop2=value2
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
185
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
186 are equivalent. Note that the class is provided as a prefix for the
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
187 set-string, not for each property. The class can be omitted altogether
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
188 in which case it defaults to ``msg`` (this default existed in previous
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
189 versions).
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
190
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
191 If you do not use the ``-C`` (or ``--class``) option in your current
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
192 setup of mailgw you don't need to change anything.
3359dc1dabb0 Add OAuth authentication to the mailgw script
Ralf Schlatterbeck <rsc@runtux.com>
parents: 7047
diff changeset
193
7132
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
194 Replace Create User permission for Anonymous with Register (required)
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
195 ---------------------------------------------------------------------
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
196
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
197 Check your trackers schema.py. If you have the following code::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
198
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
199 db.security.addPermissionToRole('Anonymous', 'Create', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
200
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
201 after the permission for Anonymous 'Email Access', change it to::
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
202
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
203 db.security.addPermissionToRole('Anonymous', 'Register', 'user')
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
204
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
205 The comment for Anonymous 'Email Access' may refer to Create. Change
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
206 it to refer to Register.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
207
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
208 This will be an issue if you used the devel or responsive tracker
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
209 templates. If you used a classic, minimal or jinja2 template the
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
210 permission change (but not the comment change) should be done already.
c087ad45bf4d update Anonymous Create user to Register user permissions
John Rouillard <rouilj@ieee.org>
parents: 7091
diff changeset
211
6806
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
212 Rdbms version change from 7 to 8 (required)
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
213 -------------------------------------------
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
214
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
215 This release includes a change that requires updates to the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
216 database schema.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
217
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
218 Sessions and one time key (otks) tables in the Mysql and
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
219 PostgreSQL database use a numeric type that
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
220 truncates/rounds expiration timestamps. This results in
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
221 entries being purged early or late (depending on whether
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
222 it rounds up or down). The discrepancy is a couple of
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
223 days for Mysql or a couple of minutes for PostgreSQL.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
224
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
225 Session keys stay for a week or more and CSRF keys are
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
226 two weeks by default. As a result, this isn't usually a
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
227 visible issue. This migration updates the numeric types
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
228 to ones that supports more significant figures.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
229
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
230 You should backup your instance and run the
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
231 ``roundup-admin -i <tracker_home> migrate``
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
232 command for all your trackers once you've
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
233 installed the latest code base.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
234
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
235 Do this before you use the web, command-line or mail
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
236 interface and before any users access the tracker.
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
237
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
238 If successful, this command will respond with either
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
239 "Tracker updated" (if you've not previously run it on an
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
240 RDBMS backend) or "No migration action required" (if you
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
241 have run it, or have used another interface to the tracker,
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
242 or are using anydbm).
bdd28b244839 - issue2551223 - fix timestamp truncation in mysql and postgresql
John Rouillard <rouilj@ieee.org>
parents: 6804
diff changeset
243
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
244 Session/OTK data storage for SQLite backend changed (required)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
245 --------------------------------------------------------------
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
246
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
247 Roundup stores a lot of ephemeral data:
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
248
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
249 * login session tokens,
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
250 * rate limits
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
251 * password reset attempt tokens
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
252 * one time keys
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
253 * and anti CSRF keys.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
254
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
255 These were stored using dbm style files while the main data
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
256 is stored in a SQLite db. Using both dbm and sqlite style
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
257 files is surprising and due to how we lock dbm files can be
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
258 a performance issue.
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
259
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
260 However you can continue to use the dbm files by setting the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
261 ``backend`` option in the ``[sessiondb]`` section of
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
262 ``config.ini`` to ``anydbm``.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
263
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
264 If you do not change the setting, two sqlite databases
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
265 called ``db-otk`` and ``db-session`` replace the dbm
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
266 databases. Once you make the change the old ``otks`` and
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
267 ``sessions`` dbm databases can be removed.
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
268
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
269 Note this replacement will require users to log in again and
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
270 refresh web pages to save data. It is best if people save
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
271 all their changes and log out of Roundup before the upgrade
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
272 is done to minimize confusion. Because the data is
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
273 ephemeral, there is no plan to migrate this data to the new
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
274 SQLite databases. If you want to keep using the data set the
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
275 ``sessiondb`` ``backend`` option as described above.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
276
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
277 Update ``config.ini``'s ``password_pbkdf2_default_rounds`` (required)
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
278 ---------------------------------------------------------------------
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
279
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
280 Roundup hashes passwords using PBKDF2 with SHA1. In this release, you
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
281 can `upgrade to PBKDF2-SHA512 from current PBKDF2-SHA1`. If you
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
282 upgrade, you want to set the default rounds according to the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
283 PBKDF2-SHA512 upgrading directions. Note that this algorithm is
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
284 expected to be the default in a future version of Roundup.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
285
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
286 If you don't want to upgrade, we recommend that you increase the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
287 default number of rounds from the original 10000. PBKDF2 has a
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
288 parameter that makes hashing a password more difficult to do. The
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
289 original 10000 value was set years ago. It has not been updated for
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
290 advancements in computing power.
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
291
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
292 This release of Roundup changes the value to 2000000 (2
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
293 million). This exceeds the current `recommended setting of
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
294 1,300,000`_ for PBKDF2 when used with SHA1.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
295
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
296 .. caution::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
297
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
298 If you were using the old 10000 value, **it will be automatically
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
299 upgraded** to 2 million by using ``roundup-admin``'s
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
300 ``updateconfig``. If you were not using the old 10000 default, you
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
301 should update it manually.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
302
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
303 After the change users will still be able to log in using the older
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
304 10000 round hashed passwords. If ``migrate_passwords`` is set to
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
305 ``yes``, passwords will be automatically re-hashed using the new
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
306 higher value when the user logs in. If
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
307 ``password_pbkdf2_default_rounds`` is set to a lower value than was
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
308 used to hash a password, the password will not be rehashed so the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
309 higher value will be kept. The lower value will be used only if the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
310 password is changed using the web or command line.
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
311
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
312 Increasing the number of rounds will slow down re-hashing. That's the
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
313 whole point. Sadly it will also slow down logins. Usually the hash
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
314 takes under 1 second, but if you are using a slow chip (e.g. an ARM V6
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
315 at 700 bogo mips) it can take 30 seconds to compute the 2000000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
316 rounds. The slowdown is linear. So what takes .001 seconds at 10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
317 rounds will take: ``2000000/10000 * .001 = 200 * .001`` seconds or 0.2
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
318 seconds.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
319
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
320 You can see how long it will take by using the new ``roundup-admin``
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
321 ``perftest`` command. After you have finished migrating your database,
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
322 run::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
323
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
324 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2 rounds=10000
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
325
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
326 and then::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
327
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
328 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2 rounds=2,000,000
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
329
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
330 so see the difference. Output from this command looks like::
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
331
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
332 Hash time: 0.203151849s scheme: PBKDF2 rounds: 10000
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
333
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
334 If your testing reports a hash time above 0.5 seconds for 10000
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
335 rounds, there may be another issue. See if executing::
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
336
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
337 python3 -c 'from hashlib import pbkdf2_hmac'
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
338
7209
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
339 produces an error.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
340
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
341 If you get an ImportError, you are using Roundup's fallback PBKDF2
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
342 implementation. It is much slower than the library version. As a
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
343 result re-encrypting the password (and logging in, which requires
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
344 calculating the encrypted password) will be very slow.
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
345
c1227f883177 Implement password hash testing using new roundup-admin perftest.
John Rouillard <rouilj@ieee.org>
parents: 7203
diff changeset
346 You should find out how to make the import succeed. You may need to
7166
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
347 install an OS vendor package or some other library.
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
348
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
349 .. _recommended setting of 1,300,000: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
1549c7e74ef8 issue2551251 - migrate pbkdf2 passwords ... test fixes and doc update
John Rouillard <rouilj@ieee.org>
parents: 7155
diff changeset
350
7375
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
351 Upgrade to PBKDF2-SHA512 from current PBKDF2-SHA1 (recommended)
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
352 ---------------------------------------------------------------
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
353
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
354 We recommend that you upgrade to using PBKDF2-SHA512 for hashing your
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
355 passwords. This is a more secure method than the old PBKDF2 (with
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
356 SHA1). Because the algorithm is more secure, it uses a smaller value
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
357 for ``password_pbkdf2_default_rounds``. Setting
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
358 ``password_pbkdf2_default_rounds`` to ``250000`` exceeds the current
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
359 `recommended setting of 210,000`_ iterations for PBKDF2 when used with
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
360 SHA512.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
361
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
362 You can see how long this takes to calculate on your hardware using
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
363 ``roundup-admin``'s perftest command. For example::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
364
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
365 roundup-admin -i <tracker_home> perftest password scheme=PBKDF2S5 rounds=250,000
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
366
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
367 produces::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
368
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
369 Hash time: 0.161892945 seconds, scheme: PBKDF2S5, rounds: 250000
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
370
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
371 Any increase in the number of rounds will cause the password to
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
372 automatically be rehashed to the higher value the next time the user
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
373 logs in via the web interface. Changing the number of rounds to a
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
374 **lower** value will not trigger a rehash during login unless the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
375 scheme is also being changed. The lower number will be used only when
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
376 the password is explicitly changed using the web interface or the
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
377 command line (``roundup-admin`` for example).
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
378
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
379 Change the default hashing scheme by adding the following lines to
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
380 |the interfaces.py file|_ in your tracker home::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
381
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
382 ## Use PBDKF2S5 (PBKDF2-SHA512) for passwords. Re-hash old PBDFK2
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
383 # Force password with scheme PBKDF2 (SHA1) to get re-hashed
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
384 Password.deprecated_schemes.insert(0, Password.known_schemes[0])
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
385 # choose PBKDF2S5 as the scheme to use for rehashing.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
386 Password.default_scheme = Password.experimental_schemes[0]
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
387
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
388 You may need to create the ``interfaces.py`` file if it doesn't exist.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
389 In the future, when the default hash is changed to PBKDF2S5, upgrade
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
390 directions will include instructions to remove these lines and
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
391 the file ``interfaces.py`` if it becomes empty.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
392
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
393 You can verify that PBKDF2S5 is used by default by running::
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
394
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
395 roundup-admin -i <tracker_home> perftest password rounds=250,000
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
396
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
397 and verify that the scheme is PBKDF2S5.
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
398
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
399 .. _the interfaces.py file:
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
400 reference.html#interfaces-py-hooking-into-the-core-of-roundup
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
401
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
402 .. |the interfaces.py file| replace:: the ``interfaces.py`` file
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
403
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
404 .. _recommended setting of 210,000: https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#pbkdf2
9bd7ed918121 issue2551253 - Modify password PBKDF2 method to use SHA512
John Rouillard <rouilj@ieee.org>
parents: 7354
diff changeset
405
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
406 jQuery updated with updates to user.help.html (recommended)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
407 -----------------------------------------------------------
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
408
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
409 The devel and responsive templates shipped with an old version of
7275
c5d01886b27d fix mispelling.
John Rouillard <rouilj@ieee.org>
parents: 7217
diff changeset
410 jQuery. According to automated tests, it may have a security issue. It
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
411 has been updated to the current version: 3.6.3. If your tracker is
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
412 based on one of these templates (see the ``TEMPLATE-INFO.txt`` file in
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
413 your tracker), remove the old ``html/jquery.js`` file from your
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
414 tracker and copy the new ``jquery-3.6.3.js`` file from the template
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
415 directory to your tracker's ``html`` directory. Also copy in the new
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
416 ``user.help.html`` file. It now references the new ``jquery-3.6.3.js``
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
417 file.
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
418
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
419
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
420 Session/OTK data storage using Redis (optional)
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
421 -----------------------------------------------
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
422
6819
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
423 You can store your ephemeral data in a Redis database. This
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
424 provides significantly better performance for ephemeral data
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
425 than SQLite or dbm files. See the section `Using Redis for
1319ab13f286 redis works with python 2.7 too.
John Rouillard <rouilj@ieee.org>
parents: 6814
diff changeset
426 Session Databases`_ in the `administration guide`_
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
427
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
428
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
429 .. _Using Redis for Session Databases:
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
430 admin_guide.html#using-redis-for-session-databases
6804
25d08e15e3b4 issue2551224 - Replace dbm db for sessions/otks when using sqlite
John Rouillard <rouilj@ieee.org>
parents: 6781
diff changeset
431
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
432 New SQLite databases created with WAL mode journaling (optional)
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
433 ----------------------------------------------------------------
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
434
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
435 By default, SQLite databases use a rollback journal when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
436 writing an update. The rollback journal stores a copy of the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
437 data from before the update. One downside of this is that
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
438 all reads have to be suspended while a write is
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
439 occurring. SQLite has an alternate way of insuring ACID
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
440 compliance by using a WAL (write ahead log) journal.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
441
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
442 Version 2.3.0 of Roundup, creates new SQLite databases using
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
443 WAL journaling. With WAL, a writer does not block readers
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
444 and readers do not block writing an update. This keeps
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
445 Roundup accessible even under a heavy write load (e.g. when
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
446 bulk loading data or automated updates via REST).
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
447
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
448 If you want to convert your existing SQLite db to WAL mode:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
449
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
450 1. check the current journal mode on your database
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
451 using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
452
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
453 sqlite3 <tracker_home>/db/db "pragma journal_mode;"
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
454
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
455 2. If it returns ``delete``, change it to WAL mode using::
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
456
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
457 sqlite3 <tracker_home>/db/db "pragma journal_mode=WAL;"
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
458
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
459 3. verify by running the command in step 1 again and you
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
460 should get ``wal``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
461
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
462 If you are using SQLite for session and otk databases,
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
463 perform the same steps replacing ``db`` with ``db-session``
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
464 and ``db-otk``.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
465
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
466 If you find WAL mode is not working for you, you can set the
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
467 journal method to a rollback journal (``delete`` mode) by
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
468 using step 2 and replacing ``wal`` with ``delete``. (Note:
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
469 SQLite supports other journaling modes, but only ``wal`` and
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
470 ``delete`` persist. Roundup doesn't set a journaling mode
7396
bb7752f6e1cd Clarify wording.
John Rouillard <rouilj@ieee.org>
parents: 7375
diff changeset
471 when it opens the database, so journaling mode options such
bb7752f6e1cd Clarify wording.
John Rouillard <rouilj@ieee.org>
parents: 7375
diff changeset
472 as ``truncate`` are not useful.)
6930
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
473
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
474 For details on WAL mode see `<https://www.sqlite.org/wal.html>`_
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
475 and `<https://www.sqlite.org/pragma.html#pragma_journal_mode>`_.
a96a239db0d9 Set all sqlite db's to WAL mode on creation
John Rouillard <rouilj@ieee.org>
parents: 6819
diff changeset
476
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
477 Change in processing allowed_api_origins setting (info)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
478 -------------------------------------------------------
7155
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
479
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
480 In this release you can use both ``*`` (as the first origin) and
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
481 explicit origins in the `allowed_api_origins`` setting in
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
482 ``config.ini``. (Before it was only one or the other.)
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
483
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
484 You do not need to use ``*``. If you do, it allows any client
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
485 anonymous (unauthenticated) access to the Roundup tracker. This
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
486 is the same as browsing the tracker without logging in. If they
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
487 try to provide credentials, access to the data will be denied by
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
488 `CORS`_.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
489
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
490 If you include explicit origins (e.g. \https://example.com),
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
491 users from those origins will not be blocked if they use
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
492 credentials to log in.
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
493
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
494 .. _CORS: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
89a59e46b3af improve REST interface security
John Rouillard <rouilj@ieee.org>
parents: 7138
diff changeset
495
7217
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
496 Change in processing of In-Reply_to email header (info)
1f3418a3fd3e Add label explanation; Upgrade jquery in devel/responsive templates
John Rouillard <rouilj@ieee.org>
parents: 7209
diff changeset
497 -------------------------------------------------------
6941
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
498
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
499 Messages received via email usually include a ``[issue23]``
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
500 designator in the subject line. This indicates what issue is
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
501 being updated. If the designator is missing, Roundup tries
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
502 to find the correct issue by using the in-reply-to email
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
503 header.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
504
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
505 The former code appends the new message to the first issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
506 found with a message matching the in-reply-to
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
507 header. Usually a message is associated with only one
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
508 issue. However nothing in Roundup requires that.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
509
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
510 In this release, the in-reply-to matching is disabled if
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
511 there are multiple issues with the same message. In this
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
512 case, subject matching is used to try to find the matching
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
513 issue.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
514
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
515 If you don't have messages assigned to multiple issues you
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
516 will see no change. If you do have multi-linked messages
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
517 this will hopefully result in better message->issue
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
518 matching.
bd2c3b2010c3 issue2551232 - modify in-reply-to threading when multiple matches
John Rouillard <rouilj@ieee.org>
parents: 6930
diff changeset
519
7400
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
520 Incremental/batch full test reindexing with roundup-admin (info)
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
521 ----------------------------------------------------------------
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
522
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
523 The ``reindex`` command in ``roundup-admin`` can reindex
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
524 a range of items. For example::
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
525
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
526 roundup-admin -i ... reindex issues:1-1000
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
527
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
528 will reindex only the first 1000 issues. This is useful since
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
529 reindexing can take a while and slow down the tracker. By running
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
530 it in batches you can control when the reindex runs rather than having
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
531 to wait for it to complete all the reindexing. See the man page or
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
532 `administration guide`_ for details.
d364ef1d66c2 doc batch reindex in upgrading file.
John Rouillard <rouilj@ieee.org>
parents: 7396
diff changeset
533
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
534 .. index:: Upgrading; 2.1.0 to 2.2.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
535
6698
b56bd672ebbf formatting changes
John Rouillard <rouilj@ieee.org>
parents: 6688
diff changeset
536 Migrating from 2.1.0 to 2.2.0
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
537 =============================
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
538
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
539 Update your ``config.ini`` (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
540 -------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
541
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
542 Upgrade tracker's config.ini file. Use::
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
543
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
544 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
545
6814
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
546 to generate a new ini file preserving all your settings.
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
547 You can then merge any local comments from the tracker's
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
548 ``config.ini`` to ``newconfig.ini`` and replace
3f60a71b0812 Summary: Support selecion session/otk data store. Add redis as data store.
John Rouillard <rouilj@ieee.org>
parents: 6806
diff changeset
549 ``config.ini`` with ``newconfig.ini``.
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
550
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
551 Rdbms version change from 6 to 7 (required)
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
552 -------------------------------------------
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
553
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
554 This release includes two changes that require updates to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
555 schema:
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
556
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
557 1. The size of words included in the Roundup FTS indexers have been
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
558 increased from 25 to 50. This requires changes to the database
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
559 columns used by the native indexer. This also affect the whoosh
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
560 and xapian indexers.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
561 2. Some databases that include native full-text search (native-fts
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
562 indexer) searching are now supported.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
563
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
564 You should run the ``roundup-admin -i <tracker_home> migrate`` command
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
565 for all your trackers once you've installed the latest codebase.
6590
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
566
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
567 Do this before you use the web, command-line or mail interface
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
568 and before any users access the tracker.
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
569
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
570 If successful, this command will respond with either "Tracker
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
571 updated" (if you've not previously run it on an RDBMS backend) or
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
572 "No migration action required" (if you have run it, or have used
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
573 another interface to the tracker, or are using anydbm).
39308a49fdc3 Add required upgrade to rdbms version from 6 to 7.
John Rouillard <rouilj@ieee.org>
parents: 6589
diff changeset
574
6780
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
575 See `below if you want to enable native-fts searching`_.
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
576
f1af67bf8fae doc change: roundup migrate and fts link.
John Rouillard <rouilj@ieee.org>
parents: 6775
diff changeset
577 .. _below if you want to enable native-fts searching: \
6599
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
578 #enhanced-full-text-search-optional
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
579
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
580 The increase in indexed word length also affects whoosh and xapian
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
581 backends. You may want to run ``roundup-admin -i tracker_home
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
582 reindex`` if you want to index or search for longer words in your full
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
583 text searches. Re-indexing make take some time.
39189dd94f2c issue2551189 - increase size of words in full text index.
John Rouillard <rouilj@ieee.org>
parents: 6591
diff changeset
584
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
585 Check new login_empty_passwords setting (required)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
586 --------------------------------------------------
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
587
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
588 In this version of Roundup, users with a blank password are not
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
589 allowed to login. Blank passwords have been allowed since 2002, but
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
590 2022 is a different time. If you have a use case that requires a user
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
591 to login without a password, set the ``login_empty_passwords`` setting
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
592 in the ``web`` section of ``config.ini`` to ``yes``. In
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
593 general this should be left at its default value of ``no``.
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
594
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
595 Check allowed_api_origins setting (optional)
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
596 --------------------------------------------
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
597
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
598 If you are using the REST or xmlrpc api's from an origin
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
599 that is different from your roundup tracker, you will need
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
600 to add your allowed origins to the allowed_api_origins in
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
601 your updated ``config.ini``. Upgrade your ``config.ini`` as
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
602 described above then read the documentation for the setting
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
603 in ``config.ini``.
6684
9ca5cbffa0c4 Switch off using blank passwords for login
John Rouillard <rouilj@ieee.org>
parents: 6626
diff changeset
604
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
605 Check compression settings (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
606 -------------------------------------
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
607
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
608 Read the `administration guide`_ section on `Configuring Compression`_.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
609
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
610 Upgrade your tracker's config.ini as described
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
611 above. Compare the old and new files and configure new
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
612 compression settings as you want. Then replace
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
613 ``config.ini`` with the ``newconfig.ini`` file.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
614
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
615 Search added to user index page (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
616 ------------------------------------------
6464
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
617
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
618 A search form and count of number of hits has been added to the
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
619 ``user.index.html`` template page in the classic template. You may
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
620 want to merge the search form and footer into your template.
28461636e249 issue1596345 - filtering user list (need user.search.hml)
John Rouillard <rouilj@ieee.org>
parents: 6458
diff changeset
621
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
622 Enhanced full-text search (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
623 ------------------------------------
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
624
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
625 SQLite's `FTS5 full-text search engine`_ is available as is
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
626 `PostgreSQL's full text search`_. Both require a schema upgrade so you
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
627 should run::
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
628
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
629 roundup-admin -i tracker_home migrate
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
630
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
631 to create FTS specific tables before restarting the roundup-web or
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
632 email interfaces.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
633
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
634 SQLite 3.9.0+ or PostgreSQL 11.0+ are required to use this feature.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
635 When using SQLite, all full text search fields will allow searching
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
636 using the MATCH query format described at:
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
637 https://www.sqlite.org/fts5.html#full_text_query_syntax. When using
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
638 PostgreSQL either the websearch_to_tsquery or to_tsquery formats
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
639 described on
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
640 https://www.postgresql.org/docs/14/textsearch-controls.html#TEXTSEARCH-PARSING-QUERIES
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
641 can be used. The default is websearch. Prefixing the search with
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
642 ``ts:`` enables tsquery mode.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
643
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
644 A list of words behaves almost the same as the default text search
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
645 (`native`). So the search string `fts search` will find all issues
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
646 that have both of those words (an AND search) in a text-field (like
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
647 title) or in a message (or file) attached to the issue.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
648
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
649 One thing to note is that native-fts searches do not ignore words
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
650 longer than 50 characters or less than 2 characters. Also SQLite does
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
651 not filter out common words (i.e. there is no stopword list). So words
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
652 like "and", "or", "then", "with" ... are included in the FTS5 search.
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
653
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
654 You must explicitly enable this search mechanism by changing the
6613
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
655 ``indexer`` setting in ``config.ini`` to ``native-fts``. Native-fts
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
656 must be explicitly chosen. This is different from Xapian or Whoosh
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
657 indexers, which are chosen if they are installed in the Python
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
658 environment. This prevents the existing native indexing from being
2eec7a500333 Doc updates for indexers.
John Rouillard <rouilj@ieee.org>
parents: 6604
diff changeset
659 discarded if ``indexer`` is not set.
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
660
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
661 Next re-index your data with ``roundup-admin -i tracker_home
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
662 reindex``. This can take a while depending on the size of the tracker.
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
663
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
664 You may want to update your ``config.ini`` by following the directions
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
665 above to get the latest documentation.
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
666
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
667 See the `administration guide notes on native-fts`_ for further details.
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
668
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
669 Adding error reporting templates (optional)
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
670 -------------------------------------------
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
671
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
672 Currently some internal errors result in a bare html page with an
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
673 error message. The usual chrome supplied by page.html is not shown.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
674 For example query language syntax errors for full text search methods
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
675 will display a bare HTML error page.
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
676
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
677 If you add an ``_generic.400.html`` template to the html directory, you
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
678 can display the error inside of the layout provided by the ``page.html``
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
679 template. This can make fixing the error and navigation easier. You
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
680 can use the ``_generic.404.html`` template to create a
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
681 ``_generic.400.html`` by modifying the title and body text. You can test
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
682 the 400 template by appending ``@template=400`` to the url for the
6589
5ce396880899 Add error templates for 400 and label each item optional
John Rouillard <rouilj@ieee.org>
parents: 6588
diff changeset
683 tracker.
6458
8f1b91756457 issue2551147 - Enable compression of http responses in roundup.
John Rouillard <rouilj@ieee.org>
parents: 6456
diff changeset
684
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
685 Change passwords using crypt module (optional)
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
686 ----------------------------------------------
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
687
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
688 The crypt module is being removed from the standard library. Any
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
689 stored password using crypt encoding will fail to verify once the
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
690 crypt module is removed (expected in Python 3.13 see `pep-0594
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
691 <https://peps.python.org/pep-0594/>`_). Automatic migration of
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
692 passwords (if enabled in config.ini) re-encrypts old passwords using
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
693 something other than crypt if a user logs in using the web interface.
6626
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
694
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
695 You can find users with passwords still encrypted using crypt by
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
696 running::
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
697
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
698 roundup-admin -i <tracker_home> table password,id,username
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
699
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
700 Look for lines starting with ``{CRYPT}``. You can reset the user's
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
701 password using::
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
702
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
703 roundup-admin -i <tracker_home>
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
704 roundup> set user16 password=somenewpassword
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
705
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
706 changing ``16`` to the id in the second column of the table output.
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
707 The example uses interactive mode (indicated by the ``roundup>``
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
708 prompt). This prevents the new password from showing up in the output
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
709 of ps or shell history. The new password will be encrypted using the
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
710 default encryption method (usually pbkdf2).
120b0bb05b6e issue2551191 - Module deprication PEP 594. crypt
John Rouillard <rouilj@ieee.org>
parents: 6613
diff changeset
711
6747
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
712 Enable performance improvement for wsgi mode (optional)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
713 -------------------------------------------------------
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
714
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
715 There is an experimental wsgi performance improvement mode that caches
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
716 the loaded roundup instance. This eliminates disk reads that are
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
717 incurred on each connection. In one report it improves speed by a
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
718 factor of 2 to 3 times. To enable this you should add a feature flag
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
719 to your Roundup wsgi wrapper (see the file
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
720 ``.../share/frontends/wsgi.py``) so it looks like::
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
721
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
722 feature_flags = { "cache_tracker": "" }
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
723 app = RequestDispatcher(tracker_home, feature_flags=feature_flags)
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
724
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
725 to enable this mode. Note that this is experimental and was added
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
726 during the 2.2.0 beta period, so it is enabled using a feature flag.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
727 If you use this and it works for you please followup with an email to
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
728 the roundup-users at lists.sourceforge.net mailing list so we can
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
729 enable it by default in a future release.
d32d43e4a5ba wsgi can cache tracker instance enabled by feature flag.
John Rouillard <rouilj@ieee.org>
parents: 6698
diff changeset
730
6753
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
731
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
732 Hide submit button during readonly use of _generic.item.html (optional)
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
733 -----------------------------------------------------------------------
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
734
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
735 The submit button in _generic.item.html always shows up even when the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
736 user doesn't have edit perms. Change the ``context/submit`` html to
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
737 read::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
738
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
739 <td colspan=3 tal:content="structure context/submit"
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
740 tal:condition="context/is_edit_ok">
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
741
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
742 in your TAL based templates. The ``jinja2`` based templates are
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
743 missing this file, but if you implemented one you want to surround the
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
744 jinja2 code with::
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
745
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
746 {% if context.is_edit_ok() %}
6753
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
747 <submit button code here>
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
748 {% endif %}
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
749
2bca9fcef70d Don't display submit button with readoly use of _generic.item.html
John Rouillard <rouilj@ieee.org>
parents: 6747
diff changeset
750
6775
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
751 .. index:: Upgrading; 2.0.0 to 2.1.0
bc9728a17f76 Fix index markers.
John Rouillard <rouilj@ieee.org>
parents: 6774
diff changeset
752
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
753 Migrating from 2.0.0 to 2.1.0
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
754 =============================
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
755
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
756 Rdbms version change from 5 to 6 (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
757 -------------------------------------------
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
758
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
759 To fix an issue with importing databases, the database has to be
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
760 upgraded for rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
761
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
762 You should run the ``roundup-admin migrate`` command for your
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
763 tracker once you've installed the latest codebase.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
764
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
765 Do this before you use the web, command-line or mail interface
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
766 and before any users access the tracker.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
767
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
768 If successful, this command will respond with either "Tracker
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
769 updated" (if you've not previously run it on an RDBMS backend) or
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
770 "No migration action required" (if you have run it, or have used
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
771 another interface to the tracker, or are using anydbm).
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
772
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
773 This only changes the schema for the mysql backend. It has no
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
774 effect other than upgrading the revision on other rdbms backends.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
775
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
776 On the mysql backend it creates the database index that makes
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
777 sure the key field for your class is unique.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
778
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
779 If your update/migration fails, you will see an::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
780
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
781 IntegrityError: (1062, "Duplicate entry '0-NULL' for key '_user_key_retired_idx'")
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
782
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
783 it means you have two non-retired members of the class with the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
784 same key field. E.G. two non-retired users with the same
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
785 username.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
786
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
787 Debug this using roundup-admin using the list command. For
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
788 example dump the user class by the key field ``username``::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
789
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
790 $ roundup-admin -i <tracker_home> list user username
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
791 1: admin
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
792 2: anonymous
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
793 3: demo
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
794 4: agent
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
795 5: provisional
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
796 6: foo@example.com
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
797 7: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
798 8: dupe
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
799 ...
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
800
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
801 then search the usernames for duplicates. Once you have
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
802 identified the duplicate username (``dupe`` above), you should
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
803 retire the other active duplicates or change the username for the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
804 duplicate. To retire ``7: dupe``, you run::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
805
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
806 roundup-admin -i <tracker_home> retire user7
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
807
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
808 (use ``restore user7`` if you retired the wrong item). If you
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
809 want to rename the entry use::
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
810
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
811 roundup-admin -i <tracker_home> set user7 username=dupe1
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
812
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
813 Keep doing this until you have no more duplicates. Then run the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
814 update/migrate again.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
815
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
816 If you have duplicate non-retired entries in your database,
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
817 please email roundup-users at lists.sourceforge.net. We are
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
818 interested in how many issues this has caused. Duplicate creation
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
819 should occur only when two or more mysql processes run in
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
820 parallel and both of them creating an item with the same key. So
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
821 this should be a rare event. The internal duplicate prevention
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
822 checks should work in other cases.
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
823
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
824 For the nerds: if you had a new installation that was created at
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
825 version 5, the uniqueness of a key was not enforced at the
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
826 database level. If you had a database that was at version 4 and
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
827 then upgraded to version 5 you have the uniqueness enforcing
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
828 constraint. Running migrate updates to schema version 6 and installs
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
829 the unique index constraint if it is missing.
6434
269f39e28d5c issue2551142 - Import of retired node ... unique constraint failure.
John Rouillard <rouilj@ieee.org>
parents: 6418
diff changeset
830
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
831 Setuptools is now required to install (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
832 --------------------------------------------
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
833
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
834 Roundup install now uses setuptools rather than distutils. You must
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
835 install setuptools. Use the version packgaged by your OS vendor. If
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
836 your OS vendor doesn't supply setuptools use ``pip install
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
837 setuptools``. (You may need pip3 rather than pip if using python3.)
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
838
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
839 Define Authentication Header (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
840 ---------------------------------------
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
841
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
842 The web server in front of roundup (apache, nginx) can perform user
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
843 authentication. It can pass the authenticated username to the backend
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
844 in a variable. By default roundup looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
845 variable. This can be changed by setting the parameter
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
846 ``http_auth_header`` in the ``[web]`` section of the tracker's
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
847 ``config.ini`` file to a different value. The value is case sensitive.
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
848 If the value is unset (the default) the REMOTE_USER variable is used.
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
849
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
850 If you are running roundup using ``roundup-server`` behind a proxy
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
851 that authenticates the user you need to configure ``roundup-server``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
852 to pass the HTTP header with the authenticated username to the
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
853 tracker. By default ``roundup-server`` looks for the ``REMOTE_USER``
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
854 header for the authenticated user. You can copy an arbitrary header
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
855 variable to the tracker using the ``-I`` option to roundup-server (or
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
856 the equivalent option in the roundup-server config file).
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
857
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
858 For example to use the ``uid_variable`` header, two configuration
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
859 changes are needed: First configure ``roundup-server`` to pass the
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
860 header to the tracker using::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
861
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
862 roundup-server -I uid_variable ....
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
863
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
864 note that the header is passed exactly as supplied by the upstream
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
865 server. It is **not** prefixed with ``HTTP_`` like other headers since
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
866 you are explicitly allowing the header. Multiple comma separated
6436
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
867 headers can be passed to the ``-I`` option. These could be used in a
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
868 detector or other tracker extensions, but only one header can be used
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
869 by the tracker as an authentication header.
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
870
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
871 To make the tracker honor the new variable changing the tracker
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
872 ``config.ini`` to read::
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
873
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
874 [web]
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
875 ...
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
876 http_auth_header = uid_variable
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
877
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
878 At the time this is written, support is experimental. If you use it
1f2f7c0b8968 issue2550837 - New option for web auth (also http header passing)
John Rouillard <rouilj@ieee.org>
parents: 6434
diff changeset
879 you should notify the roundup maintainers using the roundup-users
6456
cbc18a8bc61f Changes for release of version 2.1.0.
John Rouillard <rouilj@ieee.org>
parents: 6436
diff changeset
880 at lists.sourceforge.net mailing list.
6378
b57c3d50505b issue2550899 Migrate setup.py to setuptools
John Rouillard <rouilj@ieee.org>
parents: 6333
diff changeset
881
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
882 Classname Format Enforced (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
883 --------------------------------
6248
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
884
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
885 Check schema.py and look at all Class(), IssueClass(), FileClass()
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
886 calls. The second argument is the classname. All classnames must:
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
887
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
888 * start with an alphabetic character
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
889 * consist of alphanumerics and '_'
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
890 * not end with a digit
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
891
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
892 this was not enforced before. Using non-standard classnames could lead
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
893 to other issues.
2f53d41ae71f Upgrading directions from 2.0.0 - classname format requirements.
John Rouillard <rouilj@ieee.org>
parents: 6210
diff changeset
894
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
895 jQuery updated with updates to user.help.html (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
896 -----------------------------------------------------------
6290
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
897
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
898 The devel and responsive templates shipped with an old version of
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
899 jQuery with some security issues. It has been updated to the current
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
900 version: 3.5.1. If your tracker is based on one of these templates
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
901 (see the ``TEMPLATE-INFO.txt`` file in your tracker), remove the old
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
902 ``html/jquery.js`` file from your tracker and copy the new
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
903 ``jquery-3.5.1.js`` file from the template directory to your tracker's
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
904 ``html`` directory. Also copy in the new ``user.help.html`` file. It now
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
905 references the new ``jquery-3.5.1.js`` file and also fixes a bug that
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
906 prevented applying the change from the helper to the field on the main
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
907 form.
944e4dfcc9b7 issue2551100 - out of date jquery fix security and user.help.html
John Rouillard <rouilj@ieee.org>
parents: 6265
diff changeset
908
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
909 Roundup-admin security stops on incorrect properties (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
910 -----------------------------------------------------------
6393
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
911
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
912 The ``roundup-admin ... security`` command used to continue
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
913 running through the rest of the security roles after reporting a
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
914 property error. Now it stops after reporting the incorrect property.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
915
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
916 If run non-interactively, it exits with status 1. It can now be
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
917 used in a startup script to detect permission errors.
51a1a9b0f567 - issue2551062: AddPermission doesn't validate property names.
John Rouillard <rouilj@ieee.org>
parents: 6378
diff changeset
918
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
919 Futureproof devel and responsive timezone selection extension (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
920 ---------------------------------------------------------------------------
6418
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
921
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
922 The devel and responsive (derived from devel) templates use a select
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
923 control to list all available timezones when pytz is used. It
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
924 sanitizes the data using cgi.escape. Cgi.escape is deprecated and
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
925 removed in newer pythons. Change your ``extensions/timezone.py``
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
926 file by applying the following patch manually::
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
927
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
928
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
929 -import cgi
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
930 +try:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
931 + from html import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
932 +except ImportError:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
933 + from cgi import escape
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
934
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
935 try:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
936 import pytz
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
937 @@ -25,7 +28,7 @@
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
938 s = ' '
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
939 if zone == value:
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
940 s = 'selected=selected '
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
941 - z = cgi.escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
942 + z = escape(zone)
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
943
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
944 See https://issues.roundup-tracker.org/issue2551136 for more details.
559b3d8e03d7 issue2551136 - timezone extention crash on Python 3.8.
John Rouillard <rouilj@ieee.org>
parents: 6393
diff changeset
945
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
946 .. index:: Upgrading; 1.6.x to 2.0.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
947
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
948 Migrating from 1.6.X to 2.0.0
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
949 =============================
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
950
6174
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
951 .. index:: roundup-admin; updateconfig subcommand
5522c950a2e4 Add indexing for roundup-admin references.
John Rouillard <rouilj@ieee.org>
parents: 6170
diff changeset
952
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
953
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
954 Python 2 MYSQL users MUST READ (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
955 -----------------------------------------
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
956
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
957 To fix issues with encoding of data and text searching, roundup now
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
958 explicitly sets the database connection character set. Roundup prior
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
959 to 2.0 used the default character set which was not always utf-8. All
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
960 roundup data is manipulated in utf-8. This mismatch causes issues with
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
961 searches and result in corrupted data in the database if it was not
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
962 properly represented across the charset conversions.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
963
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
964 This issue exists when running roundup under python 2. Note that there
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
965 are more changes required for running roundup 2.0 if you choose to use
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
966 python3. See `Python 3 support`_.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
967
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
968 In an upgraded ``config.ini`` (see next section) the ``[rdbms]``
6333
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
969 section has a key ``mysql_charset`` set by default to ``utf8mb4``.
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
970
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
971 It should be possible to change ``utf8mb4`` to any mysql charset. So
bd84f43e1d13 Fixes to mysql 2.0 conversion doc issue2551115 Werner Hunger
John Rouillard <rouilj@ieee.org>
parents: 6290
diff changeset
972 if you know what charset is enabled (e.g. via a setting in ~roundup/.my.cnf,
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
973 or the default charset for the database) you can set it in
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
974 ``config.ini`` and not need to covert the database. However the
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
975 underlying issues with misconverted data and bad searches will still
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
976 exist if they did before.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
977
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
978 None of the roundup developers run mysql, so the exact steps to take
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
979 during the upgrade were tested with test and not production databases.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
980
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
981 **Before doing anything else:**
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
982
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
983 Backup the mysql database using mysql dump or other mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
984 supported tool.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
985
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
986 Backup roundup using your current backup tool and take the roundup
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
987 instance offline.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
988
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
989 Then the following steps (similar to the conversion in needed for
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
990 Python 3) should work:
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
991
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
992 1. Export the tracker database
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
993 using your **current** 1.6 instance::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
994
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
995 roundup-admin -i <trackerdir> exporttables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
996
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
997 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
998
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
999 2. Import the exported database using the **new** 2.0 roundup::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1000
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1001 roundup-admin -i <trackerdir> importtables <export_dir>
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1002
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1003 replacing tracker_dir and export_dir as appropriate.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1004
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1005 The imported data should overwrite the original data. Note it is
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1006 critically important that the ``exporttables`` be done with the *old
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1007 tracker* and the ``importtables`` be done with the *new tracker*. An
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1008 import/export cycle between roundup 1.6.0 and roundup 2.0 has been
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1009 done successfully. So the export format for 1.6 and 2.0 should be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1010 compatible.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1011
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1012 Note that ``importtables`` is new in roundup-2.0, so you will not be
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1013 able to import the result of ``exporttables`` using any 1.x version of
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1014 roundup.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1015
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1016 Following the same sequence as above using ``export`` and ``import``
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1017 should also work, but it will export all the files and messages. This
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1018 will take longer but may be worth trying if the ``exporttables`` and
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1019 ``importtables`` method fails for some reason.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1020
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1021 Another way that should be faster, but is untested is to use mysql
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1022 dump to dump the database.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1023 https://makandracards.com/makandra/595-dumping-and-importing-from-to-mysql-in-an-utf-8-safe-way
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1024 recommends::
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1025
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1026 Note that when your MySQL server is not set to UTF-8 you need to do
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1027 mysqldump --default-character-set=latin1 (!) to get a correctly
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1028 encoded dump. In that case you will also need to remove the SET
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1029 NAMES='latin1' comment at the top of the dump, so the target machine
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1030 won't change its UTF-8 charset when sourcing.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1031
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1032 Then import the dump. Removing ``SET NAMES`` should allow the import
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1033 to use UTF-8.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1034
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1035 Please report success or issues with this conversion to the
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1036 roundup-users AT lists.sourceforge.net mailing list.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1037
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1038 As people report successful or unsuccessful conversions, we will update
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1039 the errata page at: https://wiki.roundup-tracker.org/ReleaseErrata.
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1040
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1041 Upgrade tracker's config.ini file (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1042 -----------------------------------------------
6210
13f5cbbcd4e6 Add directions for mysql conversion for python 2.
John Rouillard <rouilj@ieee.org>
parents: 6190
diff changeset
1043
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1044 Once you have installed the new roundup, use::
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
1045
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1046 roundup-admin -i /path/to/tracker updateconfig newconfig.ini
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
1047
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
1048 to generate a new ini file preserving all your settings. You can then
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
1049 merge any local comments from the tracker's ``config.ini`` into
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1050 ``newconfig.ini``. Compare the old and new files and configure any new
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1051 settings as you want. Then replace ``config.ini`` with the
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1052 ``newconfig.ini`` file.
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1053
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1054 .. _Python 3 support:
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1055
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1056 Python 3 support (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1057 -----------------------
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1058
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1059 Many of the ``.html`` and ``.py`` files from Roundup that are copied
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1060 into tracker directories have changed for Python 3 support. If you
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1061 wish to move an existing tracker to Python 3, you need to merge in
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1062 those changes. Also you need to make sure that locally created python
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1063 code in the tracker is correct for Python 3.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1064
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1065 If your tracker uses the ``anydbm`` or ``mysql`` backends, you also
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1066 need to export the tracker contents using ``roundup-admin export``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1067 running under Python 2, and them import them using ``roundup-admin
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1068 import`` running under Python 3. This is detailed in the documention
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1069 for migrating to a different backend. If using the ``sqlite`` backend,
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1070 you do not need to export and import, but need to delete the
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1071 ``db/otks`` and ``db/sessions`` files when changing Python version.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1072 If using the ``postgresql`` backend, you do not need to export and
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1073 import and no other special database-related steps are needed.
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1074
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1075 If you use the whoosh indexer, you will need to reindex. It looks like
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1076 a database created with Python 2 leads to Unicode decode errors when
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1077 accessed by Python 3. Reindexing can take a while (see details below
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1078 look for "reindexing").
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1079
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1080 Octal values in config.ini change from the Python 2 representation
5941
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1081 with a leading ``0`` (``022``). They now use a leading ``0o``
29d428927362 prep for 2.0.0alpha0 release.
John Rouillard <rouilj@ieee.org>
parents: 5881
diff changeset
1082 (``0o22``). Note that the ``0o`` format is properly handled under
5944
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1083 python 2. You can use the ``newconfig.ini`` generated using ``python3
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1084 roundup-admin -i ... updateconfig newconfig.ini`` if you want to go
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1085 back to using python 2. (Note going back to Python 2 will require
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1086 the same steps as moving from 2 to 3 except using Python 3 to perform
d7e6bcde5cbe Final touchups python -> Python, reconcile config file names.
John Rouillard <rouilj@ieee.org>
parents: 5941
diff changeset
1087 the export.)
5726
e199d0ae4a25 issue2551033: prevent reverse engineering hidden data by using etags
John Rouillard <rouilj@ieee.org>
parents: 5543
diff changeset
1088
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1089 Rate Limit New User Registration (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1090 ---------------------------------------
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1091
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1092 The new user registration form can be abused by bots to allow
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1093 automated registration for spamming. This can be limited by using the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1094 new ``config.ini`` ``[web]`` option called
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1095 ``registration_delay``. The default is 4 and is the number of seconds
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1096 between the time the form was generated and the time the form is
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1097 processed.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1098
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1099 If you do not modify the ``user.register.html`` template in your
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1100 tracker's html directory, you *must* set this to 0. Otherwise you will
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1101 see the error:
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1102
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1103 Form is corrupted, missing: opaqueregister.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1104
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1105 If set to 0, the rate limit check is disabled.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1106
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1107 If you want to use this, you can change your ``user.register.html``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1108 file to include::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1109
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1110 <input type="hidden" name="opaqueregister" tal:attributes="value python: utils.timestamp()">
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1111
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1112 The hidden input field can be placed right after the form declaration
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1113 that starts with::
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1114
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1115 <form method="POST" onSubmit="return submit_once()"
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1116
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1117 If you have applied Erik Forsberg's tracker level patch to implement
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1118 (see: https://hg.python.org/tracker/python-dev/rev/83477f735132), you
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1119 can back the code out of the tracker. You must change the name of the
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1120 field in the html template to ``opaqueregistration`` from ``opaque``
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1121 in order to use the core code.
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1122
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1123 PGP mail processing (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1124 ------------------------------
5501
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
1125
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
1126 Roundup now uses the ``gpg`` module instead of ``pyme`` to process PGP
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
1127 mail. If you have PGP processing enabled, make sure the ``gpg``
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
1128 module is installed.
dd242cd7a182 mention change from pyme to gpg module for PGP processing
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5332
diff changeset
1129
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1130 MySQL client module (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1131 ---------------------------------
5510
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
1132
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
1133 Although the ``MySQLdb`` module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
1134 https://pypi.org/project/MySQL-python/ is still supported, it is
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
1135 recommended to switch to the updated module from
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
1136 https://pypi.org/project/mysqlclient/.
e2978ed3b550 update link to new mysqlclient module and recommend update in upgrading.txt
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5501
diff changeset
1137
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1138 XMLRPC Access Role (info/required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1139 ----------------------------------
5879
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1140
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1141 A new permission has been added to control access to the XMLRPC
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1142 endpoint. If the user doesn't have the new "Xmlrpc Access" permission,
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1143 they will not be able to log in using the /xmlrpc end point. To add
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1144 this new permission to the "User" role you should change your
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1145 tracker's schema.py and add::
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1146
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1147 db.security.addPermissionToRole('User', 'Xmlrpc Access')
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1148
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1149 This is usually included near where other permissions like "Web Access"
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1150 or "Email Access" are assigned.
94a7669677ae add permissions to control user of rest and xmlrpc API interfaces.
John Rouillard <rouilj@ieee.org>
parents: 5756
diff changeset
1151
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1152 New values for db.tx_Source (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1153 ----------------------------------
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1154
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1155 The database attribute tx_Source reports "xmlrpc" and "rest" when the
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1156 /xmlrpc and /rest web endpoints are used. Check all code (extensions,
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1157 detectors, lib) in trackers looking for tx_Source. If you have code
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1158 like::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1159
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1160 if db.tx_Source == "web":
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1161
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1162 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1163
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1164 if db.tx_Source in ['web', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1165
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1166 you may need to change these to include matches to "rest" and
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1167 "xmlrpc". For example::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1168
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1169 if db.tx_Source in [ "web", "rest", "xmlrpc" ]
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1170
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1171 or::
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1172
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1173 if db.tx_Source in ['web', 'rest', 'xmlrpc', 'email-sig-openpgp', 'cli' ]:
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1174
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1175
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1176 CSV export changes (info)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1177 -------------------------
6190
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1178
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1179 The original Roundup CSV export function for indexes reported id
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1180 numbers for links. The wiki had a version that resolved the id's to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1181 names, so it would report ``open`` rather than ``2`` or
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1182 ``user2;user3`` rather than ``[2,3]``.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1183
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1184 Many people added the enhanced version to their extensions directory.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1185
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1186 The enhanced version was made the default in roundup 2.0. If you want
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1187 to use the old version (that returns id's), you can replace references
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1188 to ``export_csv`` with ``export_csv_id`` in templates.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1189
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1190 Both core csv export functions have been changed to force quoting of
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1191 all exported fields. To incorporate this change in any CSV export
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1192 extension you may have added, change references in your code from::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1193
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1194 writer = csv.writer(wfile)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1195
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1196 to::
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1197
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1198 writer = csv.writer(wfile, quoting=csv.QUOTE_NONNUMERIC)
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1199
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1200 this forces all (non-numeric) fields to be quoted and empty quotes to
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1201 be added for missing parameters.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1202
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1203 This turns exported values that may look like formulas into strings so
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1204 some versions of Excel won't try to interpret them as a formula.
15fd91fd3c4c Quote all exported CSV data
John Rouillard <rouilj@ieee.org>
parents: 6174
diff changeset
1205
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1206 Update userauditor.py to restrict usernames (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1207 ---------------------------------------------------------
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1208
5973
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1209 A username can be created with embedded commas and < and >
fe334430ca07 issue2550919 - Anti-bot signup using 4 second delay
John Rouillard <rouilj@ieee.org>
parents: 5971
diff changeset
1210 characters. Even though the < and > are usually escaped when
5958
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1211 displayed, the embedded comma makes it difficult to edit lists of
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1212 users as they are comma separated.
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1213
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1214 If you have not modified your tracker's userauditor.py, you can just
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1215 copy the userauditor.py from the classic template into your tracker's
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1216 detectors directory. Otherwise merge the changes from the template
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1217 userauditor.py. https://issues.roundup-tracker.org/issue2550921 may be
5148e46dd314 issue2550921 - prevent usernames with characters ',' and '<', '>'
John Rouillard <rouilj@ieee.org>
parents: 5944
diff changeset
1218 helpful.
5881
9938c40e03bc Add "rest" and "xmlrpc" values for database tx_Source property
John Rouillard <rouilj@ieee.org>
parents: 5879
diff changeset
1219
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1220 Consider reindexing if you use European languages (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1221 ---------------------------------------------------------------
5967
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1222
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1223 A couple of bugs dealing with incorrect indexing of European languages
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1224 (Russian and German were reported) have been fixed. Note reindexing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1225 all your data may take a long time. See:
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1226 https://issues.roundup-tracker.org/issue1195739 and
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1227 https://issues.roundup-tracker.org/issue1344046 for a description of
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1228 the problem. If you determine that this a problem for your tracker,
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1229 you can use::
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1230
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1231 roundup-admin -i /path/to/tracker reindex
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1232
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1233 to rewrite your full text indexes. The tracker used for reindex timing
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1234 had 140MB of file/message data and 2500 issues with a slow 5400RPM
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1235 SATA drive. Using native indexing with sqlite took about 45
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1236 minutes. Using whoosh took about 2 hours. Using xapian took about 6
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1237 hours. All examples were with Python 2. Anecdotal evidence shows
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1238 Python 3 is faster, but YMMV.
9a980675105d Add reindex info to upgrading.doc
John Rouillard <rouilj@ieee.org>
parents: 5958
diff changeset
1239
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1240 Merge improvements in statusauditor.py (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1241 -------------------------------------------------
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1242
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1243 By default the detector statusauditor.py will change the status from
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1244 "unread" to "chatting" when a second message is added to an issue.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1245 The distributed classic and jinja templates implement this feature in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1246 their copies of ``detectors/statusauditor.py``.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1247
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1248 This can be a problem. Consider a person sending email to create an
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1249 issue. Then the person sends a followup message to add some additional
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1250 information to the issue. The followup message will trigger the status
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1251 change from "unread" to "chatting". This is misleading since the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1252 person is "chatting" with themselves.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1253
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1254 Statusauditor.py has been enhanced to prevent the status from changing
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1255 to "chatting" until a second user (person) adds a message. If you
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1256 want this functionality, you need to merge the distributed
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1257 statusauditor.py with your tracker's statusauditor.py. If you have not
7499
a072331c843b Change customizing to customising in all variants.
John Rouillard <rouilj@ieee.org>
parents: 7452
diff changeset
1258 customised your tracker's statusauditor.py, copy the one from the
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1259 distibuted template. In addition to the python file, you also must
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1260 copy/merge the distributed ``detectors/config.ini`` into your
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1261 tracker's detectors directory. Most people can copy
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1262 ``detectors/config.ini`` from the distributed templates as they won't
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1263 have a ``detectors/config.ini`` file. (Note this is
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1264 ``detectors/config.ini`` do not confuse it with the main
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1265 ``config.ini`` file at the root of the tracker home.)
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1266
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1267 This enhancement is disabled by default. Enable it by changing the
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1268 value in ``detectors/config.ini`` from::
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1269
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1270 chatting_requires_two_users = False
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1271
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1272 to::
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1273
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1274 chatting_requires_two_users = True
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1275
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1276 (the values ``no`` and ``yes`` can also be used). Restart the tracker
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1277 to enable the change.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1278
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1279 If you don't do this quite right you will see one of two error
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1280 messages in the web interface when you try to update an issue with a
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1281 message::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1282
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1283 Edit Error: Unsupported configuration option: Option
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1284 STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS not found in
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1285 detectors/config.ini.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1286 Contact tracker admin to fix.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1287
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1288 This happens if detectors/config.ini is not found or is missing the
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1289 ``chatting_requires_two_users`` option in the ``statusauditor``
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1290 section.
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1291
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1292 If you have an incorrect value (say you use ``T`` rather than
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1293 ``True``) you see a different error::
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1294
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1295 Edit Error: Invalid value for
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1296 DETECTOR::STATUSAUDITOR_CHATTING_REQUIRES_TWO_USERS: 'T'
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1297 Allowed values: yes, no
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1298
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1299 to fix this set the value to ``yes`` (True) or ``no`` (False).
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1300
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1301 Responsive template changes (optional)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1302 --------------------------------------
5990
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
1303
0face8e45224 issue2551076 - responsive template, search links should ignore status
John Rouillard <rouilj@ieee.org>
parents: 5973
diff changeset
1304 There have been some changes to the responsive template. You can
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1305 diff/merge these changes into your responsive template based tracker.
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1306
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1307 Jinja template changes (required)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1308 ---------------------------------
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1309
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1310 Auto escaping has been enabled in the jinja template engine, this
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1311 means it is no longer necessary to manually escape dynamic strings
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1312 with ``|e``, but strings that should not be escaped need to be marked
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1313 with ``|safe`` (e.g. ``{{ context.history()|u|safe }}``). Also, the i18n
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1314 extension has been enabled and the template has been updated to use
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1315 the extension for translatable text instead of explicit ``i18n.gettext``
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1316 calls::
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1317
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1318 {% trans %}List of issues{% endtrans %}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1319
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1320 instead of::
6055
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1321
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1322 {{ i18n.gettext('List of issues')|u }}
5260c15d153f updated changes and upgrading doc
Christof Meerwald <cmeerw@cmeerw.org>
parents: 5994
diff changeset
1323
5991
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1324 The jinja template has been upgraded to use bootstrap 4.1.3 (from
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1325 2.2.2). You can diff/merge changes into your jinja template based
b0940ad50f43 issue2551075 Update jinja template to bootstrap 4.
John Rouillard <rouilj@ieee.org>
parents: 5990
diff changeset
1326 tracker.
5971
e5acd1843517 - issue2550926 - Original author adding a second message shouldn't set
John Rouillard <rouilj@ieee.org>
parents: 5967
diff changeset
1327
5994
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1328 Also search _generic.index.html, navigation.html and file.index.html
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1329 in the html directory of your tracker. Look for::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1330
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1331 <input type="hidden" name="@action"
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1332
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1333 where the value is a jinja expression that calls i18n.gettext. Set the
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1334 value to the argument of the gettext call. E.G. replace::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1335
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1336 <input type="hidden" name="@action" value="{{ i18n.gettext('editCSV')|u }}">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1337
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1338 with::
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1339
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1340 <input type="hidden" name="@action" value="editCSV">
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1341
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1342 The action keywords should not be translated.
0e04fcdd1ff2 issue2551077-"jinja2" template: cannot login if German language used.
John Rouillard <rouilj@ieee.org>
parents: 5991
diff changeset
1343
6168
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
1344 .. index:: Upgrading; 1.5.1 to 1.6.0
de9d602c8ce6 more index entries and CHANGES.txt update for them.
John Rouillard <rouilj@ieee.org>
parents: 6128
diff changeset
1345
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1346 Migrating from 1.5.1 to 1.6.0
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1347 =============================
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1348
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1349 Update tracker config file
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1350 --------------------------
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1351
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1352 After installing the new version of roundup, you should
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1353 update the ``config.ini`` file for your tracker. To do this:
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1354
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1355 1. backup your existing ``config.ini`` file
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1356 2. using the newly installed code, run::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1357
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1358 roundup-admin -i /path/to/tracker updateconfig config.ini.new
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1359
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1360 to create the file config.ini.new. Replace
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1361 ``/path/to/tracker`` with the path to your tracker.
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1362 3. replace your tracker's config.ini with config.ini.new
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1363
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1364 Using updateconfig keeps all the settings from your
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1365 tracker's config.ini file and adds settings for all the new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1366 options.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1367
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1368 If you have added comments to your original config.ini file,
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1369 merge the added comments into the config.ini.new file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1370 replace your tracker's config.ini with config.ini.new.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1371
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1372 Read the new config.ini and configure it to enable new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1373 features. Details on using these features can be found in
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1374 this section.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1375
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1376 Make sure that user can view labelprop on classes (required)
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1377 ------------------------------------------------------------
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1378
7505
62409b4a3a52 Link labelprop to setlabelprop in reference
John Rouillard <rouilj@ieee.org>
parents: 7499
diff changeset
1379 If you have View permissions that use ```properties=...```, make sure
62409b4a3a52 Link labelprop to setlabelprop in reference
John Rouillard <rouilj@ieee.org>
parents: 7499
diff changeset
1380 that the `labelprop <reference.html#setlabelprop-property>`_ for the
62409b4a3a52 Link labelprop to setlabelprop in reference
John Rouillard <rouilj@ieee.org>
parents: 7499
diff changeset
1381 class is listed in the properties list.
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1382
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1383 The first one of these that exists must must be in the list:
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1384
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1385 1. the property set by a call to setlabelprop for the class
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1386 2. the key of the class (as set by setkey())
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1387 3. the "name" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1388 4. the "title" property (if it exists)
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1389
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1390 if none of those apply, you must allow
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1391
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1392 * the "id" property
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1393
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1394 E.G. If your class does a setlabelprop("foo") you must include "foo"
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1395 in the properties list even if the class has name or title properties.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1396
7506
38de0d748284 Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents: 7505
diff changeset
1397 See: `reference.html setlabelprop
38de0d748284 Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents: 7505
diff changeset
1398 <reference.html#setlabelprop-property>`_ for further details on the
38de0d748284 Fix reference for setlabelprop
John Rouillard <rouilj@ieee.org>
parents: 7505
diff changeset
1399 labelprop.
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1400
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1401 If you don't do this, you will find that multilinks (and possibly
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1402 links) may not be displayed properly. E.G. templates that iterate over
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1403 a mutlilink field (with tal:repeat for example) may not show any
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1404 content.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1405
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1406 See: https://sourceforge.net/p/roundup/mailman/message/35763294/
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1407 for the initial discussion of the issue.
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1408
7343
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
1409 .. _cross site request forgery detection added:
955a4efe9cbc Typo fix in example; formatting fix for priorty labels
John Rouillard <rouilj@ieee.org>
parents: 7341
diff changeset
1410
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1411 Cross Site Request Forgery Detection Added (recommended)
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1412 --------------------------------------------------------
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1413
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1414 Roundup 1.6. supports a number of defenses against CSRF.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1415
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1416 Http header verification against the tracker's ``web``
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1417 setting in the ``[tracker]`` section of config.ini for the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1418 following headers:
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1419
7344
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1420 1. Analyze the ``Referer`` HTTP header to make sure it
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1421 includes the web setting.
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1422 2. Analyze the ``Origin`` HTTP header to make sure the
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1423 schema://host matches the web setting.
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1424 3. Analyze the ``X-Forwarded-Host`` header set by a proxy
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1425 running in front of roundup to make sure it agrees with
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1426 the host part of the web setting.
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1427 4. Analyze the ``Host`` header to make sure it agrees with
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1428 the host part of the web setting. This is not done if
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1429 ``X-Forwarded-Host`` is set.
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1430
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1431 By default roundup 1.6 does not require any specific header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1432 to be present. However at least one of the headers above
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1433 *must* pass validation checks (usually ``Host`` or
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1434 ``Referer``) or the submission is rejected with an error.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1435 If any header fails validation, the submission is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1436 rejected. (Note the user's form keeps all the data they
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1437 entered if it was rejected.)
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1438
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1439 Also the admin can include unique csrf tokens for all forms
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1440 submitted using the POST method. (Delete and put methods are also
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1441 included, but not currently used by roundup.) The csrf
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1442 token (nonce) is tied to the user's session. When the user
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1443 submits the form and nonce, the nonce is checked to make
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1444 sure it was issued to the user and the same session. If this
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1445 is not true the post is rejected and the user is notified.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1446
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1447 The standard context/submit templating item creates CSRF tokens by
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1448 default. If you have forms using the POST method that are not using
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1449 the standard submit routine, you should add the following field to all
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1450 forms::
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1451
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1452 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1453 tal:attributes="value python:utils.anti_csrf_nonce()">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1454
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1455 A unique random token is generated by every call to
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1456 utils.anti_csrf_nonce() and is put in a database to be
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1457 retreived if the token is used. Token lifetimes are 2 weeks
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1458 by default but can be configured in config.ini. Roundup will
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1459 automatically prune old tokens. Calling anti_csrf_nonce with
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1460 an integer lifetime, for example::
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1461
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1462 <input name="@csrf" type="hidden"
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1463 tal:attributes="value python:utils.anti_csrf_nonce(lifetime=10)">
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1464
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1465 sets the lifetime of that nonce to 10 minutes.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1466
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1467 If you want to change the default settings, you have to
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1468 update the web section in your tracker's config.ini file. Follow the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1469 section above to generate an updated config.ini file. Then
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1470 look for settings that start with csrf. The updated config.ini
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1471 file includes detailed descriptions of the settings.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1472
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1473 In general one of four values can be set for these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1474 settings. The default is ``yes``, which validates the header
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1475 or nonce and blocks access if the validation fails. If the
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1476 field/header is missing it allows access. Setting these
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1477 fields to ``required`` blocks access if the header/nonce is
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1478 missing.
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1479
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1480 It is recommended that you change your templates so every form
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1481 that is not submitted via GET has an @csrf field. Then change
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1482 the csrf_enforce_token setting to 'required'.
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1483
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1484 Errors and Troubleshooting - @csrf in url
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1485 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5201
a9ace22e0a2f issue 2550690 - Adding anti-csrf measures to roundup following
John Rouillard <rouilj@ieee.org>
parents: 5196
diff changeset
1486
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1487 If you see the @csrf nonce in the URL, you have added the value to a
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1488 form that uses the GET method. You should remove the @csrf token from
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1489 these forms as it is not needed.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1490
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1491 Errors and Troubleshooting - AttributeError list object no attribute value
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1492 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5271
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1493 If you get an error:
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1494
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1495 AttributeError: 'list' object has no attribute 'value'
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1496
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1497 in handle_csrf, you have more than one @csrf token for the form. This
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1498 usually occurs because the form uses the standard context/submit
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1499 element but you also added an explicit @csrf statement. Simply remove
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1500 the @csrf element for that form.
bee4008a2840 Added info on dealing with common errors when adding @csrf tokens.
John Rouillard <rouilj@ieee.org>
parents: 5270
diff changeset
1501
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1502 Errors and Troubleshooting - xmlrpc Required Header Missing
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1503 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
6768
15238a434368 formatting fixes.
John Rouillard <rouilj@ieee.org>
parents: 6753
diff changeset
1504 When performing and xmlrpc call, if you see something like::
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1505
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1506 xmlrpclib.Fault: <Fault 1: "<class
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1507 'roundup.exceptions.UsageError'>:Required Header Missing">
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1508
7507
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1509 change your xmlrpc client to add appropriate headers to
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1510 the request including the:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1511
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1512 X-Requested-With:
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1513
7507
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1514 header as well as any other required csrf headers (e.g. referer,
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1515 origin) configured in config.ini. See the `advanced python client
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1516 <xmlrpc.html#advanced-python-client-adding-anti-csrf-headers>`_ at
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1517 the end of the xmlrpc guide.
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1518
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1519 Alternatively change the setting of
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1520 csrf_enforce_header_x-requested-with in config.ini to ``no``. So it
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1521 looks like::
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1522
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1523 csrf_enforce_header_x-requested-with = no
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1524
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1525 This is not recommended as it reduces csrf protection.
f3c456e9a6c2 Link to example advanced xmlrpc client and recommend it first.
John Rouillard <rouilj@ieee.org>
parents: 7506
diff changeset
1526
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
1527
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1528 Support for SameSite cookie option for session cookie
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1529 -----------------------------------------------------
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1530
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1531 Support for serving the session cookie using the SameSite cookie option
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1532 has been added. By default it is set to lax to provide a better user
6688
f1f2d59dab8b Add allowed_api_origins to upgrading doc
John Rouillard <rouilj@ieee.org>
parents: 6684
diff changeset
1533 experience. But this can be changed to strict or the option can be
5212
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1534 removed entirely.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1535
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1536 Using the process for merging config.ini changes described in
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1537 `Cross Site Request Forgery Detection Added`_ you can add the
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1538 ``samesite_cookie_setting`` to the ``[web]`` section of the config
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1539 file.
d4cc71beb102 Added support for SameSite cookie option for CSRF prevention
John Rouillard <rouilj@ieee.org>
parents: 5201
diff changeset
1540
5147
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1541 Fix for path traversal changes template resolution
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1542 --------------------------------------------------
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1543
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1544 The templates in the tracker's html subdirectory must not be
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1545 symbolic links that lead outside of the html directory.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1546
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1547 If you don't use symbolic links for templates in your html
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1548 subdirectory you don't have to make any changes. Otherwise you need to
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1549 replace the symbolic links with hard links to the files or replace the
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1550 symbolic links with the files.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1551
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1552 This is a side effect of fixing a path traversal security issue. The
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1553 security issue required a directory with a specific unusual name. This
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1554 made it difficult to exploit. However allowing the use of
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1555 subdirectories to organize the templates required that it be fixed.
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1556
d16ba6e6624b upgrade CHANGES.txt and doc/upgrading.txt with additional info about implications of fixing path traversal bug in d22eb1d40d0e
John Rouillard <rouilj@ieee.org>
parents: 5122
diff changeset
1557
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1558 Database back end specified in config.ini (required)
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1559 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1560
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1561 The ``db/backend_name`` file is no longer used to configure the database
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1562 backend being used for a tracker. The backend is now configured in the
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1563 ``config.ini`` file using the ``backend`` option located in the ``[rdbms]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1564 section. For example if ``db/backend_name`` file contains ``sqlite``, a new
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1565 entry in the tracker's ``config.ini`` will need to be created::
5041
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1566
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1567 [rdbms]
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1568
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1569 ...
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1570
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1571 # Database backend.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1572 # Default:
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1573 backend = sqlite
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1574
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1575 Once the ``config.ini`` file has been updated with the new ``backend`` option,
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1576 you can safely delete the ``db/backend_name`` file.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1577
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1578 Note: the ``backend_name`` file may be located in a directory other than
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1579 ``db/`` if you have configured the ``database`` option in the ``[main]``
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1580 section of the ``config.ini`` file to be something other than ``db``.
5251e97b1de0 Configure the database backend in the config.ini
John Kristensen <john@jerrykan.com>
parents: 5025
diff changeset
1581
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1582 Note 2: if you are using the anydbm back end, you still set
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1583 it using the backend option in the rdbms section of the
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1584 config.ini file.
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1585
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1586 New config file option 'indexer' added
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1587 --------------------------------------
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1588
5304
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1589 This release added support for the Whoosh indexer, so a new
ae32f082e623 Add section on updating config.ini. Reference in CSRF doc. Other doc updates.
John Rouillard <rouilj@ieee.org>
parents: 5298
diff changeset
1590 config file option has been
5096
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1591 added. You can force Roundup to use a particular text indexer by
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1592 setting this value in the [main] section of the tracker's
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1593 ``config.ini`` file (usually placed right before indexer_stopwords)::
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1594
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1595 [main]
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1596
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1597 ...
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1598
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1599 # Force Roundup to use a particular text indexer.
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1600 # If no indexer is supplied, the first available indexer
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1601 # will be used in the following order:
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1602 # Possible values: xapian, whoosh, native (internal).
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1603 indexer =
e74c3611b138 - issue2550636, issue2550909: Added support for Whoosh indexer.
John Rouillard <rouilj@ieee.org>
parents: 5078
diff changeset
1604
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1605 Errors and Troubleshooting - Full text searching not working
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1606 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1607
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1608 If after the upgrade full text searching is not working try changing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1609 the indexer value. If this is failing most likely you need to set
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1610 '''indexer = native''' to use the rdbms or db text indexing systems.
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1611
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1612 Alternatively you can do a
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1613 '''roundup-admin -i /path/to/tracker reindex'''
5752
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1614 to generate a new index using roundup's preferred indexer from the
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1615 list above.
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1616
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1617 Xapian error with flint when reindexing
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1618 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1619 If you reindex and are using xapian, you may get the error that
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1620 "flint" is not supported (looks like flint was removed after xapian
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1621 1.2.x). To fix this, you can delete the full text search database
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1622 located in the tracker home directory in the file '''db/text-index'''
4c0cdfe4f678 Added x-roundup-issue-id to FAQ which discusses other x-roundup header
John Rouillard <rouilj@ieee.org>
parents: 5735
diff changeset
1623 and then perform a reindex.
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1624
5108
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1625 Stemming improved in Xapian Indexer
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1626 -----------------------------------
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1627
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1628 Stemming allows a search for "silent" also match silently. The Porter
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1629 stemmer in Xapian works with lowercase English text. In this release we
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1630 lowercase the documents as they are put into the indexer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1631
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1632 This means capitalization is not preserved, but produces more hits by
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1633 using the stemmer.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1634
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1635 You will need to do a roundup-admin reindex if you are using the
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1636 Xapian full text indexer on your tracker.
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1637
67fad01d2009 issue2550653: xapian search, stemming is not working
John Rouillard <rouilj@ieee.org>
parents: 5098
diff changeset
1638
5098
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1639 New config file option 'replyto_address' added
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1640 ----------------------------------------------
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1641
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1642 A new config file option has been added to let you control the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1643 Reply-To header on nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1644
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1645 Edit your tracker's ``config.ini`` and place the following after
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1646 the email entry in the tracker section::
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1647
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1648 [tracker]
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1649 ...
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1650
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1651 # Controls the reply-to header address used when sending
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1652 # nosy messages.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1653 # If the value is unset (default) the roundup tracker's
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1654 # email address (above) is used.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1655 # If set to "AUTHOR" then the primary email address of the
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1656 # author of the change will be used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1657 # address. This allows email exchanges to occur outside of
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1658 # the view of roundup and exposes the address of the person
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1659 # who updated the issue, but it could be useful in some
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1660 # unusual circumstances.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1661 # If set to some other value, the value is used as the reply-to
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1662 # address. It must be a valid RFC2822 address or people will not be
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1663 # able to reply.
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1664 # Default:
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1665 replyto_address =
99e289359798 issue2550803: Replying to NOSY mail goes to the tracker through
John Rouillard <rouilj@ieee.org>
parents: 5096
diff changeset
1666
7341
7321c0e6c53e Add priority markers to heading back to 1.5.0->1.6.0 upgrade
John Rouillard <rouilj@ieee.org>
parents: 7321
diff changeset
1667 Login from a search or after logout works better (required)
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1668 -----------------------------------------------------------
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1669
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1670 The login form has been improved to work with some back end code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1671 changes. Now when a user logs in they stay on the same page where they
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1672 started the login. To make this work, you must change the tal that is
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1673 used to set the ``__came_from`` form variable. Note that the url
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1674 assigned to __came_from must be url encoded/quoted and be under the
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1675 tracker's base url. If the base_url uses http, you can set the url to
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1676 https.
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1677
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1678 Replace the existing code in the tracker's html/page.html page that
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1679 looks similar to (look for name="__came_from"):
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1680
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1681 .. code::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1682 :class: big-code
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1683
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1684 <input type="hidden" name="__came_from" tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1685
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1686 with the following:
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1687
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1688 .. code:: html
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1689 :class: big-code
5121
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1690
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1691 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1692 tal:condition="exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1693 tal:attributes="value string:${request/base}${request/env/PATH_INFO}?${request/env/QUERY_STRING}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1694 <input type="hidden" name="__came_from"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1695 tal:condition="not:exists:request/env/QUERY_STRING"
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1696 tal:attributes="value string:${request/base}${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1697
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1698 Now search backwards for the nearest form statement before the code
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1699 that sets __came_from. If it looks like::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1700
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1701 <form method="post" action="#">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1702
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1703 replace it with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1704
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1705 <form method="post" tal:attributes="action request/base">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1706
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1707 or with::
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1708
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1709 <form method="post" tal:attributes="action string:${request/env/PATH_INFO}">
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1710
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1711 the important part is that the action field **must not** include any query
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1712 parameters ('#' includes query params).
894aa07be6cb issue2550785: Using login from search (or logout) fails. when
John Rouillard <rouilj@ieee.org>
parents: 5120
diff changeset
1713
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1714 Errors and Troubleshooting - Unrecognized scheme in ...
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1715 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1716
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1717 One symptom of failing to do this is getting an error:
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1718
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1719 Unrecognized scheme in ....
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1720
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1721 where the .... changes depending on the url path. You can see this
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1722 when logging in from any screen other than the main index.
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1723
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1724 Option to make adding multiple keywords more convenient
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1725 -------------------------------------------------------
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1726
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1727 In the classic tracker, after adding a new keyword you are redirected
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1728 to the page for the new keyword so you can change the keyword's
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1729 name. This is usually not desirable as you usually correctly set the
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1730 keyword's name when creating the keyword. The new classic tracker has
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1731 a new checkbox (checked by default) that keeps you on the same page so
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1732 you can add a new keywords one after the other.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1733
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1734 To add this to your own tracker, add the following code (prefixed with
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1735 a +) after the entry box for the new keyword in html/keyword.item.html:
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1736
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1737 .. code::
7344
4be6434014ee Fix unintended blockquote.
John Rouillard <rouilj@ieee.org>
parents: 7343
diff changeset
1738 :class: big-code
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1739
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1740 <tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1741 <th i18n:translate="">Keyword</th>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1742 <td tal:content="structure context/name/field">name</td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1743 + <td tal:condition="not:context/id">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1744 + <tal:comment tal:replace="nothing">
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1745 + If we get here and do not have an id, we are creating a new
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1746 + keyword. It would be nice to provide some mechanism to
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1747 + determine the preferred state of the "Continue adding keywords"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1748 + checkbox. By default it is enabled.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1749 + </tal:comment>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1750 + <input type="checkbox" id="continue_new_keyword"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1751 + name="__redirect_to"
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1752 + tal:attributes="value
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1753 + string:${request/base}${request/env/PATH_INFO}?@template=item;
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1754 + checked python:True" />
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1755 + <label for="continue_new_keyword" i18n:translate="">Continue adding keywords.</label>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1756 + </td>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1757 </tr>
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1758
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1759 Note remove the leading '+' when adding this to the templates.
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1760
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1761 The key component here is support for the '__redirect_to' query
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1762 property. It is a url which can be used when creating any new item
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1763 (issue, user, keyword ....). It controls the next page displayed after
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1764 creating the item. If '__redirect_to' is not set, then you end up on
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1765 the page for the newly created item. The url value assigned to
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
1766 __redirect_to must start with the tracker's base url and must be properly
5161
12190efa30d4 I realized that the __came_from and __redirect_to url parameters I
John Rouillard <rouilj@ieee.org>
parents: 5158
diff changeset
1767 url encoded.
5158
63294ed25e84 issue1842687: Keywords: After creating, stay in "Create New" mode.
John Rouillard <rouilj@ieee.org>
parents: 5156
diff changeset
1768
5179
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1769 Helper popups trigger change events on the original page
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1770 --------------------------------------------------------
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1771
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1772 The helper popups used to set dates (from a calendar), change lists of
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1773 users or lists of issues did not notify the browser that the fields
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1774 had been changed. This release adds code to trigger the change event.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1775
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1776 To add the change event to the calendar popup, you don't need to do
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1777 any changes to the tracker. It is all done in the roundup python code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1778 in templating.py.
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1779
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1780 To add the change event when updating users using the help-submit
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1781 template, copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1782 share/roundup/templates/devel/html/_generic.help-submit.html and
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1783 replace your tracker's html/_generic.help-submit.html. If you have
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1784 done local changes to this file, change your file to include the code
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1785 that defines the onclick event for the input field with
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1786 id="btn_apply".
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1787
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1788 To add the change event when updating lists of issues copy
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1789 share/roundup/templates/devel/html/help_controls.js to your tracer's
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1790 html directory. If you have made local changes to the javascript file,
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1791 merge the two if/else blocks labeled::
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1792
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1793 /* trigger change event on the field we changed */
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1794
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1795 into your help_controls.js
e8b3d3a14563 - issue2550796: Calendar and Classhelp selection tools don't cause
John Rouillard <rouilj@ieee.org>
parents: 5161
diff changeset
1796
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1797 html/_generic.404.html in trackers use page template
5078
487dc55e3c5e issue2550907 Fix errors when creating documentation. Work done by
John Rouillard <rouilj@ieee.org>
parents: 5068
diff changeset
1798 ----------------------------------------------------
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1799
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1800 The original generic 404 error pages for many trackers did not use the
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1801 standard page layout. This change replaces the html/_generic.404.html
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1802 page with one that uses the page template.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1803
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1804 If your deployed tracker is based on: classic, minimal, responsive or
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1805 devel templates and has not changed the html/_generic.404.html file,
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1806 you can copy in the new file to get this additional functionality.
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1807
5154
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1808 Organize templates into subdirectories
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1809 --------------------------------------
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1810
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1811 The @template parameter to the web interface allows the use of
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1812 subdirectories. So a setting of @template=view/view for an issue would
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1813 use the template in the tracker's html/view/issue.view.html. Similarly
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1814 for a caller class, you could put all the templates under the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1815 html/caller directory with names like: html/caller/caller.item.html,
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1816 html/caller/caller.index.html etc. You may want to symbolically link the
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1817 html/_generic* templates into your subdirectory so that missing
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1818 templates (e.g. a missing caller.edit.html template) can be satisfied
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1819 by the _generic.edit.html template.
f608eeecf638 issue2550891: Allow subdir in template value. Anthony (antmail)
John Rouillard <rouilj@ieee.org>
parents: 5147
diff changeset
1820
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1821 Properly quote query dispname (displayed name) in page.html
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1822 -----------------------------------------------------------
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1823
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1824 A new method has been added to HTMLStringProperty called url_quote.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1825 The default templates have been updated to use this in the "Your
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1826 Query" section of the trackers html/page.html file. You will want to
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1827 change your template. Lines starting with - are the original line and
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1828 you want to change it to match the line starting with the + (remove
7277
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1829 the + from the line):
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1830
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1831 .. code::
41b2a0e12899 Formatting fixes
John Rouillard <rouilj@ieee.org>
parents: 7275
diff changeset
1832 :class: big-code
5156
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1833
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1834 <tal:block tal:repeat="qs request/user/queries">
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1835 - <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1836 + <a href="#" tal:attributes="href string:${qs/klass}?${qs/url}&@dispname=${qs/name/url_quote}"
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1837 tal:content="qs/name">link</a><br>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1838 </tal:block>
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1839
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1840 Find the tal:repeat line that loops over all queries. Then
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1841 change the value assigned to @dispname in the href attribute from
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1842 ${qs/name} to ${qs/name/url_quote}. Note that you should *not* change
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1843 the value for tal:content.
882fa4d9bead issue2550795: @dispname query args in page.html search links
John Rouillard <rouilj@ieee.org>
parents: 5154
diff changeset
1844
5267
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1845 Allow "Show Unassigned" issues link to work for Anonymous user
64ae2108df60 Add section on allowing user access to the labelprop for a class so
John Rouillard <rouilj@ieee.org>
parents: 5212
diff changeset
1846 --------------------------------------------------------------
5113
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1847
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1848 In this release the anonymous user is allowed to search the user
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1849 class. The following was added to the schema for all templates that
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1850 provide the search option::
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1851
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1852 p = db.security.addPermission(name='Search', klass='user')
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1853 db.security.addPermissionToRole ('Anonymous', p)
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1854
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1855 If you are running a tracker that **does not** allow read access for
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1856 anonymous, you should remove this entry as it can be used to perform
cf112b90fa8d issue2550855: added search perms for anonymous to the user class.
John Rouillard <rouilj@ieee.org>
parents: 5108
diff changeset
1857 a username guessing attack against a roundup install.
5068
5b2ce5723abb Updated _generic.404.html to use the page template so 404 errors still
John Rouillard <rouilj@ieee.org>
parents: 5041
diff changeset
1858
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1859 Errors and Troubleshooting - Unassigned issues for anonymous
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1860 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5276
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1861
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1862 If you notice that the "Unassigned Issues" search on page.html
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1863 is displaying assigned issues for users with the Anonymous role,
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1864 you need to allow search permissions for the user class.
a034f8d09a21 add doc on wierdness in 'Show Unassigned' error if user search for anon not added
John Rouillard <rouilj@ieee.org>
parents: 5275
diff changeset
1865
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1866 Improvements in Classic Tracker query.edit.html template
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1867 --------------------------------------------------------
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1868
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1869 There is a new query editing template included in the distribution at:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1870
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1871 ``share/roundup/templates/classic/html/query.edit.html``
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1872
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1873 This template fixes:
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1874
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1875 * public query could not be removed from "Your Queries" once it was added.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1876 Trying to do so would cause a permissions error.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1877 * private yes/no dropdown always showed "yes" regardless of
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1878 underlying state
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1879 * query Delete button did not work.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1880 * same query being displayed multiple times
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1881
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1882 It also adds:
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1883 * the table layout displays queries created by the user first,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1884 then available public queries.
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1885 * public query owners are shown
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1886 * better support for deleted queries. When a query is deleted, it is
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1887 still available for those who added it to their query list. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1888 are the query owner, you can restore (undelete) the query. If you
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1889 are not the owner you can remove it from your query list.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1890 (If a query is deleted and nobody had it in their query list, it
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1891 will not show up in the "Active retired queries" section. You will
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1892 have to use the class editor or roundup_admin command line to
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1893 restore it.)
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1894 * notifies the user that delete/restore requires javascript. It
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1895 always did, but that requirement wasn't displayed.
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1896
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1897 To use the new template, you must add Restore permission on queries to
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1898 allow the user to restore queries (see below).
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1899
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1900 If you have not modified the query.edit.html template in your tracker,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1901 you should be able to copy the new version from the location above.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1902 Otherwise you will have to merge the changes into your modified template.
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1903
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1904 Add the query Restore permission for the User role to your tracker's
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1905 schema.py file. Place it right after the query retire permission for
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1906 the user role. After the change it should look like::
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1907
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1908 p = db.security.addPermission(name='Retire', klass='query', check=edit_query,
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1909 description="User is allowed to retire their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1910 db.security.addPermissionToRole('User', p)
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1911 p = db.security.addPermission(name='Restore', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1912 check=edit_query,
5122
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1913 description="User is allowed to restore their queries")
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1914 db.security.addPermissionToRole('User', p)
1c90f15a177f issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5121
diff changeset
1915
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1916 where the last four lines are the ones you need to add.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1917
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1918 Usually you can add this to your User role. If all users have the User
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1919 role in common then all logged in users should be ok. If you have
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1920 users who do not include the User role (e.g. they may only have a
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1921 Provisional role), you should add the search permission to that role
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1922 (e.g. Provisional) as well if you allow them to edit their list of
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1923 queries.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1924
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1925 Also see the `new search permissions for query in 1.4.17`_ section
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1926 discussing search permission requirements for editing queries. The
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1927 fixes in this release require the ability to search the creator of all
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1928 queries to work correctly.
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1929
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1930 If the test script for the `new search permissions for query in
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1931 1.4.17`_ doesn't report that a role has the ability to search queries
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1932 or at least search the creator property for queries, add the following
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1933 permissions to your schema.py::
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1934
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1935 s = db.security.addPermission(name='Search', klass='query',
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1936 properties=['creator'],
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1937 description="User is allowed to Search queries for creator")
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1938 db.security.addPermissionToRole('User', s)
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1939
5295
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1940 Errors and Troubleshooting - Public queries listed twice when editing
b2998cb86bae Add new section: Errors and Troubleshooting - Full text searching not
John Rouillard <rouilj@ieee.org>
parents: 5276
diff changeset
1941 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
5275
fee207407dee Add error and troubleshooting headers. Clarified the suggestion to a
John Rouillard <rouilj@ieee.org>
parents: 5274
diff changeset
1942
5272
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1943 If you do not do this, public queries will be listed twice in the edit
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1944 interface. Once in the "Queries I created" section and again in the
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1945 "Queries others created" section of the query edit page
c6fbd4803eae If you upgrade to the newer query edit interface but did not allow
John Rouillard <rouilj@ieee.org>
parents: 5271
diff changeset
1946 (``http..../query?@template=edit``).
5120
722394a48d7b issue2550831: Make the classic template query.edit page work.
John Rouillard <rouilj@ieee.org>
parents: 5113
diff changeset
1947
5274
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1948 Fix security issues in query.item.html template
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1949 -----------------------------------------------
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1950 The default query.item.html template allows anybody to view all
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1951 queries.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1952
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1953 This has been updated in the classic, devel and responsive templates
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1954 to only allow people to view queries they creates or queries that are
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1955 publicly viewable.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1956
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1957 If you haven't modified you query.item.html template, simply copy the
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1958 query.item.html template from one of the above default templates to
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1959 your tracker's html directory.
07da34337f70 html/query.item.html was missing checks to verify that a query should
John Rouillard <rouilj@ieee.org>
parents: 5272
diff changeset
1960
5186
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1961 Enhancement to check command for Permissions
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1962 --------------------------------------------
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1963
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1964 A new form of check function is permitted in permission definitions.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1965 The three argument form is still supported and will work the same
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1966 as it always has (although it may be depricated in the future).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1967
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1968 If the check function is defined as::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1969
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1970 check(db, userid, itemid, **ctx)
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1971
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1972 the ctx variable will have the context to use when determining access
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1973 rights::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1974
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1975 ctx['property'] the name of the property being checked or None if
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1976 it's a class check.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1977
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1978 ctx['classname'] the name of the class that is being checked
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1979 (issue, query ....).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1980
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1981 ctx['permission'] the name of the permission (e.g. View, Edit...).
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1982
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1983 This should make defining complex permissions much easier. Consider::
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1984
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1985 def issue_private_access(db, userid, itemid, **ctx):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1986 if not db.issue.get(itemid, 'private'):
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1987 # allow access to everything if not private
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1988 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1989
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1990 # It is a private issue hide nosy list
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1991 # Note that the nosy property *must* be listed
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1992 # in permissions argument to the addPermission
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1993 # definition otherwise this check command
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1994 # is not run.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1995 if ctx['property'] == 'nosy':
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1996 return False # deny access to this property
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1997
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1998 # allow access for editing, viewing etc. of the class
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
1999 return True
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2000
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2001
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2002 e = db.security.addPermission(name='Edit', klass='issue',
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2003 check=issue_private_access,
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2004 properties=['nosy'],
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2005 description="Edit issue checks")
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2006
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2007 It is suggested that you change your checks to use the ``**ctx``
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2008 parameter. This is expected to be the preferred form in the future.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2009 You do not need to use the ``ctx`` parameter in the function if you do
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2010 not need it.
36630a062fb5 Check in enhanced form for check command used by addPermission.
John Rouillard <rouilj@ieee.org>
parents: 5179
diff changeset
2011
5196
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2012 Changes to property permissions
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2013 -------------------------------
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2014
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2015 If you create a permission:
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2016
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2017 db.security.addPermission(name='View', klass='user',
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2018 properties=['theme'], check=own_record,
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2019 description="User is allowed to view their own theme")
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2020
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2021 that combines checks and properties, the permission also matches a
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2022 permission check for the View permission on the user class. So this
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2023 also allows the user to see their user record. It is unexpected that
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2024 checking for access without a property would match this permission.
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2025
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2026 This release adds support for making a permission like above only be
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2027 used during property permission tests. See ``customizing.txt`` and
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2028 search for props_only and set_props_only_default in the section
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2029 'Adding a new Permission'
e0732fd6a6c7 Implement props_only feature for permissions.
rouilj@uland
parents: 5194
diff changeset
2030
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
2031 Improve query editing
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
2032 ---------------------
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
2033
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
2034 If a user creates a query with the same name as one of their existing
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
2035 queries, the query editing interface will now report an error. By
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
2036 default the query editing page (issue.search.html) displays the index
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
2037 page when the search is triggered. This is usually correct since the
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
2038 user expects to see the results of the query. But now that
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
2039 the code properly checks for duplicate search names, the user should
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
2040 stay on the search page if there is an error. To add this to your
5270
84a844f50d1f Set min python version for release 1.6. Login changes now required,
John Rouillard <rouilj@ieee.org>
parents: 5267
diff changeset
2041 existing issue.search.html page, add the following line after the
5194
3124be3cc197 Hopefully making the doc for the query editing feature less confusing.
rouilj@uland
parents: 5192
diff changeset
2042 hidden field @old-queryname:
5192
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
2043
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
2044 <input type="hidden" name="@template" value="index|search"/>
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
2045
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
2046 With this addition, the index template is displayed if there is no
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
2047 error, and the user stays on the search template if there is an error.
302e3a1a7190 Three sets of changes:
rouilj@uland
parents: 5186
diff changeset
2048
5323
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2049 New -L (loghttpvialogger) option to roundup-server
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2050 --------------------------------------------------
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2051
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2052 Http request logs from roundup-server are sent to stderr or
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2053 can be recorded in a log file (if -l or the logfile options
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2054 is used). However there is no way to rotate the logfile
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2055 without shutting down and restarting the roundup-server.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2056
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2057 If the -L flag is used, the python logging module is used
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2058 for logging the http requests. The name for the log
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2059 (qualname) is 'roundup.http'. You can direct these messages
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2060 to a rotating log file by putting the following::
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2061
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2062 [loggers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2063 keys=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2064
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2065 [logger_roundup.http]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2066 level=INFO
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2067 handlers=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2068 qualname=roundup.http
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2069 propagate=0
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2070
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2071 [handlers]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2072 keys=rotate_weblog
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2073
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2074 [handler_rotate_weblog]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2075 class=logging.handlers.RotatingFileHandler
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2076 args=('httpd.log','a', 512000, 2)
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2077 formatter=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2078
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2079 [formatters]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2080 keys=plain
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2081
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2082 [formatter_plain]
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2083 format=%(message)s
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2084
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2085 into a file (e.g. logging.ini). Then reference this file in
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2086 the 'config' value of the [logging] section in the trackers
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2087 config.ini file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2088
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2089 Note the log configuration above is an example and can be
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2090 merged into a more full featured logging config file for
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2091 your tracker if you wish. It will create a new file in the
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2092 current working directory called 'httpd.log' and will rotate
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2093 the log file at 500K and keep two old copies of the file.
762222535a0b Allow http request logs to be logged using the python logging module
John Rouillard <rouilj@ieee.org>
parents: 5304
diff changeset
2094
6170
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2095 .. index:: Upgrading; 1.5.0 to 1.5.1
dadcb4fe9f1d Ading index entries.
John Rouillard <rouilj@ieee.org>
parents: 6168
diff changeset
2096
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
2097 Migrating from 1.5.0 to 1.5.1
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
2098 =============================
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
2099
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
2100 User data visibility
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
2101 --------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
2102
4902
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2103 For security reasons you should change the permissions on the user
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2104 class. We previously shipped a configuration that allowed users to see
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2105 too many of other users details, including hashed passwords under
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2106 certain circumstances. In schema.py in your tracker, replace the line::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2107
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2108 db.security.addPermissionToRole('User', 'View', 'user')
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2109
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2110 with::
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2111
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2112 p = db.security.addPermission(name='View', klass='user',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2113 properties=('id', 'organisation', 'phone', 'realname',
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2114 'timezone', 'username'))
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2115 db.security.addPermissionToRole('User', p)
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2116
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2117 Note that this removes visibility of user emails, if you want emails to
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2118 be visible you can add 'address' and 'alternate_addresses' to the list
a403c29ffaf9 Security fix default user permissions
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4901
diff changeset
2119 above.
5025
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
2120
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
2121 XSS protection for custom actions
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
2122 ---------------------------------
cf22972fe080 Preparing 1.5.1 steps 3/16
anatoly techtonik <techtonik@gmail.com>
parents: 4902
diff changeset
2123
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2124 If you have defined your own cgi actions in your tracker instance
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2125 (e.g. in a custom ``extensions/spambayes.py`` file) you need to modify
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2126 all cases where client.error_message or client.ok_message are modified
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2127 directly. Instead of::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
2128
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2129 self.client.ok_message.append(...)
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2130
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2131 you need to call::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2132
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2133 self.client.add_ok_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
2134
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2135 and the same for::
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2136
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2137 self.client.error_message.append(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
2138
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2139 vs.::
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
2140
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2141 self.client.add_error_message(...)
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
2142
4880
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2143 The new calls escape the passed string by default and avoid XSS security
ca692423e401 Different approach to fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4851
diff changeset
2144 issues.
4851
24b8011cd2dc Fix XSS in issue2550817
Ralf Schlatterbeck <rsc@runtux.com>
parents: 4678
diff changeset
2145
7321
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
2146
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
2147 Migrating from older versions
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
2148 =============================
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
2149
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
2150 See the `historical migration <upgrading-history.html>`_ document.
e21c7fe0b57a Move text into notes; add references to historic upgrade directions
John Rouillard <rouilj@ieee.org>
parents: 7296
diff changeset
2151
7091
849e9b2d6926 Rename security.py to security-history.py; change reference
John Rouillard <rouilj@ieee.org>
parents: 7064
diff changeset
2152 .. _`security documentation`: security-history.html
2409
Richard Jones <richard@users.sourceforge.net>
parents: 2374
diff changeset
2153 .. _`administration guide`: admin_guide.html
5298
6efa6d44c27a Add doc for xmlrpc changes and errors related to anti-csrf protections.
John Rouillard <rouilj@ieee.org>
parents: 5295
diff changeset
2154 .. _`xmlrpc guide`: xmlrpc.html
6588
91ab3e0ffcd0 Summary: Add test cases for sqlite fts
John Rouillard <rouilj@ieee.org>
parents: 6586
diff changeset
2155 .. _FTS5 full-text search engine: https://www.sqlite.org/fts5.html
6604
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2156 .. _PostgreSQL's full text search: https://www.postgresql.org/docs/current/textsearch.html
0d99ae7c8de6 Allow Roundup to use PostgreSQL database native full text search
John Rouillard <rouilj@ieee.org>
parents: 6599
diff changeset
2157 .. _`administration guide notes on native-fts`: admin_guide.html#configuring-native-fts-full-text-search
6591
feab8c878d08 Fix code formatting, add link for Configuring Compression.
John Rouillard <rouilj@ieee.org>
parents: 6590
diff changeset
2158 .. _Configuring Compression: admin_guide.html#configuring-compression
6781
b3d4b25b4922 Add links some updates.
John Rouillard <rouilj@ieee.org>
parents: 6780
diff changeset
2159 .. _Software Upgrade: admin_guide.html#software-upgrade
7281
194093011cb7 Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents: 7277
diff changeset
2160 .. _new search permissions for query in 1.4.17:
194093011cb7 Move upgrade directions for version < 1.5.0 to history document
John Rouillard <rouilj@ieee.org>
parents: 7277
diff changeset
2161 upgrading-history.html#new-search-permissions-for-query-in-1-4-17
Roundup Issue Tracker: http://roundup-tracker.org/